Informationsarchiv.net > Foren-Übersicht > Computerprobleme > Online- und PC-Sicherheit
Warum kostenlos registrieren?

Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.

Login


DSO-Exploit & CoolWebSearch

Warnungen vor Sicherheitslücken und Hilfe beim Enfernen von Viren, Würmern und Trojanern.
Antwort erstellen

DSO-Exploit & CoolWebSearch

Beitragvon Moinsen am 15.06.2004, 13:00

Hi Leute ich hab mir irgendwie diese beiden sch(&$(& Spywarekandidaten zugezogen nu krieg ich die nicht mehr vom Rechner die Beiden sind nach dem Scannen & löschen mit SPYBot Search & Destroy und Adaware immer wieder auf der Kiste anzutreffen. :evil:
Hier meine Hijackthis Log:

Logfile of HijackThis v1.97.7
Scan saved at 12:50:23, on 15.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate SPF\smc.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programme\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programme\Netropa\Onscreen Display\OSD.exe
C:\windows\dllhlp.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Ad-aware 6\Ad-aware.exe
C:\Programme\WinAce\WinAce.exe
C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: financial office.lnk = C:\Programme\LEXWARE\LXOFFICE\bin\Lxoffice.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\Programme\PROFI\wzed.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen (HKLM)
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CD07A34-111A-4930-8681-2DC08D940EFD}: NameServer = 217.237.151.225 194.25.2.129

Ich wär für jede Hilfe sehr dankbar

mfg Oliver
Moinsen
 
Beiträge: 4
Registriert: 15.06.2004, 12:51
Nach oben

Beitragvon Computerdirk am 17.06.2004, 07:13

Hallöchen,

also die R0 und R1 Einträge solltest du mal fixen...
CoolWebSearch kannst du auch mit einem speziellen Tool entfernen. Kostenloser Download unter:

http://www.spychecker.com/program/coolwebshredder.html
Computerdirk
Administrator
 
Beiträge: 7132
Registriert: 25.05.2003, 21:17
Wohnort: Goslar
Nach oben

Beitragvon Nikita am 17.06.2004, 10:47

@Moinsen

1. Lade von dieser Site
CWSHredder
http://www.spywareinfo.com/~merijn/downloads.html
Sphjfix.exe
http://www.trojaner-info.de/anleitungen ... blank.html


2. scanne mit dem HijackThis, dann hake an, was ich poste und \fix\

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe ......Virus

3. neustarten
gehe in den abgesicherten Modus...F8 beim Hochfahren druecken

4. Scanne mit
AdAware
CWSHredder
Sphjfix.exe

5. Suche c:\windows\dllhlp.exe und loesche
5.1. Gehe in die Registry
Start\Ausfuehren\regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
und loesche rechts dllhlp.exe

6. normal neustarten

7. Lade den SpyHunter
http://www.spy-bot.net/manual.asp

8. Loesche unter InternetOptionen die TemporaryInternetFiles und Cookies und stelle eine neue Startseite ein.

8.1. Lade Antivir. free...wenn du noch keinen Virenscanner hast.
Stelle\alle Aateien scannen \ein und mache einen Vollscann
http://www.free-av.de/

9. Dann lade mwav.exe und scanne den Comp.
http://www.mwti.net/antivirus/free_utilities.asp

Dann poste das Log noch einmal.
MfG
Nikita :D
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Vielen lieben Dank für die Hilfe

Beitragvon Moinsen am 18.06.2004, 15:30

Ich hab mich exakt an deine Anweisungen gehalten.
Mitlerweile finden Adaware, Antyspy S&D, mwav usw auch keine neuen Infektionen. Der Rechner scheint wieder zu funzen.

Hier zur Sicherheit meine derzeitige HjT Log:
Logfile of HijackThis v1.97.7
Scan saved at 15:27:01, on 18.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate SPF\smc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\oodag.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programme\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\MSTMON_J.EXE
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\LEXWARE\LXOFFICE\bin\Lxoffice.exe
C:\Programme\RegCleaner\RegCleanr.exe
C:\Programme\WinAce\WinAce.exe
C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINDOWS\System32\MSTMON_J.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: financial office.lnk = C:\Programme\LEXWARE\LXOFFICE\bin\Lxoffice.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\Programme\PROFI\wzed.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen (HKLM)
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... (HKLM)

mfg Moinsen :D
Moinsen
 
Beiträge: 4
Registriert: 15.06.2004, 12:51
Nach oben

Beitragvon Nikita am 18.06.2004, 15:45

Jetzt laedst du noch den Firefox, stellst eine Startseite deiner Wahl ein und surfst nur mit ihm...ist hijackerfrei

http://www.firebird-browser.de/


Alles Gute
Nikita
:D :D :D
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Beitragvon Masterfrezz am 06.07.2004, 18:57

Hye
Mich plagt momentan ungefähr das gleiche problem


Hier meine Hijackthis Log:
Logfile of HijackThis v1.98.0
Scan saved at 18:55:21, on 06.07.2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~3\Altnet\DOWNLO~1\asm.exe
C:\WINNT\System32\qpglzy.exe
E:\Programme\iTunes\iTunesHelper.exe
C:\WINNT\System32\internat.exe
C:\Programme\iPod\bin\iPodService.exe
D:\PROGRA~2\LAVASOFT\AD-AWA~1\Ad-aware.exe
G:\Programme\FlashGet\flashget.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe
C:\Programme\Microsoft Office\Office\OUTLOOK.EXE
C:\WINNT\System32\drwtsn32.exe
E:\lr3\HijackThis.exe
C:\WINNT\msagent\AgentSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=
F1 - win.ini: run=msinfo.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINNT\System32\winnet.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jdzyijtbj] C:\WINNT\System32\qpglzy.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKLM\..\Run: [iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msbb] c:\programme\180solutions\msbb.exe
O4 - HKLM\..\Run: [ntldr] C:\WINNT\System32\ntldr.exe
O4 - HKLM\..\RunServices: [WinLoader] ouqgpxjpgnp.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "D:\PROGRA~2\LAVASOFT\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~2\CLOCKS~1\Sync.exe" /q
O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Alles mit FlashGet laden - G:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - G:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//saf/main.chm::/load.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O16 - DPF: {912DC742-755C-4F1D-9F77-DFF88C344083} (Vacpro.switzerland) - http://www.7adpower.com/dialer/switzerland.CAB
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_CH.cab
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp

Ich hoffe auf hilfe :cry:
Masterfrezz
 
Beiträge: 5
Registriert: 06.07.2004, 18:50
Nach oben

grundlage, mehr kann ICH dir ERSTMAL nicht helfen...

Beitragvon Bad_boy am 06.07.2004, 19:22

also die grundlage : hake an was ich poste und dann drücke "fixed" :

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

cya
Bad_boy
Bad_boy
 
Beiträge: 7
Registriert: 01.07.2004, 16:10
Nach oben

weiter...

Beitragvon Bad_boy am 06.07.2004, 19:29

dann noch scannen mit :

Ad-aware 6 :
www.lavasoftusa.com/support/download/

und dann Log von HiJackThis hier rein kopieren !!!
Bad_boy
 
Beiträge: 7
Registriert: 01.07.2004, 16:10
Nach oben

Beitragvon Nikita am 06.07.2004, 19:50

@Masterfrezz

Fixe mit dem HijackThis

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINNT\System32\winnet.dll

O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL

O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [jdzyijtbj] C:\WINNT\System32\qpglzy.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKLM\..\Run: [msbb] c:\programme\180solutions\msbb.exe
O4 - HKLM\..\Run: [ntldr] C:\WINNT\System32\ntldr.exe
O4 - HKLM\..\RunServices: [WinLoader] ouqgpxjpgnp.exe

O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//saf/main.chm::/load.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe

Das ist ein Dialer...wenn du das beunruhigend findest...fixe ihn
O16 - DPF: {912DC742-755C-4F1D-9F77-DFF88C344083}
(Vacpro.switzerland) - http://www.7adpower.com/dialer/switzerland.CAB



neustarten


Eigentlich muesstest du noch viel mehr loeschen...aber ich vertraue auf die Virenscanns.....

#Loesche
C:\WINNT\nem219.dll
C:\WINNT\mxTarget.dll
C:\WINNT\System32\winnet.dll
C:\WINNT\System32msbb.exe


#Deinstalliere das Programm MySearch\bar
und loesche
C:\Programme\MySearch\bar\1.bin\S4BAR.DLL


#gehe in die Registry
Start\Ausfuehren\regedit

loesche auf der rechten Seite, die Eintraege, die mit dem Hacker zu tun haben

HKCU\Software\Microsoft\Internet Explorer,Search = search-for-you.com/srh/145/
HKCU\Software\Microsoft\Internet Explorer,SearchURL =search-for-you.com/srh/145/
HKLM\Software\Microsoft\Internet Explorer,Search =search-for-you.com/srh/145/
HKLM\Software\Microsoft\Internet Explorer search-for-you.com/srh/145/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch search-for-you.com
HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch search-for-you.com/srh/145/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank


........................................................................................................................................
#Lade mwav.exe, scanne alle Dateien.
und poste mir das Endresultat.mit Notepad oeffnen und kopieren
http://www.mwti.net/antivirus/free_utilities.asp

#Lade Antivirus free
http://www.free-av.de/
scanne\alle Dateien\ , Heuristic...hoch

#Update AdAware und scanneAdAware
#Lade Spybot
http://beam.to/spybotsd
#Lade Spysweeper
http://www.spysweeper.com/download.html

#loesche unter \internetoptionen die temporaryinternetfiles

Dann poste das Log noch mal.

MfG
Nikita :D
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Beitragvon Masterfrezz am 06.07.2004, 22:43

so

Hier ers mal das mwa Log



Tue Jul 06 21:01:45 2004 => Generating Virus List... getvlist.exe C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\vlist.txt

Tue Jul 06 21:01:53 2004 => **********************************************************
Tue Jul 06 21:01:53 2004 => eScan AntiVirus Toolkit Utility.
Tue Jul 06 21:01:53 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jul 06 21:01:53 2004 =>
Tue Jul 06 21:01:53 2004 => Support: support@mwti.net
Tue Jul 06 21:01:53 2004 => Web: http://www.mwti.net
Tue Jul 06 21:01:53 2004 => **********************************************************
Tue Jul 06 21:01:53 2004 => Version 4.2.5
Tue Jul 06 21:01:53 2004 => Log File: C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\mwav.log
Tue Jul 06 21:01:53 2004 => Latest Date of files inside MWAV: 04 Jul 2004 06:06:16.

Tue Jul 06 21:01:53 2004 => Options Selected by User:
Tue Jul 06 21:01:53 2004 => Memory Check: Enabled
Tue Jul 06 21:01:53 2004 => Registry Check: Enabled
Tue Jul 06 21:01:53 2004 => StartUp Folder Check: Enabled
Tue Jul 06 21:01:53 2004 => System Folder Check: Disabled
Tue Jul 06 21:01:53 2004 => System Area Check: Disabled
Tue Jul 06 21:01:53 2004 => Services Check: Enabled
Tue Jul 06 21:01:53 2004 => Drive Check Option Disabled
Tue Jul 06 21:01:53 2004 => Scanning Type: Scan And Clean
Tue Jul 06 21:01:53 2004 => Folder Check: Disabled

Tue Jul 06 21:01:53 2004 => ***** Scanning Memory Files *****
Tue Jul 06 21:01:53 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 21:01:53 2004 => Scanning File C:\WINNT\system32\lsass.exe
Tue Jul 06 21:01:53 2004 => Scanning File C:\WINNT\system32\svchost.exe
Tue Jul 06 21:01:53 2004 => Scanning File C:\WINNT\system32\spoolsv.exe
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\System32\nvsvc32.exe
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\system32\regsvc.exe
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\system32\MSTask.exe
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\System32\WBEM\WinMgmt.exe
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\Explorer.exe
Tue Jul 06 21:01:54 2004 => Scanning File C:\WINNT\System32\P2PNET~1\P2PNET~1.EXE
Tue Jul 06 21:01:55 2004 => Scanning File C:\Programme\ICQLite\ICQLite.exe
Tue Jul 06 21:01:55 2004 => Scanning File C:\PROGRA~2\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Tue Jul 06 21:01:55 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 21:01:55 2004 => ERROR!!! ScanFile Failed Once. Trying to scan again...
Tue Jul 06 21:01:55 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 21:01:55 2004 => ERROR!!! ScanFile Failed Twice. Trying to scan again...
Tue Jul 06 21:01:55 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 21:01:55 2004 => ERROR!!! ScanFile Failed Thrice!!!
Tue Jul 06 21:01:55 2004 => Scanning File C:\WINNT\wt\updater\wcmdmgr.exe
Tue Jul 06 21:01:56 2004 => Scanning File E:\Programme\iTunes\iTunesHelper.exe
Tue Jul 06 21:01:56 2004 => Scanning File C:\WINNT\System32\internat.exe
Tue Jul 06 21:01:56 2004 => Scanning File C:\PROGRA~3\Altnet\DOWNLO~1\asm.exe
Tue Jul 06 21:01:56 2004 => Scanning File C:\Programme\iPod\bin\iPodService.exe
Tue Jul 06 21:01:56 2004 => Scanning File C:\PROGRA~2\INTERN~1\IEXPLORE.EXE
Tue Jul 06 21:01:56 2004 => Scanning File G:\Programme\FlashGet\flashget.exe
Tue Jul 06 21:01:57 2004 => Scanning File G:\Downloads\mwav.exe
Tue Jul 06 21:01:58 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\mwavscan.com
Tue Jul 06 21:01:58 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\kavss.exe
Tue Jul 06 21:01:59 2004 => Scanning File C:\WINNT\System32\notepad.exe

Tue Jul 06 21:01:59 2004 => ***** Scanning Registry Files *****
Tue Jul 06 21:01:59 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Tue Jul 06 21:01:59 2004 => Scanning File C:\WINNT\Explorer.exe
Tue Jul 06 21:01:59 2004 => Scanning File C:\WINNT\system32\userinit.exe
Tue Jul 06 21:01:59 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jul 06 21:01:59 2004 => Scanning File C:\WINNT\system32\mobsync.exe
Tue Jul 06 21:01:59 2004 => Scanning File C:\WINNT\system32\RUNDLL32.EXE
Tue Jul 06 21:01:59 2004 => Scanning File C:\WINNT\system32\nwiz.exe
Tue Jul 06 21:01:59 2004 => Scanning File \bootconf.exe
Tue Jul 06 21:01:59 2004 => File \bootconf.exe infected by "Trojan.Win32.StartPage.y" Virus. Action Taken: File Deleted.

Tue Jul 06 21:01:59 2004 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as \bootconf.exe (which is infected)!
Tue Jul 06 21:01:59 2004 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internat Conf deleted because it is infected by a Virus
Tue Jul 06 21:01:59 2004 => ERROR!!! Invalid Entry CMESys = "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe". Removing it.
Tue Jul 06 21:01:59 2004 => Scanning File C:\WINNT\System32\P2PNET~1\P2PNET~1.EXE
Tue Jul 06 21:02:00 2004 => Scanning File C:\WINNT\wt\updater\wcmdmgrl.exe
Tue Jul 06 21:02:00 2004 => Scanning File C:\WINNT\system32\RUNDLL32.EXE
Tue Jul 06 21:02:00 2004 => Scanning File C:\Programme\ICQLite\ICQLite.exe
Tue Jul 06 21:02:00 2004 => Scanning File C:\PROGRA~2\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Tue Jul 06 21:02:00 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 21:02:00 2004 => ERROR!!! ScanFile Fails...
Tue Jul 06 21:02:00 2004 => ERROR!!! Invalid Entry WhenUSave = "C:\Programme\Save\Save.exe". Removing it.
Tue Jul 06 21:02:00 2004 => Scanning File C:\Programme\QuickTime\qttask.exe
Tue Jul 06 21:02:00 2004 => ERROR!!! Invalid Entry msbb = c:\programme\180solutions\msbb.exe. Removing it.
Tue Jul 06 21:02:00 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\mwavscan.com
Tue Jul 06 21:02:00 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jul 06 21:02:00 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jul 06 21:02:00 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jul 06 21:02:00 2004 => Scanning File C:\WINNT\ouqgpxjpgnp.exe
Tue Jul 06 21:02:01 2004 => File C:\WINNT\ouqgpxjpgnp.exe infected by "Backdoor.SubSeven.215" Virus. Action Taken: File Renamed.

Tue Jul 06 21:02:01 2004 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices has RunningProcess defined as C:\WINNT\ouqgpxjpgnp.exe (which is infected)!
Tue Jul 06 21:02:01 2004 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WinLoader deleted because it is infected by a Virus
Tue Jul 06 21:02:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jul 06 21:02:01 2004 => Scanning File C:\WINNT\system32\internat.exe
Tue Jul 06 21:02:01 2004 => ERROR!!! Invalid Entry ClockSync = "C:\PROGRA~2\CLOCKS~1\Sync.exe" /q. Removing it.
Tue Jul 06 21:02:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jul 06 21:02:01 2004 => Scanning File C:\Programme\ICQLite\ICQLite.exe
Tue Jul 06 21:02:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jul 06 21:02:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jul 06 21:02:01 2004 => Scanning HKCR\txtfile\shell\open\command
Tue Jul 06 21:02:01 2004 => Scanning HKCR\comfile\shell\open\command
Tue Jul 06 21:02:01 2004 => Scanning HKCR\exefile\shell\open\command
Tue Jul 06 21:02:01 2004 => Scanning HKCR\dllfile\shell\open\command
Tue Jul 06 21:02:01 2004 => Scanning HKCR\batfile\shell\open\command
Tue Jul 06 21:02:01 2004 => Scanning HKCR\piffile\shell\open\command
Tue Jul 06 21:02:01 2004 => Scanning HKCR\scrfile\shell\open\command
Tue Jul 06 21:02:01 2004 => Scanning HKCR\scrfile\shell\config\command
Tue Jul 06 21:02:01 2004 => Replacing Registry Value
Tue Jul 06 21:02:01 2004 => Scanning HKCR\regfile\shell\open\command

Tue Jul 06 21:02:01 2004 => ***** Scanning StartUp Folders *****

Tue Jul 06 21:02:01 2004 => ***** Scanning C:\Dokumente und Einstellungen\David B\Startmenü\Programme\Autostart Folder *****
Tue Jul 06 21:02:01 2004 => Scanning Folder: C:\Dokumente und Einstellungen\David B\Startmenü\Programme\Autostart\*.*

Tue Jul 06 21:02:01 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Tue Jul 06 21:02:01 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Tue Jul 06 21:02:01 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\IDETool.lnk
Tue Jul 06 21:02:01 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
Tue Jul 06 21:02:01 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GStartup.lnk

Tue Jul 06 21:02:01 2004 => ***** Scanning Service Files *****
Tue Jul 06 21:02:01 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Jul 06 21:02:01 2004 => Scanning File C:\WINNT\System32\DRIVERS\ACPI.sys
Tue Jul 06 21:02:01 2004 => Scanning File C:\WINNT\System32\drivers\afd.sys
Tue Jul 06 21:02:01 2004 => Scanning File C:\WINNT\System32\drivers\ALCXSENS.SYS
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\drivers\ALCXWDM.SYS
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\sfmatalk.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\asyncmac.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\atapi.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\atmarpc.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\audstub.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\SYSTEM32\DRIVERS\CDANT.SYS
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\CCDECODE.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\cdrom.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\cisvc.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\system32\clipsrv.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\disk.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\dlc.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\dmadmin.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\drivers\dmboot.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\drivers\dmio.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\drivers\dmload.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\drivers\DMusic.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\drivers\enodpl.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\system32\faxsvc.exe
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\fdc.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\flpydisk.sys
Tue Jul 06 21:02:02 2004 => Scanning File C:\WINNT\System32\DRIVERS\ftdisk.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\gameenum.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\msgpc.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\i8042prt.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipfltdrv.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipinip.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipnat.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\Programme\iPod\bin\iPodService.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipsec.sys
Tue Jul 06 21:02:03 2004 => ERROR!!! Invalid Entry System32\DRIVERS\irenum.sys in SYSTEM\CurrentControlSet\Services\IRENUM...
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\isapnp.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\kbdclass.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\drivers\kmixer.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\mnmsrvc.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\mouclass.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\MPE.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\mrxsmb.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\msdtc.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\msgame.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\MsiExec.exe
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\drivers\MSKSSRV.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\drivers\MSPCLOCK.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\drivers\MSPQM.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\drivers\MSTEE.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\NABTSFEC.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\ndistapi.sys
Tue Jul 06 21:02:03 2004 => Scanning File C:\WINNT\System32\DRIVERS\ndiswan.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\netbios.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\netbt.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\system32\netdde.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\system32\netdde.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\system32\drivers\netdtect.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\lsass.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\lsass.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\nv4_mini.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\nvsvc32.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkflt.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkfwd.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkipx.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnknb.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkspx.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwrdr.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\TEMP\OULTRAF.SYS
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\parallel.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\parport.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\pci.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\pciide.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\lsass.exe
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\DRIVERS\raspptp.sys
Tue Jul 06 21:02:04 2004 => Scanning File C:\WINNT\System32\drivers\prodrv06.sys
Tue Jul 06 21:02:12 2004 => Scanning File C:\WINNT\System32\drivers\prohlp02.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 21:02:18 2004 => ERROR!!! Invalid Entry \??\C:\WINNT\System32\DRIVERS\PSTRIP.SYS in SYSTEM\CurrentControlSet\Services\PSTRIP...
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\DRIVERS\ptilink.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\DRIVERS\rasacd.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\DRIVERS\rasl2tp.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\DRIVERS\raspti.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\drivers\RCA.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\DRIVERS\rdbss.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\DRIVERS\redbook.sys
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\system32\regsvc.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\locator.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\system32\svchost.exe
Tue Jul 06 21:02:18 2004 => Scanning File D:\ACCESS~1\rpcsetup.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\rsvp.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\DRIVERS\RTL8139.SYS
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\system32\lsass.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\SCardSvr.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\System32\SCardSvr.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\system32\MSTask.exe
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\SYSTEM32\DRIVERS\SECDRV.SYS
Tue Jul 06 21:02:18 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\system32\svchost.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\serenum.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\serial.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\drivers\sfhlp01.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\SLIP.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\system32\spoolsv.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\srv.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\StreamIP.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\swenum.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\drivers\swmidi.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\drivers\sysaudio.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\system32\smlogsvc.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\drivers\tandpl.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\tcpip.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\system32\tlntsvr.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\uhcd.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\update.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\ups.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbehci.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbhub.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbhub20.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbprint.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\USBSTOR.SYS
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\UtilMan.exe
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\drivers\vga.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\viaagp1.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\viaagp1.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\Drivers\viausb.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\viaide.sys
Tue Jul 06 21:02:19 2004 => Scanning File C:\WINNT\System32\Drivers\VIAPFD.SYS
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\DRIVERS\wanarp.sys
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\drivers\wdmaud.sys
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\WBEM\WinMgmt.exe
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\system32\Services.exe
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\DRIVERS\WSTCODEC.SYS
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\SYSTEM32\DRIVERS\XPROTECTOR.SYS

Tue Jul 06 21:02:20 2004 => ***** Scanning Important System Files *****
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\winsock.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\wsem300.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\ws2_32.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wshtcpip.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wsock32.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\ws2help.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wscript.exe
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wshirda.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wshext.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wshisn.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wshnetbs.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wshom.ocx
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wsecedit.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wstdecod.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wshatm.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\wsnmp32.dll
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\folder.htt
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\folder.htt
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\explorer.scf
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\explorer.exe
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\NOTEPAD.EXE
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\notepad.exe
Tue Jul 06 21:02:20 2004 => Scanning File C:\WINNT\System32\cmd.exe
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\kernel32.dll
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\ntoskrnl.exe
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\ntkrnlpa.exe
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\hal.dll
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\win32k.sys
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\ntdll.dll
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\advapi32.dll
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\user32.dll
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\gdi32.dll
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\bootvid.dll
Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\ntldr.exe
Tue Jul 06 21:02:21 2004 => File C:\WINNT\System32\ntldr.exe infected by "TrojanDropper.Win32.Small.ig" Virus. Action Taken: File Deleted.

Tue Jul 06 21:02:21 2004 => Scanning File C:\WINNT\System32\command.com

Tue Jul 06 21:02:21 2004 => ***** Checking for specific ITW Viruses *****
Tue Jul 06 21:02:21 2004 => Checking for Welchia Virus...
Tue Jul 06 21:02:21 2004 => Checking for LovGate Virus...
Tue Jul 06 21:02:21 2004 => Checking for CodeRed Virus...
Tue Jul 06 21:02:21 2004 => Checking for OpaServ Virus...
Tue Jul 06 21:02:21 2004 => Checking for Sobig.e Virus...
Tue Jul 06 21:02:21 2004 => Checking for Winupie Virus...
Tue Jul 06 21:02:21 2004 => Checking for Swen Virus...
Tue Jul 06 21:02:21 2004 => Checking for JS.Fortnight Virus...
Tue Jul 06 21:02:21 2004 => Checking for Novarg Virus...
Tue Jul 06 21:02:22 2004 => Checking for Pagabot Virus...

Tue Jul 06 21:02:22 2004 => ***** Scanning complete. *****

Tue Jul 06 21:02:22 2004 => Total Number of Files Scanned: 240
Tue Jul 06 21:02:22 2004 => Total Number of Virus(es) Found: 3
Tue Jul 06 21:02:22 2004 => Total Number of Disinfected Files: 0
Tue Jul 06 21:02:22 2004 => Total Number of Files Renamed: 1
Tue Jul 06 21:02:22 2004 => Total Number of Deleted Files: 2
Tue Jul 06 21:02:22 2004 => Total Number of Errors: 10
Tue Jul 06 21:02:22 2004 => Time Elapsed: 00:00:28
Tue Jul 06 21:02:22 2004 => Virus Database Date: 2004/07/04
Tue Jul 06 21:02:22 2004 => Virus Database Count: 95827

Tue Jul 06 21:02:22 2004 => Scan Completed.

Tue Jul 06 21:02:34 2004 => Virus Database Date: 2004/07/04
Tue Jul 06 21:02:34 2004 => Virus Database Count: 95827
Tue Jul 06 21:09:44 2004 => AV Library Unloaded (3)...
Tue Jul 06 22:33:47 2004 => **********************************************************
Tue Jul 06 22:33:47 2004 => eScan AntiVirus Toolkit Utility.
Tue Jul 06 22:33:47 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jul 06 22:33:47 2004 => **********************************************************
Tue Jul 06 22:33:47 2004 => Version 4.2.5
Tue Jul 06 22:33:47 2004 => Log File: C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\mwav.log
Tue Jul 06 22:33:47 2004 => Latest Date of files inside MWAV: 04 Jul 2004 06:06:16.
Tue Jul 06 22:33:49 2004 => AV Library Loaded...
Tue Jul 06 22:33:49 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\kavss.exe
Tue Jul 06 22:33:49 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\Getvlist.exe
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\kavss.dll
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\kavssdi.dll
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\kavssi.dll
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\kavvlg.dll
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\msvlclnt.dll
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\ipc.dll
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\main.avi
Tue Jul 06 22:33:50 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\virus.avi
Tue Jul 06 22:33:50 2004 => Virus Database Date: 2004/07/04
Tue Jul 06 22:33:50 2004 => Virus Database Count: 95827

Tue Jul 06 22:33:56 2004 => **********************************************************
Tue Jul 06 22:33:56 2004 => eScan AntiVirus Toolkit Utility.
Tue Jul 06 22:33:56 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jul 06 22:33:56 2004 =>
Tue Jul 06 22:33:56 2004 => Support: support@mwti.net
Tue Jul 06 22:33:56 2004 => Web: http://www.mwti.net
Tue Jul 06 22:33:56 2004 => **********************************************************
Tue Jul 06 22:33:56 2004 => Version 4.2.5
Tue Jul 06 22:33:56 2004 => Log File: C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\mwav.log
Tue Jul 06 22:33:56 2004 => Latest Date of files inside MWAV: 04 Jul 2004 06:06:16.

Tue Jul 06 22:33:56 2004 => Options Selected by User:
Tue Jul 06 22:33:56 2004 => Memory Check: Enabled
Tue Jul 06 22:33:56 2004 => Registry Check: Enabled
Tue Jul 06 22:33:56 2004 => StartUp Folder Check: Enabled
Tue Jul 06 22:33:56 2004 => System Folder Check: Disabled
Tue Jul 06 22:33:56 2004 => System Area Check: Disabled
Tue Jul 06 22:33:56 2004 => Services Check: Enabled
Tue Jul 06 22:33:56 2004 => Drive Check Option Disabled
Tue Jul 06 22:33:56 2004 => Scanning Type: Scan And Clean
Tue Jul 06 22:33:56 2004 => Folder Check: Disabled

Tue Jul 06 22:33:56 2004 => ***** Scanning Memory Files *****
Tue Jul 06 22:33:56 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\system32\lsass.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\system32\svchost.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\system32\spoolsv.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\System32\nvsvc32.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\system32\regsvc.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\system32\MSTask.exe
Tue Jul 06 22:33:57 2004 => Scanning File C:\WINNT\System32\WBEM\WinMgmt.exe
Tue Jul 06 22:33:58 2004 => Scanning File C:\WINNT\Explorer.exe
Tue Jul 06 22:33:58 2004 => Scanning File C:\WINNT\System32\P2PNET~1\P2PNET~1.EXE
Tue Jul 06 22:33:59 2004 => Scanning File C:\Programme\ICQLite\ICQLite.exe
Tue Jul 06 22:33:59 2004 => Scanning File C:\PROGRA~2\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Tue Jul 06 22:34:00 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 22:34:00 2004 => ERROR!!! ScanFile Failed Once. Trying to scan again...
Tue Jul 06 22:34:00 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 22:34:00 2004 => ERROR!!! ScanFile Failed Twice. Trying to scan again...
Tue Jul 06 22:34:00 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 22:34:00 2004 => ERROR!!! ScanFile Failed Thrice!!!
Tue Jul 06 22:34:00 2004 => Scanning File C:\WINNT\wt\updater\wcmdmgr.exe
Tue Jul 06 22:34:01 2004 => Scanning File E:\Programme\iTunes\iTunesHelper.exe
Tue Jul 06 22:34:01 2004 => Scanning File C:\WINNT\System32\internat.exe
Tue Jul 06 22:34:01 2004 => Scanning File C:\PROGRA~3\Altnet\DOWNLO~1\asm.exe
Tue Jul 06 22:34:03 2004 => Scanning File C:\Programme\iPod\bin\iPodService.exe
Tue Jul 06 22:34:03 2004 => Scanning File G:\Downloads\mwav.exe
Tue Jul 06 22:34:06 2004 => Scanning File C:\WINNT\System32\notepad.exe
Tue Jul 06 22:34:06 2004 => Scanning File C:\Programme\Ventrilo\Ventrilo.exe
Tue Jul 06 22:34:07 2004 => Scanning File E:\LR5ANT~2\AVWUPSRV.EXE
Tue Jul 06 22:34:07 2004 => Scanning File E:\LR5ANT~2\AVGUARD.EXE
Tue Jul 06 22:34:07 2004 => Scanning File E:\LR5ANT~2\AVGNT.EXE
Tue Jul 06 22:34:07 2004 => Scanning File f:\PROGRA~1\KAZAAL~1\clean.kmd
Tue Jul 06 22:34:10 2004 => Scanning File C:\PROGRA~2\GEMEIN~1\Real\UPDATE~1\REALON~1.EXE
Tue Jul 06 22:34:10 2004 => Scanning File C:\PROGRA~2\Webroot\SPYSWE~1\SPYSWE~1.EXE
Tue Jul 06 22:34:11 2004 => Scanning File E:\LR4MWA~1\mwav.exe
Tue Jul 06 22:34:13 2004 => Scanning File E:\LR4MWA~1\mwav.exe
Tue Jul 06 22:34:15 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\mwavscan.com
Tue Jul 06 22:34:15 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\kavss.exe

Tue Jul 06 22:34:15 2004 => ***** Scanning Registry Files *****
Tue Jul 06 22:34:15 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Tue Jul 06 22:34:15 2004 => Scanning File C:\WINNT\Explorer.exe
Tue Jul 06 22:34:15 2004 => Scanning File C:\WINNT\system32\userinit.exe
Tue Jul 06 22:34:16 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jul 06 22:34:16 2004 => Scanning File C:\WINNT\system32\mobsync.exe
Tue Jul 06 22:34:16 2004 => Scanning File C:\WINNT\system32\RUNDLL32.EXE
Tue Jul 06 22:34:16 2004 => Scanning File C:\WINNT\system32\nwiz.exe
Tue Jul 06 22:34:16 2004 => Scanning File c:\PROGRA~3\altnet\POINTS~1\POINTS~1.EXE
Tue Jul 06 22:34:17 2004 => Scanning File C:\WINNT\SOUNDMAN.EXE
Tue Jul 06 22:34:17 2004 => Scanning File C:\WINNT\System32\P2PNET~1\P2PNET~1.EXE
Tue Jul 06 22:34:18 2004 => Scanning File C:\WINNT\wt\updater\wcmdmgrl.exe
Tue Jul 06 22:34:18 2004 => Scanning File C:\WINNT\system32\RUNDLL32.EXE
Tue Jul 06 22:34:18 2004 => Scanning File C:\Programme\ICQLite\ICQLite.exe
Tue Jul 06 22:34:18 2004 => Scanning File C:\PROGRA~2\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Tue Jul 06 22:34:18 2004 => Scanning File C:\WINNT\System32\qpglzy.exe
Tue Jul 06 22:34:18 2004 => ERROR!!! ScanFile Fails...
Tue Jul 06 22:34:18 2004 => Scanning File E:\Programme\iTunes\iTunesHelper.exe
Tue Jul 06 22:34:18 2004 => Scanning File C:\Programme\QuickTime\qttask.exe
Tue Jul 06 22:34:19 2004 => ERROR!!! Invalid Entry ntldr = C:\WINNT\System32\ntldr.exe. Removing it.
Tue Jul 06 22:34:19 2004 => Scanning File E:\LR5ANT~2\AVGNT.EXE
Tue Jul 06 22:34:19 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jul 06 22:34:19 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jul 06 22:34:19 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jul 06 22:34:19 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jul 06 22:34:19 2004 => Scanning File C:\WINNT\system32\internat.exe
Tue Jul 06 22:34:19 2004 => ERROR!!! Invalid Entry WeatherCast = "C:\Programme\WeatherCast\Weather.exe" /q. Removing it.
Tue Jul 06 22:34:19 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jul 06 22:34:19 2004 => Scanning File C:\Programme\ICQLite\ICQLite.exe
Tue Jul 06 22:34:19 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jul 06 22:34:19 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jul 06 22:34:19 2004 => Scanning HKCR\txtfile\shell\open\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\comfile\shell\open\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\exefile\shell\open\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\dllfile\shell\open\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\batfile\shell\open\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\piffile\shell\open\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\scrfile\shell\open\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\scrfile\shell\config\command
Tue Jul 06 22:34:19 2004 => Scanning HKCR\regfile\shell\open\command

Tue Jul 06 22:34:19 2004 => ***** Scanning StartUp Folders *****

Tue Jul 06 22:34:19 2004 => ***** Scanning C:\Dokumente und Einstellungen\David B\Startmenü\Programme\Autostart Folder *****
Tue Jul 06 22:34:19 2004 => Scanning Folder: C:\Dokumente und Einstellungen\David B\Startmenü\Programme\Autostart\*.*

Tue Jul 06 22:34:19 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Tue Jul 06 22:34:19 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Tue Jul 06 22:34:19 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\IDETool.lnk
Tue Jul 06 22:34:19 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
Tue Jul 06 22:34:19 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GStartup.lnk

Tue Jul 06 22:34:19 2004 => ***** Scanning Service Files *****
Tue Jul 06 22:34:19 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Jul 06 22:34:19 2004 => Scanning File C:\WINNT\System32\DRIVERS\ACPI.sys
Tue Jul 06 22:34:19 2004 => Scanning File C:\WINNT\System32\drivers\afd.sys
Tue Jul 06 22:34:19 2004 => Scanning File C:\WINNT\System32\drivers\ALCXSENS.SYS
Tue Jul 06 22:34:20 2004 => Scanning File C:\WINNT\System32\drivers\ALCXWDM.SYS
Tue Jul 06 22:34:20 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:20 2004 => Scanning File E:\LR5ANT~2\AVGUARD.EXE
Tue Jul 06 22:34:20 2004 => Scanning File C:\WINNT\System32\DRIVERS\sfmatalk.sys
Tue Jul 06 22:34:20 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 22:34:20 2004 => Scanning File C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Tue Jul 06 22:34:20 2004 => Scanning File C:\WINNT\System32\DRIVERS\asyncmac.sys
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\atapi.sys
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\atmarpc.sys
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\audstub.sys
Tue Jul 06 22:34:21 2004 => Scanning File E:\LR5ANT~2\AVGNTDD.SYS
Tue Jul 06 22:34:21 2004 => Scanning File E:\LR5ANT~2\AVWUPSRV.EXE
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\SYSTEM32\DRIVERS\CDANT.SYS
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\CCDECODE.sys
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\cdrom.sys
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\cisvc.exe
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\system32\clipsrv.exe
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\disk.sys
Tue Jul 06 22:34:21 2004 => Scanning File C:\WINNT\System32\DRIVERS\dlc.sys
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\dmadmin.exe
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\drivers\dmboot.sys
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\drivers\dmio.sys
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\drivers\dmload.sys
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\drivers\DMusic.sys
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\drivers\enodpl.sys
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:22 2004 => Scanning File C:\WINNT\system32\faxsvc.exe
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\fdc.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\flpydisk.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\ftdisk.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\gameenum.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\msgpc.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\i8042prt.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipfltdrv.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipinip.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipnat.sys
Tue Jul 06 22:34:23 2004 => Scanning File C:\Programme\iPod\bin\iPodService.exe
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\ipsec.sys
Tue Jul 06 22:34:23 2004 => ERROR!!! Invalid Entry System32\DRIVERS\irenum.sys in SYSTEM\CurrentControlSet\Services\IRENUM...
Tue Jul 06 22:34:23 2004 => Scanning File C:\WINNT\System32\DRIVERS\isapnp.sys
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\DRIVERS\kbdclass.sys
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\drivers\kmixer.sys
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\mnmsrvc.exe
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\DRIVERS\mouclass.sys
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\DRIVERS\MPE.sys
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\DRIVERS\mrxsmb.sys
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\msdtc.exe
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\DRIVERS\msgame.sys
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\MsiExec.exe
Tue Jul 06 22:34:24 2004 => Scanning File C:\WINNT\System32\drivers\MSKSSRV.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\drivers\MSPCLOCK.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\drivers\MSPQM.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\drivers\MSTEE.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\DRIVERS\NABTSFEC.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\DRIVERS\ndistapi.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\DRIVERS\ndiswan.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\DRIVERS\netbios.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\DRIVERS\netbt.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\system32\netdde.exe
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\system32\netdde.exe
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\system32\drivers\netdtect.sys
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\lsass.exe
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\lsass.exe
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:25 2004 => Scanning File C:\WINNT\System32\DRIVERS\nv4_mini.sys
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\nvsvc32.exe
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkflt.sys
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkfwd.sys
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkipx.sys
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnknb.sys
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwlnkspx.sys
Tue Jul 06 22:34:26 2004 => Scanning File C:\WINNT\System32\DRIVERS\nwrdr.sys
Tue Jul 06 22:34:27 2004 => Scanning File C:\DOKUME~1\DAVIDB~1\LOKALE~1\TEMP\OULTRAF.SYS
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\System32\DRIVERS\parallel.sys
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\System32\DRIVERS\parport.sys
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\System32\DRIVERS\pci.sys
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\System32\DRIVERS\pciide.sys
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\System32\lsass.exe
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\System32\DRIVERS\raspptp.sys
Tue Jul 06 22:34:27 2004 => Scanning File C:\WINNT\System32\drivers\prodrv06.sys
Tue Jul 06 22:34:36 2004 => Scanning File C:\WINNT\System32\drivers\prohlp02.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 22:34:43 2004 => ERROR!!! Invalid Entry \??\C:\WINNT\System32\DRIVERS\PSTRIP.SYS in SYSTEM\CurrentControlSet\Services\PSTRIP...
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\DRIVERS\ptilink.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\DRIVERS\rasacd.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\DRIVERS\rasl2tp.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\DRIVERS\raspti.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\drivers\RCA.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\DRIVERS\rdbss.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\DRIVERS\redbook.sys
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\system32\regsvc.exe
Tue Jul 06 22:34:43 2004 => Scanning File C:\WINNT\System32\locator.exe
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\system32\svchost.exe
Tue Jul 06 22:34:44 2004 => Scanning File D:\ACCESS~1\rpcsetup.exe
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\System32\rsvp.exe
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\System32\DRIVERS\RTL8139.SYS
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\system32\lsass.exe
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\System32\SCardSvr.exe
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\System32\SCardSvr.exe
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\system32\MSTask.exe
Tue Jul 06 22:34:44 2004 => Scanning File C:\WINNT\SYSTEM32\DRIVERS\SECDRV.SYS
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\system32\svchost.exe
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\DRIVERS\serenum.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\DRIVERS\serial.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\drivers\sfhlp01.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\DRIVERS\SLIP.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\system32\spoolsv.exe
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\DRIVERS\srv.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\DRIVERS\StreamIP.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\DRIVERS\swenum.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\drivers\swmidi.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\drivers\sysaudio.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\system32\smlogsvc.exe
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\drivers\tandpl.sys
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\svchost.exe
Tue Jul 06 22:34:45 2004 => Scanning File C:\WINNT\System32\DRIVERS\tcpip.sys
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\system32\tlntsvr.exe
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\system32\services.exe
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\DRIVERS\uhcd.sys
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\DRIVERS\update.sys
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\ups.exe
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbehci.sys
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbhub.sys
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbhub20.sys
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\DRIVERS\usbprint.sys
Tue Jul 06 22:34:46 2004 => Scanning File C:\WINNT\System32\DRIVERS\USBSTOR.SYS
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\UtilMan.exe
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\drivers\vga.sys
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\DRIVERS\viaagp1.sys
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\DRIVERS\viaagp1.sys
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\Drivers\viausb.sys
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\DRIVERS\viaide.sys
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\Drivers\VIAPFD.SYS
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\services.exe
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\DRIVERS\wanarp.sys
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\drivers\wdmaud.sys
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\WBEM\WinMgmt.exe
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\system32\Services.exe
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\System32\DRIVERS\WSTCODEC.SYS
Tue Jul 06 22:34:47 2004 => Scanning File C:\WINNT\SYSTEM32\DRIVERS\XPROTECTOR.SYS

Tue Jul 06 22:34:48 2004 => ***** Scanning Important System Files *****
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\winsock.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\wsem300.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\ws2_32.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wshtcpip.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wsock32.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\ws2help.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wscript.exe
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wshirda.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wshext.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wshisn.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wshnetbs.dll
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wshom.ocx
Tue Jul 06 22:34:48 2004 => Scanning File C:\WINNT\System32\wsecedit.dll
Tue Jul 06 22:34:49 2004 => Scanning File C:\WINNT\System32\wstdecod.dll
Tue Jul 06 22:34:49 2004 => Scanning File C:\WINNT\System32\wshatm.dll
Tue Jul 06 22:34:49 2004 => Scanning File C:\WINNT\System32\wsnmp32.dll
Tue Jul 06 22:34:49 2004 => Scanning File C:\WINNT\folder.htt
Tue Jul 06 22:34:49 2004 => Scanning File C:\WINNT\System32\folder.htt
Tue Jul 06 22:34:49 2004 => Scanning File C:\WINNT\explorer.scf
Tue Jul 06 22:34:50 2004 => Scanning File C:\WINNT\explorer.exe
Tue Jul 06 22:34:50 2004 => Scanning File C:\WINNT\NOTEPAD.EXE
Tue Jul 06 22:34:50 2004 => Scanning File C:\WINNT\System32\notepad.exe
Tue Jul 06 22:34:50 2004 => Scanning File C:\WINNT\System32\cmd.exe
Tue Jul 06 22:34:50 2004 => Scanning File C:\WINNT\System32\kernel32.dll
Tue Jul 06 22:34:50 2004 => Scanning File C:\WINNT\System32\ntoskrnl.exe
Tue Jul 06 22:34:51 2004 => Scanning File C:\WINNT\System32\ntkrnlpa.exe
Tue Jul 06 22:34:52 2004 => Scanning File C:\WINNT\System32\hal.dll
Tue Jul 06 22:34:52 2004 => Scanning File C:\WINNT\System32\win32k.sys
Tue Jul 06 22:34:52 2004 => Scanning File C:\WINNT\System32\ntdll.dll
Tue Jul 06 22:34:53 2004 => Scanning File C:\WINNT\System32\advapi32.dll
Tue Jul 06 22:34:53 2004 => Scanning File C:\WINNT\System32\user32.dll
Tue Jul 06 22:34:53 2004 => Scanning File C:\WINNT\System32\gdi32.dll
Tue Jul 06 22:34:53 2004 => Scanning File C:\WINNT\System32\bootvid.dll
Tue Jul 06 22:34:53 2004 => Scanning File C:\WINNT\System32\command.com

Tue Jul 06 22:34:53 2004 => ***** Checking for specific ITW Viruses *****
Tue Jul 06 22:34:53 2004 => Checking for Welchia Virus...
Tue Jul 06 22:34:53 2004 => Checking for LovGate Virus...
Tue Jul 06 22:34:53 2004 => Checking for CodeRed Virus...
Tue Jul 06 22:34:53 2004 => Checking for OpaServ Virus...
Tue Jul 06 22:34:53 2004 => Checking for Sobig.e Virus...
Tue Jul 06 22:34:53 2004 => Checking for Winupie Virus...
Tue Jul 06 22:34:53 2004 => Checking for Swen Virus...
Tue Jul 06 22:34:53 2004 => Checking for JS.Fortnight Virus...
Tue Jul 06 22:34:53 2004 => Checking for Novarg Virus...
Tue Jul 06 22:34:53 2004 => Checking for Pagabot Virus...

Tue Jul 06 22:34:53 2004 => ***** Scanning complete. *****

Tue Jul 06 22:34:53 2004 => Total Number of Files Scanned: 250
Tue Jul 06 22:34:53 2004 => Total Number of Virus(es) Found: 0
Tue Jul 06 22:34:53 2004 => Total Number of Disinfected Files: 0
Tue Jul 06 22:34:53 2004 => Total Number of Files Renamed: 0
Tue Jul 06 22:34:53 2004 => Total Number of Deleted Files: 0
Tue Jul 06 22:34:53 2004 => Total Number of Errors: 8
Tue Jul 06 22:34:53 2004 => Time Elapsed: 00:00:57
Tue Jul 06 22:34:53 2004 => Virus Database Date: 2004/07/04
Tue Jul 06 22:34:53 2004 => Virus Database Count: 95827

Tue Jul 06 22:34:53 2004 => Scan Completed.




---------------------------------------und HijackThis---------------------------------------------





Logfile of HijackThis v1.98.0
Scan saved at 22:36:00, on 06.07.2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINNT\System32\qpglzy.exe
C:\WINNT\wt\updater\wcmdmgr.exe
E:\Programme\iTunes\iTunesHelper.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~3\Altnet\DOWNLO~1\asm.exe
C:\Programme\iPod\bin\iPodService.exe
G:\Downloads\mwav.exe
C:\Programme\Ventrilo\Ventrilo.exe
E:\lr5 AntiViren prog\AVWUPSRV.EXE
E:\lr5 AntiViren prog\AVGUARD.EXE
E:\lr5 AntiViren prog\AVGNT.EXE
f:\Programme\Kazaa Lite\clean.kmd
C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
E:\lr4 mwav\mwav.exe
E:\lr4 mwav\mwav.exe
C:\WINNT\System32\notepad.exe
E:\lr3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-for-you.com/srh/145/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chip.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-for-you.com/145
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F0 - system.ini: Shell=
F1 - win.ini: run=msinfo.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll (file missing)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7762E325-B77E-4B26-8636-F03549F79C61} - C:\WINNT\System32\efhe.dll (file missing)
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINNT\System32\winnet.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jdzyijtbj] C:\WINNT\System32\qpglzy.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\DAVIDB~1\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [AVGCtrl] E:\lr5 AntiViren prog\AVGNT.EXE /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Alles mit FlashGet laden - G:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - G:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O16 - DPF: {912DC742-755C-4F1D-9F77-DFF88C344083} (Vacpro.switzerland) - http://www.7adpower.com/dialer/switzerland.CAB


soll ich jetzt noch firefox Laden?
Masterfrezz
 
Beiträge: 5
Registriert: 06.07.2004, 18:50
Nach oben

Beitragvon Nikita am 07.07.2004, 11:55

fixe genau, was ich poste


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-for-you.com/srh/145/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-for-you.com/srh/145/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-for-you.com/145
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-for-you.com/srh/145/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

F1 - win.ini: run=msinfo.exe

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll (file missing)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: (no name) - {7762E325-B77E-4B26-8636-F03549F79C61} - C:\WINNT\System32\efhe.dll (file missing)
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINNT\System32\winnet.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jdzyijtbj] C:\WINNT\System32\qpglzy.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe

neustarten


#Lade von dieser Seite...etwas weiter unten den CWShredder
http://www.efficiente.co.uk/msinfo-exe-error.html

.......................................................................................................
#C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
1.) First go to Add/Remove Programs in the Control Panel and remove any Gator.com applications - Date Manager, Precision Time or Gator eWallet. (These will try to restart Gator/GAIN.) If you are lucky, Gator may actually uninstall by itself at this point. If so, skip the following paragraph.

Otherwise, open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Select it and, on the right hand side, right-click the 'CMESys' entry and click 'Delete'. In some earlier variants there might also be a 'GMT' entry; you can delete