|
Log-Analyse und Auswertung: Verda... Sch... kann mir bitte jemand helfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.12.2005, 15:02 | #1 |
| Verda... Sch... kann mir bitte jemand helfen Ich weis wahrscheindlich nervt euch das aber bitte helft mir . ich bin am verzweifeln. sorry wegen der rechtschreibung Logfile of HijackThis v1.99.1 Scan saved at 14:55:06, on 18.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Ivan\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01 O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp9460.tmp O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll (file missing) O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
18.12.2005, 15:26 | #2 |
| Verda... Sch... kann mir bitte jemand helfen Arbeite bitte folgendes ab: http://www.trojaner-board.de/showthread.php?t=21709
__________________Beachte dabei die neue eScan-Anleitung. Poste dann die Ergebnisse von eScan und smitrem zusammen mit einem neuen HijackThis-Log. |
18.12.2005, 18:21 | #3 |
| Verda... Sch... kann mir bitte jemand helfen Ich hab das gemacht was in disem post steht.
__________________http://www.trojaner-board.de/showthread.php?t=21709 Leider hat das updaten von Esacn nicht geklapt und ich habe das program DiskCleanup nicht gefunden. aber abgesehen von den zwei problemmen hatt alles geklapt. e of HijackThis v1.99.1 Scan saved at 18:16:17, on 18.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Ivan\Desktop\Viren\hijackthis\HijackThis.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll (file missing) O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe das hir ist von Esacan smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ ioctrl.dll 1024 dir msvol.tlb ld****.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 772 'explorer.exe' Killing PID 772 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! |
18.12.2005, 18:39 | #4 |
| Verda... Sch... kann mir bitte jemand helfen Das schaut ja schon mal besser aus. Poste bitte noch die eScan-Ergebnisse. Zudem würde ich gerne noch ein Silent Runners-Log sehen. |
18.12.2005, 18:48 | #5 |
| Verda... Sch... kann mir bitte jemand helfen Ok hir sind die Silent Runner aber wie bekom ich die von Escan? Bitte sag mir was mein problem ist "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "Lexmark X1100 Series" = ""C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."] "remotewatch.exe" = (empty string) "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "ATIPTA" = ""C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "AVSCHED32" = "C:\Programme\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"] "Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 81 Hartwell Ave. Lexington MA"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 81 Hartwell Ave. Lexington MA"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Ivan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Ivan" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 18 seconds) |
18.12.2005, 18:57 | #6 | ||
| Verda... Sch... kann mir bitte jemand helfenZitat:
Zitat:
|
18.12.2005, 19:40 | #7 |
| Verda... Sch... kann mir bitte jemand helfen Heist das, das problem behoben ist? |
18.12.2005, 19:43 | #8 | |
| Verda... Sch... kann mir bitte jemand helfenZitat:
|
18.12.2005, 21:00 | #9 |
| Verda... Sch... kann mir bitte jemand helfen smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ ioctrl.dll 1024 dir msvol.tlb ld****.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 772 'explorer.exe' Killing PID 772 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! |
18.12.2005, 21:05 | #10 |
| Verda... Sch... kann mir bitte jemand helfen Würde es dir gefallen, wenn ich immer das Gleiche posten würde? Nein? Dann sei bitte so nett und poste das Ergebnis von eScan... |
18.12.2005, 22:03 | #11 |
| Verda... Sch... kann mir bitte jemand helfen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Dec 18 18:08:55 2005 => Virus Database Date: 2005/12/12 Sun Dec 18 20:58:31 2005 => Virus Database Date: 2005/12/12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ |
18.12.2005, 22:09 | #12 | |
| Verda... Sch... kann mir bitte jemand helfen Öffne die Datei C:\bases_x\mwav.log und poste folgendes (steht ganz am Ende): Zitat:
|
18.12.2005, 22:28 | #13 |
| Verda... Sch... kann mir bitte jemand helfen Sun Dec 18 18:08:35 2005 => AV Library Unloaded (3)... Sun Dec 18 18:08:48 2005 => ********************************************************** Sun Dec 18 18:08:48 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Sun Dec 18 18:08:48 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Sun Dec 18 18:08:48 2005 => ********************************************************** Sun Dec 18 18:08:49 2005 => Version 7.4.5 (C:\Bases_X\mwavscan.com) Sun Dec 18 18:08:49 2005 => Log File: C:\Bases_X\MWAV.LOG Sun Dec 18 18:08:49 2005 => Last Scan Date and Time: 18.12.2005 17:09:49 Sun Dec 18 18:08:49 2005 => MWAV Registered: FALSE. Sun Dec 18 18:08:49 2005 => MWAV Mode: Only Scan files. Sun Dec 18 18:08:51 2005 => Latest Date of files inside MWAV: 12 Dec 2005 12:14:08. Sun Dec 18 18:08:54 2005 => AV Library Loaded... Sun Dec 18 18:08:54 2005 => MWAV doing self scanning... Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavss.exe Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\Getvlist.exe Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavss.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavssdi.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavssi.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavvlg.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\msvlclnt.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\ipc.dll Sun Dec 18 18:08:55 2005 => Scanning File C:\Bases_X\main.avi Sun Dec 18 18:08:55 2005 => Scanning File C:\Bases_X\virus.avi Sun Dec 18 18:08:55 2005 => MWAV files are clean. Sun Dec 18 18:08:55 2005 => Virus Database Date: 2005/12/12 Sun Dec 18 18:08:55 2005 => Virus Database Count: 164615 Sun Dec 18 18:08:59 2005 => Downloading AntiVirus and Anti-Spyware Databases... Sun Dec 18 18:08:59 2005 => Downloads Not Successful! Sun Dec 18 18:09:06 2005 => AV Library Unloaded (3)... Sun Dec 18 20:58:26 2005 => ********************************************************** Sun Dec 18 20:58:26 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Sun Dec 18 20:58:26 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Sun Dec 18 20:58:26 2005 => ********************************************************** Sun Dec 18 20:58:26 2005 => Version 7.4.5 (C:\Bases_X\mwavscan.com) Sun Dec 18 20:58:26 2005 => Log File: C:\Bases_X\MWAV.LOG Sun Dec 18 20:58:26 2005 => Last Scan Date and Time: 18.12.2005 17:09:49 Sun Dec 18 20:58:26 2005 => MWAV Registered: FALSE. Sun Dec 18 20:58:26 2005 => MWAV Mode: Only Scan files. Sun Dec 18 20:58:27 2005 => Latest Date of files inside MWAV: 12 Dec 2005 12:14:08. Sun Dec 18 20:58:30 2005 => AV Library Loaded... Sun Dec 18 20:58:30 2005 => MWAV doing self scanning... Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavss.exe Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\Getvlist.exe Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavss.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavssdi.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavssi.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavvlg.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\msvlclnt.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\ipc.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\main.avi Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\virus.avi Sun Dec 18 20:58:30 2005 => MWAV files are clean. Sun Dec 18 20:58:31 2005 => Virus Database Date: 2005/12/12 Sun Dec 18 20:58:31 2005 => Virus Database Count: 164615 Sun Dec 18 20:59:03 2005 => AV Library Unloaded (3)... |
18.12.2005, 22:41 | #14 |
| Verda... Sch... kann mir bitte jemand helfen War wahrscheindlich das falsche ich scan den comp nochmal mit escan aber erst morgen jetz muss ich pennen geh, muss widerr arbeiten. |
Themen zu Verda... Sch... kann mir bitte jemand helfen |
adobe, adobe reader, antivir, bho, dateien, desktop, einstellungen, excel, explorer, firefox, helfen, hijack, hijackthis, hotkey, internet, internet explorer, messenger, microsoft, monitor, mozilla, mozilla firefox, msn, programme, server, software, system, windows, windows xp |