Trojaner-Board - e-scan 147 viruse

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - e-scan 147 viruse (https://www.trojaner-board.de/11387-e-scan-147-viruse.html)

e-scan 147 viruse

hallo, ich hab heut mal wieder e-scan laufen lassen, hatte eigentlich für mich als laien keine sichtbaren probs.

hier die Virus-liste:

File C:\PROGRA~2\WINDOW~1\WINADCTL.EXE infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SHARE.EXE tagged as not-a-virus:Utility.DOS6.Share. No Action Taken.
File C:\WINDOWS\SYSTEM\SHARE.EXE tagged as not-a-virus:Utility.DOS6.Share. No Action Taken.
File C:\WINDOWS\SYSTEM32\notepad.com infected by "Trojan-Downloader.Win32.Small.yo" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\bmna.dat infected by "TrojanDropper.Win32.Small.mf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\femi.dat infected by "Trojan.Win32.StartPage.od" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\bhfc.dat infected by "Trojan.Win32.StartPage.od" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\kplf.dat infected by "Trojan.Win32.StartPage.od" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\elia.dat infected by "TrojanDropper.Win32.Small.ja" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\nkhe.dat infected by "Trojan.Win32.StartPage.od" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\mnhd.dat infected by "Trojan.Win32.StartPage.od" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0043308.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0043309.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0043332.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0043333.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0041254.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0041255.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0041256.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0041281.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025327.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025328.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025331.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025332.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025333.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025334.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025337.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025338.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028238.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028241.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028242.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028244.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028245.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028248.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028249.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028252.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028253.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028256.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028257.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028260.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028261.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028264.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028265.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028268.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028269.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028272.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028273.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028277.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0028278.CPY infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0035431.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0035432.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0035541.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0035542.CPY infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS12.CAB infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS33.CAB infected by "TrojanDropper.Win32.Small.mf" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS119.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS60.CAB infected by "TrojanDropper.Win32.Small.mf" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS77.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS78.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS79.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS80.CAB infected by "not-a-virus:AdWare.ToolBar.SBSoft.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS81.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS82.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS83.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.

fortsetzung folgt

File C:\_RESTORE\ARCHIVE\FS85.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS86.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS87.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS88.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS90.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS91.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS92.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS93.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS95.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS96.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS97.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS98.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS99.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS100.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS101.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS102.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS103.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS104.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS105.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS106.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS107.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS108.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS110.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS111.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS112.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS113.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS114.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS115.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS166.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS167.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS168.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS170.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS171.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS116.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS117.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS153.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS121.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS122.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS123.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS124.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS126.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS127.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS128.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS129.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS130.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS131.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS132.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS133.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS134.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS135.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS136.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS137.CAB infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS138.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS139.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS140.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS141.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS142.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS143.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS144.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS145.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS147.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS148.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS149.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS150.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS156.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS154.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS157.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS158.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS159.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS160.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS162.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS163.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS164.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS165.CAB infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\Programme\Zubehör\YAW 3.5\Quarantäne\32178044.dat.file tagged as not-a-virus:Porn-Dialer.Win32.PlayGames. No Action Taken.
File C:\Programme\AVPersonal\INFECTED\WINADALT.VIR infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\Program Files\Windows AdControl\WinAdShift.dll infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Windows AdControl\WinAdCtl.exe infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\GermanFunScript\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\GermanFunScript\Tools\nukenabber.exe tagged as not-a-virus:NetTool.NukeNabber.21. No Action Taken.

Kann mir jemand sagen, was ich löschen darf?

Dein OS ist also Win ME.

Deaktiviere die Systemwiederherstellung und lösche mit Ausnahme von dieser Datei alle Funde:
File C:\WINDOWS\SYSTEM\SHARE.EXE tagged as not-a-virus:Utility.DOS6.Share. No Action Taken.

AFAIK gibt es keinen system32 Ordner bei ME!

- IE sicherer konfigurieren und nur noch für das Windows Update benutzen http://www.datenschutzzentrum.de/sel...sie/config.htm oder http://www.blafusel.de/ie.html
- Sichere und komfortablere Browser wie z.B. Mozilla oder Firefox verwenden http://www.mozilla.org

ja ich habe ME

doch einen system32 ordner gibt es auch bei mir

Dieser wurde aber von der Malware erstellt, siehe

Zitat:

File C:\WINDOWS\SYSTEM32\notepad.com infected by "Trojan-Downloader.Win32.Small.yo" Virus. Action Taken: No Action Taken.

Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> "Alle Dateien und Ordner anzeigen" aktivieren -> "OK"

ach deswegen funzt mein notepad nicht mehr.
konnte nämlich txt-dateien nur noch öffnen, indem ich über wordpad geöffnet habe.

soweit danke schön.

habe einige löschen können.

aber bei folgenden kommt die meldung " Zugriff verweigert, Quelldatei möglicherweise geöffnet":

File C:\_RESTORE\TEMP\.....
File C:\_RESTORE\ARCHIVE\....

ich muss doch im abgesicherten modus über den explorer danach schaun und löschen?

dann die folgenden konnte ich nicht finden:

File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.

in den downloades program files sind die dateien nicht drin :confused:

conflict finde ich auch sonst nirgends, wenn ich über dateien-suche gehe

Zitat:

aber bei folgenden kommt die meldung " Zugriff verweigert, Quelldatei möglicherweise geöffnet":

File C:\_RESTORE\TEMP\.....
File C:\_RESTORE\ARCHIVE\....

Darum solltest du ja auch die Systemwiederherstellung deaktivieren, siehe http://www.bsi.bund.de/av/texte/wiederher_me.htm .

Zitat:

dann die folgenden konnte ich nicht finden:

Lade den Total Commander und nimm folgende Einstellung vor:
Total Commander öffnen -> Konfigurieren -> Einstellungen -> Ansicht -> Haken setzen bei "Versteckte und Systemdateien anzeigen (nur für Experten)" -> OK

Navigiere im linken Fenster zum Ordner C:\WINDOWS\Downloaded Program Files und lösche (markieren -> F8 -> JA) die beanstandeten Dateien.

Und ich gebe dir mal folgenden Rat, beim nächsten Desaster mit ME und der ist vorprogrammiert, ein anderes OS verwenden, ich habe noch nie für länger Zeit bei einem Kunden ME stabil zu laufen bekommen, irgendwie begeht ME, aus mir nicht bekannte Gründen, in regelmäßigen Perioden Suizid.
Liebe Grüße, Charlie
:daumenhoc

so habe jetzt mit dem comander die dateien löschen können.

nochmals danke für die schnelle hilfe.

bin jetzt auf firefox umgestiegen :dummguck:

so nachdem ich alles was mir nach e-scan empfohlen wurde, gemacht habe,
habe ich heut noch mal hijack laufen lassen, hier der logfile:
( ich hängs mal hier in meinen thread, hoffe ist ok)

Logfile of HijackThis v1.99.0
Scan saved at 10:32:03, on 01.01.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\PROGRAMME\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMME\ICQLITE\ICQLITE.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\UNZIPPED\HIJACKTHIS199\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/freenet/erotik...ges/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=surfproxy.freenet.de:8080
R3 - Default URLSearchHook is missing
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Betfair Bar - {1D62BD48-16F6-4004-A54A-3C41E4955A87} - C:\Programme\Betfair\BFTool_4.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMME\MSN TOOLBAR\01.01.1601.0\DE\MSNTB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EW Message Server] msg32.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMME\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo -aim
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [YAW starten] "C:\PROGRAMME\ZUBEHöR\YAW 3.5\fast.exe"
O4 - HKCU\..\Run: [Update Service] "C:\Programme\Gemeinsame Dateien\Teknum Systems\update.exe" /startup
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: RealDownload.lnk = C:\Programme\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: Action Manager 32.lnk = C:\Programme\ScannerU\AM32.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Corel Network monitor worker - {D1B2A9E8-D5B5-4F38-92FE-6DE5754B1FA5} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {D1B2A9E8-D5B5-4F38-92FE-6DE5754B1FA5} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\SYSTEM\REMOVE_ME.DLL (file missing)
O9 - Extra button: Corel Network monitor worker - {D1B2A9E8-D5B5-4F38-92FE-6DE5754B1FA5} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {D1B2A9E8-D5B5-4F38-92FE-6DE5754B1FA5} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\SYSTEM\REMOVE_ME.DLL (file missing) (HKCU)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {AE7E5F20-35C3-11D2-A16C-006008662F80} (Internet-Banking) - https://www.onlinebankservice.de/brokat/srwgib187.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwic...itdefender.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...92be6d71d48cd1
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\SYSTEM\MSXWORD.DLL (file missing)
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

Kann ich hier noch was löschen?

@ eselvormberg

boote in den abgesicherten Modus, deaktiviere die Systemwiederherstellung, und fixe mit Hijack This (Häk'chen setzen und auf Fix Checked klicken):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.heretofind.com/show.php?id=15&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.freenet.de/freenet/eroti...ages/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.heretofind.com/show.php?id=15&q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMME\MSN TOOLBAR\01.01.1601.0\DE\MSNTB.DLL (file missing)
C:\WINDOWS\SYSTEM\REMOVE_ME.DLL (file missing)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\SYSTEM\REMOVE_ME.DLL (file missing) (HKCU)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://public.windupdates.com/get_f...992be6d71d48cd1
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\SYSTEM\MSXWORD.DLL (file missing)
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

boote in den normalen Modus.

lösche:

C:\WINDOWS\SYSTEM\NZDD.DLL
C:\PROGRAMME\MSN TOOLBAR\01.01.1601.0\DE\MSNTB.DLL

Aktiviere die Systemwiederherstellung.