Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   sind das vieren??? (https://www.trojaner-board.de/15399-vieren.html)

suja 14.03.2005 21:58
sind das vieren???
 
hallo,
bin neu hier und kenn mich leider auch mit vieren, trojanern... noch wenig aus. ändert sich aber gerade :)
antivier hatte bei mir vieren gefunden. nach kurzer recherche hier im forum habe ich mal einen escan gemacht:


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009511.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009512.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010239.dll infected by "not-a-virus:AdWare.ToolBar.DashBar.b" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010240.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010241.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010589.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010590.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010591.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010592.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010593.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010594.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010595.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010596.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010597.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010598.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010600.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010601.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010602.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010633.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010634.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010635.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010636.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010637.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010638.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010639.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010641.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012976.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012979.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013430.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013434.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014431.exe infected by "Trojan.Win16.Bearded" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014436.exe tagged as not-a-virus:Simulator.Win16.Click. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017631.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017732.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.






dann habe ich alles mögliche gelöscht (inklusive papierkorb) und einen zweiten scan gemacht:




File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009511.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009512.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010239.dll infected by "not-a-virus:AdWare.ToolBar.DashBar.b" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010240.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010241.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010589.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010590.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010591.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010592.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010593.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010594.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010595.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010596.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010597.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010598.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010600.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010601.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010602.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010633.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010634.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010635.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010636.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010637.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010638.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010639.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010641.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012976.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012979.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013430.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013434.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014431.exe infected by "Trojan.Win16.Bearded" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014436.exe tagged as not-a-virus:Simulator.Win16.Click. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017631.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017732.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.


ja und das ist mein logfile von hijachThis:

Logfile of HijackThis v1.99.1
Scan saved at 21:28:52, on 14.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - Global Startup: Microsoft Office Shortcut-Leiste.lnk = C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...dxIE601_de.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

kann mir jemand sagen wie stark mein system befallen ist? und was ich gegen die vieren tun kann.
wäre für jede hilfe dankbar.
gruss hagen

Gigamail 14.03.2005 22:09
deaktiviere die Systemwiederherstellung neu booten Systemwiederherstellung wieder aktivieren, im normalen Modus ein neues HJT erstellen und posten

Cidre 14.03.2005 22:19
Hallo,

Zitat:
sind das vieren???
Ich würde sogar sagen, dass es sich hiebei um fünfen handelt.;)
Spass beiseite, die Dinger heissen Viren.

Das Problem sollte mit der Abarbeitung von Gigamail's Empfehlung erledigt sein.

suja 14.03.2005 22:39
viren!!!!!!!!!!! richtig....sah doch gleich so komisch aus. ich sollte weniger :party: und :juul: ist mir scheinbar schon zu spät...
aber schon mal vielen dank für eure schnelle hilfe. hier das neue hijackThis logfile

soll ich nun den escan wieder drüber laufen lassen???
gruss hagen

Logfile of HijackThis v1.99.1
Scan saved at 22:39:31, on 14.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
D:\download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - Global Startup: Microsoft Office Shortcut-Leiste.lnk = C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...dxIE601_de.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Cidre 14.03.2005 23:05
Dein Log-File sieht sauber aus.
Zur weiteren Vorsorge solltest du die Links unter 'Lesenswerte Lektüre...' in meiner Signatur lesen und abarbeiten.

Zitat:
soll ich nun den escan wieder drüber laufen lassen???
Kann nicht schaden.;)

suja 14.03.2005 23:10
vielen dank :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131