Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Kann da mal jemand drüberschauen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.12.2005, 19:43   #1
Planer
 
Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Hallo!
Hatte mir vor kurzem einen Trojaner (Spyaxe) gefangen. Denke, er spukt immer noch in meinem System rum, zumindest findet Antivir immer mal wieder direkt nach dem Systemstart Trojaner, kann sie dann aber nicht löschen. Hier mein Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 19:16:30, on 19.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
C:\Programme\Antivir\AVWUPSRV.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\ICQ\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Antivir\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Logitech\SetPoint\kem.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programme\Mozilla Firefox\firefox.exe
D:\Tools\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Antivir\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Programme\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092733492931
O17 - HKLM\System\CCS\Services\Tcpip\..\{989ABA06-5251-4AAA-8918-8ECE0054C743}: NameServer = 192.168.122.252,192.168.122.253
O20 - Winlogon Notify: SABWinLogon - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


Vielen Dank!

Alt 19.12.2005, 19:46   #2
JayP
 

Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Wo wird der denn gefunden wenn ich fragen darf?

Fixe dann noch diese Einträge:
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU)
__________________


Alt 20.12.2005, 00:14   #3
dartus
 
Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Hallo Planer,

Zitat:
Denke, er spukt immer noch in meinem System rum, zumindest findet Antivir immer mal wieder direkt nach dem Systemstart Trojaner, kann sie dann aber nicht löschen.
Die genaue Pfadangabe und was gefunden wird, wäre wichtig.

dartus
__________________
__________________

Alt 20.12.2005, 11:44   #4
Planer
 
Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Es handelt sich um das Trojanische Pferd TR/Dldr.Zlob.BZ.2
Es sind immer wieder neue Dateinamen, aber immer im gleichen Verzeichnis:

z.B.:

C:\WINDOWS\SYSTEM32\LDECCE.TMP

C:\WINDOWS\SYSTEM32\LD3D0E.TMP

C:\WINDOWS\SYSTEM32\LDF53.TMP

Hilft das weiter?

Alt 20.12.2005, 13:15   #5
dartus
 
Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Hallo Planer,

führe dies aus: http://www.trojaner-board.de/showthread.php?t=21709

dartus

__________________
Kein Support per PN

Alt 20.12.2005, 18:26   #6
Planer
 
Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Hallo!

Erst einmal danke für eure Mühen! Habe die Anweisungen abgearbeitet und stelle jetzt mal die aktuellen Logfiles ein, in der Hoffung, dass mein Rechner jetzt sauber ist:

Highjack-this:
Logfile of HijackThis v1.99.1
Scan saved at 17:59:28, on 20.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
C:\Programme\Antivir\AVWUPSRV.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\ICQ\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Antivir\AVGNT.EXE
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\eScan\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Logitech\SetPoint\kem.exe
C:\PROGRA~1\eScan\kavss.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\eScan\AvpM.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Tools\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Antivir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Programme\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQ\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092733492931
O17 - HKLM\System\CCS\Services\Tcpip\..\{989ABA06-5251-4AAA-8918-8ECE0054C743}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MWTI2 - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe




Smitfiles:
smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 704 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!





Ad-Aware Logfile folgt...

Alt 20.12.2005, 18:27   #7
Planer
 
Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Logfile Ad-aware:
Ad-Aware SE Build 1.06r1
Logfile Created onienstag, 20. Dezember 2005 16:02:30
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R82 19.12.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Malware.SpyAxe(TAC index:4):16 total references
MRU List(TAC index:0):36 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


20.12.2005 16:02:30 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 128
ThreadCreationTime : 20.12.2005 14:56:24
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 172
ThreadCreationTime : 20.12.2005 14:56:40
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 196
ThreadCreationTime : 20.12.2005 14:56:41
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 240
ThreadCreationTime : 20.12.2005 14:56:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 252
ThreadCreationTime : 20.12.2005 14:56:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 400
ThreadCreationTime : 20.12.2005 14:56:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 20.12.2005 14:56:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 528
ThreadCreationTime : 20.12.2005 14:56:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1520
ThreadCreationTime : 20.12.2005 15:00:37
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:10 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1664
ThreadCreationTime : 20.12.2005 15:01:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:11 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1708
ThreadCreationTime : 20.12.2005 15:02:05
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0f68a8aa-a9a8-4711-be36-ae363efa6443}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28420952-c82b-47d9-a042-fa2217d8a082}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3c099c83-8587-4b35-8af0-fc3a169ce14f}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3fe13f31-e890-4c37-8213-4b5f9a511c26}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4cad27dc-1b60-42f4-820e-316fe0a13512}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{54874d12-c0c6-44cc-83fb-2c35202f881b}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{54a3200b-d76e-48d1-b35c-d87eaf6d90bd}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{663dfe59-032c-46fb-a09a-ffc2dc074f54}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{69ce4fbc-4861-4206-8211-dd5a9ee79ad3}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{afa9056f-aa11-4771-ae01-04ecfde18206}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b8f2487f-aa6a-4914-9a3f-db84e6868d66}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4645720-e02f-4bb2-8e6d-be7653dd1bf2}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fa46b160-c9dd-4040-b9d9-ccf5d3db5438}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fc1f0c2c-8117-427d-816c-215b68524f74}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fd1eee96-8dc7-478d-be3b-7d06ac67fb66}

Malware.SpyAxe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fd8e5ed7-0091-416f-a55b-1d072d58a24f}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : xxx@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:xxx@tradedoubler.com/
Expires : 15.12.2025 11:37:20
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : xxx@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:xxx@2o7.net/
Expires : 19.12.2010 15:08:24
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 18



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

Disk Scan Result for C:\DOKUME~1\xxx~1\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 18



MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\xxx\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\ntbackup\log files
Description : list of recent logfiles in microsoft backup


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1030799401-4161820378-3072398101-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 54

16:04:49 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:18.860
Objects scanned:67515
Objects identified:18
Objects ignored:0
New critical objects:18






Last but not least: E-scan (nur infected files)

Tue Dec 20 16:14:30 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Tue Dec 20 16:14:30 2005 => Loading Spyware Signatures from new External Database (Size: 144468).

Tue Dec 20 16:14:33 2005 => Offending Folder found: C:\WINDOWS\content.ie5
Tue Dec 20 16:14:33 2005 => Object "IncrediFind Browser Hijacker" found in File System! Action Taken: Keine Aktion vorgenommen.

Tue Dec 20 16:14:41 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: Keine Aktion vorgenommen.



Hoffe, ich hab alles richtig gemacht. Wäre super, wenn nochmal ein kleiner Feedback kommen würde!

Gruß,

Planer

Alt 20.12.2005, 23:43   #8
dartus
 
Kann da mal jemand drüberschauen? - Standard

Kann da mal jemand drüberschauen?



Hallo Planer,

diesen Ordner würde ich noch löschen:
C:\WINDOWS\content.ie5

Dein Logfile sieht unauffällig aus.

Hier lesenswerte Links, insbesondere die „12 Punkte“ zur Systemabsicherung.

dartus
__________________
Kein Support per PN

Antwort

Themen zu Kann da mal jemand drüberschauen?
adobe, antivir, bho, computer, dateien, excel, explorer, firefox, hijack, hijackthis, home, icq, internet, internet explorer, launch, logfile, messenger, microsoft, mozilla, mozilla firefox, pdf, programme, software, system, trojaner, windows, windows xp




Ähnliche Themen: Kann da mal jemand drüberschauen?


  1. kann mir jemand einen tip geben,was ich eventuell noch versuchen kann.
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (3)
  2. combofix logfile kann mal jemand drüberschauen?
    Log-Analyse und Auswertung - 14.11.2010 (1)
  3. Kann da mal einer drüberschauen ?
    Log-Analyse und Auswertung - 23.02.2010 (1)
  4. Kann jemand erfahrenes mal drüberschauen ob alles ok ist?
    Log-Analyse und Auswertung - 12.02.2009 (2)
  5. Kann da mal wer drüberschauen?
    Mülltonne - 21.12.2008 (0)
  6. Kann das mal jemand durchchecken?
    Mülltonne - 01.07.2008 (0)
  7. Kann sich jemand das bitte jemand ansehn?
    Log-Analyse und Auswertung - 19.06.2007 (1)
  8. Hijacklog ... könnte jemand mal drüberschauen?
    Mülltonne - 18.05.2007 (7)
  9. Könnte jemand mal über meine Log' drüberschauen bitte?
    Log-Analyse und Auswertung - 18.04.2007 (4)
  10. kann mal jemand durchschecken
    Log-Analyse und Auswertung - 10.10.2006 (4)
  11. kann jemand helfen?
    Log-Analyse und Auswertung - 28.12.2005 (12)
  12. Kann mal jemand drüberschauen
    Log-Analyse und Auswertung - 15.08.2005 (1)
  13. Kann mal einer drüberschauen?
    Log-Analyse und Auswertung - 14.04.2005 (1)
  14. Kann hier mal bitte einer drüberschauen!!??
    Log-Analyse und Auswertung - 01.04.2005 (1)
  15. Kann da mal jemand drüberschauen bitte??
    Log-Analyse und Auswertung - 01.10.2004 (3)

Zum Thema Kann da mal jemand drüberschauen? - Hallo! Hatte mir vor kurzem einen Trojaner (Spyaxe) gefangen. Denke, er spukt immer noch in meinem System rum, zumindest findet Antivir immer mal wieder direkt nach dem Systemstart Trojaner, kann - Kann da mal jemand drüberschauen?...
Archiv
Du betrachtest: Kann da mal jemand drüberschauen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.