| |
| |||||||
Log-Analyse und Auswertung: Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.10.2007, 09:05
| #1 |
 |  Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? Ich bin mir nicht sicher, Mein Notbook mit WinXp verhält sich komisch, es werden Seiten im Browser nicht geöffnet ich muss das Notoebook 2 mal starten, dennoch vermisse ich die leistung vom Notebook. Logfile of HijackThis v1.99.1 Scan saved at 07:45:42, on 13.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Programme\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Programme\eigene\UPHClean\uphclean.exe C:\Programme\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Programme\Browser Mouse\mouse32a.exe C:\Programme\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Programme\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Programme\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\system32\notepad.exe C:\Programme\Internet Explorer\iexplore.exe c:\takethis\takeThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programme\Browser Mouse\mouse32a.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\eigene\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\eigene\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?972922496168 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - h**p://www.nanoscan.com/cabs/nanoinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BADE82C9-C72C-41AD-A8F8-91A9F6215CA8}: NameServer = 192.168.235.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Unknown owner - C:\dev\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Programme\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programme\Panda Security\Panda Antivirus 2008\PsImSvc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.06.16.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NETWORK eScan Version: 9.4.6 Sprache: English Virus Database Date: 10/13/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ File C:\DOKUME~1\Donny\LOKALE~1\TEMPOR~1\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\ \Lokale Einstellungen\Temporary Internet Files\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Offending Folder found: C:\Dokumente und Einstellungen\*****\Anwendungsdaten\icq\bart\1024 ~~~~~~~~~~~ Registry ~~~~~~~~~~~ Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!! Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!! Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ C:\MSOCache\All Users\{90120000-00A1-0407-0000-0000000FF1CE}-C\OnoteLR.cab not Scanned. Possibly password protected... C:\Programme\Microsoft Office\Office12\1031\OneNoteMobile.CAB not Scanned. Possibly password protected... ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc C:\WINDOWS\System32\drivers\etc\hosts : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Critical Objects: 6 Total Disinfected Objects: 0 Total Objects Renamed: 0 Total Deleted Objects: 0 Total Errors: 12 Time Elapsed: 01:16:23 Total Objects Scanned: 113578 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory Check: Enabled Registry Check: Enabled System Folder Check: Enabled System Area Check: Disabled Services Check: Enabled Drive Check: Disabled All Drive Check :Enabled All Drive Check :Enabled Batchstart: 9:32:28,85 Batchende: 9:32:42,97 |
|
13.10.2007, 09:51
| #2 | |
| /// AVZ-Toolkit Guru   | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? Halli hallo.
__________________Also was schlimmes ist bei dir nicht los. Sicher bitte deine Registry: Einfach die Registry sichern Anleitung Avenger: 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Klicke nun auf die Option „Input Script manually“ -> klicke jetzt auf die Lupe und kopiere folgenden Text rein: Zitat:
 4.) Danach das System unverzüglich neu starten lassen 5.) Räume dein System mit cCleaner auf. (Die Regostry musst du mehrmals durchsuchen und bereinigen lassen!) 6.) Lass eScan nochmal laufen, erstelle und poste ein neues Logfile. Poste ausserdem den Inhalt der C:\avenger.txt Datei.
__________________ |
|
14.10.2007, 11:06
| #3 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? @undoreal,
__________________zunächst Danke für deine Hilfe, soweit so gut, mit dem Avenger gab es ein wenig Probleme. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com wurden nicht angenommen. In der englischen Avenger Anleitung heisst es das Avenger die nur in den beiden Namensräumen der Registry HKLM und HKU seinen Dienst verrichtet. Ich habe die beiden Einträge von Hand entfernt. Ich weiss nicht, ob das so in Ordnung ist. LOG Avenger ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com der HKLM Eintrag wurde erfolgreich entfernt, habe dummerweise den Log überschrieben. der Log von Escan erfolgt bei Fertigstellung |
|
14.10.2007, 11:45
| #4 | |
| /// AVZ-Toolkit Guru | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ?Zitat:
 sry da habe ich gepennt.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
14.10.2007, 13:10
| #5 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? @Undoreal, AUFWACHEN :-) kein Thema Lesen bildet bekanntlich, da habe ich wieder etwas dazu gelernt. Escan ist durchgelaufen und hat auch was gefunden. ESCAN LOG Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Entry "HKCR\AccClientDocMgr.MPEG2TuneRequestFactory.3" refers to invalid object "{0483236C-C9C4-FCEA-E1B0-3056DE486039}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\iisrtl.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\infoadmn.dll". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".htaccess". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ShockwaveFlash". Action Taken: No Action Taken. File C:\DOKUME~1\Donny\LOKALE~1\TEMPOR~1\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Donny\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File D:\[0001]---DOWNLOADS---\0008\cl08seCu13\router\FRITZ!Box\nc.exe tagged as "not-a-virus:RemoteAdmin.Win32.NetCat". No Action Taken. File D:\[0001]---DOWNLOADS---\cl08seCu13_rar.vir/cl08seCu13\router\FRITZ!Box\nc.exe tagged as "not-a-virus:RemoteAdmin.Win32.NetCat". No Action Taken. Find.BatLOG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.06.16.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NETWORK eScan Version: 9.4.6 Sprache: English Virus Database Date: 10/14/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ File C:\DOKUME~1\Donny\LOKALE~1\TEMPOR~1\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Donny\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ File D:\[0001]---DOWNLOADS---\0008\cl08seCu13\router\FRITZ!Box\nc.exe tagged as "not-a-virus:RemoteAdmin.Win32.NetCat". No Action Taken. File D:\[0001]---DOWNLOADS---\cl08seCu13_rar.vir/cl08seCu13\router\FRITZ!Box\nc.exe tagged as "not-a-virus:RemoteAdmin.Win32.NetCat". No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Offending Folder found: C:\Dokumente und Einstellungen\Donny\Anwendungsdaten\icq\bart\1024 ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ C:\MSOCache\All Users\{90120000-00A1-0407-0000-0000000FF1CE}-C\OnoteLR.cab not Scanned. Possibly password protected... C:\Programme\Microsoft Office\Office12\1031\OneNoteMobile.CAB not Scanned. Possibly password protected... ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc C:\WINDOWS\System32\drivers\etc\hosts : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Critical Objects: 5 Total Disinfected Objects: 0 Total Objects Renamed: 0 Total Deleted Objects: 0 Total Errors: 64 Time Elapsed: 02:03:37 Total Objects Scanned: 154820 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory Check: Enabled Registry Check: Enabled System Folder Check: Enabled System Area Check: Disabled Services Check: Enabled Drive Check: Disabled All Drive Check :Enabled All Drive Check :Enabled Batchstart: 14:07:37,16 Batchende: 14:07:51,57 Die Temporären Dateien vom Browser sollten beim leeren nicht das Thema sein. bye |
|
14.10.2007, 15:50
| #6 |
| /// AVZ-Toolkit Guru | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? Also wenn du NetCat mit Absicht runtergeladen hast und weisst worauf du dich da einlässt ist dein Rechner sauber.
__________________ --> Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? |
|
14.10.2007, 22:16
| #7 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? Hi Undoreal, dabei handelt es sich um die Laborsoftware von AVM für meine Fritzbox. wenn ich mich nicht Irre, handelt es sich dabei um die VPN Version. bisher habe ich die noch nicht ausprobiert. dir erstmal ein Dickes Dankeschön für deine Hilfe. so nun fehlt noch mein PC, dann werde ich wieder beruhigt schlafen können. |
|
15.10.2007, 08:25
| #8 | |
| /// AVZ-Toolkit Guru | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ?Zitat:
Besteht bei deiem Desktop auch Verdacht? Dann immer her damit. Aber bitte mit Problembeschreibung.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
15.10.2007, 14:15
| #9 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? @Undoreal die bisher ausgewerteten Logs, waren von meinem Notebook. zu meinem PC kann ich sah sagen, das sich dieser ähnlich verhält, wie das Notebook. beim surfen im Internet blebt der Browser Firefox sowie IE7 gelegentlich hängen (keine Seitenaufbau) und der Browser "rödelt und rödelt" meistens musste ich bisher den PC neustarten, dann ging es meisten wieder ohne Probleme. es kommt auch vor das der Rechner sich für 1-2 Minuten aufhängt und dann als ob nichts gewesen wäre wieder funktioniert. eine Frage zu MWAV.LOG/Escan ich habe von dem Scan vom PC eine 150 Mb Grosse log Datei erhalten. Ist das nicht ein bißchen zu Gross ?? desweiteren bleibt die find.bat bei Copying MWAV.LOG stehen. ich habe mal eine halbe Stunde abgewartet dennoch tat sich nichts. Gibts erfahrungswerrte zu den auftretenden Problemen. Bye Candelaver |
|
15.10.2007, 14:23
| #10 |
| /// AVZ-Toolkit Guru | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? 150 MB ist schon SEHR groß.. ^^ Öffne die mal bitte und guck dir an was da so drin steht.. Hast du extrem viele Daten auf dem Rechner?
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
15.10.2007, 15:15
| #11 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? @undoreal sag mal bei Escan erhalte ich immer wieder diese Meldung beim Scannen. Object "smitfraud Browser Hijacker" found in File System! Action Taken: No kann es sein das Escan etwas sensibel ist ?? eigentlich habe ich nicht soviel Dateien auf dem PC, insbesondere der C: Platte. ich habe danach noch einen alleinigen Scan der C: Platte durchlaufen lassen hier kamen schon alleine 142 MB zusammen. ich habe den Log auf dem Notebook mit der Find.bat ausgewertet das ging in ein paar Sekunden. anebi poste ich mal den Log vom PC HiJack LOG Logfile of HijackThis v1.99.1 Scan saved at 14:27:50, on 14.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\eigene\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Programme\eigene\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\eigene\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\Programme\eigene\Panda Software\Panda Internet Security 2007\PsCtrls.exe C:\Programme\eigene\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe C:\Programme\eigene\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe c:\programme\eigene\panda software\panda internet security 2007\firewall\PSHOST.EXE C:\Programme\eigene\Panda Software\Panda Internet Security 2007\psimsvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\eigene\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\eigene\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE C:\Programme\eigene\Panda Software\Panda Internet Security 2007\WebProxy.exe C:\Programme\eigene\Panda Software\Panda Internet Security 2007\PavBckPT.exe C:\xampp\xampp-control.exe C:\Programme\eigene\totalcmd\TOTALCMD.EXE C:\Programme\eigene\totalcmd\TOTALCMD.EXE C:\Programme\eigene\Mozilla Firefox\firefox.exe c:\sec\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\eigene\FlashGet\jccatch_1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\eigene\FlashGet\getflash.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\eigene\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\eigene\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S3E.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series auf INC-STATION (von INC-NOTEBOOK997)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\eigene\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\eigene\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\eigene\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\eigene\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\eigene\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\eigene\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\eigene\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\eigene\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\eigene\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\eigene\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/...an_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180104932203 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189592975281 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D0F0E272-ABE0-4E3B-AA6E-240B68A8FA57}: NameServer = 192.168.235.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\eigene\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Programme\eigene\Panda Software\Panda Internet Security 2007\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\eigene\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\eigene\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\eigene\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programme\eigene\panda software\panda internet security 2007\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programme\eigene\Panda Software\Panda Internet Security 2007\psimsvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programme\eigene\Panda Software\Panda Internet Security 2007\TPSrv.exe Find.bat Auswertung von Escan Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.06.16.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NORMAL eScan Version: 9.4.6 Sprache: English Virus Database Date: 10/14/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ File C:\DOKUME~1\Donny\LOKALE~1\TEMPOR~1\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Donny\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BW46869D\uninstall[1].exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ File D:\[0001]---DOWNLOADS---\0008\cl08seCu13\router\FRITZ!Box\nc.exe tagged as "not-a-virus:RemoteAdmin.Win32.NetCat". No Action Taken. File D:\[0001]---DOWNLOADS---\cl08seCu13_rar.vir/cl08seCu13\router\FRITZ!Box\nc.exe tagged as "not-a-virus:RemoteAdmin.Win32.NetCat". No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Offending Folder found: C:\Dokumente und Einstellungen\Donny\Anwendungsdaten\icq\bart\1024 ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ C:\MSOCache\All Users\{90120000-00A1-0407-0000-0000000FF1CE}-C\OnoteLR.cab not Scanned. Possibly password protected... C:\Programme\Microsoft Office\Office12\1031\OneNoteMobile.CAB not Scanned. Possibly password protected... ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc C:\WINDOWS\System32\drivers\etc\hosts : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Critical Objects: 5 Total Disinfected Objects: 0 Total Objects Renamed: 0 Total Deleted Objects: 0 Total Errors: 64 Time Elapsed: 02:03:37 Total Objects Scanned: 154820 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory Check: Enabled Registry Check: Enabled System Folder Check: Enabled System Area Check: Disabled Services Check: Enabled Drive Check: Disabled All Drive Check :Enabled All Drive Check :Enabled Batchstart: 16:05:48,07 Batchende: 16:05:53,19 für mich Newbie sieht das ganze ganz positiv aus, erneut die beide herunter geladenen AVM Dateien mit NETCAT. was sagst du dazu ? Danke dir. |
|
15.10.2007, 18:31
| #12 | |
| /// AVZ-Toolkit Guru | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ?Zitat:
Aber d.h. ist es für geübte(!) Hilfestellung so wertvoll Das ist das log vom Lappi! Du hast mit der find.bat anscheinend das log vom Lappi erwischt und nicht das vom Desktop.Benenne das Lappi Log um und werte das Desktop log dann mit der find.bat aus. HJT vom Desktop PC sieht sauber aus.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
15.10.2007, 22:42
| #13 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? @undoreal nach langen hin und her habe ich den Escan log ausgewertet bekommen, allerdings nur mit der alten find.bat Version. selbst ich als Laie kann sehen, das der Desktop nicht in Ordnung ist. Ich hoffe doch, das sich der Desktop ebreinigen lässt ohne neu aufzusetzen. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:17:46 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:17:53 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:07 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:23 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:22 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:34 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:20:17 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:38:56 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:44:16 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:46:06 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:31:41 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:33:15 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Sun Oct 14 14:54:22 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\308_2\www.ryangiggs.cc\version1 Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Thu Oct 04 15:22:45 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:22:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:24:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:26:20 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:28:13 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:41 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:34 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:53 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:31 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:36 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:31:43 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:36:47 2007 => Virus Database Date: 9/18/2007 Fri Oct 05 16:20:26 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:38:59 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:44:24 2007 => Virus Database Date: 10/3/2007 Fri Oct 05 18:52:03 2007 => Virus Database Date: 10/3/2007 Sun Oct 14 14:31:53 2007 => Virus Database Date: 10/11/2007 Sun Oct 14 14:32:46 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:05:23 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:57:00 2007 => Virus Database Date: 10/14/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:19:04 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:19:05 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken. Thu Oct 04 15:28:59 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:28:59 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken. Thu Oct 04 15:47:34 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: Entries Removed. Thu Oct 04 15:47:42 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Entries Removed. Thu Oct 04 15:19:11 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Thu Oct 04 15:29:06 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Thu Oct 04 15:47:34 2007 => Object "flashfxp Spyware/Adware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:42 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:42 2007 => Object "inetspeak Spyware/Adware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "drivecleaner2006 Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed. Sun Oct 14 14:34:19 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. |
|
15.10.2007, 22:43
| #14 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ Sun Oct 14 14:59:06 2007 => File H:\System Volume Information\_restore{96B1CE24-F6AB-4E8C-A9D6-BBF0F1F37590}\RP28\A0010371.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 14:59:06 2007 => File H:\System Volume Information\_restore{96B1CE24-F6AB-4E8C-A9D6-BBF0F1F37590}\RP28\A0010372.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:01:36 2007 => File I:\[0000]---DOWNLOADS---\smitRem.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:01:47 2007 => File I:\[0000]---DOWNLOADS---\WindowsXP-KB835935-SP2-DEU.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:02:25 2007 => File J:\System Volume Information\_restore{B1BE7B4E-0BD4-4E14-9BA5-2C42192619A5}\RP52\A0008918.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:02:25 2007 => File J:\System Volume Information\_restore{B1BE7B4E-0BD4-4E14-9BA5-2C42192619A5}\RP52\A0008922.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\microsoft\office\recent\maria.lnk Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\process.exe Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\swreg.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\microsoft\office\recent\maria.lnk Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\process.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\swreg.exe Thu Oct 04 15:47:42 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\office\recent\maria.lnk Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\process.exe Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\swreg.exe ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ Sun Oct 14 14:54:18 2007 => Scanning File F:\[00000000000000] BASE\Templates\Web Design Index 5\files\260_1\www.teco.edu\~bschmidt\grafic\markiert.css Sun Oct 14 14:54:18 2007 => ERROR!!! ScanFile fails for F:\_00000~1\TEMPLA~1\WEBDES~2\files\260_1\WWWTEC~1.EDU\~BSCHM~1\grafic\markiert.css Sun Oct 14 15:01:45 2007 => Scanning File I:\[0000]---DOWNLOADS---\Web design index\files\260_1\www.teco.edu\~bschmidt\grafic\markiert.css Sun Oct 14 15:01:45 2007 => ERROR!!! ScanFile fails for I:\_0000_~2\WEBDES~1\files\260_1\WWWTEC~1.EDU\~BSCHM~1\grafic\markiert.css ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Thu Oct 04 15:19:11 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Thu Oct 04 15:29:06 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Thu Oct 04 15:47:42 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Sun Oct 14 14:34:16 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:17:46 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:17:53 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:07 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:23 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:22 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:34 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:20:17 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:38:56 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:44:16 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:46:06 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:31:41 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:33:15 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Sun Oct 14 14:54:22 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\308_2\www.ryangiggs.cc\version1 Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Thu Oct 04 15:22:45 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:22:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:24:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:26:20 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:28:13 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:41 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:34 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:53 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:31 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:36 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:31:43 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:36:47 2007 => Virus Database Date: 9/18/2007 Fri Oct 05 16:20:26 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:38:59 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:44:24 2007 => Virus Database Date: 10/3/2007 Fri Oct 05 18:52:03 2007 => Virus Database Date: 10/3/2007 Sun Oct 14 14:31:53 2007 => Virus Database Date: 10/11/2007 Sun Oct 14 14:32:46 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:05:23 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:57:00 2007 => Virus Database Date: 10/14/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:19:04 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:19:05 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken. Thu Oct 04 15:28:59 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:28:59 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken. Thu Oct 04 15:47:34 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: Entries Removed. Thu Oct 04 15:47:42 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Entries Removed. Thu Oct 04 15:19:11 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Thu Oct 04 15:29:06 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Thu Oct 04 15:47:34 2007 => Object "flashfxp Spyware/Adware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:42 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:42 2007 => Object "inetspeak Spyware/Adware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "drivecleaner2006 Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed. Sun Oct 14 14:34:19 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ Sun Oct 14 14:59:06 2007 => File H:\System Volume Information\_restore{96B1CE24-F6AB-4E8C-A9D6-BBF0F1F37590}\RP28\A0010371.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 14:59:06 2007 => File H:\System Volume Information\_restore{96B1CE24-F6AB-4E8C-A9D6-BBF0F1F37590}\RP28\A0010372.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:01:36 2007 => File I:\[0000]---DOWNLOADS---\smitRem.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:01:47 2007 => File I:\[0000]---DOWNLOADS---\WindowsXP-KB835935-SP2-DEU.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:02:25 2007 => File J:\System Volume Information\_restore{B1BE7B4E-0BD4-4E14-9BA5-2C42192619A5}\RP52\A0008918.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:02:25 2007 => File J:\System Volume Information\_restore{B1BE7B4E-0BD4-4E14-9BA5-2C42192619A5}\RP52\A0008922.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\microsoft\office\recent\maria.lnk Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\process.exe Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\swreg.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\microsoft\office\recent\maria.lnk Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\process.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\swreg.exe Thu Oct 04 15:47:42 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\office\recent\maria.lnk Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\process.exe Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\swreg.exe ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ Sun Oct 14 14:54:18 2007 => Scanning File F:\[00000000000000] BASE\Templates\Web Design Index 5\files\260_1\www.teco.edu\~bschmidt\grafic\markiert.css Sun Oct 14 14:54:18 2007 => ERROR!!! ScanFile fails for F:\_00000~1\TEMPLA~1\WEBDES~2\files\260_1\WWWTEC~1.EDU\~BSCHM~1\grafic\markiert.css Sun Oct 14 15:01:45 2007 => Scanning File I:\[0000]---DOWNLOADS---\Web design index\files\260_1\www.teco.edu\~bschmidt\grafic\markiert.css Sun Oct 14 15:01:45 2007 => ERROR!!! ScanFile fails for I:\_0000_~2\WEBDES~1\files\260_1\WWWTEC~1.EDU\~BSCHM~1\grafic\markiert.css ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Thu Oct 04 15:19:11 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Thu Oct 04 15:29:06 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Thu Oct 04 15:47:42 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Sun Oct 14 14:34:16 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:22:45 2007 => Total Errors: 62 Thu Oct 04 15:24:49 2007 => Total Errors: 1 Thu Oct 04 15:46:38 2007 => Total Errors: 61 Thu Oct 04 16:08:34 2007 => Total Errors: 54 Thu Oct 04 16:19:36 2007 => Total Errors: 0 Thu Oct 04 16:31:43 2007 => Total Errors: 4 Fri Oct 05 18:52:02 2007 => Total Errors: 48 Sun Oct 14 15:05:23 2007 => Total Errors: 9 Thu Oct 04 15:22:45 2007 => Time Elapsed: 00:04:51 Thu Oct 04 15:24:49 2007 => Time Elapsed: 00:01:40 Thu Oct 04 15:46:38 2007 => Time Elapsed: 00:18:08 Thu Oct 04 16:08:34 2007 => Time Elapsed: 00:21:45 Thu Oct 04 16:19:36 2007 => Time Elapsed: 00:00:02 Thu Oct 04 16:31:43 2007 => Time Elapsed: 00:12:03 Fri Oct 05 18:52:02 2007 => Time Elapsed: 02:05:24 Sun Oct 14 15:05:23 2007 => Time Elapsed: 00:32:05 Thu Oct 04 15:22:45 2007 => Total Objects Scanned: 31467 Thu Oct 04 15:24:49 2007 => Total Objects Scanned: 212 Thu Oct 04 15:46:37 2007 => Total Objects Scanned: 38899 Thu Oct 04 16:08:34 2007 => Total Objects Scanned: 48790 Thu Oct 04 16:19:36 2007 => Total Objects Scanned: 32 Thu Oct 04 16:31:43 2007 => Total Objects Scanned: 48968 Fri Oct 05 18:52:02 2007 => Total Objects Scanned: 195048 Sun Oct 14 15:05:23 2007 => Total Objects Scanned: 397070 Thu Oct 04 15:22:45 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:22:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:24:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:26:20 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:28:13 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:41 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:34 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:53 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:31 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:36 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:31:43 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:36:47 2007 => Virus Database Date: 9/18/2007 Fri Oct 05 16:20:26 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:38:59 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:44:24 2007 => Virus Database Date: 10/3/2007 Fri Oct 05 18:52:03 2007 => Virus Database Date: 10/3/2007 Sun Oct 14 14:31:53 2007 => Virus Database Date: 10/11/2007 Sun Oct 14 14:32:46 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:05:23 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:57:00 2007 => Virus Database Date: 10/14/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:17:53 2007 => Memory Check: Enabled Thu Oct 04 15:22:54 2007 => Memory Check: Enabled Thu Oct 04 15:28:23 2007 => Memory Check: Enabled Thu Oct 04 15:46:46 2007 => Memory Check: Enabled Thu Oct 04 16:19:34 2007 => Memory Check: Enabled Thu Oct 04 16:19:41 2007 => Memory Check: Enabled Fri Oct 05 16:46:07 2007 => Memory Check: Enabled Sun Oct 14 14:33:15 2007 => Memory Check: Enabled Thu Oct 04 15:17:53 2007 => Registry Check: Enabled Thu Oct 04 15:22:54 2007 => Registry Check: Enabled Thu Oct 04 15:28:23 2007 => Registry Check: Enabled Thu Oct 04 15:46:46 2007 => Registry Check: Enabled Thu Oct 04 16:19:34 2007 => Registry Check: Enabled Thu Oct 04 16:19:41 2007 => Registry Check: Enabled Fri Oct 05 16:46:07 2007 => Registry Check: Enabled Sun Oct 14 14:33:15 2007 => Registry Check: Enabled Thu Oct 04 15:17:53 2007 => StartUp Folder Check: Enabled Thu Oct 04 15:22:54 2007 => StartUp Folder Check: Enabled Thu Oct 04 15:28:23 2007 => StartUp Folder Check: Enabled Thu Oct 04 15:46:46 2007 => StartUp Folder Check: Enabled Thu Oct 04 16:19:34 2007 => StartUp Folder Check: Enabled Thu Oct 04 16:19:41 2007 => StartUp Folder Check: Enabled Fri Oct 05 16:46:07 2007 => StartUp Folder Check: Enabled Sun Oct 14 14:33:15 2007 => StartUp Folder Check: Enabled |
|
15.10.2007, 22:44
| #15 |
| | Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:17:46 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:17:53 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:07 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:23 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:22 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:34 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:20:17 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:38:56 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:44:16 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:46:06 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:31:41 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:33:15 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Sun Oct 14 14:54:22 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\308_2\www.ryangiggs.cc\version1 Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Thu Oct 04 15:22:45 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:22:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:24:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:26:20 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:28:13 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:41 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:34 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:53 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:31 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:36 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:31:43 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:36:47 2007 => Virus Database Date: 9/18/2007 Fri Oct 05 16:20:26 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:38:59 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:44:24 2007 => Virus Database Date: 10/3/2007 Fri Oct 05 18:52:03 2007 => Virus Database Date: 10/3/2007 Sun Oct 14 14:31:53 2007 => Virus Database Date: 10/11/2007 Sun Oct 14 14:32:46 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:05:23 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:57:00 2007 => Virus Database Date: 10/14/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:19:04 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:19:05 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: No Action Taken. Thu Oct 04 15:19:11 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken. Thu Oct 04 15:28:59 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:28:59 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: No Action Taken. Thu Oct 04 15:29:06 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken. Thu Oct 04 15:47:34 2007 => System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: Entries Removed. Thu Oct 04 15:47:42 2007 => System found infected with inetspeak Spyware/Adware (maria.lnk)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)! Action taken: Entries Removed. Thu Oct 04 15:47:43 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Entries Removed. Thu Oct 04 15:19:11 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Thu Oct 04 15:29:06 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Thu Oct 04 15:47:34 2007 => Object "flashfxp Spyware/Adware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:42 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:42 2007 => Object "inetspeak Spyware/Adware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "drivecleaner2006 Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed. Thu Oct 04 15:47:43 2007 => Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed. Sun Oct 14 14:34:19 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ Sun Oct 14 14:59:06 2007 => File H:\System Volume Information\_restore{96B1CE24-F6AB-4E8C-A9D6-BBF0F1F37590}\RP28\A0010371.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 14:59:06 2007 => File H:\System Volume Information\_restore{96B1CE24-F6AB-4E8C-A9D6-BBF0F1F37590}\RP28\A0010372.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:01:36 2007 => File I:\[0000]---DOWNLOADS---\smitRem.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:01:47 2007 => File I:\[0000]---DOWNLOADS---\WindowsXP-KB835935-SP2-DEU.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:02:25 2007 => File J:\System Volume Information\_restore{B1BE7B4E-0BD4-4E14-9BA5-2C42192619A5}\RP52\A0008918.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. Sun Oct 14 15:02:25 2007 => File J:\System Volume Information\_restore{B1BE7B4E-0BD4-4E14-9BA5-2C42192619A5}\RP52\A0008922.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\microsoft\office\recent\maria.lnk Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\process.exe Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:19:11 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\swreg.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\microsoft\office\recent\maria.lnk Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\process.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:29:06 2007 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sm\smitrem\swreg.exe Thu Oct 04 15:47:42 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\office\recent\maria.lnk Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\process.exe Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\pv.exe Thu Oct 04 15:47:43 2007 => Offending file found: C:\DOKUME~1\ADMINI~1\Desktop\sm\smitrem\swreg.exe ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ Sun Oct 14 14:54:18 2007 => Scanning File F:\[00000000000000] BASE\Templates\Web Design Index 5\files\260_1\www.teco.edu\~bschmidt\grafic\markiert.css Sun Oct 14 14:54:18 2007 => ERROR!!! ScanFile fails for F:\_00000~1\TEMPLA~1\WEBDES~2\files\260_1\WWWTEC~1.EDU\~BSCHM~1\grafic\markiert.css Sun Oct 14 15:01:45 2007 => Scanning File I:\[0000]---DOWNLOADS---\Web design index\files\260_1\www.teco.edu\~bschmidt\grafic\markiert.css Sun Oct 14 15:01:45 2007 => ERROR!!! ScanFile fails for I:\_0000_~2\WEBDES~1\files\260_1\WWWTEC~1.EDU\~BSCHM~1\grafic\markiert.css ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Thu Oct 04 15:19:11 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Thu Oct 04 15:29:06 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Thu Oct 04 15:47:42 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 Sun Oct 14 14:34:16 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\icq\bart\1024 ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:22:45 2007 => Total Errors: 62 Thu Oct 04 15:24:49 2007 => Total Errors: 1 Thu Oct 04 15:46:38 2007 => Total Errors: 61 Thu Oct 04 16:08:34 2007 => Total Errors: 54 Thu Oct 04 16:19:36 2007 => Total Errors: 0 Thu Oct 04 16:31:43 2007 => Total Errors: 4 Fri Oct 05 18:52:02 2007 => Total Errors: 48 Sun Oct 14 15:05:23 2007 => Total Errors: 9 Thu Oct 04 15:22:45 2007 => Time Elapsed: 00:04:51 Thu Oct 04 15:24:49 2007 => Time Elapsed: 00:01:40 Thu Oct 04 15:46:38 2007 => Time Elapsed: 00:18:08 Thu Oct 04 16:08:34 2007 => Time Elapsed: 00:21:45 Thu Oct 04 16:19:36 2007 => Time Elapsed: 00:00:02 Thu Oct 04 16:31:43 2007 => Time Elapsed: 00:12:03 Fri Oct 05 18:52:02 2007 => Time Elapsed: 02:05:24 Sun Oct 14 15:05:23 2007 => Time Elapsed: 00:32:05 Thu Oct 04 15:22:45 2007 => Total Objects Scanned: 31467 Thu Oct 04 15:24:49 2007 => Total Objects Scanned: 212 Thu Oct 04 15:46:37 2007 => Total Objects Scanned: 38899 Thu Oct 04 16:08:34 2007 => Total Objects Scanned: 48790 Thu Oct 04 16:19:36 2007 => Total Objects Scanned: 32 Thu Oct 04 16:31:43 2007 => Total Objects Scanned: 48968 Fri Oct 05 18:52:02 2007 => Total Objects Scanned: 195048 Sun Oct 14 15:05:23 2007 => Total Objects Scanned: 397070 Thu Oct 04 15:22:45 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:22:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:24:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:26:20 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:28:13 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:41 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:34 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:53 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:31 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:36 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:31:43 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:36:47 2007 => Virus Database Date: 9/18/2007 Fri Oct 05 16:20:26 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:38:59 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:44:24 2007 => Virus Database Date: 10/3/2007 Fri Oct 05 18:52:03 2007 => Virus Database Date: 10/3/2007 Sun Oct 14 14:31:53 2007 => Virus Database Date: 10/11/2007 Sun Oct 14 14:32:46 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:05:23 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:57:00 2007 => Virus Database Date: 10/14/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:17:53 2007 => Memory Check: Enabled Thu Oct 04 15:22:54 2007 => Memory Check: Enabled Thu Oct 04 15:28:23 2007 => Memory Check: Enabled Thu Oct 04 15:46:46 2007 => Memory Check: Enabled Thu Oct 04 16:19:34 2007 => Memory Check: Enabled Thu Oct 04 16:19:41 2007 => Memory Check: Enabled Fri Oct 05 16:46:07 2007 => Memory Check: Enabled Sun Oct 14 14:33:15 2007 => Memory Check: Enabled Thu Oct 04 15:17:53 2007 => Registry Check: Enabled Thu Oct 04 15:22:54 2007 => Registry Check: Enabled Thu Oct 04 15:28:23 2007 => Registry Check: Enabled Thu Oct 04 15:46:46 2007 => Registry Check: Enabled Thu Oct 04 16:19:34 2007 => Registry Check: Enabled Thu Oct 04 16:19:41 2007 => Registry Check: Enabled Fri Oct 05 16:46:07 2007 => Registry Check: Enabled Sun Oct 14 14:33:15 2007 => Registry Check: Enabled Thu Oct 04 15:17:53 2007 => StartUp Folder Check: Enabled Thu Oct 04 15:22:54 2007 => StartUp Folder Check: Enabled Thu Oct 04 15:28:23 2007 => StartUp Folder Check: Enabled Thu Oct 04 15:46:46 2007 => StartUp Folder Check: Enabled Thu Oct 04 16:19:34 2007 => StartUp Folder Check: Enabled Thu Oct 04 16:19:41 2007 => StartUp Folder Check: Enabled Fri Oct 05 16:46:07 2007 => StartUp Folder Check: Enabled Sun Oct 14 14:33:15 2007 => StartUp Folder Check: Enabled Thu Oct 04 15:17:53 2007 => System Area Check: Disabled Thu Oct 04 15:22:54 2007 => System Area Check: Disabled Thu Oct 04 15:28:23 2007 => System Area Check: Disabled Thu Oct 04 15:46:46 2007 => System Area Check: Disabled Thu Oct 04 16:19:34 2007 => System Area Check: Disabled Thu Oct 04 16:19:41 2007 => System Area Check: Disabled Fri Oct 05 16:46:07 2007 => System Area Check: Disabled Sun Oct 14 14:33:15 2007 => System Area Check: Disabled Thu Oct 04 15:17:53 2007 => Services Check: Enabled Thu Oct 04 15:22:54 2007 => Services Check: Enabled Thu Oct 04 15:28:23 2007 => Services Check: Enabled Thu Oct 04 15:46:46 2007 => Services Check: Enabled Thu Oct 04 16:19:34 2007 => Services Check: Enabled Thu Oct 04 16:19:41 2007 => Services Check: Enabled Fri Oct 05 16:46:07 2007 => Services Check: Enabled Fri Oct 05 17:25:58 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\checkbox_disabled.png Fri Oct 05 17:25:58 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\checkbox_selected_disabled.png Fri Oct 05 17:26:00 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\InputFields\inputField_normal_disabled.png Fri Oct 05 17:26:00 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\InputFields\inputField_search_disabled.png Fri Oct 05 17:26:00 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\searchInput_clearText_enabled.png Fri Oct 05 17:26:33 2007 => Scanning File C:\Programme\eigene\ICQ6\services\icqApp\ver1\theme\IMAGES\Common\IcqOverWriteElem\checkbox_mixed_disabled.png Sun Oct 14 14:33:15 2007 => Services Check: Enabled Sun Oct 14 14:40:39 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\checkbox_disabled.png Sun Oct 14 14:40:39 2007 => ERROR!!! ScanFile fails for C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\checkbox_disabled.png Sun Oct 14 14:40:39 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\checkbox_selected_disabled.png Sun Oct 14 14:40:39 2007 => ERROR!!! ScanFile fails for C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\checkbox_selected_disabled.png Sun Oct 14 14:40:39 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\InputFields\inputField_normal_disabled.png Sun Oct 14 14:40:39 2007 => ERROR!!! ScanFile fails for C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\InputFields\inputField_normal_disabled.png Sun Oct 14 14:40:39 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\InputFields\inputField_search_disabled.png Sun Oct 14 14:40:39 2007 => ERROR!!! ScanFile fails for C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\InputFields\inputField_search_disabled.png Sun Oct 14 14:40:39 2007 => Scanning File C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\searchInput_clearText_enabled.png Sun Oct 14 14:40:39 2007 => ERROR!!! ScanFile fails for C:\Programme\eigene\ICQ6\services\boxelyToolkit\VER1_12_2_1\theme\images\searchInput_clearText_enabled.png Sun Oct 14 14:40:42 2007 => Scanning File C:\Programme\eigene\ICQ6\services\icqApp\ver1\theme\IMAGES\Common\IcqOverWriteElem\checkbox_mixed_disabled.png Sun Oct 14 14:40:42 2007 => ERROR!!! ScanFile fails for C:\Programme\eigene\ICQ6\services\icqApp\ver1\theme\IMAGES\Common\IcqOverWriteElem\checkbox_mixed_disabled.png Thu Oct 04 15:17:53 2007 => Drive Check Option Disabled Thu Oct 04 15:22:54 2007 => Drive Check Option Disabled Thu Oct 04 15:28:23 2007 => Drive Check Option Disabled Thu Oct 04 15:46:46 2007 => Drive Check Option Disabled Thu Oct 04 16:19:34 2007 => Drive Check Option Disabled Thu Oct 04 16:19:41 2007 => Drive Check Option Disabled Fri Oct 05 16:46:07 2007 => Drive Check: Disabled Fri Oct 05 16:46:07 2007 => All Drive Check :Enabled Fri Oct 05 18:33:56 2007 => Scanning File D:\Windows\winsxs\Manifests\x86_microsoft-windows-tabledriventextservice_31bf3856ad364e35_6.0.6000.16386_none_e534957594063d30.manifest Sun Oct 14 14:33:15 2007 => Drive Check: Disabled Sun Oct 14 14:33:15 2007 => All Drive Check :Enabled Sun Oct 14 14:50:50 2007 => Scanning File D:\Windows\winsxs\Manifests\x86_microsoft-windows-tabledriventextservice_31bf3856ad364e35_6.0.6000.16386_none_e534957594063d30.manifest Sun Oct 14 14:50:50 2007 => ERROR!!! ScanFile fails for D:\Windows\winsxs\Manifests\x86_microsoft-windows-tabledriventextservice_31bf3856ad364e35_6.0.6000.16386_none_e534957594063d30.manifest Fri Oct 05 16:46:07 2007 => All Drive Check :Enabled Sun Oct 14 14:33:15 2007 => All Drive Check :Enabled ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Oct 04 15:17:46 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:17:53 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:07 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:28:23 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:22 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 16:19:34 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:20:17 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:38:56 2007 => Version 9.2.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:44:16 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Fri Oct 05 16:46:06 2007 => Version 9.4.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:31:41 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:33:15 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 14:54:19 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Sun Oct 14 14:54:22 2007 => Setting NORMAL Attributes for Folder: F:\[00000000000000] BASE\Templates\Web Design Index 5\files\308_2\www.ryangiggs.cc\version1 Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html Sun Oct 14 15:01:46 2007 => Setting NORMAL Attributes for Folder: I:\[0000]---DOWNLOADS---\Web design index\files\279_3\www.leifunddirekt.de\demoversion\html\grafix Mon Oct 15 13:41:25 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Mon Oct 15 13:42:03 2007 => Version 9.4.6 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com) Thu Oct 04 15:22:45 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:22:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:24:49 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:26:20 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:28:13 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 15:46:41 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:34 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:08:53 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:31 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:36 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:19:38 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:31:43 2007 => Virus Database Date: 9/18/2007 Thu Oct 04 16:36:47 2007 => Virus Database Date: 9/18/2007 Fri Oct 05 16:20:26 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:38:59 2007 => Virus Database Date: 5/28/2007 Fri Oct 05 16:44:24 2007 => Virus Database Date: 10/3/2007 Fri Oct 05 18:52:03 2007 => Virus Database Date: 10/3/2007 Sun Oct 14 14:31:53 2007 => Virus Database Date: 10/11/2007 Sun Oct 14 14:32:46 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:05:23 2007 => Virus Database Date: 10/14/2007 Sun Oct 14 15:57:00 2007 => Virus Database Date: 10/14/2007 Mon Oct 15 13:41:31 2007 => Virus Database Date: 10/14/2007 Mon Oct 15 13:41:50 2007 => Virus Database Date: 10/15/2007 Mon Oct 15 15:00:55 2007 => Virus Database Date: 10/15/2007 Mon Oct 15 15:46:36 2007 => Virus Database Date: 10/15/2007 |
|
| Themen zu Hi Könnte Jemand über die HJT und Find.bat Auswertung einmal drübersehen ? |
| ad-aware, antivirus, bho, browser, content.ie5, drivers, einstellungen, excel, fehler, firefox, fraud, hijack, hijackthis, hosts-datei, internet, internet explorer, konvertieren, mozilla, mozilla firefox, nicht sicher, object, pdf-datei, prozesse, registry, security, senden, smitfraud, software, starten, symantec, system, windows, windows xp, windows\system32\drivers |
Linear-Darstellung
