| |
| |||||||
Log-Analyse und Auswertung: LOG-File bitte auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
06.02.2005, 16:32
| #1 |
   |  LOG-File bitte auswerten @sunshine ein teil fehlt^^ nämlich das löschen der befallenen dateien. die einträge kommen ja wieder, wenn die dateien noch vorhanden sind also im abgesicherten modus noch diese dateien löschen: -den ordner C:\PROGRAMME\WINEX\ -den ordner C:\PROGRAMME\MSNET\ -den ordner C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\ -den ordner C:\PROGRAMME\SE\ -den ordner C:\Programme\Gemeinsame Dateien\GMT\ -leere den papierkorb -die datei BHO001.DLL im ordner C:\WINDOWS\SYSTEM\ |
|
07.02.2005, 00:41
| #2 |
 | LOG-File bitte auswerten hallo!
__________________nachdem ich im hijackthis.exe die angegebenen dateien gefixt habe, hat die suche mittels escan folgende ergebnisse geliefert: C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. File C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. File C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\Anwendungsdaten\Mozilla\Profiles\default\mg274aky.slt\Mail\mail.kawo1.rwh-aachen.de\Trash infected by "Exploit.HTML.FileDownload" Virus. C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. C:\Programme\Twister\TwisterInstall.exe infected by "not-a-virus:AdWare.SaveNow.e" Virus. C:\Programme\DownloadWare\Downloads\151.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Downloads\205.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Downloads\217.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Downloads\201.dat infected by "not-a-virus:AdWare.SmartPops" Virus. C:\Programme\DownloadWare\Temp\we.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Temp\msinst.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Temp\seinst.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Temp\rh.exe infected by "not-a-virus:AdWare.SmartPops" Virus. C:\Programme\DelFin\PromulGate\PgSDK.DLL infected by "not-a-virus:AdWare.DelphinMediaViewer.d" Virus. C:\Programme\UCmore\UCMIE.dll infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus. C:\Programme\UCmore\IUCmore.dll infected by "not-a-virus:AdWare.Toolbar.Ucmore" Virus. C:\Programme\Recommended Hotfix - 421701D\v15\RH.exe infected by "not-a-virus:AdWare.SmartPops" Virus. C:\_RESTORE\TEMP\A0023851.CPY infected by "not-a-virus:AdWare.IGetNet" Virus. C:\_RESTORE\TEMP\A0023852.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\_RESTORE\TEMP\A0023855.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023856.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023857.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023858.CPY infected by "not-a-virus:AdWare.Gator.5017" Virus. C:\_RESTORE\TEMP\A0023859.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023860.CPY infected by "not-a-virus:AdWare.Gator.6034" Virus. C:\_RESTORE\TEMP\A0023861.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023862.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023870.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\_RESTORE\TEMP\A0023871.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. Sun Feb 06 20:46:37 2005 => File C:\_RESTORE\TEMP\A0023872.CPY infected by "not-a-virus:AdWare.Gator.6034" Virus. C:\_RESTORE\TEMP\A0023873.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023874.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023875.CPY infected by "not-a-virus:AdWare.Gator.3124" Virus. C:\_RESTORE\TEMP\A0023876.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023877.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023878.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023879.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023880.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023881.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023882.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus. C:\_RESTORE\TEMP\A0023885.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\_RESTORE\TEMP\A0023886.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\_RESTORE\TEMP\A0023887.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\_RESTORE\TEMP\A0023888.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\_RESTORE\TEMP\A0016085.CPY infected by "not-a-virus:AdWare.DownloadWare" Virus. C:\_RESTORE\TEMP\A0016089.CPY infected by "not-a-virus:PornWare.Dialer.Lagoon" Virus. C:\_RESTORE\TEMP\A0017395.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0017397.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0017399.CPY infected by "not-a-virus:AdWare.BargainBuddy.a" Virus. C:\_RESTORE\TEMP\A0017401.CPY infected by "not-a-virus:AdWare.TopMoxie.a" Virus. C:\_RESTORE\TEMP\A0017418.CPY infected by "Trojan-Downloader.Win32.Small.fo" Virus. Sun Feb 06 20:49:02 2005 => File C:\_RESTORE\TEMP\A0017914.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0017995.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019176.CPY infected by "not-a-virus:AdWare.SmartPops" Virus. C:\_RESTORE\TEMP\A0019185.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019682.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019686.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019757.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019772.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019776.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019780.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019799.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019803.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019909.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019913.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0019992.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. Sun Feb 06 20:49:31 2005 => File C:\_RESTORE\TEMP\A0019996.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020009.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020013.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020067.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020089.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020117.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020121.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020151.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020155.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020462.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020466.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020525.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020529.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020613.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020617.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020629.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020633.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020756.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0020760.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0022740.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0022744.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0022748.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0022752.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0023751.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\TEMP\A0023755.CPY infected by "not-a-virus:AdWare.Gator.a" Virus. C:\_RESTORE\ARCHIVE\FS1.CAB infected by "not-a-virus:AdWare.SaveNow.t" Virus. C:\_RESTORE\ARCHIVE\FS77.CAB infected by "Trojan.Win32.Dialer.av" Virus. C:\_RESTORE\ARCHIVE\FS78.CAB infected by "not-a-virus:AdWare.Cydoor" Virus. C:\_RESTORE\ARCHIVE\FS106.CAB infected by "not-a-virus:AdWare.Gator.3202" Virus. C:\_RESTORE\ARCHIVE\FS108.CAB infected by "not-a-virus:AdWare.Gator.3202" Virus. C:\_RESTORE\ARCHIVE\FS157.CAB infected by "not-a-virus:AdWare.Gator.5115" Virus. C:\Program Files\HijackThis\backups\backup-20050206-190034-357.dll infected by "not-a-virus:AdWare.IGetNet" Virus. C:\Program Files\HijackThis\backups\backup-20050206-190034-555.dll infected by "not-a-virus:AdWare.WindowEnhancer" Virus. ....danke! kati |
|
07.02.2005, 09:41
| #3 |
 | LOG-File bitte auswerten @kati309
__________________diese dateien auf diskette sichern zwecks beweismittel, sind dialer C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. C:\_RESTORE\TEMP\A0016089.CPY infected by "not-a-virus:PornWare.Dialer.Lagoon" Virus. du hast ja einiges im system deaktiviere die systemwiederherstellung. lade LSP-Fix download lade spybot download update spybot lade adaware download update adaware lade clearprog bei www.clearprog.de deinstalliere über systemsteuerung, software, den eintrag NewDotNet, NewNet oder ähnliches wechsle in den abgesicherten modus, lasse spybot scannen, alles löschen was es vorschlägt.(DSO Exploit löscht es nicht, ist nicht tragisch) lasse adaware scannen alles löschen was es findet. clearprog laufen lassen, alle häkchen bei windows und IE setzen, alles löschen diese dateien manuell löschen C:\Program Files\HijackThis\backups\backup-20050206-190034-357.dll infected by "not-a-virus:AdWare.IGetNet" Virus. C:\Program Files\HijackThis\backups\backup-20050206-190034-555.dll infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. File C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. File C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\Anwendungsdaten\Mozilla\Profiles\defaul t\mg274aky.slt\Mail\mail.kawo1.rwh-aachen.de\Trash infected by "Exploit.HTML.FileDownload" Virus. C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus. C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. C:\Programme\Twister\TwisterInstall.exe infected by "not-a-virus:AdWare.SaveNow.e" Virus. C:\Programme\DownloadWare\Downloads\151.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Downloads\205.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Downloads\217.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. C:\Programme\DownloadWare\Downloads\201.dat infected by "not-a-virus:AdWare.SmartPops" Virus. C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. C:\_RESTORE\TEMP\A0016089.CPY infected by "not-a-virus:PornWare.Dialer.Lagoon" Virus. neu booten, systemwiederherstellung aktivieren. ich würde mich an deiner stell mal gedanken machen über dein surfverhaltenund deine systemsicherheit. chaosman
__________________ |
|
| Themen zu LOG-File bitte auswerten |
| .inf, adobe, auswerten, bho, bitte auswerten, button, dateien, explorer, firefox, hijack, hijackthis, icq, internet, internet explorer, laufwerk c, log-file, microsoft, mozilla, mozilla firefox, neue, nvcpl.dll, ordner, registry, rundll, rundll32.exe, software, system, urlsearchhook, virus, windows |
Hybrid-Darstellung
