Könntet ihr mir BITTE dabei helfen?...

AirKnee · 14.06.2005, 11:45

Hallo liebe Forumergemeinde!
Ich habe seit nicht einmal drei Wochen mein neues Laptop. Nun habe ich zum ersten mal (strikt nach eurer Anleitung) einen Scan mit eScan durchgeführt und bin nun ratlos. Es wäre nett, wenn ihr mir helft, folgende log files zu deuten und mir sagt, wie ich weiter vorgehen soll. Zuerst seht ihr das eScan log file, darunter habe ich auch noch ein HijackThis log angehängt. Es wäre wirklich nett, wenn ihr mir helfen würdet, weiss allein nämlich keinen Rat, wie ich nun vorgehen soll. Danke im Voraus.

eSCAN:

Tue Jun 14 10:33:20 2005 => **********************************************************
Tue Jun 14 10:33:20 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Tue Jun 14 10:33:20 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Jun 14 10:33:20 2005 => **********************************************************
Tue Jun 14 10:33:20 2005 => Version 6.4.1 (C:\Bases_X\mwavscan.com)
Tue Jun 14 10:33:20 2005 => Log File: C:\Bases_X\MWAV.LOG
Tue Jun 14 10:33:20 2005 => MWAV Registered: FALSE.
Tue Jun 14 10:33:20 2005 => MWAV Mode: Only Scan files.
Tue Jun 14 10:33:20 2005 => Latest Date of files inside MWAV: 13 Jun 2005 22:11:37.
Tue Jun 14 10:33:26 2005 => AV Library Loaded...
Tue Jun 14 10:33:26 2005 => MWAV doing self scanning...
Tue Jun 14 10:33:26 2005 => Scanning File C:\Bases_X\kavss.exe
Tue Jun 14 10:33:26 2005 => Scanning File C:\Bases_X\Getvlist.exe
Tue Jun 14 10:33:26 2005 => Scanning File C:\Bases_X\kavss.dll
Tue Jun 14 10:33:26 2005 => Scanning File C:\Bases_X\kavssdi.dll
Tue Jun 14 10:33:26 2005 => Scanning File C:\Bases_X\kavssi.dll
Tue Jun 14 10:33:26 2005 => Scanning File C:\Bases_X\kavvlg.dll
Tue Jun 14 10:33:26 2005 => Scanning File C:\Bases_X\msvlclnt.dll
Tue Jun 14 10:33:27 2005 => Scanning File C:\Bases_X\ipc.dll
Tue Jun 14 10:33:27 2005 => Scanning File C:\Bases_X\main.avi
Tue Jun 14 10:33:27 2005 => Scanning File C:\Bases_X\virus.avi
Tue Jun 14 10:33:27 2005 => MWAV files are clean.
Tue Jun 14 10:33:32 2005 => Virus Database Date: 2005/06/13
Tue Jun 14 10:33:32 2005 => Virus Database Count: 134472

Tue Jun 14 10:33:56 2005 => **********************************************************
Tue Jun 14 10:33:56 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Tue Jun 14 10:33:56 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Jun 14 10:33:56 2005 =>
Tue Jun 14 10:33:56 2005 => Support:
Tue Jun 14 10:33:56 2005 => Web:
Tue Jun 14 10:33:56 2005 => **********************************************************
Tue Jun 14 10:33:56 2005 => Version 6.4.1 (C:\Bases_X\mwavscan.com)
Tue Jun 14 10:33:56 2005 => Log File: C:\Bases_X\MWAV.LOG
Tue Jun 14 10:33:56 2005 => User Account: Administrator
Tue Jun 14 10:33:56 2005 => Windows Root Folder: C:\WINDOWS
Tue Jun 14 10:33:56 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue Jun 14 10:33:56 2005 => OS: Windows NT
Tue Jun 14 10:33:56 2005 => Latest Date of files inside MWAV: 13 Jun 2005 22:11:37.

Tue Jun 14 10:33:56 2005 => Options Selected by User:
Tue Jun 14 10:33:56 2005 => Memory Check: Enabled
Tue Jun 14 10:33:56 2005 => Registry Check: Enabled
Tue Jun 14 10:33:56 2005 => StartUp Folder Check: Enabled
Tue Jun 14 10:33:56 2005 => System Folder Check: Enabled
Tue Jun 14 10:33:56 2005 => System Area Check: Disabled
Tue Jun 14 10:33:56 2005 => Services Check: Enabled
Tue Jun 14 10:33:56 2005 => Drive Check: Disabled
Tue Jun 14 10:33:56 2005 => All Drive Check :Enabled
Tue Jun 14 10:33:56 2005 => Folder Check: Disabled

Tue Jun 14 10:35:19 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Tue Jun 14 10:35:19 2005 => Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Jun 14 10:36:41 2005 => File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Take

Tue Jun 14 11:12:32 2005 => File C:\Programme\Pinnacle\Studio 9\OEM\hfx55StudioPatch.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue Jun 14 11:12:32 2005 => Scanning File C:\Programme\Pinnacle\Studio 9\OEM\hfx55StudioSilent.exe
Tue Jun 14 11:13:22 2005 => File C:\Programme\Pinnacle\Studio 9\OEM\hfx55StudioSilent.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue Jun 14 12:06:03 2005 => File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue Jun 14 12:06:27 2005 => Total Objects Scanned: 48415
Tue Jun 14 12:06:27 2005 => Total Virus(es) Found: 5
Tue Jun 14 12:06:27 2005 => Total Disinfected Files: 0
Tue Jun 14 12:06:27 2005 => Total Files Renamed: 0
Tue Jun 14 12:06:27 2005 => Total Deleted Objects: 0
Tue Jun 14 12:06:27 2005 => Total Errors: 312
Tue Jun 14 12:06:27 2005 => Time Elapsed: 01:29:29
Tue Jun 14 12:06:27 2005 => Virus Database Date: 2005/06/13
Tue Jun 14 12:06:27 2005 => Virus Database Count: 134472

Tue Jun 14 12:06:27 2005 => Scan Completed.

Tue Jun 14 12:07:20 2005 => Virus Database Date: 2005/06/13
Tue Jun 14 12:07:20 2005 => Virus Database Count: 134472
Tue Jun 14 12:07:26 2005 => AV Library Unloaded (3)...

hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:32:46, on 14.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Atguard\iamserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\MSI\AV Wizard\AVExe.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Atguard\iamapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQPlus\vplus.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Dokumente und Einstellungen\NAME\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Programme\Elantech\ktp3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AV Wizard] C:\Programme\MSI\AV Wizard\AVExe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\Atguard\iamapp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.de
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: WRQ IAM (iamServ) - WRQ, Inc. - C:\Programme\Atguard\iamserv.exe

Könntet ihr mir BITTE dabei helfen?...

Log-Analyse und Auswertung: Könntet ihr mir BITTE dabei helfen?...

Könntet ihr mir BITTE dabei helfen?...

Ähnliche Themen: Könntet ihr mir BITTE dabei helfen?...