| |
| |||||||
Log-Analyse und Auswertung: problem gelöst (?)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2006, 17:41
| #46 |
 |  problem gelöst (?) sorry, aber ich peils immer noch nicht ganz.. habe im dos fenster "reg query HKLM\Software" eingegeben, dann kommt eine liste (falls dies bereits die log. ist, kann ich sie weder markieren noch kopieren), un dann bin ich im verzeichnis C:>Dokumente und Einstellungen\mein name> da sollte ich dann C:\query.log eingeben?? das geht irgendwie nicht.. falls ich zuerst aus dem unterverzeichnis raus muss, wie mach ich das? komme nicht mehr weiter..(sorry) |
|
14.02.2006, 17:55
| #47 |
  | problem gelöst (?) das soll im DOS-Fenster alles in eine Zeile
__________________reg query HKLM\Software >> C:\query.log (Enter drücken) Macht reg query und leitet die Ausgabe in die Datei C:\query.log um
__________________ |
|
14.02.2006, 18:09
| #48 |
| | problem gelöst (?) ach so.. sorry!!
__________________ na dann, hier ist sie: ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\Software <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\Software\ACE Compression Software HKEY_LOCAL_MACHINE\Software\Adobe HKEY_LOCAL_MACHINE\Software\Agere HKEY_LOCAL_MACHINE\Software\Ahead HKEY_LOCAL_MACHINE\Software\Alcohol Soft HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc. HKEY_LOCAL_MACHINE\Software\ASPI32 HKEY_LOCAL_MACHINE\Software\Audio2x.com HKEY_LOCAL_MACHINE\Software\Azureus HKEY_LOCAL_MACHINE\Software\Brother HKEY_LOCAL_MACHINE\Software\C07ft5Y HKEY_LOCAL_MACHINE\Software\Cakewalk Music Software HKEY_LOCAL_MACHINE\Software\CDDB HKEY_LOCAL_MACHINE\Software\Classes HKEY_LOCAL_MACHINE\Software\Clients HKEY_LOCAL_MACHINE\Software\Digital Design Ltd HKEY_LOCAL_MACHINE\Software\Drag'n Drop CD HKEY_LOCAL_MACHINE\Software\Drag'n Drop CD+DVD HKEY_LOCAL_MACHINE\Software\Easy Systems Japan Ltd. HKEY_LOCAL_MACHINE\Software\exPressit S.E. 2.1 HKEY_LOCAL_MACHINE\Software\fphfte HKEY_LOCAL_MACHINE\Software\Gemplus HKEY_LOCAL_MACHINE\Software\Globespan HKEY_LOCAL_MACHINE\Software\GNU HKEY_LOCAL_MACHINE\Software\Google HKEY_LOCAL_MACHINE\Software\InstalledOptions HKEY_LOCAL_MACHINE\Software\InstallShield HKEY_LOCAL_MACHINE\Software\Intel HKEY_LOCAL_MACHINE\Software\InterVideo HKEY_LOCAL_MACHINE\Software\JavaSoft HKEY_LOCAL_MACHINE\Software\Jens Fangmeier HKEY_LOCAL_MACHINE\Software\Kazaa HKEY_LOCAL_MACHINE\Software\LimeWire HKEY_LOCAL_MACHINE\Software\Macromedia HKEY_LOCAL_MACHINE\Software\Magnet HKEY_LOCAL_MACHINE\Software\Microsoft HKEY_LOCAL_MACHINE\Software\MoodLogic HKEY_LOCAL_MACHINE\Software\Mozilla HKEY_LOCAL_MACHINE\Software\mozilla.org HKEY_LOCAL_MACHINE\Software\MozillaPlugins HKEY_LOCAL_MACHINE\Software\MyWay HKEY_LOCAL_MACHINE\Software\ODBC HKEY_LOCAL_MACHINE\Software\Policies HKEY_LOCAL_MACHINE\Software\Program Groups HKEY_LOCAL_MACHINE\Software\RealNetworks HKEY_LOCAL_MACHINE\Software\RichFX HKEY_LOCAL_MACHINE\Software\ScanSoft HKEY_LOCAL_MACHINE\Software\Schlumberger HKEY_LOCAL_MACHINE\Software\sis HKEY_LOCAL_MACHINE\Software\Soeperman Enterprises Ltd. HKEY_LOCAL_MACHINE\Software\SoftShape HKEY_LOCAL_MACHINE\Software\Sony HKEY_LOCAL_MACHINE\Software\Sony Corporation HKEY_LOCAL_MACHINE\Software\Symantec HKEY_LOCAL_MACHINE\Software\Syntrillium HKEY_LOCAL_MACHINE\Software\Visioneer HKEY_LOCAL_MACHINE\Software\WebUpdate HKEY_LOCAL_MACHINE\Software\Wildfire Studios HKEY_LOCAL_MACHINE\Software\Windows 3.1 Migration Status HKEY_LOCAL_MACHINE\Software\Windows AdStatus HKEY_LOCAL_MACHINE\Software\winLAME HKEY_LOCAL_MACHINE\Software\WordNet HKEY_LOCAL_MACHINE\Software\Xing Technology Corp. HKEY_LOCAL_MACHINE\Software\Yahoo HKEY_LOCAL_MACHINE\Software\Zeon HKEY_LOCAL_MACHINE\Software\Zone Labs |
|
14.02.2006, 18:14
| #49 |
| | problem gelöst (?) OK, das wollte ich wissen. Die del.bat konnte nicht funktionieren. Probiere es mal mit dieser del2.bat (abgesicherter Modus) und poste den Inhalt der Datei C:\del2.bat http://rapidshare.de/files/13266388/del2.bat.html
__________________ When you contact tech support, a lot of people feel like they're either talking to an idiot or being treated like one. |
|
14.02.2006, 19:47
| #50 |
| | problem gelöst (?) hm..da passiert auch nicht viel mehr: ------------------------------------------------------ Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. ------------------------------------------------------ mache ich was falsch? |
|
14.02.2006, 20:16
| #51 |
| | problem gelöst (?) So, und nun mal bitte ein neues HJT-Log
__________________ --> problem gelöst (?) |
|
14.02.2006, 20:27
| #52 |
| | problem gelöst (?) ok, here it is: Logfile of HijackThis v1.99.1 Scan saved at 20:26:24, on 14.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Programme\sony\giga pocket\shwserv.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\sony\vaio media music server\SSSvr.exe C:\Programme\sony\photo server\appsrv\PhotoAppSrv.exe C:\Programme\sony\giga pocket\GPVSvr.exe C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\sony\giga pocket\RM_SV.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\sony\usbsircs\usbsircs.exe C:\HijackThis.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Keyboard Closure Setup.lnk = ? O4 - Global Startup: Remocon-Treiber.lnk = ? O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23a4d5833eea077af906/netzip/RdxIE601_de.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Programme\sony\giga pocket\shwserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Programme\sony\giga pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Programme\sony\giga pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Programme\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Programme\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Programme\sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe |
|
14.02.2006, 21:22
| #53 |
| | problem gelöst (?) Papierkorb mal leeren und nochmal einen Scan mit eScan durchführen. Nach Adam Riese sollte dabei aber nichts mehr zu finden sein. Aber sicher ist sicher.
__________________ When you contact tech support, a lot of people feel like they're either talking to an idiot or being treated like one. |
|
14.02.2006, 21:50
| #54 |
| | problem gelöst (?) ok, werd ich machen. vielen dank für deine hilfe. jetzt hab ich aber trotzdem noch eine frage: eScan hat mir zuvor ja 22 infizierte files angegeben, wovon 3 mit "trojan downloader" betitelt waren. wurden diese dinger bei den letzten aktionen, die ich nach deiner anleitung ausgeführt habe beseitigt? ich kann mich nämlich nicht erinnern, diese bewusst gefixt zu haben.. falls alles in ordnung ist, müssten dann also beim nächsten eScan tatsächlich auch "null" kritische objekte im ergebnis stehen? dank und gruss mpc101 |
|
14.02.2006, 22:02
| #55 | |
| | problem gelöst (?)Zitat:
 Scherz beiseite. 9 Objekte wurden mit der del.bat gelöscht. Eins wurde durch das Leeren des Java Caches entsorgt. 4 sind imho belanglose Einträge die auf keine konkreten Dateien verweisen (imho nur auf die Infektion selbst), drei Hinweise auf leere Ordner und der Rest liegt im Papierkorb, den Du ja leeren solltest. Also im schlimmsten Fall sollte es vier Meldungen geben.
__________________ When you contact tech support, a lot of people feel like they're either talking to an idiot or being treated like one. |
|
14.02.2006, 22:37
| #56 |
| | problem gelöst (?) hahaha mann, mann, mann, das ist mir fast ein bisschen unheimlich, was du alles über meinen rechner erzählen kannst... also dann möcht ich mich nochmal ganz herzlich bei dir bedanken und mach mich so bald als möglich mal an den eScan.. gruss mpc |
|
15.02.2006, 02:32
| #57 | ||||||||
| | problem gelöst (?) Da ist überhaupt nichts unheimliches dabei. Das ist ganz einfach: Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
reg delete HKLM\Software\magnet\handlers\limewire /f Zitat:
__________________ When you contact tech support, a lot of people feel like they're either talking to an idiot or being treated like one. |
|
15.02.2006, 23:54
| #58 |
| | problem gelöst (?) nun guck sich mal einer diese kleinen schweinchen an.. eScan hat wieder 9 stück angezeigt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Jan 12 15:44:52 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken. Thu Jan 12 15:44:52 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Thu Jan 12 15:44:52 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. Thu Jan 12 15:44:52 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Thu Jan 12 15:44:52 2006 => System found infected with myway Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken. Thu Jan 12 15:44:55 2006 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken. Thu Jan 12 15:44:55 2006 => System found infected with advsearch Spyware/Adware (mydll.dll)! Action taken: No Action Taken. Thu Jan 12 15:44:58 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Thu Jan 12 15:51:13 2006 => File C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv569.jar-560641e0-50694235.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken. Thu Jan 12 20:27:08 2006 => Total Disinfected Objects: 0 Fri Feb 10 12:48:18 2006 => Total Disinfected Objects: 0 Fri Feb 10 12:49:31 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken. Fri Feb 10 12:49:31 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Fri Feb 10 12:49:31 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. Fri Feb 10 12:49:31 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Fri Feb 10 12:49:36 2006 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken. Fri Feb 10 12:49:36 2006 => System found infected with advsearch Spyware/Adware (mydll.dll)! Action taken: No Action Taken. Fri Feb 10 12:54:21 2006 => File C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv569.jar-560641e0-50694235.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken. Fri Feb 10 18:46:39 2006 => Total Disinfected Objects: 0 Sat Feb 11 11:49:32 2006 => Total Disinfected Objects: 0 Sat Feb 11 11:50:41 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken. Sat Feb 11 11:50:41 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Sat Feb 11 11:50:41 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. Sat Feb 11 11:50:41 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Sat Feb 11 11:50:45 2006 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken. Sat Feb 11 11:50:46 2006 => System found infected with advsearch Spyware/Adware (mydll.dll)! Action taken: No Action Taken. Sat Feb 11 11:55:31 2006 => File C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv569.jar-560641e0-50694235.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken. Sat Feb 11 12:54:52 2006 => Total Disinfected Objects: 0 Wed Feb 15 18:23:59 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken. Wed Feb 15 18:23:59 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Wed Feb 15 18:23:59 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. Wed Feb 15 18:24:00 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Wed Feb 15 20:04:14 2006 => Total Disinfected Objects: 0 Wed Feb 15 20:55:04 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken. Wed Feb 15 20:55:05 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Wed Feb 15 20:55:05 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. Wed Feb 15 20:55:05 2006 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. Wed Feb 15 22:35:34 2006 => Total Disinfected Objects: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Jan 12 16:05:27 2006 => File C:\Program Files\Windows AdStatus\WinStatComm.dll tagged as "not-a-virus:AdWare.Win32.WinAD.u". Action Taken: No Action Taken. Thu Jan 12 16:34:28 2006 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.Win32.MyWay.b". Action Taken: No Action Taken. Thu Jan 12 16:34:28 2006 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken. Thu Jan 12 16:34:41 2006 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\25EC1DFC tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken. Thu Jan 12 16:34:41 2006 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\532E6CF3 tagged as "not-a-virus:AdWare.Win32.WinAD.t". Action Taken: No Action Taken. Thu Jan 12 17:08:05 2006 => File C:\WINDOWS\system32\70tovmto.ini tagged as "not-a-virus:AdWare.Win32.Sahat.ao". Action Taken: No Action Taken. Fri Feb 10 13:50:16 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc2.dll tagged as "not-a-virus:AdWare.Win32.WinAD.u". Action Taken: No Action Taken. Fri Feb 10 13:50:16 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc3.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken. Fri Feb 10 13:50:16 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc4.EXE tagged as "not-a-virus:AdWare.Win32.MyWay.b". Action Taken: No Action Taken. Fri Feb 10 13:50:16 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc5.ini tagged as "not-a-virus:AdWare.Win32.Sahat.ao". Action Taken: No Action Taken. Sat Feb 11 12:51:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc2.dll tagged as "not-a-virus:AdWare.Win32.WinAD.u". Action Taken: No Action Taken. Sat Feb 11 12:51:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc3.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken. Sat Feb 11 12:51:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc4.EXE tagged as "not-a-virus:AdWare.Win32.MyWay.b". Action Taken: No Action Taken. Sat Feb 11 12:51:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc5.ini tagged as "not-a-virus:AdWare.Win32.Sahat.ao". Action Taken: No Action Taken. Wed Feb 15 19:24:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc2.dll tagged as "not-a-virus:AdWare.Win32.WinAD.u". Action Taken: No Action Taken. Wed Feb 15 19:24:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc3.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken. Wed Feb 15 19:24:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc4.EXE tagged as "not-a-virus:AdWare.Win32.MyWay.b". Action Taken: No Action Taken. Wed Feb 15 19:24:09 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc5.ini tagged as "not-a-virus:AdWare.Win32.Sahat.ao". Action Taken: No Action Taken. Wed Feb 15 21:55:39 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc2.dll tagged as "not-a-virus:AdWare.Win32.WinAD.u". Action Taken: No Action Taken. Wed Feb 15 21:55:39 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc3.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken. Wed Feb 15 21:55:39 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc4.EXE tagged as "not-a-virus:AdWare.Win32.MyWay.b". Action Taken: No Action Taken. Wed Feb 15 21:55:39 2006 => File C:\RECYCLER\S-1-5-21-1621182911-3375218199-2936981263-500\Dc5.ini tagged as "not-a-virus:AdWare.Win32.Sahat.ao". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!! Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!! Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\gnu !!! Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\kazaa !!! Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\limewire !!! Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\myway !!! Thu Jan 12 15:44:53 2006 => Offending Key found: HKLM\Software\windows adstatus !!! Thu Jan 12 15:44:55 2006 => Offending file found: C:\WINDOWS\smdat32a.sys Thu Jan 12 15:44:55 2006 => Offending file found: C:\WINDOWS\System32\mydll.dll Thu Jan 12 15:44:55 2006 => Offending Folder found: C:\WINDOWS\System32\sahimages Thu Jan 12 15:44:55 2006 => Offending Folder found: C:\Programme\limewire Thu Jan 12 15:44:55 2006 => Offending Folder found: C:\Programme\myway Thu Jan 12 15:44:58 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!! Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!! Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\gnu !!! Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\kazaa !!! Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\limewire !!! Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\myway !!! Fri Feb 10 12:49:33 2006 => Offending Key found: HKLM\Software\windows adstatus !!! Fri Feb 10 12:49:36 2006 => Offending file found: C:\WINDOWS\smdat32a.sys Fri Feb 10 12:49:36 2006 => Offending file found: C:\WINDOWS\system32\mydll.dll Fri Feb 10 12:49:36 2006 => Offending Folder found: C:\WINDOWS\system32\sahimages Fri Feb 10 12:49:36 2006 => Offending Folder found: C:\Programme\limewire Fri Feb 10 12:49:36 2006 => Offending Folder found: C:\Programme\myway Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!! Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!! Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\gnu !!! Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\kazaa !!! Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\limewire !!! Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\myway !!! Sat Feb 11 11:50:43 2006 => Offending Key found: HKLM\Software\windows adstatus !!! Sat Feb 11 11:50:45 2006 => Offending file found: C:\WINDOWS\smdat32a.sys Sat Feb 11 11:50:46 2006 => Offending file found: C:\WINDOWS\system32\mydll.dll Sat Feb 11 11:50:46 2006 => Offending Folder found: C:\WINDOWS\system32\sahimages Sat Feb 11 11:50:46 2006 => Offending Folder found: C:\Programme\limewire Sat Feb 11 11:50:46 2006 => Offending Folder found: C:\Programme\myway Wed Feb 15 18:24:01 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! Wed Feb 15 20:55:07 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Jan 12 20:27:08 2006 => Total Objects Scanned: 98323 Fri Feb 10 12:48:18 2006 => Total Objects Scanned: 83 Fri Feb 10 18:46:39 2006 => Total Objects Scanned: 111137 Sat Feb 11 11:49:32 2006 => Total Objects Scanned: 36 Sat Feb 11 12:54:52 2006 => Total Objects Scanned: 57441 Wed Feb 15 20:04:14 2006 => Total Objects Scanned: 68354 Wed Feb 15 22:35:34 2006 => Total Objects Scanned: 68357 Thu Jan 12 20:27:08 2006 => Total Critical Objects: 26 Thu Jan 12 20:27:08 2006 => Total Disinfected Objects: 0 Thu Jan 12 20:27:08 2006 => Total Deleted Objects: 0 Fri Feb 10 12:48:18 2006 => Total Critical Objects: 0 Fri Feb 10 12:48:18 2006 => Total Disinfected Objects: 0 Fri Feb 10 12:48:18 2006 => Total Deleted Objects: 0 Fri Feb 10 18:46:39 2006 => Total Critical Objects: 22 Fri Feb 10 18:46:39 2006 => Total Disinfected Objects: 0 Fri Feb 10 18:46:39 2006 => Total Deleted Objects: 0 Sat Feb 11 11:49:32 2006 => Total Critical Objects: 0 Sat Feb 11 11:49:32 2006 => Total Disinfected Objects: 0 Sat Feb 11 11:49:32 2006 => Total Deleted Objects: 0 Sat Feb 11 12:54:52 2006 => Total Critical Objects: 22 Sat Feb 11 12:54:52 2006 => Total Disinfected Objects: 0 Sat Feb 11 12:54:52 2006 => Total Deleted Objects: 0 Wed Feb 15 20:04:14 2006 => Total Critical Objects: 9 Wed Feb 15 20:04:14 2006 => Total Disinfected Objects: 0 Wed Feb 15 20:04:14 2006 => Total Deleted Objects: 0 Wed Feb 15 22:35:34 2006 => Total Critical Objects: 9 Wed Feb 15 22:35:34 2006 => Total Disinfected Objects: 0 Wed Feb 15 22:35:34 2006 => Total Deleted Objects: 0 Thu Jan 12 20:27:09 2006 => Total Errors: 95 Fri Feb 10 12:48:18 2006 => Total Errors: 0 Fri Feb 10 18:46:39 2006 => Total Errors: 130 Sat Feb 11 11:49:32 2006 => Total Errors: 0 Sat Feb 11 12:54:52 2006 => Total Errors: 124 Wed Feb 15 20:04:14 2006 => Total Errors: 68 Wed Feb 15 22:35:34 2006 => Total Errors: 68 Thu Jan 12 20:27:09 2006 => Time Elapsed: 04:41:03 Fri Feb 10 12:48:18 2006 => Time Elapsed: 00:00:09 Fri Feb 10 18:46:39 2006 => Time Elapsed: 05:55:11 Sat Feb 11 11:49:32 2006 => Time Elapsed: 00:00:03 Sat Feb 11 12:54:52 2006 => Time Elapsed: 01:04:27 Wed Feb 15 20:04:14 2006 => Time Elapsed: 01:40:22 Wed Feb 15 22:35:34 2006 => Time Elapsed: 01:40:51 Thu Jan 12 15:21:19 2006 => Virus Database Date: 1/12/2006 Thu Jan 12 15:43:20 2006 => Virus Database Date: 1/12/2006 Thu Jan 12 20:27:09 2006 => Virus Database Date: 1/12/2006 Thu Jan 12 20:43:08 2006 => Virus Database Date: 1/12/2006 Fri Feb 10 12:48:06 2006 => Virus Database Date: 1/12/2006 Fri Feb 10 12:48:18 2006 => Virus Database Date: 1/12/2006 Fri Feb 10 12:48:23 2006 => Virus Database Date: 1/12/2006 Fri Feb 10 18:46:39 2006 => Virus Database Date: 1/12/2006 Fri Feb 10 19:12:36 2006 => Virus Database Date: 1/12/2006 Sat Feb 11 11:49:05 2006 => Virus Database Date: 1/12/2006 Sat Feb 11 11:49:32 2006 => Virus Database Date: 1/12/2006 Sat Feb 11 11:49:41 2006 => Virus Database Date: 1/12/2006 Sat Feb 11 12:54:52 2006 => Virus Database Date: 1/12/2006 Sat Feb 11 12:54:56 2006 => Virus Database Date: 1/12/2006 Wed Feb 15 18:23:07 2006 => Virus Database Date: 2/3/2006 Wed Feb 15 20:04:14 2006 => Virus Database Date: 2/3/2006 Wed Feb 15 20:17:24 2006 => Virus Database Date: 2/3/2006 Wed Feb 15 20:54:11 2006 => Virus Database Date: 2/3/2006 Wed Feb 15 22:35:34 2006 => Virus Database Date: 2/3/2006 Wed Feb 15 23:15:55 2006 => Virus Database Date: 2/3/2006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ ------------------------------------------------------------------------ was kann ich denn da noch machen?? |
|
16.02.2006, 00:01
| #59 |
| | problem gelöst (?) Ein büschen unübersichtlich das ganze. Leider habe ich bis einschliesslich morgen Abend keine Zeit für Dein Problem, wobei ich denke, dass da mal noch jemand anderes drüberschauen sollte. BTW: den Java Cache hattest Du gelehrt?
__________________ When you contact tech support, a lot of people feel like they're either talking to an idiot or being treated like one. |
|
16.02.2006, 00:17
| #60 | |
| | problem gelöst (?)Zitat:
in meiner systemsteuerung hab ich nur Java Plug-In das hat dann ein bisschen anders ausgesehen als von dir beschrieben, aber da war ein cache, welchen ich auch geleert hab. ich denk mir mal, das kommt aufs gleiche raus... zur log.file: ich fand das auch ein bisschen komisch, dass da auch noch die vorherigen ergebnisse auftreten, aber da ich mich ja nicht auskenne, dachte ich das wäre halt normal so... ja, wann auch immer du oder sonstwer zeit hat, sich die ware mal anzuschauen, wär ich froh darüber. wie gesagt, ich bin dankbar dfür jede hilfe.. danke, dass du dir überhaupt die zeit genommen hast. gruss mpc |
|
| Themen zu problem gelöst (?) |
| adobe, adobe reader, antivirus, auswerten, bho, controlcenter, drivers, e-banking, ebay, excel, explorer, firefox, hijack, hijackthis, immer wieder, internet, internet explorer, internet security, log-file, monitor, mozilla, mozilla firefox, nicht sicher, popup, problem, problem gelöst, security, security center, server, settings manager, symantec, system, system neu, träge, windows, windows xp |
Linear-Darstellung
