Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte dringend meinen Log-File ansehen!!! (https://www.trojaner-board.de/22512-bitte-dringend-meinen-log-file-ansehen.html)

angie00732 06.10.2005 20:43
Bitte dringend meinen Log-File ansehen!!!
 
Hallo, hab meinen rechner nun doch noch mal zum laufen gebracht, und nach einigen stunden ohne probleme schliesst sich mal wieder alles... zone-alarm und antivir und antivir hat noch dazu zerstörte VDF dateien!!

hier nun der log-file von hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:39:43, on 06.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\dreamangel\Lokale Einstellungen\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.at/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128521328366
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - h**p://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kann das jemand von euch entschlüsseln?

sorry, bin laie und nicht sehr bewandert darin!!

danke schon mal!!!

angie

[edit]
links entfernt
[/edit]

angie00732 06.10.2005 21:09
ich sollte vielleicht nochmals anmerken, das bisher der ordner "wandows" auf meinem rechner nirgens zu finden ist ( war bisher dauernd der fall als alles gesponnen hat) dafür gibt es nun einen ordner : C:\w ....... der leer ist!!!dieser ordner war bis vor ein paar stunden noch nicht da (bevor ich den rechner ausgeschaltet hatte) und plötzlich erscheint er... nachdem antivir spinnt und zone-alarm sich ständig schliesst!!

gruß

angie

cacatoa 06.10.2005 21:10
eScan durchführen (Kennst du ja bereits). Diesmal aber genau nach Anleitung!
Hier.
Dein Sytem ist natürlich immer noch ohne SP2.
Das Logfile von HJT sieht sauber aus>>>>>bedeutet in dieser Situation aber gar nix. Erst das eScan Log überzeugt.
cacatoa

angie00732 06.10.2005 21:22
Zitat:
Zitat von cacatoa
eScan durchführen (Kennst du ja bereits). Diesmal aber genau nach Anleitung!
Hier.
Dein Sytem ist natürlich immer noch ohne SP2.
Das Logfile von HJT sieht sauber aus>>>>>bedeutet in dieser Situation aber gar nix. Erst das eScan Log überzeugt.
cacatoa
es war mir leider nicht möglich SP2 zu installieren da ich nur 256 mb arbeitsspeicher habe, und scheinbar auch meine cd und dvd laufwerke was haben sodass das nichtt gefunzt hat :-(

ich werds nun nochmals mit escan versuchen, und hoffe das ich es diesesmal hinbekomme... seufzzzz

beim letzten mal war ja die datei system32 bereits zerstört, sodass ich den rechner NEU machen musste... zum mitlerweile 15!!! mal...

gruß und dank

angie

angie00732 06.10.2005 23:36
Da der logfile zicken macht beim hochladen, und ein reinkopieren aufgrund der länge nicht möglich ist, mache ich das nun auf stückchen weise... ich bitte um verständniss...

angie

angie00732 06.10.2005 23:37
Thu Oct 06 23:06:07 2005 => **********************************************************
Thu Oct 06 23:06:07 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Thu Oct 06 23:06:07 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Thu Oct 06 23:06:07 2005 => **********************************************************
Thu Oct 06 23:06:07 2005 => Version 7.2.2 (C:\Bases_X'\mwavscan.com)
Thu Oct 06 23:06:07 2005 => Log File: C:\Bases_X'\MWAV.LOG
Thu Oct 06 23:06:07 2005 => MWAV Registered: FALSE.
Thu Oct 06 23:06:07 2005 => MWAV Mode: Only Scan files.
Thu Oct 06 23:06:10 2005 => Latest Date of files inside MWAV: 27 Sep 2005 10:51:30.
Thu Oct 06 23:06:15 2005 => AV Library Loaded...
Thu Oct 06 23:06:15 2005 => MWAV doing self scanning...
Thu Oct 06 23:06:15 2005 => Scanning File C:\Bases_X'\kavss.exe
Thu Oct 06 23:06:15 2005 => Scanning File C:\Bases_X'\Getvlist.exe
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\kavss.dll
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\kavssdi.dll
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\kavssi.dll
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\kavvlg.dll
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\msvlclnt.dll
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\ipc.dll
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\main.avi
Thu Oct 06 23:06:16 2005 => Scanning File C:\Bases_X'\virus.avi
Thu Oct 06 23:06:16 2005 => MWAV files are clean.
Thu Oct 06 23:06:28 2005 => Virus Database Date: 2005/09/27
Thu Oct 06 23:06:28 2005 => Virus Database Count: 151405

Thu Oct 06 23:07:01 2005 => **********************************************************
Thu Oct 06 23:07:01 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Thu Oct 06 23:07:01 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Thu Oct 06 23:07:01 2005 =>
Thu Oct 06 23:07:01 2005 => Support: support@mwti.net
Thu Oct 06 23:07:01 2005 => Web: http://www.mwti.net
Thu Oct 06 23:07:01 2005 => **********************************************************
Thu Oct 06 23:07:01 2005 => Version 7.2.2 (C:\Bases_X'\mwavscan.com)
Thu Oct 06 23:07:01 2005 => Log File: C:\Bases_X'\MWAV.LOG
Thu Oct 06 23:07:01 2005 => User Account: Administrator
Thu Oct 06 23:07:01 2005 => Windows Root Folder: C:\WINDOWS
Thu Oct 06 23:07:01 2005 => Windows Sys32 Folder: C:\WINDOWS\System32
Thu Oct 06 23:07:01 2005 => OS: Windows NT
Thu Oct 06 23:07:01 2005 => Latest Date of files inside MWAV: 27 Sep 2005 10:51:30.

Thu Oct 06 23:07:01 2005 => Options Selected by User:
Thu Oct 06 23:07:01 2005 => Memory Check: Enabled
Thu Oct 06 23:07:01 2005 => Registry Check: Enabled
Thu Oct 06 23:07:01 2005 => StartUp Folder Check: Disabled
Thu Oct 06 23:07:01 2005 => System Folder Check: Disabled
Thu Oct 06 23:07:01 2005 => System Area Check: Disabled
Thu Oct 06 23:07:01 2005 => Services Check: Enabled
Thu Oct 06 23:07:01 2005 => Drive Check: Disabled
Thu Oct 06 23:07:01 2005 => All Drive Check :Enabled
Thu Oct 06 23:07:01 2005 => Folder Check: Disabled

angie00732 06.10.2005 23:39
Thu Oct 06 23:07:02 2005 => ***** Scanning Memory Files *****
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\System32\ntdll.dll
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Thu Oct 06 23:07:02 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\System32\sxs.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Thu Oct 06 23:07:03 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Thu Oct 06 23:07:04 2005 => Scanning File C:\WINDOWS\System32\MSGINA.dll
Thu Oct 06 23:07:05 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Thu Oct 06 23:07:05 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Thu Oct 06 23:07:05 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Thu Oct 06 23:07:05 2005 => Scanning File C:\WINDOWS\System32\ODBC32.dll
Thu Oct 06 23:07:05 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Thu Oct 06 23:07:05 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\System32\odbcint.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\System32\SHSVCS.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\System32\sfc_os.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\System32\WINTRUST.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\System32\WINMM.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\System32\serwvdrv.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\System32\umdmxfrm.dll
Thu Oct 06 23:07:06 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\WinSCard.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\WTSAPI32.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\WINSPOOL.DRV
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\rsaenh.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\UxTheme.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\SAMLIB.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Oct 06 23:07:07 2005 => Scanning File C:\WINDOWS\System32\NTMARTA.DLL
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\msacm32.drv
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\MSACM32.dll
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\imaadp32.acm
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\msadp32.acm
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\msg711.acm
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\msgsm32.acm
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\tssoft32.acm
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\tsd32.dll
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\msg723.acm
Thu Oct 06 23:07:08 2005 => Scanning File C:\WINDOWS\System32\msaud32.acm
Thu Oct 06 23:07:09 2005 => Scanning File C:\WINDOWS\System32\sl_anet.acm
Thu Oct 06 23:07:09 2005 => Scanning File C:\WINDOWS\System32\l3codeca.acm
Thu Oct 06 23:07:09 2005 => Scanning File C:\WINDOWS\System32\iac25_32.ax
Thu Oct 06 23:07:09 2005 => Scanning File C:\WINDOWS\System32\sirenacm.dll
Thu Oct 06 23:07:09 2005 => Scanning File C:\WINDOWS\System32\COMRes.dll
Thu Oct 06 23:07:09 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Thu Oct 06 23:07:09 2005 => Scanning File C:\WINDOWS\System32\CLBCATQ.DLL
Thu Oct 06 23:07:10 2005 => Scanning File C:\WINDOWS\system32\services.exe
Thu Oct 06 23:07:10 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Thu Oct 06 23:07:10 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Thu Oct 06 23:07:10 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Thu Oct 06 23:07:10 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Thu Oct 06 23:07:10 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Oct 06 23:07:10 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Thu Oct 06 23:07:11 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Thu Oct 06 23:07:12 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Thu Oct 06 23:07:12 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Thu Oct 06 23:07:12 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Thu Oct 06 23:07:12 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Thu Oct 06 23:07:12 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Thu Oct 06 23:07:12 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Thu Oct 06 23:07:12 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Oct 06 23:07:12 2005 => Scanning File c:\windows\system32\rpcss.dll
Thu Oct 06 23:07:13 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Thu Oct 06 23:07:13 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Thu Oct 06 23:07:13 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Thu Oct 06 23:07:13 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Thu Oct 06 23:07:13 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Thu Oct 06 23:07:13 2005 => Scanning File c:\windows\system32\certcli.dll
Thu Oct 06 23:07:13 2005 => Scanning File c:\windows\system32\ATL.DLL
Thu Oct 06 23:07:13 2005 => Scanning File c:\windows\system32\CRYPTUI.dll
Thu Oct 06 23:07:14 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Thu Oct 06 23:07:14 2005 => Scanning File c:\windows\system32\ESENT.dll
Thu Oct 06 23:07:14 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Thu Oct 06 23:07:14 2005 => Scanning File c:\windows\system32\wbem\wbemcomn.dll
Thu Oct 06 23:07:14 2005 => Scanning File C:\WINDOWS\System32\VSSAPI.DLL
Thu Oct 06 23:07:15 2005 => Scanning File c:\windows\system32\srsvc.dll
Thu Oct 06 23:07:15 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Thu Oct 06 23:07:15 2005 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Thu Oct 06 23:07:15 2005 => Scanning File c:\windows\system32\dmserver.dll
Thu Oct 06 23:07:15 2005 => Scanning File C:\WINDOWS\System32\es.dll
Thu Oct 06 23:07:15 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcore.dll
Thu Oct 06 23:07:15 2005 => Scanning File C:\WINDOWS\System32\wbem\esscli.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\System32\wbem\FastProx.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcons.dll
Thu Oct 06 23:07:16 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Thu Oct 06 23:07:17 2005 => Scanning File C:\WINDOWS\System32\BROWSEUI.dll
Thu Oct 06 23:07:17 2005 => Scanning File C:\WINDOWS\System32\SHDOCVW.dll
Thu Oct 06 23:07:17 2005 => Scanning File C:\WINDOWS\system32\appHelp.dll
Thu Oct 06 23:07:17 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\System32\LINKINFO.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\System32\ntshrui.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\system32\credui.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\System32\msi.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\System32\browselc.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\system32\urlmon.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\System32\drprov.dll
Thu Oct 06 23:07:18 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\WINDOWS\System32\NETRAP.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\Bases_X'\mwavscan.com
Thu Oct 06 23:07:19 2005 => Scanning File C:\Bases_X'\msvlclnt.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\Bases_X'\kavssdi.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\Bases_X'\kavssd.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\Bases_X'\kavssi.dll
Thu Oct 06 23:07:19 2005 => Scanning File C:\Bases_X'\ipc.dll
Thu Oct 06 23:07:20 2005 => Scanning File C:\Bases_X'\RICHED32.DLL
Thu Oct 06 23:07:20 2005 => Scanning File C:\Bases_X'\PSAPI.DLL
Thu Oct 06 23:07:20 2005 => Scanning File C:\WINDOWS\System32\VDMDBG.DLL
Thu Oct 06 23:07:20 2005 => Scanning File C:\Bases_X'\kavss.exe
Thu Oct 06 23:07:20 2005 => Scanning File C:\Bases_X'\kavss.dll

Thu Oct 06 23:07:20 2005 => ***** Scanning Registry Files *****

Thu Oct 06 23:07:20 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

angie00732 06.10.2005 23:41
Thu Oct 06 23:07:20 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Thu Oct 06 23:07:20 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Thu Oct 06 23:07:20 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:20 2005 => Scanning File C:\WINDOWS\System32\stobject.dll

Thu Oct 06 23:07:20 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Thu Oct 06 23:07:20 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Thu Oct 06 23:07:20 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Thu Oct 06 23:07:20 2005 => Scanning File C:\WINDOWS\System32\msdxm.ocx
Thu Oct 06 23:07:21 2005 => Scanning File C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

Thu Oct 06 23:07:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Thu Oct 06 23:07:21 2005 => {02478D38-C3F9-4efb-9B51-7695ECA05670} = C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
Thu Oct 06 23:07:21 2005 => Scanning File C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

Thu Oct 06 23:07:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Thu Oct 06 23:07:21 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:21 2005 => Scanning File C:\WINDOWS\System32\browseui.dll

Thu Oct 06 23:07:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Thu Oct 06 23:07:21 2005 => Scanning File C:\WINDOWS\system32\mmsys.cpl
Thu Oct 06 23:07:21 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Thu Oct 06 23:07:21 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\docprop.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\deskadp.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\deskmon.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\dssec.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\SlayerXP.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\shscrap.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\diskcopy.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\ntlanui2.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\System32\icmui.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\printui.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\dskquoui.dll
Thu Oct 06 23:07:22 2005 => Scanning File C:\WINDOWS\system32\syncui.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\System32\hticons.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\fontext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\deskperf.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\System32\remotepg.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\System32\wuaucpl.cpl
Thu Oct 06 23:07:23 2005 => Scanning File C:\WINDOWS\System32\wshext.dll
Thu Oct 06 23:07:23 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\oledb32.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\occache.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Thu Oct 06 23:07:24 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\msieftp.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\msagent\agentpsh.dll
Thu Oct 06 23:07:25 2005 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\photowiz.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\mmcshext.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\system32\cabview.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\Audiodev.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\Audiodev.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\mscoree.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\nvshell.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\nvshell.dll
Thu Oct 06 23:07:26 2005 => Scanning File C:\WINDOWS\System32\nvcpl.dll
Thu Oct 06 23:07:27 2005 => Scanning File C:\WINDOWS\System32\nvcpl.dll
Thu Oct 06 23:07:27 2005 => Scanning File C:\WINDOWS\System32\nvshell.dll
Thu Oct 06 23:07:27 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Thu Oct 06 23:07:27 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Thu Oct 06 23:07:27 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Thu Oct 06 23:07:27 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Thu Oct 06 23:07:27 2005 => Scanning File C:\Programme\WinRAR\rarext.dll

angie00732 06.10.2005 23:42
sorry, aber ich glaub das bringt nix, irgendwas mache ich falsch, ich hab noch nicht mal einen bruchteil davon... :-( HILFEEEE wie kann ich weitermachen um den logfile hier zu posten?

find.bat funzt irgendwie nicht, wenn ich es ausführe kommt eine sekunde lang ein bild und dann ist es wieder weg...

gruß

angie

Wildone 06.10.2005 23:49
Hallo,
dann suche über bearbeiten>>suchen in dem Logfile nach den Stichwörtern "infected" "tagged" "offending" und poste die jeweiligen Einträge.

Grüße Wildone

angie00732 07.10.2005 09:11
Zitat:
Zitat von Wildone
Hallo,
dann suche über bearbeiten>>suchen in dem Logfile nach den Stichwörtern "infected" "tagged" "offending" und poste die jeweiligen Einträge.

Grüße Wildone
hab ich bereits gemacht, aber der findend blos unter infected den alexa... unter tagged findet er nix und unter offending auch nix...

Thu Oct 06 23:07:54 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 06 23:07:54 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.

tatsache ist aber, das heute morgen zum X-ten mal die datei system32 zerstört war, und ich den pc nur noch in der wiederherstellungskonsole mit boot /cfg retten konnte!!

das kanns ja nicht sein!!!

außerdem ist mal wieder dieser ominöse C:/w ordner da!!! der sich vorher immer wandows nannte..

das kann ja nicht sein das NICHTS auf meinem pc ist das diese dinge veranlasst oder?

gruß

angie

angie00732 07.10.2005 09:13
achja, nochwas.... ich hab den scan wie beschrieben im abgesicherten modus ohne systemwiederherstellung gemacht, und etwa bei datei 28000 hat er aufgehört zu scannen, ich hab den scan dann nach einer stunde abgebrochen, weil der ja eh nix mehr getan hat außer die zeit ablaufen zu lassen!!

gruß

angie

angie00732 07.10.2005 17:45
keiner da der es wagt mir zu helfen? :heulen: och menno.... ich hab doch echt keinen plan mehr, wer oder was mein system dauernd zerstört!!

bitte bitte wenn ihr euch auskennt, dann antwortet mir bitte!

danke

angie

Karaya 07.10.2005 18:10
Hallo angie,

kopier den Text in den Editor und speichere ihn unter "auto_find.bat" auf dem Desktop ab.
Dann führe die Datei aus (doppelklick). Auf C:/ wirst Du eine Datei finden mit dem Namen "eScan_neu.txt", die postest Du hier.
Voraussetzung ist natürlich, dass Du die MWAV.LOG noch hast.

Auch wenn es schwer fällt, nimm's Gas raus, schau aus dem Fenster auf die Berge und entspann Dich.


if not exist c:\bases\mwav.log goto 1
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ > C:\eScan_alt.txt
echo Funde für "infected" >> C:\eScan_alt.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt
findstr /i "infected" c:\bases\mwav.log >> C:\eScan_alt.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt
echo Funde für "tagged" >> C:\eScan_alt.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt
findstr /i "tagged" c:\bases\mwav.log >> C:\eScan_alt.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt
echo Statisktiken: >> C:\eScan_alt.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt
findstr /i "Found:" c:\bases\mwav.log >> C:\eScan_alt.txt
findstr /i "Errors:" c:\bases\mwav.log >> C:\eScan_alt.txt
findstr /i "Elapsed:" c:\bases\mwav.log >> C:\eScan_alt.txt
findstr /i "Scanned:" c:\bases\mwav.log >> C:\eScan_alt.txt
findstr /i "Date:" c:\bases\mwav.log >> C:\eScan_alt.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt
echo ~~~~~~~ © Haui ;-) ~~~~~~~ >>C:\eScan_alt.txt
echo ~~~~~~~ Dank an Cidre ~~~~~~~ >>C:\eScan_alt.txt
:1
if not eXist c:\bases_x\mwav.log goto 2
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ > C:\eScan_neu.txt
echo Funde für "infected" >> C:\eScan_neu.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt
findstr /i "infected" c:\bases_x\mwav.log >> C:\eScan_neu.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt
echo Funde für "tagged" >> C:\eScan_neu.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt
findstr /i "tagged" c:\bases_x\mwav.log >> C:\eScan_neu.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt
echo Statistiken: >>c:\eScan_neu.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt
findstr /i "Found:" c:\bases_X\mwav.log >> C:\eScan_neu.txt
findstr /i "Errors:" c:\bases_x\mwav.log >> C:\eScan_neu.txt
findstr /i "Elapsed:" c:\bases_x\mwav.log >> C:\eScan_neu.txt
findstr /i "Scanned:" c:\bases_x\mwav.log >> C:\eScan_neu.txt
findstr /i "Date:" c:\bases_x\mwav.log >> C:\eScan_neu.txt
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt
echo ~~~~~~~ © Haui ;-) ~~~~~~~ >>C:\eScan_neu.txt
echo ~~~~~~~ Dank an Cidre ~~~~~~~ >>C:\eScan_neu.txt
:2 exit


karaya

Hab noch was vergessen: welche Datei "System32" ist defekt? Genauer Pfad.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131