Hallo erstmal an alle,

ich bin ziemlich verzweifelt, denn an meinem Computer funktioniert so gut wie gar nichts mehr. Mein Virenscanner findet die ganze Zeit einen "padobot.z.1" und "padobot.z.2" und noch ein trojanisches pferd. aber entfernen kann ich diese nicht.

ich habe im internet rumgesucht und dort stand, dass padobot mit einem korog-removing-tool entfernt werden kann. das tool hat bei mir aber nichts gefunden. der trojanhunter fand auch nichts. spybot und addaware haben zwar ein paar sachen gefunden aber nicht das padobot-problem gelöst.

ein freund meinte, dass ich hier hilfe finden könnte, indem ich einen hijackthis-log poste. ich habe nun im abgesicherten modus von windows xp einen log erzeugt und möchte diesen nun hier über den pc eines freundes posten.

ich bedanke mich schon jetzt für antworten und hilfe. ich hoffe ihr könnt mir helfen.

der log lautet:

Logfile of HijackThis v1.99.1
Scan saved at 22:47:41, on 25.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice-dsl.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O21 - SSODL: ECAEDDEG - {5D98314E-6510-068E-4F73-019345F824EC} - C:\WINDOWS\System32\Bmejmd32.dll
O21 - SSODL: mtklef - {1FCFE7CA-8964-4311-2EBD-CA02EC7A3BD1} - C:\WINDOWS\System32\ldjvld32.dll
O21 - SSODL: mtklefa - {77165858-E759-48F2-2BBA-866434F8588C} - C:\WINDOWS\System32\pkzgj32.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hallo,

dies sind die Malware Einträge:

Zitat:

O21 - SSODL: ECAEDDEG - {5D98314E-6510-068E-4F73-019345F824EC} - C:\WINDOWS\System32\Bmejmd32.dll
O21 - SSODL: mtklef - {1FCFE7CA-8964-4311-2EBD-CA02EC7A3BD1} - C:\WINDOWS\System32\ldjvld32.dll
O21 - SSODL: mtklefa - {77165858-E759-48F2-2BBA-866434F8588C} - C:\WINDOWS\System32\pkzgj32.dll

Scanne mit eScan AntiVirus im abgesicherten Modus und poste uns die Virus Log Information

btw:
Dein HJT Log-File sollte im normalen Modus erstellt werden.

Hallo Cidre,

erst einmal vielen dank für deine super schnelle antwort.

ich habe die von dir genannten einträge gelöscht und escan im abgesicherten modus laufen lassen.

ich hoffe du kannst mir weiterhelfen.

der virus-log von escan lautet:

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-dan.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-cht.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-nld.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-fra.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-ita.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-jpn.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-kor.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-nor.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-ptg.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-rus.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-esp.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-sve.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-fin.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-ptb.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-chs.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-plk.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-csy.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-sky.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-slv.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-hun.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\coverdesigner\covered-tha.nls". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{0514B040-84EA-11D0-A8BF-00A0C9008A48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" refers to invalid object "C:\WINDOWS\System32\msjava.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{BFFFD262-7705-11D0-B5DC-444553540000}" refers to
invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action
Taken.

Entry "HKCR\CLSID\{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.

Entry "HKCR\Automap.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Entry "HKCR\Automap.Map.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Entry "HKCR\Automap.Template.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.

Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.

File C:\WINDOWS\System32\Bmejmd32.dll infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\System32\Bpcdpilb.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\System32\ECAEDDEG.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\System32\fsb.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\System32\ldjvld32.dll infected by "Trojan-Spy.Win32.Qukart.s" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\System32\pkzgj32.dll infected by "Trojan-Spy.Win32.Qukart.s" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\System32\Qkpclc32.dll infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006686.sys infected by "Trojan-Spy.Win32.Qukart.s" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006693.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action
Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006695.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006705.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006706.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006712.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume
Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006713.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006721.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006784.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0006793.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0007794.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0008794.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0009794.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0011796.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP75\A0012796.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\ISW\alice\signup\pdndisp.dll tagged as not-a-virus:Tool.WinCap. No Action Taken.

File C:\WINDOWS\system32\Bmejmd32.dll infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\Bpcdpilb.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EBM3ETEJ\xxxxxxx[1] infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EBM3ETEJ\xxxxxxx[2] infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRC9I7QR\xxxxxxx[1] infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S5830N8H\xxxxxxx[1] infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\ECAEDDEG.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\fsb.exe infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\ldjvld32.dll infected by "Trojan-Spy.Win32.Qukart.s" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\pkzgj32.dll infected by "Trojan-Spy.Win32.Qukart.s" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\Qkpclc32.dll infected by "Net-Worm.Win32.Padobot.z" Virus! Action Taken: No Action Taken.

Aufgrund kann der Schadroutine von Net-Worm.Win32.Padobot.z und Trojan-Spy.Win32.Qukart.s, solltest du dein System zur deiner eigenen Sicherheit neu aufsetzen, siehe meine Signatur.

Oh, ok..... ich habe es befürchtet.Trotzdem vielen Dank für Deine Hilfe.

Ich werde der Anleitung in Deiner Signatur folgen.