Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Allg.Fragen zu Trojanern, Virusscanner etc... ( Anfängerin) (https://www.trojaner-board.de/16237-allg-fragen-trojanern-virusscanner-etc-anfaengerin.html)

lavendel 04.04.2005 20:10
Allg.Fragen zu Trojanern, Virusscanner etc... ( Anfängerin)
 
Hallo!

Bin Computer - Anfängerin und habe mich im Forum umgeschaut, um mir
Rat zu holen. Leider verstehe die meisten Bezeichnungen und Beschreibungen
nicht. Vermutlich hat mein PC einen Trojaner heruntergeladen, denn
auf meinem Bildschirm tauchen Pop-ups z.B. von crazywinnings inc. auf, die nicht verschwinden wollen.
Habe mir nun die Free -Software von Ad-Aware heruntergeladen, um die Trojaner etc. ausfindig zu machen. Habe nun das Ergebnis.
Welchen Schritt soll ich als nächstes machen?

Vielen Dank im voraus!

Cidre 04.04.2005 20:21
Hallo,

damit auch wir einen Einblick über die Infizierung bekommen, solltest du diese beiden Punkte ausführen:

Erstelle mit HiJackThis ein Log-File und poste es hier rein.
Persönliche Informationen, wie Benutzername und dergleichen, bitte unkenntlich machen.

Lade und scanne mit eScan AntiVirus im abgesicherten Modus wie beschrieben.
Poste anschliessend die Virus Log Information von eScan AntiVirus:
Öffne die mwav.log im Ordner C:\bases -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

lavendel 04.04.2005 20:45
Hier das Ergebnis von hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:41:42, on 04.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAMME\NORMAN\nvc\BIN\ZLH.EXE
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AMD\PowerNow!\GemServ.exe
C:\Programme\AMD\PowerNow!\gemback.exe
C:\Programme\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRAMME\NORMAN\nvc\BIN\NIP.EXE
C:\PROGRAMME\NORMAN\nvc\BIN\NYMSE.EXE
C:\PROGRAMME\NORMAN\nvc\BIN\NJEEVES.EXE
C:\PROGRAMME\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\PROGRAMME\NORMAN\nvc\BIN\nvcoas.exe
C:\Programme\AOL 8.0a\waol.exe
C:\PROGRAMME\NORMAN\nvc\BIN\cclaw.exe
C:\Programme\AOL 8.0a\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/default_tc.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O1 - Hosts: 80.69.74.15 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\toolbar_nieuw14.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMME\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\toolbar_nieuw14.dll/GoRSDN.dll.htm
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E483} - http://www.dotcomtoolbar.com/toolbar_nieuw14.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E38D37D5-AD83-4571-A5BD-C1BE611CD2B6}: NameServer = 205.188.146.145
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programme\AMD\PowerNow!\GemServ.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\PROGRAMME\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programme\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAMME\NORMAN\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAMME\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

lavendel 04.04.2005 20:57
Mit eScan - Anti-Virus weiß ich im Moment leider nicht weiter.
Verstehe die Anleitung zum Download nicht ganz.

Cidre 04.04.2005 21:15
Was genau verstehst du nicht oder besser gesagt, bis zu welchem Punkt kannst du nachvollziehen?

lavendel 04.04.2005 21:29
Der Download von eScan hat geklappt.
Nur weiß ich nicht welche Ergebnisse ich ins Forum kopieren soll.

Cidre 04.04.2005 21:39
Zuerst solltest du wie empfohlen eScan entpacken, updaten und natürlich im abgesicherten Modus scannen und dieser Scan, je nach Speicherplatzbelegung, dauert ca. 1 Std.

Danach solltest du wie hier beschrieben die infected Einträge posten:
Zitat:
Öffne die mwav.log im Ordner C:\bases -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

lavendel 04.04.2005 21:41
Ich weiß nicht genau, ob ich es bereits "entpackt" habe.
Aber hier ist der erste Ergebnisteil:


Mon Apr 04 22:22:31 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Mon Apr 04 22:22:31 2005 => Scanning File C:\WINDOWS\system32\JAVASUP.VXD
Mon Apr 04 22:22:31 2005 => System found infected with IstBAR Spyware/Adware ({5F1ABCDB-A875-46C1-8345-B72A4567E486})! Action taken: No Action Taken.
Mon Apr 04 22:22:31 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 04 22:22:31 2005 => System found infected with IstBAR Spyware/Adware ({eaf2ccee-21a1-4203-9f36-4929fd104d43})! Action taken: No Action Taken.
Mon Apr 04 22:22:31 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 04 22:22:31 2005 => System found infected with IstBAR Spyware/Adware ({7b9a715e-9d87-4c21-bf9e-f914f2fa953f})! Action taken: No Action Taken.
Mon Apr 04 22:22:31 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 04 22:22:31 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Mon Apr 04 22:22:31 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 04 22:22:31 2005 => System found infected with iSearch Spyware/Adware ({6d3f5de4-e980-4407-a10f-9ac771abaae6})! Action taken: No Action Taken.
Mon Apr 04 22:22:31 2005 => File System Found infected by "iSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 04 22:22:31 2005 => System found infected with 2020Search Spyware/Adware ({fc2493d6-a673-49fe-a2ee-efe03e95c27c})! Action taken: No Action Taken.
Mon Apr 04 22:22:31 2005 => File System Found infected by "2020Search Spyware/Adware" Virus. Action Taken: No Action Taken.

lavendel 04.04.2005 21:47
Zweiter Teil von eScan:Mon Apr 04 22:22:17 2005 => File C:\windows\easywww2.exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: No Action Taken.

Mon Apr 04 22:22:17 2005 => File C:\windows\redirect9a.exe infected by "Trojan-Clicker.Win32.VB.ge" Virus. Action Taken: No Action Taken.

Mon Apr 04 22:22:09 2005 => File
C:\WINDOWS\DOWNLO~1\CONFLICT.2\TOOLBA~1.DLL infected by "not-a-virus:AdWare.ToolBar.Dotcom.b" Virus. Action Taken: No Action Taken.

Cidre 04.04.2005 21:56
Du sollst doch im abgesicherten Modus scannen!

Poste mal den Schluss von der mwav.log, der wie folgt aussieht:
Wed Mar 30 14:04:07 2005 => Total Files Scanned:
Wed Mar 30 14:04:07 2005 => Total Virus(es) Found:
Wed Mar 30 14:04:07 2005 => Total Disinfected Files:
Wed Mar 30 14:04:07 2005 => Total Files Renamed:
Wed Mar 30 14:04:07 2005 => Total Deleted Files:
Wed Mar 30 14:04:07 2005 => Total Errors:
Wed Mar 30 14:04:07 2005 => Time Elapsed:
Wed Mar 30 14:04:07 2005 => Virus Database Date: 2005/02/22
Wed Mar 30 14:04:07 2005 => Virus Database Count: 119164

lavendel 04.04.2005 22:07
Was bedeutet abgesicherter Modus?

Cidre 04.04.2005 22:13
Kannst du hier nachlesen -> http://www.bsi.bund.de/av/texte/wiederher_xp.htm

lavendel 04.04.2005 23:45
Der Schluss des logs lautet:

Tue Apr 05 00:36:06 2005 => Total Files Scanned: 117160
Tue Apr 05 00:36:06 2005 => Total Virus(es) Found: 200
Tue Apr 05 00:36:06 2005 => Total Disinfected Files: 0
Tue Apr 05 00:36:06 2005 => Total Files Renamed: 0
Tue Apr 05 00:36:06 2005 => Total Deleted Files: 0
Tue Apr 05 00:36:06 2005 => Total Errors: 1
Tue Apr 05 00:36:06 2005 => Time Elapsed: 02:14:45
Tue Apr 05 00:36:06 2005 => Virus Database Date: 2005/04/04
Tue Apr 05 00:36:06 2005 => Virus Database Count: 124577

Habe leider nicht im abgesicherten Modus gescannt.

Cidre 05.04.2005 16:56
Aktualisere nochmals eScan AntiVirus und leere folgende Ordner:
C:\Dokumente und Einstellungen\*Benutzername*\Lokale Einstellungen\Temp
C:\WINDOWS\Downloaded Program Files
C:\Dokumente und Einstellungen\*Benutzername*\Lokale Einstellungen\Temporary Internet Files

Danach scannst du im abges. Modus und präsentierst uns die Ergebnisse.

lavendel 05.04.2005 17:09
Das mit dem Aktualisieren und Ordner leeren verstehe ich nicht.
Könnt ihr mir erstmal meine bisherigen Daten erläutern und sagen,
wie ich es löschen kann?

lavendel 05.04.2005 21:11
Habe nochmal im abgesicherten Modus gescannt:

Folgende Daten sind dabei herausgekommen:

Tue Apr 05 21:16:43 2005 => Total Objects Scanned: 117239
Tue Apr 05 21:16:43 2005 => Total Virus(es) Found: 211
Tue Apr 05 21:16:43 2005 => Total Disinfected Files: 0
Tue Apr 05 21:16:43 2005 => Total Files Renamed: 0
Tue Apr 05 21:16:43 2005 => Total Deleted Objects: 0
Tue Apr 05 21:16:43 2005 => Total Errors: 0
Tue Apr 05 21:16:43 2005 => Time Elapsed: 01:35:32
Tue Apr 05 21:16:43 2005 => Virus Database Date: 2005/04/04
Tue Apr 05 21:16:43 2005 => Virus Database Count: 124577

Leider ist die log - Liste sehr lang geworden. Kann mir jemand einen Tipp
geben wie ich die Schrift am besten verkleinere, um es hier posten zu können?

dartus 05.04.2005 22:01
Hallo,

benutze einfach mehrere Seiten.

dartus

lavendel 06.04.2005 20:30
Die eScan log files:
Tue Apr 05 19:41:29 2005 => File C:\WINDOWS\DOWNLO~1\CONFLICT.2\TOOLBA~1.DLL infected by "not-a-virus:AdWare.ToolBar.Dotcom.b" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:41:38 2005 => File C:\windows\easywww2.exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:41:38 2005 => File C:\windows\redirect9a.exe infected by "Trojan-Clicker.Win32.VB.ge" Virus. Action Taken: No Action Taken. Tue Apr 05 19:41:53 2005 => System found infected with IstBAR Spyware/Adware ({5F1ABCDB-A875-46C1-8345-B72A4567E486})! Action taken: No Action Taken.
Tue Apr 05 19:41:53 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:41:53 2005 => System found infected with IstBAR Spyware/Adware ({eaf2ccee-21a1-4203-9f36-4929fd104d43})! Action taken: No Action Taken.
Tue Apr 05 19:41:53 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:41:53 2005 => System found infected with IstBAR Spyware/Adware ({7b9a715e-9d87-4c21-bf9e-f914f2fa953f})! Action taken: No Action Taken.
Tue Apr 05 19:41:53 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:41:54 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Tue Apr 05 19:41:54 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:41:54 2005 => System found infected with iSearch Spyware/Adware ({6d3f5de4-e980-4407-a10f-9ac771abaae6})! Action taken: No Action Taken.
Tue Apr 05 19:41:54 2005 => File System Found infected by "iSearch Spyware/Adware" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:41:54 2005 => System found infected with 2020Search Spyware/Adware ({fc2493d6-a673-49fe-a2ee-efe03e95c27c})! Action taken: No Action Taken.
Tue Apr 05 19:41:54 2005 => File System Found infected by "2020Search Spyware/Adware" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:49:22 2005 => File C:\WINDOWS\redirect5.exe infected by "Trojan-Clicker.Win32.DotComToolBar.b" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:49:22 2005 => File C:\WINDOWS\redirect6.exe infected by "Trojan-Clicker.Win32.VB.bh" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:49:22 2005 => File C:\WINDOWS\redirect7.exe infected by "Trojan-Clicker.Win32.DotComToolBar.e" Virus. Action Taken: No Action Taken.
Tue Apr 05 19:49:24 2005 => File C:\WINDOWS\toolbar_nieuw14.dll infected by "not-a-virus:AdWare.ToolBar.Dotcom.b" Virus. Action Taken: No Action Taken. Tue Apr 05 19:49:54 2005 => File C:\WINDOWS\System32\easywww2.exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: No Action Taken. Tue Apr 05 19:50:55 2005 => File C:\WINDOWS\System32\redirect.vbs infected by "Trojan-Downloader.VBS.Psyme.as" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:01:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\3A47VHG1\loader2[1].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:03:44 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\41MZG92N\easywww2[1].exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:04:38 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\41MZG92N\redirect7[1].exe infected by "Trojan-Clicker.Win32.DotComToolBar.e" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:06:29 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\43A9RQ80\loader2[1].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[10].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[12].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[1].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[2].ocx
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[2].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[3].ocx
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[3].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[4].ocx
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[4].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[5].ocx
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[5].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[6].ocx
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[6].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:08:59 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[7].ocx
Tue Apr 05 20:08:59 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\4PW9QZ0D\loader2[7].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken. Tue Apr 05 20:19:31 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[2].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:19:31 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[3].ocx
Tue Apr 05 20:19:31 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[3].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:19:31 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[4].ocx
Tue Apr 05 20:19:32 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[4].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:19:32 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[5].ocx
Tue Apr 05 20:19:32 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[5].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:19:32 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[6].ocx
Tue Apr 05 20:19:32 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[6].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:19:32 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[7].ocx
Tue Apr 05 20:19:32 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[7].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:19:32 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[8].ocx
Tue Apr 05 20:19:32 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[8].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:19:32 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[9].ocx
Tue Apr 05 20:19:32 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5GKZ1L49\loader2[9].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:20:46 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[1].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:20:46 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[2].js
Tue Apr 05 20:20:46 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[2].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:20:46 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[3].js
Tue Apr 05 20:20:46 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[3].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:20:46 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[4].TuTue Apr 05 20:20:46 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[4].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:20:46 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[5].js
Tue Apr 05 20:20:46 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[5].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:20:46 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[6].js
Tue Apr 05 20:20:46 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[6].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:20:46 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[7].js
Tue Apr 05 20:20:46 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\a777ab73[7].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:22:16 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[3].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:22:16 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[4].ocx
Tue Apr 05 20:22:16 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[4].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:22:16 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[5].ocx
Tue Apr 05 20:22:17 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[5].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:22:17 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[6].ocx
Tue Apr 05 20:22:17 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[6].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:22:17 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[7].ocx
Tue Apr 05 20:22:17 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\5ZZF5X0E\loader2[7].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:24:53 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\83GZUUJO\a777ab73[1].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:24:53 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\83GZUUJO\a777ab73[2].js
Tue Apr 05 20:24:53 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\83GZUUJO\a777ab73[2].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:24:53 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\83GZUUJO\a777ab73[3].js
Tue Apr 05 20:24:54 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\83GZUUJO\a777ab73[3].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:27:29 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\83GZUUJO\website[2].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken. Tue Apr 05 20:28:51 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\87HVY2RX\easywww2[1].exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:28:51 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\87HVY2RX\easywww2[2].exe
Tue Apr 05 20:28:51 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\87HVY2RX\easywww2[2].exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:30:26 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\87HVY2RX\shellscript.js[1].htm infected by "Trojan-Downloader.VBS.Psyme.e" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:30:26 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\87HVY2RX\shellscript_loader.js[1].htm
Tue Apr 05 20:30:26 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\87HVY2RX\shellscript_loader.js[1].htm infected by "Trojan-Downloader.JS.Small.d" Virus. Action Taken: No Action Taken. Tue

lavendel 06.04.2005 20:34
Teil 2:
Apr 05 20:31:19 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[10].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:19 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[11].js
Tue Apr 05 20:31:19 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[11].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:19 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[12].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[12].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[13].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[13].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[14].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[14].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[15].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[15].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[16].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[16].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[17].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[17].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[18].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[18].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[19].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[19].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[1].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[1].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[20].js
Tue Apr 05 20:31:20 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[20].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:20 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[21].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[21].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[22].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[22].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[23].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[23].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[24].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[24].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[25].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[25].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[26].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[26].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[27].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[27].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[28].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[28].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[29].js
Tue Apr 05 20:31:21 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[29].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:21 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[2].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[2].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[30].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[30].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[31].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[31].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[32].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[32].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[33].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[33].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[34].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[34].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[35].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[35].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[36].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[36].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[37].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[37].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[38].js
Tue Apr 05 20:31:22 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[38].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:31:22 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[39].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[39].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[3].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[3].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[40].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[40].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[41].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[41].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[42].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[42].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[43].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[43].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[44].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[44].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[4].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[4].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[5].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[5].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[6].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[6].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[7].js
Tue Apr 05 20:31:23 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[7].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:23 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[8].js
Tue Apr 05 20:31:24 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[8].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:31:24 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[9].js
Tue Apr 05 20:31:24 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\a777ab73[9].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:33:55 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[11].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:33:55 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[13].ocx
Tue Apr 05 20:33:55 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[13].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:33:55 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[1].ocx
Tue Apr 05 20:33:55 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[1].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:33:55 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[2].ocx
Tue Apr 05 20:33:55 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[2].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.

Tue Apr 05 20:33:55 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[3].ocx
Tue Apr 05 20:33:55 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[3].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:33:55 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[4].ocx
Tue Apr 05 20:33:56 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[4].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:33:56 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[5].ocx
Tue Apr 05 20:33:56 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[5].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:33:56 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[6].ocx
Tue Apr 05 20:33:56 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[6].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:33:56 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[7].ocx
Tue Apr 05 20:33:56 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[7].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:33:56 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[8].ocx
Tue Apr 05 20:33:56 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[8].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:33:56 2005 => Scanning File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[9].ocx
Tue Apr 05 20:33:56 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\loader2[9].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
Tue Apr 05 20:34:11 2005 => File C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5\9MWTA2XS\online[1].htm infected by "Trojan-Downloader.JS.Small.h" Virus. Action Taken: No Action Taken.

Cidre 06.04.2005 20:52
Systemwiederherstellung deaktivieren -> wechsle in den abgesicherten Modus -> Leere diesen Ordner [1] -> lösche diese Dateien/Ordner [2] -> Fixe diese Einträge (Haken setzen und auf Fix Checked klicken) [3] -> Neustart -> RegSeeker anwenden -> Systemwiederherstellung bei Bedarf wieder aktivieren -> neues Log-File posten

[1] C:\DOKUME~1\Besitzer\LOKALE~1\TEMPOR~1\Content.IE5

[2]
C:\WINDOWS\DOWNLO~1\CONFLICT.2
C:\windows\easywww2.exe
C:\windows\redirect9a.exe
C:\WINDOWS\redirect5.exe infected by
C:\WINDOWS\redirect6.exe
C:\WINDOWS\redirect7.exe infected by
C:\WINDOWS\toolbar_nieuw14.dll infected by C:\WINDOWS\System32\easywww2.exe infected by C:\WINDOWS\System32\redirect.vbs

[3]
Alle R0 und R1
Alle O1
O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\toolbar_nieuw14.dll
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe
O8 - Extra context menu item: &RSDN Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\toolbar_nieuw14.dll/GoRSDN.dll.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Alle O16

lavendel 06.04.2005 22:40
Danke für die Hilfe! Werde die angebenen Schritte gleich durchführen.

lavendel 07.04.2005 12:27
Noch eine Frage:

Der unter [1] angebenene Ordner lässt sich nicht vollständig leeren.
Eine Datei : index Dat-Datei kann nicht gelöscht werden.
Wir entferne ich diese Datei am besten?

Gigamail 07.04.2005 12:53
die muss nicht gelöscht werden das ist eine Systemdatei :daumenhoc

lavendel 07.04.2005 14:41
Alles klar! ;) Bin eben noch ein Laie.
Eine weitere Frage: Wozu ist der RegSeeker gut und wie wende ich ihn
an?

lavendel 11.04.2005 11:41
Vielen Dank nochmals an euch alle!!
Ihr habt mir sehr weitergeholfen! Das Problem mit den Pop-ups ist bereinigt
und sogar ein Problem mit meinem Browser, das monatelang bestand, ist nun behoben!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131