Computer verseucht - BITTEBITTE helft mir,bin am Verzweifeln
5 Beiträge • Seite 1 von 1
Computer verseucht - BITTEBITTE helft mir,bin am Verzweifeln
von Oberwabn am 10.12.2005, 00:48
Meine lieben Experten,
ich bitte Euch inständig um Eure Hilfe und Ratschläge! Ihr seid meine letzte Hoffnung *snief*
Wie schon einmal berichtet, stürzt mein PC (WIN 2000Prof) total oft ab (Statuscode 128, der PC wird nach einem Countdown von 1min heruntergefahren ohne Möglichkeit, ihn aufzuhalten) sobald ich ins Netz gehe (DFÜ-Verbindung), manchmal kommt vorher die Meldung: Debugger detected - please disable it and restart the application. Keine Ahnung, was das heißt. Jedenfalls hab ich mit Müh und Not vier Virenprogs durchlaufen lassen (Logs folgen): Sophos, McAffee, Trend und Kaspersky. Und die haben so was von viel gefunden!!!!!!
Ich hab mich ja im Netz schon ein wenig schlau gemacht und gelesen, dass Statuscode 128 was mit dem Sasser-Wurm zu tun haben könnte, das es aber auch an einem fehlenden Windows Servicepack liegen kann. Wollte mir auch gleich SP4 installieren, aber dazu hätt ich das System absichern müssen und das kann ich nicht ich Doofie
Ich post Euch hier mal die Logs der Virenprogramme, viell. wird ja einer von Euch draus schlau.....
1. Sophos:
Full Scanning
Could not open c:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open c:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Password protected file c:\Install\Winzip\wz81gev.exe\SfxArchiveData\SETUP.WZ\WINZIP32.EX_
Password protected file c:\Programme\Adobe\Acrobat 6.0\Reader\Messages\DEU\RdrMsgDEU.pdf
Password protected file c:\Programme\Adobe\Acrobat 6.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp
Could not check c:\WINNT\system32\dllcache\ipnat.sys (corrupt)
Could not check c:\WINNT\system32\drivers\ipnat.sys (corrupt)
Could not open c:\WINNT\system32\google.exe --> Dieses File hat AVG Virenscanner auf einmal als Trojan Horse IRC/BackDoor.SdBot.LQI identifiziert und dann auch geheilt
1 master boot record swept.
20078 files swept in 1 hour, 1 minute and 17 seconds.
51 errors were encountered.
No viruses were discovered.
41 encrypted files were not checked.
Ending Sophos Anti-Virus.
Could not open c:\WINNT\system32\Perflib_Perfdata_454.dat
Could not open d:\
1 master boot record swept.
20078 files swept in 1 hour, 1 minute and 17 seconds.
51 errors were encountered.
No viruses were discovered.
41 encrypted files were not checked.
Ending Sophos Anti-Virus.
2. Trend:
2005-12-09, 18:29:31, Auto-clean mode specified.
2005-12-09, 18:29:31, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2005-12-09, 18:30:02, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2005-12-09, 18:30:02, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows 2000(Build 2195: Service Pack 4)
Start time : Fr Dez 09 2005 18:29:33
Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 686) [success]
Complete time : Fr Dez 09 2005 18:30:02
Execute pattern count(4573), Virus found count(0), Virus clean count(0), Clean failed count(0)
2005-12-09, 18:31:12, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\NTUSER.DAT": Zugriff verweigert
2005-12-09, 18:31:12, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\ntuser.dat.LOG": Zugriff verweigert
2005-12-09, 18:31:35, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert
2005-12-09, 18:31:35, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert
2005-12-09, 18:37:11, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert
2005-12-09, 18:40:44, An error occurred while scanning file "C:\WINNT\system32\Perflib_Perfdata_454.dat": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\default": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\software": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Zugriff verweigert
2005-12-09, 18:41:15, An error occurred while scanning file "C:\WINNT\system32\config\system": Zugriff verweigert
2005-12-09, 18:41:15, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Zugriff verweigert
2005-12-09, 18:43:59, Running scanner "c:\AV-CLS\Trend\VSCANTM.BIN"...
2005-12-09, 18:54:37, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 18:44:00
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 993 (114949 Patterns) (2005/12/08) (299300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
C:\msnchecke5.exe [TROJ_CRYPT.AA]
C:\WINNT\msnchecke2.exe [TROJ_CRYPT.AA]
C:\WINNT\msnchecke8.exe [TROJ_CRYPT.AA]
C:\WINNT\system32\msnchecker.exe [TROJ_CRYPT.AA]
19957 files have been read.
19957 files have been checked.
16628 files have been scanned.
19768 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 18:54:37
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 18:54:37, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 18:44:00
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 993 (114949 Patterns) (2005/12/08) (299300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
Success Clean [ TROJ_CRYPT.AA]( 1) from C:\msnchecke5.exe
Success Clean [ TROJ_CRYPT.AA]( 1) from C:\WINNT\msnchecke2.exe
Success Clean [ TROJ_CRYPT.AA]( 1) from C:\WINNT\msnchecke8.exe
19957 files have been read.
19957 files have been checked.
16628 files have been scanned.
19768 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 18:54:37 10 minutes 32 seconds (632.13 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 18:54:37, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 18:44:00
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 993 (114949 Patterns) (2005/12/08) (299300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
19957 files have been read.
19957 files have been checked.
16628 files have been scanned.
19768 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 18:54:37 10 minutes 32 seconds (632.13 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 18:54:38, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
3. McAfee:
Virus Scan Results
--------------------------------------------------------------------------------
12/09/2005 19:02:08
Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /MIME /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"
Scanning C: [C]
Scanning C:\*.*
C:\WINNT\system32\dhcp\csrss.exe ... Found the W32/Sdbot.worm.gen virus !!!
The file or process has been deleted.
C:\WINNT\system32\i ... Found the W32/Sdbot.worm!ftp virus !!!
The file or process has been deleted.
Summary report on C:\*.*
File(s)
Total files: ........... 97520
Clean: ................. 97462
Possibly Infected: ..... 2
Cleaned: ............... 0
Deleted: ............... 2
Non-critical Error(s): 3
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Time: 00:55.50
4. Kaspersky (nur Ausschnitte)
c:\MS10D6~1.EXE infected: Packed.Win32.CryptExe
c:\MS10D6~1.EXE deleted: Packed.Win32.CryptExe
c:\MS10DA~1.EXE infected: Packed.Win32.CryptExe
c:\MS10DA~1.EXE deleted: Packed.Win32.CryptExe
c:\MS20DA~1.EXE infected: Packed.Win32.CryptExe
c:\MS20DA~1.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~1.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~1.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~2.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~2.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~3.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~3.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~4.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~4.EXE deleted: Packed.Win32.CryptExe
c:\MIRC\MIRC.EXE infected: not-a-virus:Client-IRC.Win32.mIRC.616
c:\MIRC\MIRC.EXE deleted: not-a-virus:Client-IRC.Win32.mIRC.616
c:\MIRC\DOWNLOAD\MOORHU~1.ZIP/fmod.dll packed: PE_Patch
c:\MIRC\DOWNLOAD\MOORHU~1.ZIP/fmod.dll corrupted.
c:\WINNT\MS00DE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS00DE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MS10DA~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS10DA~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MS10DE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS10DE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MS20DE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS20DE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~2.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~2.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~3.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~3.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~4.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~4.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\BLAH32.COM infected: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\BLAH32.COM deleted: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\MSNCHE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\MSSIGN32.DLL archive: Mail
c:\WINNT\SYSTEM32\NLSFUNC.EXE packed: ExePack
c:\WINNT\SYSTEM32\PARAMS.EXE infected: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\PARAMS.EXE deleted: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\SCOOBY.EXE infected: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\SCOOBY.EXE deleted: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\UPD8.PIF infected: Backdoor.Win32.SdBot.aiw
c:\WINNT\SYSTEM32\UPD8.PIF deleted: Backdoor.Win32.SdBot.aiw
Current object: c:\
Sector Objects : 0 Known viruses : 4
Files : 98254 Virus bodies : 22
Folders : 1332 Disinfected : 0
Archives : 5706 Deleted : 20
Packed : 54 Warnings : 0
Suspicious : 1
Scan speed (Kb/sec) : 0 Corrupted : 1
Scan time : 02:09:14 I/O Errors : 0
Scan process completed.
Result for all objects:
Sector Objects : 0 Known viruses : 4
Files : 98254 Virus bodies : 22
Folders : 1332 Disinfected : 0
Archives : 5706 Deleted : 20
Packed : 54 Warnings : 0
Suspicious : 1
Scan speed (Kb/sec) : 343 Corrupted : 1
Scan time : 02:09:15 I/O Errors : 0
Weiters hat AVG noch ein Trojan Horse BackDoor.Generic.RLQ on C:\WINNT\system32\.exe gefunden und geheilt.
Wär echt super, wenn Ihr mir helfen könntet, ich bau ja uf Euch... *lächel*
LG,
die Oberwabn
ich bitte Euch inständig um Eure Hilfe und Ratschläge! Ihr seid meine letzte Hoffnung *snief*
Wie schon einmal berichtet, stürzt mein PC (WIN 2000Prof) total oft ab (Statuscode 128, der PC wird nach einem Countdown von 1min heruntergefahren ohne Möglichkeit, ihn aufzuhalten) sobald ich ins Netz gehe (DFÜ-Verbindung), manchmal kommt vorher die Meldung: Debugger detected - please disable it and restart the application. Keine Ahnung, was das heißt. Jedenfalls hab ich mit Müh und Not vier Virenprogs durchlaufen lassen (Logs folgen): Sophos, McAffee, Trend und Kaspersky. Und die haben so was von viel gefunden!!!!!!
Ich hab mich ja im Netz schon ein wenig schlau gemacht und gelesen, dass Statuscode 128 was mit dem Sasser-Wurm zu tun haben könnte, das es aber auch an einem fehlenden Windows Servicepack liegen kann. Wollte mir auch gleich SP4 installieren, aber dazu hätt ich das System absichern müssen und das kann ich nicht ich Doofie
Ich post Euch hier mal die Logs der Virenprogramme, viell. wird ja einer von Euch draus schlau.....
1. Sophos:
Full Scanning
Could not open c:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open c:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Password protected file c:\Install\Winzip\wz81gev.exe\SfxArchiveData\SETUP.WZ\WINZIP32.EX_
Password protected file c:\Programme\Adobe\Acrobat 6.0\Reader\Messages\DEU\RdrMsgDEU.pdf
Password protected file c:\Programme\Adobe\Acrobat 6.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp
Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp
Could not check c:\WINNT\system32\dllcache\ipnat.sys (corrupt)
Could not check c:\WINNT\system32\drivers\ipnat.sys (corrupt)
Could not open c:\WINNT\system32\google.exe --> Dieses File hat AVG Virenscanner auf einmal als Trojan Horse IRC/BackDoor.SdBot.LQI identifiziert und dann auch geheilt
1 master boot record swept.
20078 files swept in 1 hour, 1 minute and 17 seconds.
51 errors were encountered.
No viruses were discovered.
41 encrypted files were not checked.
Ending Sophos Anti-Virus.
Could not open c:\WINNT\system32\Perflib_Perfdata_454.dat
Could not open d:\
1 master boot record swept.
20078 files swept in 1 hour, 1 minute and 17 seconds.
51 errors were encountered.
No viruses were discovered.
41 encrypted files were not checked.
Ending Sophos Anti-Virus.
2. Trend:
2005-12-09, 18:29:31, Auto-clean mode specified.
2005-12-09, 18:29:31, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2005-12-09, 18:30:02, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2005-12-09, 18:30:02, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows 2000(Build 2195: Service Pack 4)
Start time : Fr Dez 09 2005 18:29:33
Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 686) [success]
Complete time : Fr Dez 09 2005 18:30:02
Execute pattern count(4573), Virus found count(0), Virus clean count(0), Clean failed count(0)
2005-12-09, 18:31:12, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\NTUSER.DAT": Zugriff verweigert
2005-12-09, 18:31:12, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\ntuser.dat.LOG": Zugriff verweigert
2005-12-09, 18:31:35, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert
2005-12-09, 18:31:35, An error occurred while scanning file "C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert
2005-12-09, 18:37:11, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert
2005-12-09, 18:40:44, An error occurred while scanning file "C:\WINNT\system32\Perflib_Perfdata_454.dat": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\default": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\software": Zugriff verweigert
2005-12-09, 18:41:14, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Zugriff verweigert
2005-12-09, 18:41:15, An error occurred while scanning file "C:\WINNT\system32\config\system": Zugriff verweigert
2005-12-09, 18:41:15, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Zugriff verweigert
2005-12-09, 18:43:59, Running scanner "c:\AV-CLS\Trend\VSCANTM.BIN"...
2005-12-09, 18:54:37, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 18:44:00
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 993 (114949 Patterns) (2005/12/08) (299300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
C:\msnchecke5.exe [TROJ_CRYPT.AA]
C:\WINNT\msnchecke2.exe [TROJ_CRYPT.AA]
C:\WINNT\msnchecke8.exe [TROJ_CRYPT.AA]
C:\WINNT\system32\msnchecker.exe [TROJ_CRYPT.AA]
19957 files have been read.
19957 files have been checked.
16628 files have been scanned.
19768 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 18:54:37
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 18:54:37, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 18:44:00
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 993 (114949 Patterns) (2005/12/08) (299300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
Success Clean [ TROJ_CRYPT.AA]( 1) from C:\msnchecke5.exe
Success Clean [ TROJ_CRYPT.AA]( 1) from C:\WINNT\msnchecke2.exe
Success Clean [ TROJ_CRYPT.AA]( 1) from C:\WINNT\msnchecke8.exe
19957 files have been read.
19957 files have been checked.
16628 files have been scanned.
19768 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 18:54:37 10 minutes 32 seconds (632.13 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 18:54:37, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 18:44:00
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 993 (114949 Patterns) (2005/12/08) (299300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
19957 files have been read.
19957 files have been checked.
16628 files have been scanned.
19768 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 18:54:37 10 minutes 32 seconds (632.13 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 18:54:38, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
3. McAfee:
Virus Scan Results
--------------------------------------------------------------------------------
12/09/2005 19:02:08
Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /MIME /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"
Scanning C: [C]
Scanning C:\*.*
C:\WINNT\system32\dhcp\csrss.exe ... Found the W32/Sdbot.worm.gen virus !!!
The file or process has been deleted.
C:\WINNT\system32\i ... Found the W32/Sdbot.worm!ftp virus !!!
The file or process has been deleted.
Summary report on C:\*.*
File(s)
Total files: ........... 97520
Clean: ................. 97462
Possibly Infected: ..... 2
Cleaned: ............... 0
Deleted: ............... 2
Non-critical Error(s): 3
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Time: 00:55.50
4. Kaspersky (nur Ausschnitte)
c:\MS10D6~1.EXE infected: Packed.Win32.CryptExe
c:\MS10D6~1.EXE deleted: Packed.Win32.CryptExe
c:\MS10DA~1.EXE infected: Packed.Win32.CryptExe
c:\MS10DA~1.EXE deleted: Packed.Win32.CryptExe
c:\MS20DA~1.EXE infected: Packed.Win32.CryptExe
c:\MS20DA~1.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~1.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~1.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~2.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~2.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~3.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~3.EXE deleted: Packed.Win32.CryptExe
c:\MSNCHE~4.EXE infected: Packed.Win32.CryptExe
c:\MSNCHE~4.EXE deleted: Packed.Win32.CryptExe
c:\MIRC\MIRC.EXE infected: not-a-virus:Client-IRC.Win32.mIRC.616
c:\MIRC\MIRC.EXE deleted: not-a-virus:Client-IRC.Win32.mIRC.616
c:\MIRC\DOWNLOAD\MOORHU~1.ZIP/fmod.dll packed: PE_Patch
c:\MIRC\DOWNLOAD\MOORHU~1.ZIP/fmod.dll corrupted.
c:\WINNT\MS00DE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS00DE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MS10DA~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS10DA~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MS10DE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS10DE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MS20DE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MS20DE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~1.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~2.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~2.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~3.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~3.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~4.EXE infected: Packed.Win32.CryptExe
c:\WINNT\MSNCHE~4.EXE deleted: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\BLAH32.COM infected: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\BLAH32.COM deleted: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\MSNCHE~1.EXE infected: Packed.Win32.CryptExe
c:\WINNT\SYSTEM32\MSSIGN32.DLL archive: Mail
c:\WINNT\SYSTEM32\NLSFUNC.EXE packed: ExePack
c:\WINNT\SYSTEM32\PARAMS.EXE infected: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\PARAMS.EXE deleted: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\SCOOBY.EXE infected: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\SCOOBY.EXE deleted: Backdoor.Win32.IRCBot.ih
c:\WINNT\SYSTEM32\UPD8.PIF infected: Backdoor.Win32.SdBot.aiw
c:\WINNT\SYSTEM32\UPD8.PIF deleted: Backdoor.Win32.SdBot.aiw
Current object: c:\
Sector Objects : 0 Known viruses : 4
Files : 98254 Virus bodies : 22
Folders : 1332 Disinfected : 0
Archives : 5706 Deleted : 20
Packed : 54 Warnings : 0
Suspicious : 1
Scan speed (Kb/sec) : 0 Corrupted : 1
Scan time : 02:09:14 I/O Errors : 0
Scan process completed.
Result for all objects:
Sector Objects : 0 Known viruses : 4
Files : 98254 Virus bodies : 22
Folders : 1332 Disinfected : 0
Archives : 5706 Deleted : 20
Packed : 54 Warnings : 0
Suspicious : 1
Scan speed (Kb/sec) : 343 Corrupted : 1
Scan time : 02:09:15 I/O Errors : 0
Weiters hat AVG noch ein Trojan Horse BackDoor.Generic.RLQ on C:\WINNT\system32\.exe gefunden und geheilt.
Wär echt super, wenn Ihr mir helfen könntet, ich bau ja uf Euch... *lächel*
LG,
die Oberwabn
- Oberwabn
- Beiträge: 43
- Registriert: 23.10.2004, 17:58
- Wohnort: Wien
von Oberwabn am 10.12.2005, 12:00
Ich bin's nochmal... hab jetzt auch mit dem guisass oder wie das AntiSasser Programm heisst gescannt, der hat aber nix gefunden. Hier noch das HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:45:29, on 10.12.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\aon\AONMES~1\aonMessageCenter.exe
C:\Programme\aon\aonUpdate\aonUpdate.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\12Ghosts\12popup.exe
C:\Programme\Microsoft Office\Office\1031\msoffice.exe
c:\winnt\system32\Lavan\KAHOL.exe
C:\Sabine\HijckThis\HijackThis.exe
C:\WINNT\system32\msnchecker.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.aon.at
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;<local>
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Programme\12Ghosts\12popup.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Programme\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [1aonmessagecenter] C:\PROGRA~1\aon\AONMES~1\aonMessageCenter.exe
O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\Run: [System Loader] 2\BLAH32.COM
O4 - HKLM\..\Run: [Updt Service] updt.pif
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [Updt Service] updt.pif
O4 - HKCU\..\Run: [aonUpdate] C:\Programme\aon\aonUpdate\aonUpdate.exe /tray
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Programme\12Ghosts\12popup.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4140915066
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AE17FB2-C19E-426C-B533-DE17EBAA9C89}: NameServer = 195.3.96.67,195.3.96.68
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Wär echt toll, wenn Ihr mir helfen könntet....
Logfile of HijackThis v1.99.1
Scan saved at 10:45:29, on 10.12.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\aon\AONMES~1\aonMessageCenter.exe
C:\Programme\aon\aonUpdate\aonUpdate.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\12Ghosts\12popup.exe
C:\Programme\Microsoft Office\Office\1031\msoffice.exe
c:\winnt\system32\Lavan\KAHOL.exe
C:\Sabine\HijckThis\HijackThis.exe
C:\WINNT\system32\msnchecker.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.aon.at
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;<local>
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Programme\12Ghosts\12popup.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Programme\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [1aonmessagecenter] C:\PROGRA~1\aon\AONMES~1\aonMessageCenter.exe
O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\Run: [System Loader] 2\BLAH32.COM
O4 - HKLM\..\Run: [Updt Service] updt.pif
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [Updt Service] updt.pif
O4 - HKCU\..\Run: [aonUpdate] C:\Programme\aon\aonUpdate\aonUpdate.exe /tray
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Programme\12Ghosts\12popup.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4140915066
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AE17FB2-C19E-426C-B533-DE17EBAA9C89}: NameServer = 195.3.96.67,195.3.96.68
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Wär echt toll, wenn Ihr mir helfen könntet....
- Oberwabn
- Beiträge: 43
- Registriert: 23.10.2004, 17:58
- Wohnort: Wien
von Holy Marcell am 10.12.2005, 14:17
Nun, du bist bis hintengegen verseucht. Ich würde dir dringenstens raten zu formatieren:
http://www.informationsarchiv.net/foren ... 43645.html
Infos:
http://virus-protect.net/kompsystem.html
http://virus-protect.net/nachneuinst.html
http://www.informationsarchiv.net/foren ... 43645.html
Infos:
http://virus-protect.net/kompsystem.html
http://virus-protect.net/nachneuinst.html
- Holy Marcell
von Oberwabn am 10.12.2005, 14:25
Der PC ist sowieso eine Schrottkiste, XP tät der nicht packen. Müsste 2000 neu installieren, aber gibt's keine andere Möglichkeit? Ich will ja erstmal einfach nur das ständige Runterfahren abstellen.... *schluchz*
Danke jedenfalls Holy.....
Danke jedenfalls Holy.....
- Oberwabn
- Beiträge: 43
- Registriert: 23.10.2004, 17:58
- Wohnort: Wien
von Holy Marcell am 10.12.2005, 14:26
Nun, mit der Win2000-CD klappt das ähnlich. Ich würde dir Formatieren wirklic nahelegen.
- Holy Marcell
5 Beiträge • Seite 1 von 1
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste