Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
ich mal wieder

ich mal wieder


Log-Analyse und Auswertung: ich mal wieder

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.12.2004, 22:08   #1
tsunami
 
ich mal wieder - Standard

ich mal wieder


moinsen leudz,
die meisten einträge hab ich schon gefixt. leider kommen die beiden fett markierten immer wieder. bitte schaut doch mal wo sich da sonst noch was finder

Logfile of HijackThis v1.99.0
Scan saved at 21:57:15, on 29.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ipty32.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Programme\Gemeinsame Dateien\InterVideo\FastTVSync\FastTVSync.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\mstd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\AOL 8.0\aoltray.exe
C:\Programme\InterVideo\WinDVD4PR\SchSvr.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Navnt\navapw32.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\AOL 8.0\waol.exe
C:\Programme\AOL 8.0\shellmon.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Rar$EX01.313\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B404CC6B-95D3-1A44-27C3-77CD07F8BA38} - C:\WINDOWS\system32\ntta.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Programme\Gemeinsame Dateien\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mstd.exe] C:\WINDOWS\system32\mstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Programme\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\Navnt\navapw32.exe
O4 - Global Startup: Verknüpfung mit IWatch.exe.lnk = C:\Programme\FRITZ!\IWatch.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.ebay.de
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h..p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098125867046[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{554EE2BB-7865-446D-99C1-8F67E8777FC4}: NameServer = 205.188.146.145
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\ipty32.exe

Alt 29.12.2004, 22:29   #2
Cidre
Administrator, a.D.
 
ich mal wieder - Standard

ich mal wieder


Abgesicherter Modus:

Start -> Ausführen -> services.msc -> OK -> Rechtsklick auf Remote Procedure Call (RPC) Helper -> Eigenschaften -> "Starttyp" deaktiviert und "Dienststatus" beenden einstellen -> Übernehmen

Fixe:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B404CC6B-95D3-1A44-27C3-77CD07F8BA38} - C:\WINDOWS\system32\ntta.dll
O4 - HKLM\..\Run: [mstd.exe] C:\WINDOWS\system32\mstd.exe
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\ipty32.exe

Löschen:
C:\WINDOWS\ipty32.exe
C:\WINDOWS\system32\mstd.exe
C:\WINDOWS\system32\ntta.dll

- mit eScan scannen (den Scanner mit der "mwavscan.com" starten. Alle Häkchen setzen und "Scan" klicken.) und die Malware manuell entfernen http://www.trojaner-board.de/42731-escan-anleitung.html
- neue Startseite vergeben
- Neustart
- dein System updaten http://v5.windowsupdate.microsoft.co...r/default.aspx
- IE sicherer konfigurieren und nur noch für das Windows Update benutzen http://www.datenschutzzentrum.de/sel...sie/config.htm oder http://www.blafusel.de/ie.html
- Sichere und komfortablere Browser wie z.B. Mozilla oder Firefox verwenden http://www.mozilla.org
- neues Log-File von HijackThis und die Virus Log Information von eScan posten
__________________

__________________
Alt 30.12.2004, 17:27   #3
tsunami
 
ich mal wieder - Standard

ich mal wieder


Logfile of HijackThis v1.99.0
Scan saved at 16:14:28, on 30.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Programme\Gemeinsame Dateien\InterVideo\FastTVSync\FastTVSync.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\AOL 8.0\aoltray.exe
C:\Programme\InterVideo\WinDVD4PR\SchSvr.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Navnt\navapw32.exe
C:\Programme\FRITZ!\IWatch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\AOL 8.0\waol.exe
C:\Programme\AOL 8.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Rar$EX00.969\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Programme\Gemeinsame Dateien\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Programme\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\Navnt\navapw32.exe
O4 - Global Startup: Verknüpfung mit IWatch.exe.lnk = C:\Programme\FRITZ!\IWatch.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.ebay.de
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098125867046
O17 - HKLM\System\CCS\Services\Tcpip\..\{554EE2BB-7865-446D-99C1-8F67E8777FC4}: NameServer = 205.188.146.145
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

die markierten sind wieder da

....to be continued
__________________
Alt 30.12.2004, 17:29   #4
tsunami
 
ich mal wieder - Standard

ich mal wieder


eScan:

Thu Dec 30 11:14:33 2004 => **********************************************************
Thu Dec 30 11:14:33 2004 => eScan AntiVirus Toolkit Utility.
Thu Dec 30 11:14:33 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
11:15:15 2004 => **********************************************************
Thu Dec 30 11:15:15 2004 => Version 4.7.6 (C:\bases\mwavscan.com)
Thu Dec 30 11:15:15 2004 => Log File: C:\bases\mwav.log
Thu Dec 30 11:15:15 2004 => Latest Date of files inside MWAV: 27 Dec 2004 07:00:56.

Thu Dec 30 11:15:15 2004 => Options Selected by User:
Thu Dec 30 11:15:15 2004 => Memory Check: Enabled
Thu Dec 30 11:15:15 2004 => Registry Check: Enabled
Thu Dec 30 11:15:15 2004 => StartUp Folder Check: Enabled
Thu Dec 30 11:15:15 2004 => System Folder Check: Enabled
Thu Dec 30 11:15:15 2004 => System Area Check: Disabled
Thu Dec 30 11:15:15 2004 => Services Check: Enabled
Thu Dec 30 11:15:15 2004 => Drive Check: Disabled
Thu Dec 30 11:15:15 2004 => All Drive Check :Enabled
Thu Dec 30 11:15:15 2004 => Folder Check: Enabled
Thu Dec 30 11:15:15 2004 => Folder Selected = C:\WINDOWS

Thu Dec 30 11:15:53 2004 => File C:\WINDOWS\ipty32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:54 2004 => File C:\WINDOWS\apivf.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:54 2004 => Scanning File C:\WINDOWS\appcq.exe
Thu Dec 30 11:15:54 2004 => File C:\WINDOWS\appcq.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:54 2004 => Scanning File C:\WINDOWS\appoz.dll
Thu Dec 30 11:15:54 2004 => File C:\WINDOWS\appoz.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:54 2004 => Scanning File C:\WINDOWS\apppn32.dll
Thu Dec 30 11:15:54 2004 => File C:\WINDOWS\apppn32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:54 2004 => Scanning File C:\WINDOWS\appug.exe
Thu Dec 30 11:15:54 2004 => File C:\WINDOWS\appug.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:55 2004 => File C:\WINDOWS\atlig32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:56 2004 => File C:\WINDOWS\crlz32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:56 2004 => Scanning File C:\WINDOWS\cxinf.dll
Thu Dec 30 11:15:56 2004 => File C:\WINDOWS\cxinf.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:56 2004 => Scanning File C:\WINDOWS\d3rn.dll
Thu Dec 30 11:15:56 2004 => File C:\WINDOWS\d3rn.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:57 2004 => File C:\WINDOWS\iptd.exe infected by "TrojanDownloader.Win32.Agent.cd" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:57 2004 => Scanning File C:\WINDOWS\ipty32.exe
Thu Dec 30 11:15:57 2004 => File C:\WINDOWS\ipty32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:59 2004 => File C:\WINDOWS\mfcid.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:59 2004 => File C:\WINDOWS\msopt.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:15:59 2004 => Scanning File C:\WINDOWS\msxmidi.exe
Thu Dec 30 11:16:00 2004 => File C:\WINDOWS\msxmidi.exe infected by "TrojanDownloader.Win32.WinShow.am" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:00 2004 => File C:\WINDOWS\netdq32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:00 2004 => File C:\WINDOWS\ntwq32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:00 2004 => Scanning File C:\WINDOWS\n_rbchvi.txt
Thu Dec 30 11:16:00 2004 => File C:\WINDOWS\n_rbchvi.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:01 2004 => File C:\WINDOWS\sdkss.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:01 2004 => Scanning File C:\WINDOWS\sdkwv.dll
Thu Dec 30 11:16:01 2004 => File C:\WINDOWS\sdkwv.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:03 2004 => File C:\WINDOWS\SiSUSBrg.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:03 2004 => File C:\WINDOWS\tfeai.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:08 2004 => File C:\WINDOWS\System32\addjc32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Dec 30 11:16:10 2004 => File C:\WINDOWS\System32\appob32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Dec 30 11:16:11 2004 => File C:\WINDOWS\System32\atlhy.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:11 2004 => Scanning File C:\WINDOWS\System32\atlob.dll
Thu Dec 30 11:16:11 2004 => File C:\WINDOWS\System32\atlob.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:28 2004 => File C:\WINDOWS\System32\d3el.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Dec 30 11:16:53 2004 => File C:\WINDOWS\System32\iedz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:53 2004 => Scanning File C:\WINDOWS\System32\ielo32.exe
Thu Dec 30 11:16:53 2004 => File C:\WINDOWS\System32\ielo32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:16:56 2004 => File C:\WINDOWS\System32\ipik32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action
Thu Dec 30 11:17:26 2004 => File C:\WINDOWS\System32\mshm.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:17:31 2004 => File C:\WINDOWS\System32\msru32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:17:38 2004 => File C:\WINDOWS\System32\netuf32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:17:41 2004 => File C:\WINDOWS\System32\ntmb32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:17:42 2004 => File C:\WINDOWS\System32\ntod32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:18:18 2004 => File C:\WINDOWS\System32\sdkcu32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:18:29 2004 => File C:\WINDOWS\System32\sysfe.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:18:29 2004 => Scanning File C:\WINDOWS\System32\sysho.dll
Thu Dec 30 11:18:29 2004 => File C:\WINDOWS\System32\sysho.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:18:46 2004 => File C:\WINDOWS\System32\winao32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Dec 30 11:18:46 2004 => File C:\WINDOWS\System32\wined32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:18:59 2004 => File C:\DOKUME~1\Admin\LOKALE~1\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:19:02 2004 => File C:\DOKUME~1\Admin\LOKALE~1\Temp\ICD4.tmp\istactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
Thu Dec 30 11:19:10 2004 => File C:\DOKUME~1\Admin\LOKALE~1\Temp\rs.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:20:17 2004 => File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ICD4.tmp\istactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:20:20 2004 => File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\rs.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:47:13 2004 => File C:\msinfo.exe infected by "TrojanDownloader.Win32.WinShow.am" Virus. Action Taken: No Action Taken.
Thu Dec 30 11:59:46 2004 => File C:\RECYCLER\S-1-5-21-1275210071-573735546-725345543-1007\Dc35.exe infected by "TrojanDownloader.Win32.Agent.cd" Virus. Action Taken: No Action Taken.

Thu Dec 30 11:59:59 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0291009.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Alt 30.12.2004, 17:32   #5
tsunami
 
ich mal wieder - Standard

ich mal wieder


Thu Dec 30 12:00:09 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0292001.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:10 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0292021.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:11 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0292033.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:11 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0292040.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
Thu Dec 30 12:00:12 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0292049.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:12 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0293049.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
Thu Dec 30 12:00:14 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0294049.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:23 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0294153.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
Thu Dec 30 12:00:24 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295153.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:27 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295199.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:28 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295226.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:41 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295364.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:42 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295388.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
Thu Dec 30 12:00:49 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295474.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:49 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295487.dll infected by "TrojanDownloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
Thu Dec 30 12:00:52 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295524.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:52 2004 => Scanning File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295525.exe
Thu Dec 30 12:00:52 2004 => Scanning File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295526.dll
Thu Dec 30 12:00:52 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0295526.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:53 2004 => Scanning File C:\System Volume infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:00:56 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0297474.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:01 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0297527.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:01 2004 => Scanning File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0297528.dll
Thu Dec 30 12:01:01 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0297528.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:01 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0298474.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:01 2004 => Scanning File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0298475.ini
Thu
Thu Dec 30 12:01:16 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0298632.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:17 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0298643.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:17 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0299642.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:17 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0300642.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:18 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0301642.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:18 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0301658.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0302658.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:26 2004 => File C:\System Volume Information\_restore{A1079BA6-5EBA-4414-AE67-571D45C89A0B}\RP26\A0302750.dll infected by "TrojanDownloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:40 2004 => File C:\WINDOWS\apivf.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:40 2004 => File C:\WINDOWS\appcq.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:40 2004 => File C:\WINDOWS\appoz.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:42 2004 => File C:\WINDOWS\apppn32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:42 2004 => File C:\WINDOWS\appug.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:42 2004 => File C:\WINDOWS\atlig32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:01:56 2004 => File C:\WINDOWS\crlz32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:02:03 2004 => File C:\WINDOWS\cxinf.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:02:03 2004 => File C:\WINDOWS\d3rn.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:02:04 2004 => File C:\WINDOWS\Downloaded Program Files\ISTactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.


Alt 30.12.2004, 17:32   #6
tsunami
 
ich mal wieder - Standard

ich mal wieder


Thu Dec 30 12:02:04 2004 => File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx infected by "not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:23 2004 => File C:\WINDOWS\iptd.exe infected by "TrojanDownloader.Win32.Agent.cd" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:23 2004 => File C:\WINDOWS\ipty32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:47 2004 => File C:\WINDOWS\mfcid.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:49 2004 => File C:\WINDOWS\msopt.dll infected by "TrojanDownloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:49 2004 => File C:\WINDOWS\msxmidi.exe infected by "TrojanDownloader.Win32.WinShow.am" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:50 2004 => File C:\WINDOWS\netdq32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:50 2004 => File C:\WINDOWS\ntwq32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:07:50 2004 => File C:\WINDOWS\n_rbchvi.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:08:57 2004 => File C:\WINDOWS\sdkss.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:08:58 2004 => File C:\WINDOWS\sdkwv.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:09:00 2004 => File C:\WINDOWS\SiSUSBrg.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:09:09 2004 => File C:\WINDOWS\system32\addjc32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:09:11 2004 => File C:\WINDOWS\system32\appob32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:09:12 2004 => File C:\WINDOWS\system32\atlhy.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:09:12 2004 => File C:\WINDOWS\system32\atlob.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:09:35 2004 => File C:\WINDOWS\system32\d3el.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:16:37 2004 => File C:\WINDOWS\system32\iedz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:16:37 2004 => File C:\WINDOWS\system32\ielo32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:16:40 2004 => File C:\WINDOWS\system32\ipik32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:17:12 2004 => File C:\WINDOWS\system32\mshm.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:17:18 2004 => File C:\WINDOWS\system32\msru32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:17:26 2004 => File C:\WINDOWS\system32\netuf32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:17:30 2004 => File C:\WINDOWS\system32\ntmb32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:17:30 2004 => File C:\WINDOWS\system32\ntmb32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:17:31 2004 => File C:\WINDOWS\system32\ntod32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.


Thu Dec 30 12:18:22 2004 => File C:\WINDOWS\system32\sdkcu32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:18:43 2004 => File C:\WINDOWS\system32\sysfe.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:18:43 2004 => Scanning File C:\WINDOWS\system32\sysho.dll
Thu Dec 30 12:18:43 2004 => File C:\WINDOWS\system32\sysho.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:19:13 2004 => File C:\WINDOWS\system32\winao32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Dec 30 12:19:14 2004 => File C:\WINDOWS\system32\wined32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.


Thu Dec 30 13:01:06 2004 => Total Files Scanned: 67759
Thu Dec 30 13:01:06 2004 => Total Virus(es) Found: 178
Thu Dec 30 13:01:06 2004 => Total Disinfected Files: 0
Thu Dec 30 13:01:06 2004 => Total Files Renamed: 0
Thu Dec 30 13:01:06 2004 => Total Deleted Files: 0
Thu Dec 30 13:01:06 2004 => Total Errors: 1
Thu Dec 30 13:01:06 2004 => Time Elapsed: 01:45:38
Thu Dec 30 13:01:06 2004 => Virus Database Date: 2004/12/27
Thu Dec 30 13:01:06 2004 => Virus Database Count: 113889

Thu Dec 30 13:01:06 2004 => Scan Completed.

- in den ordner
System Volume Information bin ich nicht reingekommen
- die fett markierten habe ich nicht gefunden
- "not-a-virus" habe ich nicht angefasst
Alt 30.12.2004, 17:57   #7
Cidre
Administrator, a.D.
 
ich mal wieder - Standard

ich mal wieder


Zitat:
- in den ordner
System Volume Information bin ich nicht reingekommen
Die brauchst du nicht einzeln löschen, sondern Systemwiederherstellung deaktivieren -> Neustart -> Systemwiederherstellung wieder aktivieren

Zitat:
- die fett markierten habe ich nicht gefunden
Lade Clearporg und lösche damit alle Temp Dateien unter Windows und IE.

Zitat:
- "not-a-virus" habe ich nicht angefasst
Auch löschen.

Zitat:
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
Dies ausführen: http://www.trojaner-board.de/showpos...6&postcount=31

Nach der Bereinigungsprozedur nochmals eScan durchlaufen lassen und beide Logs wieder posten.

Abschliessend kann man feststellen, ob nicht ein Neuaufsetzen deines Systems sinnvoller wäre, siehe http://www.trojaner-board.de/showpos...28&postcount=2
__________________
Gruß, Cidre


Alt 31.12.2004, 15:26   #8
tsunami
 
ich mal wieder - Standard

ich mal wieder


so siehts nun aus ....

Teil 1:


Logfile of HijackThis v1.99.0
Scan saved at 12:13:35, on 31.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Rar$EX00.453\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Programme\Gemeinsame Dateien\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Programme\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\Navnt\navapw32.exe
O4 - Global Startup: Verknüpfung mit IWatch.exe.lnk = C:\Programme\FRITZ!\IWatch.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098125867046
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Alt 31.12.2004, 15:28   #9
tsunami
 
ich mal wieder - Standard

ich mal wieder


Fri Dec 31 12:15:02 2004 =>
Teil 2:

**********************************************************
Fri Dec 31 12:15:02 2004 => eScan AntiVirus Toolkit Utility.
Fri Dec 31 12:15:02 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Dec 31 12:15:02 2004 => **********************************************************
Fri Dec 31 12:15:02 2004 => Version 4.7.6 (C:\bases\mwavscan.com)
Fri Dec 31 12:15:02 2004 => Log File: C:\bases\mwav.log
Fri Dec 31 12:15:03 2004 => Latest Date of files inside MWAV: 27 Dec 2004 07:00:56.
Fri Dec 31 12:15:08 2004 => AV Library Loaded...
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\kavss.exe
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\Getvlist.exe
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\kavss.dll
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\kavssdi.dll
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\kavssi.dll
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\kavvlg.dll
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\msvlclnt.dll
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\ipc.dll
Fri Dec 31 12:15:08 2004 => Scanning File C:\bases\main.avi
Fri Dec 31 12:15:09 2004 => Scanning File C:\bases\virus.avi
Fri Dec 31 12:15:09 2004 => Virus Database Date: 2004/12/27
Fri Dec 31 12:15:09 2004 => Virus Database Count: 113889

Fri Dec 31 12:15:19 2004 => **********************************************************
Fri Dec 31 12:15:19 2004 => eScan AntiVirus Toolkit Utility.
Fri Dec 31 12:15:19 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Dec 31 12:15:19 2004 =>
Fri Dec 31 12:15:19 2004 => Support: support@mwti.net
Fri Dec 31 12:15:19 2004 => Web: http://www.mwti.net
Fri Dec 31 12:15:19 2004 => **********************************************************
Fri Dec 31 12:15:19 2004 => Version 4.7.6 (C:\bases\mwavscan.com)
Fri Dec 31 12:15:19 2004 => Log File: C:\bases\mwav.log
Fri Dec 31 12:15:19 2004 => Latest Date of files inside MWAV: 27 Dec 2004 07:00:56.

Fri Dec 31 12:15:19 2004 => Options Selected by User:
Fri Dec 31 12:15:19 2004 => Memory Check: Enabled
Fri Dec 31 12:15:19 2004 => Registry Check: Enabled
Fri Dec 31 12:15:19 2004 => StartUp Folder Check: Enabled
Fri Dec 31 12:15:19 2004 => System Folder Check: Enabled
Fri Dec 31 12:15:19 2004 => System Area Check: Disabled
Fri Dec 31 12:15:19 2004 => Services Check: Enabled
Fri Dec 31 12:15:19 2004 => Drive Check: Disabled
Fri Dec 31 12:15:19 2004 => All Drive Check :Enabled
Fri Dec 31 12:15:19 2004 => Folder Check: Enabled
Fri Dec 31 12:15:19 2004 => Folder Selected = C:\WINDOWS

Fri Dec 31 12:15:42 2004 => ***** Scanning Registry Files *****

Fri Dec 31 12:15:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\System32\stobject.dll

Fri Dec 31 12:15:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Fri Dec 31 12:15:42 2004 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Fri Dec 31 12:15:42 2004 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL

Fri Dec 31 12:15:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\Explorer.exe
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\system32\userinit.exe

Fri Dec 31 12:15:42 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Fri Dec 31 12:15:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\system32\drwtsn32.exe

Fri Dec 31 12:15:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Fri Dec 31 12:15:42 2004 => Scanning File C:\WINDOWS\system32\ntsd.exe

Fri Dec 31 12:15:42 2004 => Scanning HKCU\Control Panel\Desktop
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\System32\scrnsave.scr

Fri Dec 31 12:15:43 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Fri Dec 31 12:15:43 2004 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Fri Dec 31 12:15:43 2004 => Scanning File C:\WINDOWS\system32\ie4uinit.exe

Fri Dec 31 12:15:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Fri Dec 31 12:15:44 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Fri Dec 31 12:15:44 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Dec 31 12:15:44 2004 => Scanning File C:\WINDOWS\system32\RunDll32.exe
Fri Dec 31 12:15:44 2004 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE
Fri Dec 31 12:15:44 2004 => Scanning File C:\WINDOWS\system32\nwiz.exe
Fri Dec 31 12:15:44 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Fri Dec 31 12:15:44 2004 => Scanning File C:\PROGRA~1\Navnt\npscheck.exe
Fri Dec 31 12:15:44 2004 => Scanning File C:\PROGRA~1\Navnt\defalert.exe
Fri Dec 31 12:15:44 2004 => Scanning File C:\WINDOWS\System32\NILaunch.exe
Fri Dec 31 12:15:44 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\INTERV~1\FASTTV~1\FASTTV~1.EXE
Fri Dec 31 12:15:45 2004 => Scanning File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
Fri Dec 31 12:15:45 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe
Fri Dec 31 12:15:45 2004 => Scanning File C:\WINDOWS\system32\dumprep.exe

Fri Dec 31 12:15:45 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Fri Dec 31 12:15:45 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Fri Dec 31 12:15:45 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Fri Dec 31 12:15:45 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Fri Dec 31 12:15:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Dec 31 12:15:45 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe

Fri Dec 31 12:15:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Fri Dec 31 12:15:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Fri Dec 31 12:15:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Fri Dec 31 12:15:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Fri Dec 31 12:15:45 2004 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Dec 31 12:15:45 2004 => Scanning File C:\WINDOWS\System32\CTFMON.EXE

Fri Dec 31 12:15:45 2004 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Fri Dec 31 12:15:46 2004 => Scanning HKCR\txtfile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\comfile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\exefile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\dllfile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\batfile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\piffile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\scrfile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\scrfile\shell\config\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\regfile\shell\open\command

Fri Dec 31 12:15:46 2004 => Scanning HKCR\htmlfile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Fri Dec 31 12:15:46 2004 => Scanning HKCR\htafile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\WINDOWS\System32\mshta.exe

Fri Dec 31 12:15:46 2004 => Scanning HKCR\jsfile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri Dec 31 12:15:46 2004 => Scanning HKCR\jsefile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri Dec 31 12:15:46 2004 => Scanning HKCR\vbsfile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri Dec 31 12:15:46 2004 => Scanning HKCR\vbefile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri Dec 31 12:15:46 2004 => Scanning HKCR\wshfile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri Dec 31 12:15:46 2004 => Scanning HKCR\wsffile\shell\open\command
Fri Dec 31 12:15:46 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Alt 31.12.2004, 15:29   #10
Cidre
Administrator, a.D.
 
ich mal wieder - Standard

ich mal wieder


Erstelle nochmals ein HJT Log-File aus dem "normalen" Modus.
__________________
Gruß, Cidre


Alt 31.12.2004, 15:31   #11
tsunami
 
ich mal wieder - Standard

ich mal wieder


Teil 3:


Fri Dec 31 12:15:47 2004 => ***** Scanning StartUp Folders *****

Fri Dec 31 12:15:47 2004 => ***** Scanning C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart Folder *****
Fri Dec 31 12:15:47 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\*.*
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\desktop.ini

Fri Dec 31 12:15:47 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Fri Dec 31 12:15:47 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 8.0 Tray-Symbol.lnk
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo Scheduler server.lnk
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Norton AntiVirus AutoProtect.lnk
Fri Dec 31 12:15:47 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Verknüpfung mit IWatch.exe.lnk

Fri Dec 31 12:15:47 2004 => ***** Scanning Service Files *****
Fri Dec 31 12:15:55 2004 => ERROR!!! Invalid Entry C:\WINDOWS\ipty32.exe /s in SYSTEM\CurrentControlSet\Services\ %AFå ¤À¨...

Fri Dec 31 12:15:55 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Fri Dec 31 12:15:55 2004 => Scanning File C:\WINDOWS\system32\JAVASUP.VXD

Fri Dec 31 12:15:55 2004 => ***** Scanning System32 Folders *****


Fri Dec 31 12:18:57 2004 => ***** Scanning All Drives *****

Fri Dec 31 12:40:50 2004 => Scanning File C:\Dokumente und Einstellungen\Jörg\Lokale Einstellungen\Temp\~vis0000\rebootnt.exe
Fri Dec 31 13:07:36 2004 => File C:\Dokumente und Einstellungen\Jörg\Lokale Einstellungen\Temp\~vis0000\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 13:51:11 2004 => Scanning File D:\Eigene Dateien\Downloads\Anwendung\DivX502Bundle.exe
Fri Dec 31 13:51:13 2004 => File D:\Eigene Dateien\Downloads\Anwendung\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 13:52:06 2004 => Scanning File D:\Eigene Dateien\Downloads\Anwendung\setup.exe
Fri Dec 31 13:52:07 2004 => File D:\Eigene Dateien\Downloads\Anwendung\setup.exe tagged as not-a-virus:RiskWare.Monitor.OrvellMonitor. No Action Taken.

Fri Dec 31 13:52:19 2004 => Scanning File D:\Eigene Dateien\Downloads\Anwendung\spyblocs.exe
Fri Dec 31 13:52:21 2004 => File D:\Eigene Dateien\Downloads\Anwendung\spyblocs.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 13:52:27 2004 => Scanning File D:\Eigene Dateien\Downloads\Anwendung\ymsgrde.exe
Fri Dec 31 13:52:28 2004 => File D:\Eigene Dateien\Downloads\Anwendung\ymsgrde.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 13:53:00 2004 => Scanning File D:\Eigene Dateien\Downloads\Spiele\dartsetup.exe
Fri Dec 31 13:53:00 2004 => File D:\Eigene Dateien\Downloads\Spiele\dartsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 13:53:07 2004 => Scanning File D:\Eigene Dateien\Downloads\Spiele\dxball total.exe
Fri Dec 31 13:53:14 2004 => File D:\Eigene Dateien\Downloads\Spiele\dxball total.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 13:53:14 2004 => Scanning File D:\Eigene Dateien\Downloads\Spiele\eurot.exe
Fri Dec 31 13:53:15 2004 => File D:\Eigene Dateien\Downloads\Spiele\eurot.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 13:53:18 2004 => Scanning File D:\Eigene Dateien\Downloads\Spiele\LiveBilliards112eDemo.exe
Fri Dec 31 13:53:22 2004 => File D:\Eigene Dateien\Downloads\Spiele\LiveBilliards112eDemo.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:03:25 2004 => Scanning File H:\Eigene Dateien\Downloads\Anwendung\DivX502Bundle.exe
Fri Dec 31 14:03:27 2004 => File H:\Eigene Dateien\Downloads\Anwendung\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:04:11 2004 => Scanning File H:\Eigene Dateien\Downloads\Anwendung\setup.exe
Fri Dec 31 14:04:12 2004 => File H:\Eigene Dateien\Downloads\Anwendung\setup.exe tagged as not-a-virus:RiskWare.Monitor.OrvellMonitor. No Action Taken.

Fri Dec 31 14:04:22 2004 => Scanning File H:\Eigene Dateien\Downloads\Anwendung\spyblocs.exe
Fri Dec 31 14:04:24 2004 => File H:\Eigene Dateien\Downloads\Anwendung\spyblocs.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:04:30 2004 => Scanning File H:\Eigene Dateien\Downloads\Anwendung\ymsgrde.exe
Fri Dec 31 14:04:31 2004 => File H:\Eigene Dateien\Downloads\Anwendung\ymsgrde.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:04:59 2004 => Scanning File H:\Eigene Dateien\Downloads\Spiele\dartsetup.exe
Fri Dec 31 14:04:59 2004 => File H:\Eigene Dateien\Downloads\Spiele\dartsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:05:06 2004 => Scanning File H:\Eigene Dateien\Downloads\Spiele\dxball total.exe
Fri Dec 31 14:05:13 2004 => File H:\Eigene Dateien\Downloads\Spiele\dxball total.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:05:14 2004 => Scanning File H:\Eigene Dateien\Downloads\Spiele\eurot.exe
Fri Dec 31 14:05:14 2004 => File H:\Eigene Dateien\Downloads\Spiele\eurot.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:05:17 2004 => Scanning File H:\Eigene Dateien\Downloads\Spiele\LiveBilliards112eDemo.exe
Fri Dec 31 14:05:21 2004 => File H:\Eigene Dateien\Downloads\Spiele\LiveBilliards112eDemo.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Dec 31 14:26:47 2004 => ***** Checking for specific ITW Viruses *****
Fri Dec 31 14:26:47 2004 => Checking for Welchia Virus...
Fri Dec 31 14:26:47 2004 => Checking for LovGate Virus...
Fri Dec 31 14:26:47 2004 => Checking for CodeRed Virus...
Fri Dec 31 14:26:48 2004 => Checking for OpaServ Virus...
Fri Dec 31 14:26:48 2004 => Checking for Sobig.e Virus...
Fri Dec 31 14:26:48 2004 => Checking for Winupie Virus...
Fri Dec 31 14:26:48 2004 => Checking for Swen Virus...
Fri Dec 31 14:26:48 2004 => Checking for JS.Fortnight Virus...
Fri Dec 31 14:26:48 2004 => Checking for Novarg Virus...
Fri Dec 31 14:26:48 2004 => Checking for Pagabot Virus...
Fri Dec 31 14:26:48 2004 => Checking for Parite.b Virus...
Fri Dec 31 14:26:48 2004 => Checking for Parite.a Virus...

Fri Dec 31 14:26:48 2004 => ***** Scanning complete. *****

Fri Dec 31 14:26:48 2004 => Total Files Scanned: 65606
Fri Dec 31 14:26:48 2004 => Total Virus(es) Found: 17
Fri Dec 31 14:26:48 2004 => Total Disinfected Files: 0
Fri Dec 31 14:26:48 2004 => Total Files Renamed: 0
Fri Dec 31 14:26:48 2004 => Total Deleted Files: 0
Fri Dec 31 14:26:48 2004 => Total Errors: 2
Fri Dec 31 14:26:48 2004 => Time Elapsed: 02:11:12
Fri Dec 31 14:26:48 2004 => Virus Database Date: 2004/12/27
Fri Dec 31 14:26:48 2004 => Virus Database Count: 113889

Fri Dec 31 14:26:48 2004 => Scan Completed

==> die "not-a-virus" hab ich anschließend gelöscht

Alt 31.12.2004, 16:52   #12
tsunami
 
ich mal wieder - Standard

ich mal wieder


Normalmodus:

Logfile of HijackThis v1.99.0
Scan saved at 16:47:06, on 31.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Programme\Gemeinsame Dateien\InterVideo\FastTVSync\FastTVSync.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\AOL 8.0\aoltray.exe
C:\Programme\InterVideo\WinDVD4PR\SchSvr.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Navnt\navapw32.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\AOL 8.0\waol.exe
C:\Programme\AOL 8.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Rar$EX00.391\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Programme\Gemeinsame Dateien\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Programme\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\Navnt\navapw32.exe
O4 - Global Startup: Verknüpfung mit IWatch.exe.lnk = C:\Programme\FRITZ!\IWatch.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098125867046
O17 - HKLM\System\CCS\Services\Tcpip\..\{554EE2BB-7865-446D-99C1-8F67E8777FC4}: NameServer = 205.188.146.145
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Alt 31.12.2004, 16:58   #13
Cidre
Administrator, a.D.
 
ich mal wieder - Standard

ich mal wieder


Dein Log-File ist wieder sauber.

Lese nun diese Seite und setze die gegebenen Tipps um:
http://www.mathematik.uni-marburg.de...ompromise.html
__________________
Gruß, Cidre


Alt 31.12.2004, 20:01   #14
tsunami
 
ich mal wieder - Standard

ich mal wieder


dangge cidre ... das mach ich dann im nächsten jahr ...
in diesem sinne ...
guten rutsch und frohes neues jahr
tsu

Antwort

Themen zu ich mal wieder
adobe, antivirus, askbar, bho, button, dateien, dll, drivers, explorer, fritz!, hijack, hijackthis, internet, internet explorer, messenger, microsoft, nvcpl.dll, nvidia, programme, rundll, software, symantec, system, system32, tcpip, temp, träge, update, urlsearchhook, windows, windows xp, yahoo


« mein logfile | Kann keine Programme starten bzw. installieren »


Ähnliche Themen: ich mal wieder


  1. Leider wieder mal was bzw. schon wieder eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (9)
  2. your phone is infected install antivirus to delete - Nachricht erscheint wieder und wieder mit Weiterleitung in den play store
    Smartphone, Tablet & Handy Security - 12.03.2015 (9)
  3. Windows 7: Avira meldet immer wieder ADWARE/Adware.Gen4 bzw. .Gen7, zudem taucht Optimizer Pro immer wieder auf
    Log-Analyse und Auswertung - 14.12.2014 (9)
  4. Pc wieder sehr langsam, Firefox stürzt immer wieder ab.
    Log-Analyse und Auswertung - 21.08.2013 (9)
  5. PC fährt immer wieder von alleine runter und wieder hoch
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (13)
  6. und wieder mal GVU ...
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (2)
  7. und wieder BKA
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (14)
  8. GUV mal wieder
    Log-Analyse und Auswertung - 04.09.2012 (17)
  9. Internet immer wieder langsam, dann wieder normal usw.
    Log-Analyse und Auswertung - 20.10.2010 (1)
  10. IE öffnet immer wieder werbefenster sowie geht immer wieder der ton aus
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (2)
  11. Windows Vista startet nicht, fährt sofort wieder runter und gleich wieder hoch...
    Alles rund um Windows - 03.04.2010 (3)
  12. externe festplatte wieder unter xp wieder herstellen
    Alles rund um Windows - 15.01.2009 (3)
  13. trojaner meldet sich wieder und wieder
    Plagegeister aller Art und deren Bekämpfung - 27.06.2007 (4)
  14. Imer wieder Trojan.small hin und wieder werbe pop-ups..
    Log-Analyse und Auswertung - 30.05.2006 (4)
  15. Mal wieder ....[help me please!]
    Plagegeister aller Art und deren Bekämpfung - 22.05.2006 (6)
  16. wieder mal ich
    Log-Analyse und Auswertung - 21.06.2005 (1)
  17. RAM....mal wieder
    Netzwerk und Hardware - 09.04.2003 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ich mal wieder - moinsen leudz, die meisten einträge hab ich schon gefixt. leider kommen die beiden fett markierten immer wieder. bitte schaut doch mal wo sich da sonst noch was finder Logfile of - ich mal wieder...
Archiv
Du betrachtest: ich mal wieder auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131