Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spyaxe die 1000.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.12.2005, 18:06   #16
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Also hier soweit das was ich gefunden haben:

Smitrem:

smitRem © log file
version 2.7

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18:02:27, on 02.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Stephan\LOKALE~1\Temp\Rar$EX00.109\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hp6ACF.tmp (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Bei ewido wird nix angezeigt und zum escan hab ich nur eine datei gefunden und zwar mwaw.log, die ist aber superlang, ist das die richtige ?

Alt 02.12.2005, 18:08   #17
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Und Spyaxe installiert sich immer wieder im Hintergrund, so dass ich auf dem Desktop immer das Spyaxe Ikon habe. Spybot meldet sich zar, aber ich kann nicht entziffern, was der unten als mögliche entscheidungen angibt, die sind in der mitte abgetrennt.
__________________


Alt 02.12.2005, 18:31   #18
Haui45
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Zitat:
Zitat von Stephan1981
Bei ewido wird nix angezeigt und zum escan hab ich nur eine datei gefunden und zwar mwaw.log, die ist aber superlang, ist das die richtige ?
Lies in der eScan-Anleitung den Teil bzgl. der Find.bat!

Lade dir SpyAxeFix.exe herunter-> Doppelklick-> Entpacke die Dateien-> Starte die SpyAxeFix.bat und lass das Programm durchlaufen (der PC sollte selbstständig neu starten)
-> http://forums.techguy.org/showthread...3&page=1&pp=15

Starte den PC im abgesicherten Modus.
Zitat:
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hp6ACF.tmp (file missing)
Fixe diesen Eintrag mit HijackThis im abgesicherten Modus und lösche die Datei "C:\WINDOWS\System32\hp6ACF.tmp" - sofern noch vorhanden.

Scanne erneut mit ewido, die Option zum Speichern des Reports existiert mit Sicherheit!

Neustart.
Poste die Ergebnisse der SpyAxeFix.bat (liegen im gleichen Verzeichnis wie die bat-Datei)
Poste die ewido-Ergebnisse.
Poste noch ein Silent-Runners-Logfile.
__________________

Alt 02.12.2005, 18:37   #19
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



@ Haui: Sorry, klar hätte mal ordentlich durchlesen müssen.

Also hab jetzt das aus dem escan log datei laut anleitung:

Fri Dec 02 17:11:37 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Fri Dec 02 17:11:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Desktop\internet.lnk
Fri Dec 02 17:11:41 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.


Den Rest den du geschrieben hast, werd ich jetzt mal ausführen

Gruß

Stephan

Alt 02.12.2005, 19:45   #20
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



@ Haui: so, hab soweit alles durch, hier meine Ergebnisse

Silent Runner :

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"AOLDialer" = "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AdaptecDirectCD" = ""C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [file not found]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [file not found]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]


Ewido:

---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 19:20:53, 02.12.2005
+ Report-Checksumme: 5C072983

+ Scanergebnis:

C:\Dokumente und Einstellungen\Stephan\Cookies\stephan@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Stephan\Cookies\stephan@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Stephan\Cookies\stephan@statcounter[1].txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup


::Report Ende


Und, ja ich hab keine Ahnung, im Spyaxefix finde ich nur eine Trxtdatei, aber die ist keine log Datei:


SpyAxeFix © by noahdfear


Microsoft Windows XP [Version 5.1.2600]

spyaxe directory present

spyaxe uninstaller present

Starting spyaxe uninstaller

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of spyaxe.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1372 'explorer.exe'
Killing PID 1372 'explorer.exe'


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

svchosts.dll present

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



Wie gehts nun weiter ? Hab ich gegen Spyaxe gewonnen ?

Noch ne kleine Frage, wie verhindere ich, das Spybot jedesmal beim starten des Rechners ne Analyse durchführt ?


Schon mal vielen, vielen Dank für die Super Hilfe

Gruß

Stephan


Alt 02.12.2005, 20:08   #21
Haui45
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Mal sehen.
Ist das wirklich das ganze "Silent Runners"-Log, es müsste noch weitergehen. Evtl. hast du die Logdatei einfach zu früh geöffnet. Wenn ja, poste noch mal alles hier rein.
Ein (hoffentlich) letztes HjT-Log will ich auch sehen.

Poste bitte noch folgendes aus der mwav.log (steht ganz am Ende):
Zitat:
Total Number of Files Scanned:
Total Number of Virus(es) Found:
Total Number of Disinfected Files:
Total Number of Files Renamed:
Total Number of Deleted Files:
Total Number of Errors:
Time Elapsed:

Zitat:
Noch ne kleine Frage, wie verhindere ich, das Spybot jedesmal beim starten des Rechners ne Analyse durchführt ?
Fixe den Eintrag O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck mit HijackThis.


P.S.: Verwende in Zukunft bitte einen alternativen Browser und update dein System!

Alt 02.12.2005, 20:25   #22
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



@haui:

Mein Silent Runner:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"AOLDialer" = "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AdaptecDirectCD" = ""C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [file not found]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [file not found]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson Datei-Manager"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Stephan\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Stephan" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"AOL 9.0 Tray-Symbol" -> shortcut to: "C:\Programme\AOL 9.0\aoltray.exe -check" ["America Online, Inc."]


Enabled Scheduled Tasks:
------------------------

"XoftSpy" -> launches: "C:\Programme\XoftSpy\XoftSpy.exe -t" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.aol.de/e60/

Missing lines (compared with English-language version):
[Strings]: 1 line

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AOL Connectivity Service, AOL ACS, ""C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"" ["America Online, Inc."]
ewido security suite control, ewido security suite control, "C:\Programme\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Programme\ewido\security suite\ewidoguard.exe" ["ewido networks"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 251 seconds, including 18 seconds for message boxes)


MWAV log:

Fri Dec 02 17:14:18 2005 => ***** Scanning complete. *****

Fri Dec 02 17:14:18 2005 => Total Objects Scanned: 22549
Fri Dec 02 17:14:18 2005 => Total Virus(es) Found: 10
Fri Dec 02 17:14:18 2005 => Total Disinfected Files: 0
Fri Dec 02 17:14:18 2005 => Total Files Renamed: 0
Fri Dec 02 17:14:18 2005 => Total Deleted Objects: 0
Fri Dec 02 17:14:18 2005 => Total Errors: 123
Fri Dec 02 17:14:18 2005 => Time Elapsed: 00:03:38
Fri Dec 02 17:14:18 2005 => Virus Database Date: 2005/11/28
Fri Dec 02 17:14:18 2005 => Virus Database Count: 161878

Fri Dec 02 17:14:18 2005 => Scan Completed.

Fri Dec 02 17:14:54 2005 => Virus Database Date: 2005/11/28
Fri Dec 02 17:14:54 2005 => Virus Database Count: 161878
Fri Dec 02 17:14:58 2005 => AV Library Unloaded (3)...


Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 20:24:28, on 02.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\953a9cb86706ade89c5e0f457bab54e9\update\update.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Stephan\LOKALE~1\Temp\Rar$EX00.625\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadstervision.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Hab gerade mal versucht das Servicepack runterzuladen und unten auf das Update icon in der Taskleiste geklickt, irgendwie lädt der nicht und ist jetzt super langsam, hat der sich nur irgendwie verstrickt oder ist doch noch irgendwo was böses ?


Gru?

Stephan

Alt 02.12.2005, 23:31   #23
Haui45
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Bzgl. SP2: Direktdownload

Zitat:
Fri Dec 02 17:14:18 2005 => Time Elapsed: 00:03:38
Fri Dec 02 17:14:18 2005 => Virus Database Date: 2005/11/28
Du hast eScan leider falsch ausgeführt. Du hast weder ein Update durchgeführt, noch alle Haken richtig gesetzt. Dies solltest du nachholen!

Alt 05.12.2005, 19:25   #24
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



So, jetzt aber noch einmal mein ESCAN Bericht, hoffentlich in der aktuellsten Version:


Sat Dec 03 20:25:20 2005 => ***** Scanning complete. *****

Sat Dec 03 20:25:20 2005 => Total Objects Scanned: 61976
Sat Dec 03 20:25:20 2005 => Total Virus(es) Found: 38
Sat Dec 03 20:25:20 2005 => Total Disinfected Files: 0
Sat Dec 03 20:25:20 2005 => Total Files Renamed: 0
Sat Dec 03 20:25:20 2005 => Total Deleted Objects: 0
Sat Dec 03 20:25:20 2005 => Total Errors: 90
Sat Dec 03 20:25:20 2005 => Time Elapsed: 01:20:30
Sat Dec 03 20:25:20 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 20:25:21 2005 => Virus Database Count: 157120

Sat Dec 03 20:25:21 2005 => Scan Completed.


Gruß

Stephan

Alt 05.12.2005, 19:28   #25
Haui45
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Zitat:
Zitat von Stephan1981
Sat Dec 03 20:25:20 2005 => Total Virus(es) Found: 38
Jetzt brauchen wir nur noch die Zusammenfassung der infizierten Dateien. Verwende die Find.bat um ein Log mit den relevanten Infos zu erstellen.

Alt 05.12.2005, 19:36   #26
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Teil 1:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Dec 02 17:11:37 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Fri Dec 02 17:11:41 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
Fri Dec 02 17:11:42 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Dec 02 17:11:42 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Dec 02 17:11:42 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Dec 02 17:11:42 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Dec 02 17:11:44 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Fri Dec 02 17:11:44 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Fri Dec 02 17:14:18 2005 => Total Disinfected Files: 0
Sat Dec 03 18:00:45 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sat Dec 03 18:00:49 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
Sat Dec 03 18:00:51 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:51 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:51 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:51 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:53 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:53 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:53 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:54 2005 => System found infected with whenu.savenow Spyware/Adware (index[1].html)! Action taken: No Action Taken.
Sat Dec 03 18:00:54 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:54 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:54 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:55 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:56 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:56 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:56 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:56 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:56 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (index[1].html)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 18:00:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 18:01:01 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat Dec 03 18:01:01 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat Dec 03 18:13:38 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Dec 03 18:52:21 2005 => Total Disinfected Files: 0
Sat Dec 03 19:05:34 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sat Dec 03 19:05:39 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
Sat Dec 03 19:05:41 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:41 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:41 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:42 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:44 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:44 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:44 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:45 2005 => System found infected with whenu.savenow Spyware/Adware (index[1].html)! Action taken: No Action Taken.
Sat Dec 03 19:05:46 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:46 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:46 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:46 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:47 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:48 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:48 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:48 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:48 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (index[1].html)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Sat Dec 03 19:05:50 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 19:05:52 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat Dec 03 19:05:52 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat Dec 03 19:22:44 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Dec 03 20:25:20 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Dec 02 17:11:02 2005 => File C:\WINDOWS\System32\svchosts.dll tagged as not-a-virusownloader.Win32.Spax.a. No Action Taken.
Fri Dec 02 17:11:06 2005 => File C:\WINDOWS\System32\svchosts.dll tagged as not-a-virusownloader.Win32.Spax.a. No Action Taken.

Alt 05.12.2005, 19:37   #27
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Teil 2:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Dec 02 17:11:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Desktop\internet.lnk
Fri Dec 02 17:11:42 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\common[1].js
Fri Dec 02 17:11:42 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\common[1].js
Fri Dec 02 17:11:42 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\common[1].js
Fri Dec 02 17:11:42 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\common[1].js
Sat Dec 03 18:00:49 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Desktop\internet.lnk
Sat Dec 03 18:00:51 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\adswrapper[1].js
Sat Dec 03 18:00:51 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\ads[1].htm
Sat Dec 03 18:00:51 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\ads[2].htm
Sat Dec 03 18:00:51 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\common[1].js
Sat Dec 03 18:00:53 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\ads[1].htm
Sat Dec 03 18:00:53 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\ads[2].htm
Sat Dec 03 18:00:53 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\common[1].js
Sat Dec 03 18:00:54 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\index[1].html
Sat Dec 03 18:00:54 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\adsend[1].js
Sat Dec 03 18:00:54 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\ads[1].htm
Sat Dec 03 18:00:54 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\ads[2].htm
Sat Dec 03 18:00:55 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\common[1].js
Sat Dec 03 18:00:56 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\show_ads[2].js
Sat Dec 03 18:00:56 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\adspopup2[1].js
Sat Dec 03 18:00:56 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\ads[1].htm
Sat Dec 03 18:00:56 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\ads[2].htm
Sat Dec 03 18:00:56 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\common[1].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\adswrapper[1].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\ads[1].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\ads[2].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\common[1].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\ads[1].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\ads[2].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\common[1].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\index[1].html
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\adsend[1].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\ads[1].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\ads[2].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\common[1].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\show_ads[2].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\adspopup2[1].js
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\ads[1].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\ads[2].htm
Sat Dec 03 18:00:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\common[1].js
Sat Dec 03 19:05:39 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Desktop\internet.lnk
Sat Dec 03 19:05:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\adswrapper[1].js
Sat Dec 03 19:05:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\ads[1].htm
Sat Dec 03 19:05:41 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\ads[2].htm
Sat Dec 03 19:05:42 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\ij234n6p\common[1].js
Sat Dec 03 19:05:44 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\ads[1].htm
Sat Dec 03 19:05:44 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\ads[2].htm
Sat Dec 03 19:05:44 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\common[1].js
Sat Dec 03 19:05:45 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\o7nik9il\index[1].html
Sat Dec 03 19:05:46 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\adsend[1].js
Sat Dec 03 19:05:46 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\ads[1].htm
Sat Dec 03 19:05:46 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\ads[2].htm
Sat Dec 03 19:05:46 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\common[1].js
Sat Dec 03 19:05:47 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w3qixjap\show_ads[2].js
Sat Dec 03 19:05:48 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\adspopup2[1].js
Sat Dec 03 19:05:48 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\ads[1].htm
Sat Dec 03 19:05:48 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\ads[2].htm
Sat Dec 03 19:05:48 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temporary internet files\content.ie5\w9mbcde3\common[1].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\adswrapper[1].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\ads[1].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\ads[2].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\ij234n6p\common[1].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\ads[1].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\ads[2].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\common[1].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\o7nik9il\index[1].html
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\adsend[1].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\ads[1].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\ads[2].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\common[1].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3qixjap\show_ads[2].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\adspopup2[1].js
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\ads[1].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\ads[2].htm
Sat Dec 03 19:05:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\Temporary Internet Files\content.ie5\w9mbcde3\common[1].js
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Dec 02 17:14:18 2005 => Total Virus(es) Found: 10
Sat Dec 03 18:52:21 2005 => Total Virus(es) Found: 38
Sat Dec 03 20:25:20 2005 => Total Virus(es) Found: 38
Fri Dec 02 17:14:18 2005 => Total Errors: 123
Sat Dec 03 18:52:21 2005 => Total Errors: 90
Sat Dec 03 20:25:20 2005 => Total Errors: 90
Fri Dec 02 17:14:18 2005 => Time Elapsed: 00:03:38
Sat Dec 03 18:52:21 2005 => Time Elapsed: 00:52:35
Sat Dec 03 20:25:20 2005 => Time Elapsed: 01:20:30
Fri Dec 02 17:14:18 2005 => Total Objects Scanned: 22549
Sat Dec 03 18:52:21 2005 => Total Objects Scanned: 62174
Sat Dec 03 20:25:20 2005 => Total Objects Scanned: 61976
Fri Dec 02 16:44:48 2005 => Virus Database Date: 2005/11/28
Fri Dec 02 17:10:32 2005 => Virus Database Date: 2005/11/28
Fri Dec 02 17:14:18 2005 => Virus Database Date: 2005/11/28
Fri Dec 02 17:14:54 2005 => Virus Database Date: 2005/11/28
Sat Dec 03 17:58:10 2005 => Virus Database Date: 2005/11/28
Sat Dec 03 17:59:09 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 18:52:21 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 18:58:45 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 19:00:14 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 19:04:22 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 20:25:20 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 20:26:14 2005 => Virus Database Date: 2005/12/03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Alt 05.12.2005, 19:51   #28
Haui45
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Lösche die temporären Dateien von Windows und vom Internet Explorer (alle Haken setzen) mit ClearProg.
Lösche diese Datei mit Killbox
Zitat:
C:\WINDOWS\System32\svchosts.dll
Lade und aktualisiere Spybot Search&Destroy und Ad-Aware. Lass beide im abgesicherten Modus scannen und die gefundenen Probleme beheben.

Lösche die Datei C:\bases_x\mwav.log (wichtig!), scanne erneut mit eScan und poste das Ergebnis.

Alt 05.12.2005, 19:56   #29
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Kurze Frage: Wer oder was ist Killbox ?

Alt 05.12.2005, 19:59   #30
Stephan1981
 
Spyaxe die 1000. - Standard

Spyaxe die 1000.



Bei Clearprog: Sowohl bei Windows und bei Internet Explorer alle Haken setzen ?

ESCAN auch im abgesicherten Modus?

Antwort

Themen zu Spyaxe die 1000.
antivir, bho, computer, einstellungen, excel, explorer, google, helfen, helper, hijack, hijackthis, icqtoolbar, infected, internet, internet explorer, logfile, microsoft, nvidia, pop-up, programme, rundll, software, system, taskleiste, temp, urlsearchhook, vielen dank, weißem kreuz, windows, windows xp, your computer is infected




Ähnliche Themen: Spyaxe die 1000.


  1. 1000 Dank an M-K-D-B V2
    Lob, Kritik und Wünsche - 05.07.2014 (0)
  2. 1000 Dank an M-K-D-B
    Lob, Kritik und Wünsche - 05.07.2014 (0)
  3. 1000 Dank!
    Lob, Kritik und Wünsche - 06.03.2014 (0)
  4. SpyAxe ?
    Log-Analyse und Auswertung - 06.01.2006 (13)
  5. Spyaxe die 2te
    Log-Analyse und Auswertung - 31.12.2005 (14)
  6. Spyaxe
    Log-Analyse und Auswertung - 31.12.2005 (13)
  7. SpyAxe ?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2005 (3)
  8. spyaxe
    Antiviren-, Firewall- und andere Schutzprogramme - 28.12.2005 (2)
  9. Spyaxe
    Log-Analyse und Auswertung - 26.12.2005 (1)
  10. SpyAxe
    Plagegeister aller Art und deren Bekämpfung - 18.12.2005 (6)
  11. SpyAxe etc.
    Log-Analyse und Auswertung - 16.12.2005 (3)
  12. SpyAxe
    Log-Analyse und Auswertung - 16.12.2005 (5)
  13. Spyaxe
    Plagegeister aller Art und deren Bekämpfung - 10.12.2005 (1)
  14. spyaxe
    Log-Analyse und Auswertung - 20.11.2005 (1)
  15. Spyaxe
    Plagegeister aller Art und deren Bekämpfung - 19.11.2005 (10)
  16. SpyAxe !
    Plagegeister aller Art und deren Bekämpfung - 17.11.2005 (1)

Zum Thema Spyaxe die 1000. - Also hier soweit das was ich gefunden haben: Smitrem: smitRem © log file version 2.7 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not - Spyaxe die 1000....
Archiv
Du betrachtest: Spyaxe die 1000. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.