![]() |
Verda... Sch... kann mir bitte jemand helfen Ich weis wahrscheindlich nervt euch das aber bitte helft mir . ich bin am verzweifeln. sorry wegen der rechtschreibung Logfile of HijackThis v1.99.1 Scan saved at 14:55:06, on 18.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Ivan\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01 O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp9460.tmp O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll (file missing) O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
Arbeite bitte folgendes ab: http://www.trojaner-board.de/showthread.php?t=21709 Beachte dabei die neue eScan-Anleitung. Poste dann die Ergebnisse von eScan und smitrem zusammen mit einem neuen HijackThis-Log. |
Ich hab das gemacht was in disem post steht. http://www.trojaner-board.de/showthread.php?t=21709 Leider hat das updaten von Esacn nicht geklapt und ich habe das program DiskCleanup nicht gefunden. aber abgesehen von den zwei problemmen hatt alles geklapt. e of HijackThis v1.99.1 Scan saved at 18:16:17, on 18.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Ivan\Desktop\Viren\hijackthis\HijackThis.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll (file missing) O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe das hir ist von Esacan smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ ioctrl.dll 1024 dir msvol.tlb ld****.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 772 'explorer.exe' Killing PID 772 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) |
Das schaut ja schon mal besser aus. Poste bitte noch die eScan-Ergebnisse. Zudem würde ich gerne noch ein Silent Runners-Log sehen. |
Ok hir sind die Silent Runner aber wie bekom ich die von Escan? Bitte sag mir was mein problem ist "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "Lexmark X1100 Series" = ""C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."] "remotewatch.exe" = (empty string) "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "ATIPTA" = ""C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "AVSCHED32" = "C:\Programme\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"] "Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 81 Hartwell Ave. Lexington MA"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 81 Hartwell Ave. Lexington MA"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Ivan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Ivan" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-ch\msntb.dll" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 18 seconds) |
Zitat:
Zitat:
|
Heist das, das problem behoben ist? |
Zitat:
|
smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ ioctrl.dll 1024 dir msvol.tlb ld****.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 772 'explorer.exe' Killing PID 772 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! |
Würde es dir gefallen, wenn ich immer das Gleiche posten würde? Nein? Dann sei bitte so nett und poste das Ergebnis von eScan... |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Dec 18 18:08:55 2005 => Virus Database Date: 2005/12/12 Sun Dec 18 20:58:31 2005 => Virus Database Date: 2005/12/12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ |
Öffne die Datei C:\bases_x\mwav.log und poste folgendes (steht ganz am Ende): Zitat:
|
Sun Dec 18 18:08:35 2005 => AV Library Unloaded (3)... Sun Dec 18 18:08:48 2005 => ********************************************************** Sun Dec 18 18:08:48 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Sun Dec 18 18:08:48 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Sun Dec 18 18:08:48 2005 => ********************************************************** Sun Dec 18 18:08:49 2005 => Version 7.4.5 (C:\Bases_X\mwavscan.com) Sun Dec 18 18:08:49 2005 => Log File: C:\Bases_X\MWAV.LOG Sun Dec 18 18:08:49 2005 => Last Scan Date and Time: 18.12.2005 17:09:49 Sun Dec 18 18:08:49 2005 => MWAV Registered: FALSE. Sun Dec 18 18:08:49 2005 => MWAV Mode: Only Scan files. Sun Dec 18 18:08:51 2005 => Latest Date of files inside MWAV: 12 Dec 2005 12:14:08. Sun Dec 18 18:08:54 2005 => AV Library Loaded... Sun Dec 18 18:08:54 2005 => MWAV doing self scanning... Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavss.exe Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\Getvlist.exe Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavss.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavssdi.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavssi.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\kavvlg.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\msvlclnt.dll Sun Dec 18 18:08:54 2005 => Scanning File C:\Bases_X\ipc.dll Sun Dec 18 18:08:55 2005 => Scanning File C:\Bases_X\main.avi Sun Dec 18 18:08:55 2005 => Scanning File C:\Bases_X\virus.avi Sun Dec 18 18:08:55 2005 => MWAV files are clean. Sun Dec 18 18:08:55 2005 => Virus Database Date: 2005/12/12 Sun Dec 18 18:08:55 2005 => Virus Database Count: 164615 Sun Dec 18 18:08:59 2005 => Downloading AntiVirus and Anti-Spyware Databases... Sun Dec 18 18:08:59 2005 => Downloads Not Successful! Sun Dec 18 18:09:06 2005 => AV Library Unloaded (3)... Sun Dec 18 20:58:26 2005 => ********************************************************** Sun Dec 18 20:58:26 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Sun Dec 18 20:58:26 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Sun Dec 18 20:58:26 2005 => ********************************************************** Sun Dec 18 20:58:26 2005 => Version 7.4.5 (C:\Bases_X\mwavscan.com) Sun Dec 18 20:58:26 2005 => Log File: C:\Bases_X\MWAV.LOG Sun Dec 18 20:58:26 2005 => Last Scan Date and Time: 18.12.2005 17:09:49 Sun Dec 18 20:58:26 2005 => MWAV Registered: FALSE. Sun Dec 18 20:58:26 2005 => MWAV Mode: Only Scan files. Sun Dec 18 20:58:27 2005 => Latest Date of files inside MWAV: 12 Dec 2005 12:14:08. Sun Dec 18 20:58:30 2005 => AV Library Loaded... Sun Dec 18 20:58:30 2005 => MWAV doing self scanning... Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavss.exe Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\Getvlist.exe Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavss.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavssdi.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavssi.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\kavvlg.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\msvlclnt.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\ipc.dll Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\main.avi Sun Dec 18 20:58:30 2005 => Scanning File C:\Bases_X\virus.avi Sun Dec 18 20:58:30 2005 => MWAV files are clean. Sun Dec 18 20:58:31 2005 => Virus Database Date: 2005/12/12 Sun Dec 18 20:58:31 2005 => Virus Database Count: 164615 Sun Dec 18 20:59:03 2005 => AV Library Unloaded (3)... |
War wahrscheindlich das falsche ich scan den comp nochmal mit escan aber erst morgen jetz muss ich pennen geh, muss widerr arbeiten. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 23:42 Uhr. |
Copyright ©2000-2025, Trojaner-Board