Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Winupd~1 error? virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.03.2007, 13:37   #1
Playah88
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



Ich hab nen dickes problem.
Also ich hab seit nen halben jahr den wen ich den PC hochfahre 2x den fehler auf den desktop Winupd~1. Ich bekomm ihn nicht weg aber seit ich ein game spielen wollte aber nach installation nicht mehr die CD findet denke ich das es daran liegen muss da ich mich in google erkundet hab.... Hab schon alle virus programme versucht nix hilft....

Logfile of HijackThis v1.99.1
Scan saved at 13:27:34, on 17.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
E:\eScan\TRAYICOS.EXE
E:\eScan\AVPMWrap.EXE
D:\ICQLite\ICQLite.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\QuickTime\qttask.exe
D:\QUICKTIME\iTunesHelper.exe
C:\WINDOWS\system32\ntvdm.exe
E:\eScan\license.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
E:\eScan\TRAYSSER.EXE
E:\eScan\avpm.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
E:\eScan\AvpM.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\??crosoft.NET\n?lookup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\MSN Apps\Updater\01.02.0002.1001\de\msnappau.exe
E:\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {94BE3933-D4FA-AA0D-A939-8CEA6DC27591} - C:\WINDOWS\system32\sowdqfei.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {94BE3933-D4FA-AA0D-A939-8CEA6DC27591} - C:\WINDOWS\system32\sowdqfei.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programme\DNS\Catcher.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.2607.0\de\msntb.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Programme\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.0002.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [MailScan Dispatcher] "E:\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] E:\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] E:\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [ICQ Lite] "D:\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\QUICKTIME\iTunesHelper.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wuauboot.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - E:\eScan\TRAYSSER.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - E:\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Alt 17.03.2007, 14:01   #2
Berferd
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



Hallo,

scanne einmal die fogende Datei bei http://www.virustotal.com :
C:\WINDOWS\system32\??crosoft.NET\n?lookup.exe

Fixe mit HijackThis folgende Einträge:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {94BE3933-D4FA-AA0D-A939-8CEA6DC27591} - C:\WINDOWS\system32\sowdqfei.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {94BE3933-D4FA-AA0D-A939-8CEA6DC27591} - C:\WINDOWS\system32\sowdqfei.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programme\DNS\Catcher.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Programme\Toolbar888\ToolBar888.dll
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-110-12-0000140.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFix er2005ScannerInstallDE.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wuauboot.dll

Dann sehen wir weiter

Gruß
Oskar
__________________


Alt 17.03.2007, 14:04   #3
Rene-gad
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



@Playah88
Zitat:
C:\WINDOWS\system32\??crosoft.NET\n?lookup.exe
C:\WINDOWS\system32\sowdqfei.dll
C:\Programme\Gemeinsame Dateien\mc-110-12-0000140.exe
C:\WINDOWS\system32\wuauboot.dll
Bitte diese Dateien bei www.virustotal.com scannen, Protokolle hier posten.
__________________

Alt 17.03.2007, 14:08   #4
Playah88
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



An unexplected error has occured at procedure: modbackup_makebackup(sitem=O20 - Appinit_DLLs: C:\Windows\system32\wuauboot.dll)
Error #5 - Invalid procedure call or argument.


Mhmm das kam als ich versucht hab die 10 zu fixen...?


---

STATUS: SCANNINGFile "mc-110-12-0000140.exe" received on 03.17.2007 at 14:16:15 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 Win-Trojan/MulDrop.342636
AntiVir 7.3.1.43 03.17.2007 ADSPY/Shorty
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 Win32:Adware-gen.
AVG 7.5.0.447 03.16.2007 no virus found


Aditional Information
File size: 342636 bytes
MD5: 84d5f05716bb0757445d5de1d3234d56
SHA1: dbd3391b489e08d61619fa4411bf692e9b7bcc2b



STATUS: SCANNINGFile "nslookup.exe" received on 03.17.2007 at 14:19:46 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.17.2007 no virus found
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 no virus found
AVG 7.5.0.447 03.16.2007 no virus found
BitDefender 7.2 03.17.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 no virus found


Aditional Information
File size: 80896 bytes
MD5: e21fe0fe82708a631e7379b907d7babd
SHA1: 22b68f1b336ede9ab9ee9b1c5fa120ee384005bf


STATUS: SCANNINGFile "sowdqfei.dll" received on 03.17.2007 at 14:22:24 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.17.2007 ADSPY/PurityScan.AK.98
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 Win32:Agent-RY

STATUS: SCANNINGFile "wuauboot.dll" received on 03.17.2007 at 14:24:04 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 Win-AppCare/Clickspring.81920
AntiVir 7.3.1.43 03.17.2007 ADSPY/PurityScan.EN.1
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 Win32:Ndrv
AVG 7.5.0.447 03.16.2007 Adware Generic.OFX
BitDefender 7.2 03.17.2007 Adware.PurityScan.D
CAT-QuickHeal 9.00 03.15.2007 AdWare.PurityScan.en (Not a Virus)


Aditional Information
File size: 81920 bytes
MD5: f86d149084e9b644ab14dae81262cb3e
SHA1: 1b25960b9ade6ebb55f0ab6d8cf673bacb74a15e

Aditional Information
File size: 139264 bytes
MD5: 1477ec0e0fca33ca4f48d6834de827dc
SHA1: 302f7c2d29e126f231ccba7724705277682f983d

Geändert von Playah88 (17.03.2007 um 14:25 Uhr)

Alt 17.03.2007, 15:35   #5
Franz1968
/// Helfer-Team
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



Warum postest du die Ergebnisse nicht vollständig? Versuch es bitte noch mal. Scannen bei Virustotal, komplette Ergebnisse für jede einzelne gescannte Datei posten.

__________________
Alle Tipps und Anleitungen ohne Gewähr

Alt 17.03.2007, 16:42   #6
Playah88
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



STATUS: FINISHEDComplete scanning result of "wuauboot.dll", received in VirusTotal at 03.17.2007, 16:13:18 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 Win-AppCare/Clickspring.81920
AntiVir 7.3.1.43 03.17.2007 ADSPY/PurityScan.EN.1
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 Win32:Ndrv
AVG 7.5.0.447 03.17.2007 Adware Generic.OFX
BitDefender 7.2 03.17.2007 Adware.PurityScan.D
CAT-QuickHeal 9.00 03.15.2007 AdWare.PurityScan.en (Not a Virus)
ClamAV 0.90.1 03.17.2007 Trojan.PurityScan.EN
DrWeb 4.33 03.17.2007 no virus found
eSafe 7.0.14.0 03.16.2007 Spyware.Purityscan
eTrust-Vet 30.6.3486 03.16.2007 Win32/Clspring.EZ
Ewido 4.0 03.17.2007 Adware.PurityScan
FileAdvisor 1 03.17.2007 no virus found
Fortinet 2.85.0.0 03.17.2007 Adware/Purityscan
F-Prot 4.3.1.45 03.17.2007 W32/Adware.YT
F-Secure 6.70.13030.0 03.16.2007 no virus found
Ikarus T3.1.1.3 03.17.2007 AdWare.Win32.PurityScan.en
Kaspersky 4.0.2.24 03.17.2007 not-a-virus:AdWare.Win32.PurityScan.en
McAfee 4986 03.16.2007 potentially unwanted program Adware-ClickSpring
Microsoft 1.2306 03.17.2007 Adware:Win32/ClickSpring.PuritySCAN
NOD32v2 2123 03.17.2007 Win32/Adware.PurityScan
Norman 5.80.02 03.16.2007 W32/PurityScan.YM
Panda 9.0.0.4 03.17.2007 Adware/PurityScan
Prevx1 V2 03.17.2007 Trojan.VMMSWM
Sophos 4.15.0 03.13.2007 PurityScan
Sunbelt 2.2.907.0 03.16.2007 ClickSpring.PuritySCAN
Symantec 10 03.17.2007 Adware.Purityscan
TheHacker 6.1.6.076 03.15.2007 Adware/PurityScan.en
UNA 1.83 03.16.2007 Adware.PurityScan.AAA8
VBA32 3.11.2 03.16.2007 AdWare.Win32.PurityScan.en
VirusBuster 4.3.7:9 03.17.2007 no virus found


Aditional Information
File size: 81920 bytes
MD5: f86d149084e9b644ab14dae81262cb3e
SHA1: 1b25960b9ade6ebb55f0ab6d8cf673bacb74a15e
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=ce6c25033488
Sunbelt info: PurityScan is an ad supported program that scans the user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.

----

STATUS: FINISHEDComplete scanning result of "mc-110-12-0000140.exe", received in VirusTotal at 03.17.2007, 16:20:10 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 Win-Trojan/MulDrop.342636
AntiVir 7.3.1.43 03.17.2007 ADSPY/Shorty
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 Win32:Adware-gen.
AVG 7.5.0.447 03.17.2007 no virus found
BitDefender 7.2 03.17.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 (Suspicious) - DNAScan
ClamAV 0.90.1 03.17.2007 no virus found
DrWeb 4.33 03.17.2007 no virus found
eSafe 7.0.14.0 03.16.2007 suspicious Trojan/Worm
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.17.2007 Downloader.Small
FileAdvisor 1 03.17.2007 no virus found
Fortinet 2.85.0.0 03.17.2007 Adware/Shorty
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.16.2007 no virus found
Ikarus T3.1.1.3 03.17.2007 no virus found
Kaspersky 4.0.2.24 03.17.2007 no virus found
McAfee 4986 03.16.2007 potentially unwanted program Adware-Shorty
Microsoft 1.2306 03.17.2007 no virus found
NOD32v2 2123 03.17.2007 Win32/Adware.Maxifiles
Norman 5.80.02 03.16.2007 Shorty.A
Panda 9.0.0.4 03.17.2007 Adware/Maxifiles
Prevx1 V2 03.17.2007 Downloader.Drev.A
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious
Symantec 10 03.17.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 no virus found
UNA 1.83 03.16.2007 Adware.Maxifiles.6352
VBA32 3.11.2 03.16.2007 suspected of Backdoor.Hupigon.157 (paranoid heuristics)
VirusBuster 4.3.7:9 03.17.2007 no virus found


Aditional Information
File size: 342636 bytes
MD5: 84d5f05716bb0757445d5de1d3234d56
SHA1: dbd3391b489e08d61619fa4411bf692e9b7bcc2b
packers: BINARYRES, UPX
packers: Obsidium
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=4c2f14806765
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----

STATUS: FINISHEDComplete scanning result of "sowdqfei.dll", received in VirusTotal at 03.17.2007, 16:27:09 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.17.2007 ADSPY/PurityScan.AK.98
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 Win32:Agent-RY
AVG 7.5.0.447 03.17.2007 Adware Generic.OXM
BitDefender 7.2 03.17.2007 Adware.Purityscan.AK
CAT-QuickHeal 9.00 03.15.2007 AdWare.PurityScan.ak (Not a Virus)
ClamAV 0.90.1 03.17.2007 Trojan.PurityScan.AK
DrWeb 4.33 03.17.2007 no virus found
eSafe 7.0.14.0 03.16.2007 Spyware.Purityscan
eTrust-Vet 30.6.3486 03.16.2007 Win32/Clspring!generic
Ewido 4.0 03.17.2007 Adware.PurityScan
FileAdvisor 1 03.17.2007 no virus found
Fortinet 2.85.0.0 03.17.2007 Adware/ClickSpring
F-Prot 4.3.1.45 03.17.2007 W32/Purityscan.AO@ad
F-Secure 6.70.13030.0 03.16.2007 no virus found
Ikarus T3.1.1.3 03.17.2007 Trojan.Win32.Scapur.k
Kaspersky 4.0.2.24 03.17.2007 not-a-virus:AdWare.Win32.PurityScan.ak
McAfee 4986 03.16.2007 potentially unwanted program Adware-ClickSpring
Microsoft 1.2306 03.17.2007 Adware:Win32/ClickSpring.PuritySCAN
NOD32v2 2123 03.17.2007 Win32/Adware.PurityScan
Norman 5.80.02 03.16.2007 W32/PurityScan.AAA
Panda 9.0.0.4 03.17.2007 Adware/PurityScan
Prevx1 V2 03.17.2007 Trojan.NDrv
Sophos 4.15.0 03.13.2007 ClickSpring
Sunbelt 2.2.907.0 03.16.2007 ClickSpring.PuritySCAN
Symantec 10 03.17.2007 Adware.Purityscan
TheHacker 6.1.6.076 03.15.2007 Adware/PurityScan.ak
UNA 1.83 03.16.2007 Adware.PurityScan.5FEE
VBA32 3.11.2 03.16.2007 AdWare.Win32.PurityScan.ak
VirusBuster 4.3.7:9 03.17.2007 no virus found


Aditional Information
File size: 139264 bytes
MD5: 1477ec0e0fca33ca4f48d6834de827dc
SHA1: 302f7c2d29e126f231ccba7724705277682f983d
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=94c024961114
Sunbelt info: PurityScan is an ad supported program that scans the user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.

----

STATUS: FINISHEDComplete scanning result of "nslookup.exe", received in VirusTotal at 03.17.2007, 16:36:03 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.17.2007 no virus found
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 no virus found
AVG 7.5.0.447 03.17.2007 no virus found
BitDefender 7.2 03.17.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 no virus found
ClamAV 0.90.1 03.17.2007 no virus found
DrWeb 4.33 03.17.2007 no virus found
eSafe 7.0.14.0 03.16.2007 no virus found
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.17.2007 no virus found
FileAdvisor 1 03.17.2007 No threat detected
Fortinet 2.85.0.0 03.17.2007 no virus found
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.16.2007 no virus found
Ikarus T3.1.1.3 03.17.2007 no virus found
Kaspersky 4.0.2.24 03.17.2007 no virus found
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.17.2007 no virus found
NOD32v2 2123 03.17.2007 no virus found
Norman 5.80.02 03.16.2007 no virus found
Panda 9.0.0.4 03.17.2007 no virus found
Prevx1 V2 03.17.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.17.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.16.2007 no virus found
VirusBuster 4.3.7:9 03.17.2007 no virus found


Aditional Information
File size: 80896 bytes
MD5: e21fe0fe82708a631e7379b907d7babd
SHA1: 22b68f1b336ede9ab9ee9b1c5fa120ee384005bf
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e21fe0fe82708a631e7379b907d7babd

---

So hoffe das ihr helfen könnt =/

Alt 17.03.2007, 22:11   #7
KarlKarl
/// Helfer-Team
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



Hi,

das war die falsche nslookup.exe, nämlich die zu Windows gehörige aus dem system32-Ordner. Es geht aber um die

C:\WINDOWS\system32\??crosoft.NET\n?lookup.exe

Dabei beachten, daß anstelle der Fragezeichen andere Zeichen stehen werden, eventuell kyrillische, Hijackthis weiß nicht, daß es auch andere Zeichensätze gibt. Wenn Du sie nicht finden kannst, dann im Explorer im Menü Extras -> Ordneroptionen -> Ansicht folgende Einstellungen setzen:
  • Erweiterungen bei bekannten Dateitypen ausblenden -> Haken weg
  • Geschützte Systemdateien ausblenden -> Haken weg
  • Inhalte von Systemordnern anzeigen -> Haken setzen (diese Option ist bei Windows 2000 nicht vorhanden)
  • Versteckte Dateien und Ordner -> Alle Dateien und Ordner anzeigen

Gruß, Karl

Alt 17.03.2007, 22:25   #8
Rene-gad
 
Winupd~1 error? virus? - Standard

Winupd~1 error? virus?



Zitat:
Zitat von KarlKarl Beitrag anzeigen
Wenn Du sie nicht finden kannst...
...gibt es eine ausführliche bebilderte Anleitung (s. Link in meiner Signatur) .

Antwort

Themen zu Winupd~1 error? virus?
adobe, antivir, appinit_dlls, application, avg, avira, bho, computer, desktop, downloader, error, explorer, fehler, google, hijack, hijackthis, installation, internet, internet explorer, kaspersky, monitor, photoshop, pop-up-blocker, software, spielen, system, tuneup utilities, unknown file in winsock lsp, urlsearchhook, virus, windows, windows xp, winupd



Ähnliche Themen: Winupd~1 error? virus?


  1. Virus auf Error 404-Seite?
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (13)
  2. Windows System 32 *.dll Error Virus
    Log-Analyse und Auswertung - 11.02.2013 (18)
  3. RunScanner Error, Registry Access Error, ret=999
    Log-Analyse und Auswertung - 30.05.2012 (1)
  4. Suisa virus und reatogo-x-pe error
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (7)
  5. C:\install\winupd.exe
    Log-Analyse und Auswertung - 09.09.2011 (9)
  6. c:/install/winupd.exe Trojaner
    Log-Analyse und Auswertung - 29.07.2011 (33)
  7. Trojaner C:\install\winupd.exe ?
    Log-Analyse und Auswertung - 18.07.2011 (7)
  8. RunScanner Error Registry Access Error
    Alles rund um Windows - 02.06.2011 (0)
  9. Problem antivir error,fraps error und grafik fehler
    Log-Analyse und Auswertung - 01.07.2010 (1)
  10. Dropper.Gen und winupd
    Log-Analyse und Auswertung - 12.07.2009 (1)
  11. Virus?Bin auf der Suche Error...
    Log-Analyse und Auswertung - 18.02.2009 (12)
  12. Virenfund: Buzus.rwd, winupd.exe. Keine Information gefunden.
    Plagegeister aller Art und deren Bekämpfung - 05.11.2008 (8)
  13. System error Popup-Virus
    Log-Analyse und Auswertung - 16.07.2008 (7)
  14. Windows Error Message Virus/Wurm?
    Log-Analyse und Auswertung - 12.11.2007 (16)
  15. Aplication data error / Error fenster
    Log-Analyse und Auswertung - 07.05.2007 (1)
  16. C:\WINNT\System32\winupd.exe ?
    Plagegeister aller Art und deren Bekämpfung - 27.06.2004 (3)
  17. winupd.exe und wintime.exe von Hijacker befallen
    Plagegeister aller Art und deren Bekämpfung - 03.06.2004 (12)

Zum Thema Winupd~1 error? virus? - Ich hab nen dickes problem. Also ich hab seit nen halben jahr den wen ich den PC hochfahre 2x den fehler auf den desktop Winupd~1. Ich bekomm ihn nicht weg - Winupd~1 error? virus?...
Archiv
Du betrachtest: Winupd~1 error? virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.