Power Scan, etc. - Wie loswerden

25.06.2004, 15:12

Sabina

Ehrenmitglied

Beiträge: 29434

#16 Deaktiviere noch mal die Wiederherstellung

DU hast zwar den Wurm Nr. A, schaue dennoch mal kurz bei der B-Variante vorbei

1. Press Ctrl+Alt+Delete once.
2. Click Task Manager.
3. Click the Processes tab.
4. Double-click the Image Name column header to alphabetically sort the processes.
5. Scroll through the list and look for Ts.exe.
6. If you find the file, click it, and then click End Process.
7. Exit the Task Manager.

Finding and stopping the service (Windows NT/2000/XP)

1. Click Start, and then click Run.
2. Type services.msc, and then click OK.
3. Locate and select the service, "Query Service."
4. Click Action, and then click Properties.
5. Click Stop.
6. Change Startup Type to Manual.
7. Click OK and close the Services window.
8. Restart the computer

http://www.sarc.com/avcenter/venc/data/bat.mumu.b.worm.html

Findest du etwas davon ??

#scanne mit dem Removal fuer die A-Variante im abgesicherten Modus.
http://www.sarc.com/avcenter/venc/data/bat.mumu.a.worm.removal.tool.html

#Loesche alle Temp.Folder

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 25.06.2004 um 15:22 Uhr von Sabina editiert.

25.06.2004, 16:03

falk

Member

Themenstarter

Beiträge: 16

#17 Hallo Nochmal, habe eben meinen Post auf Seite 1 upgedated mit dem mwav log.

Wiederherstellung ist aus, soll ich die an und aus machen?? Denke Du meintest das ich sie wieder ausschalten sollte. Habe ich aber seit gestern komplett deaktiviert und dies auch nicht rückgängig gemacht.

Nach den Prozessen oben habe ich gesucht, aber nichts gefunden, die Dienste sind auch soweit sauber. Scannen im agesicherten Modus werde ich dann jetzt gleich.

Gruß Falk

//Edit//

Der Symatec findet auch im abesicherten Modus keinen Wurm!

Dieser Beitrag wurde am 25.06.2004 um 17:56 Uhr von falk editiert.

26.06.2004, 01:22

Sabina

Ehrenmitglied

Beiträge: 29434

#18 Aktiviere die Wiederherstellung erst, wenn alles sauber ist.
MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

09.07.2004, 12:07

falk

Member

Themenstarter

Beiträge: 16

#19 Hallo Sabrina, bin wieder da!

Hier nochmal der letzte Logfile:

Mwav log in Teilen:

Fri Jun 25 14:23:16 2004 => **********************************************************
Fri Jun 25 14:23:16 2004 => eScan AntiVirus Toolkit Utility.
Fri Jun 25 14:23:16 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Jun 25 14:23:16 2004 =>
Fri Jun 25 14:23:16 2004 => Support: support@mwti.net
Fri Jun 25 14:23:16 2004 => Web: http://www.mwti.net
Fri Jun 25 14:23:16 2004 => **********************************************************
Fri Jun 25 14:23:16 2004 => Version 4.2.4
Fri Jun 25 14:23:16 2004 => Log File: C:\DOKUME~1\dsp\LOKALE~1\Temp\mwav.log
Fri Jun 25 14:23:16 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.

Fri Jun 25 14:23:16 2004 => Options Selected by User:
Fri Jun 25 14:23:16 2004 => Memory Check: Enabled
Fri Jun 25 14:23:16 2004 => Registry Check: Enabled
Fri Jun 25 14:23:16 2004 => StartUp Folder Check: Enabled
Fri Jun 25 14:23:16 2004 => System Folder Check: Enabled
Fri Jun 25 14:23:16 2004 => System Area Check: Disabled
Fri Jun 25 14:23:16 2004 => Services Check: Enabled
Fri Jun 25 14:23:16 2004 => Drive Check: Enabled
Fri Jun 25 14:23:16 2004 => All Drive Check isabled
Fri Jun 25 14:23:16 2004 => Scanning Type: Scan And Clean
Fri Jun 25 14:23:16 2004 => Drive Selected = C:\
Fri Jun 25 14:23:16 2004 => Folder Check: Disabled

Fri Jun 25 14:23:16 2004 => ***** Scanning Memory Files *****
Fri Jun 25 14:23:16 2004 => Scanning File C:\WINDOWS\system32\services.exe
Fri Jun 25 14:23:16 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Jun 25 14:23:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Jun 25 14:23:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Jun 25 14:23:16 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Fri Jun 25 14:23:16 2004 => Scanning File C:\WINDOWS\SOUNDMAN.EXE
Fri Jun 25 14:23:17 2004 => Scanning File C:\Programme\AVPersonal\AVGNT.EXE
Fri Jun 25 14:23:17 2004 => Scanning File C:\PROGRA~1\MOTHER~1\MBM5.EXE
Fri Jun 25 14:23:17 2004 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE
Fri Jun 25 14:23:17 2004 => Scanning File C:\PROGRA~1\SPYBOT~1\TeaTimer.exe
Fri Jun 25 14:23:17 2004 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE
Fri Jun 25 14:23:18 2004 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Fri Jun 25 14:23:18 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Jun 25 14:23:18 2004 => Scanning File C:\Programme\IMONC\Imonc.exe
Fri Jun 25 14:23:18 2004 => Scanning File C:\Programme\Opera7\opera.exe
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\explorer.exe
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\System32\taskmgr.exe
Fri Jun 25 14:23:19 2004 => Scanning File C:\DOKUME~1\dsp\LOKALE~1\Temp\mwavscan.com
Fri Jun 25 14:23:19 2004 => Scanning File C:\DOKUME~1\dsp\LOKALE~1\Temp\kavss.exe

Fri Jun 25 14:23:19 2004 => ***** Scanning Registry Files *****
Fri Jun 25 14:23:19 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\Explorer.exe
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Fri Jun 25 14:23:19 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\SOUNDMAN.EXE
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE
Fri Jun 25 14:23:19 2004 => Scanning File C:\WINDOWS\system32\nwiz.exe
Fri Jun 25 14:23:19 2004 => Scanning File C:\Programme\AVPersonal\AVGNT.EXE
Fri Jun 25 14:23:19 2004 => Scanning File C:\PROGRA~1\MOTHER~1\MBM5.EXE
Fri Jun 25 14:23:20 2004 => Scanning File C:\WINDOWS\System32\PSDrvCheck.exe
Fri Jun 25 14:23:20 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Fri Jun 25 14:23:20 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Fri Jun 25 14:23:20 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Fri Jun 25 14:23:20 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Jun 25 14:23:20 2004 => Scanning File C:\Programme\IMONC\Imonc.exe
Fri Jun 25 14:23:20 2004 => Scanning File C:\PROGRA~1\SPYBOT~1\TeaTimer.exe
Fri Jun 25 14:23:20 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Fri Jun 25 14:23:20 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Fri Jun 25 14:23:20 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Fri Jun 25 14:23:20 2004 => Scanning HKCR\txtfile\shell\open\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\comfile\shell\open\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\exefile\shell\open\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\dllfile\shell\open\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\batfile\shell\open\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\piffile\shell\open\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\scrfile\shell\open\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\scrfile\shell\config\command
Fri Jun 25 14:23:20 2004 => Scanning HKCR\regfile\shell\open\command

Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bs3.dll
Fri Jun 25 14:23:54 2004 => File C:\WINDOWS\bs3.dll tagged as not-a-virus:AdvWare.BookedSpace.a. No Action Taken.

Fri Jun 25 14:23:54 2004 => Scanning Folder: C:\WINDOWS\bsx32\*.*
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ADBN1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ADVC2.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ADVC3.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ADVC4.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ADVC5.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ADVCTX2.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ASIWS1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ASIWS2.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\ASIWS3.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\AUTOS1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\BID1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\BingoRoom1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CARD2.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CARS1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CARS2.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CARS3.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CAS1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CASH1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CASH2.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\CCS1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\DATE3.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\DEBT1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\DEEPS1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\DENT1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\DRUG1.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\DRUG3.bsx
Fri Jun 25 14:23:54 2004 => Scanning File C:\WINDOWS\bsx32\EBAD1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\EBAY1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\EBYA1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\EBYA2.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\EDU1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\EML1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\EXPE1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\EXPE2.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FAM1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FAST1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FINC1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FINC3.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FINC4.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FindRomance1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FLWR1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\FMND1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\GIFT1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HEAL1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HEAL2.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HEAL3.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HEAL4.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HEBE1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HERBS1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HGH1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HGH2.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HOGAR1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HOMES1.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HOMES2.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\HOMES3.bsx
Fri Jun 25 14:23:55 2004 => Scanning File C:\WINDOWS\bsx32\INK1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\INSUR1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\INSUR3.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\INSUR4.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\JOBS2.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\JOBS3.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\KanFinance1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\KanFinance3.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\MORT1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\MORT2.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\MOVS1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\NEWS1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\OPPR2.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\OPPS1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\PEEL4.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\PENIS1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\PENIS2.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\RAM1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\SHOP1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\Singles1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\SLC1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\SPORT1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\SPZ1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\SPZ3.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\TECH1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\TMP1.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\TRVL2.bsx
Fri Jun 25 14:23:56 2004 => Scanning File C:\WINDOWS\bsx32\TV1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\Useful1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\UTN1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\UTONE1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\VENUE1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\WIRE1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\WOMEN1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\WSMSI2.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\WWW1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\XCHG1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\XTFL1.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32\XTFL2.bsx
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx32.ini
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\bsx5.dll
Fri Jun 25 14:23:57 2004 => File C:\WINDOWS\bsx5.dll tagged as not-a-virus:AdvWare.BookedSpace.b. No Action Taken.

Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\cdplayer.ini
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\clock.avi
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\cnwrqpwn.exe
Fri Jun 25 14:23:57 2004 => File C:\WINDOWS\cnwrqpwn.exe tagged as not-a-virus:AdvWare.180Solutions. No Action Taken.

Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\comsetup.log
Fri Jun 25 14:23:57 2004 => Scanning Folder: C:\WINDOWS\Config\*.*
Fri Jun 25 14:23:57 2004 => Scanning Folder: C:\WINDOWS\Connection Wizard\*.*
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\control.ini [**]
Fri Jun 25 14:23:57 2004 => Scanning Folder: C:\WINDOWS\Cursors\*.*
Fri Jun 25 14:23:57 2004 => Scanning File C:\WINDOWS\Cursors\3dgarro.cur

Fri Jun 25 15:38:56 2004 => Scanning Folder: C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\*.*
Fri Jun 25 15:38:56 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc1.dll
Fri Jun 25 15:38:56 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc2.dll
Fri Jun 25 15:38:56 2004 => Scanning Folder: C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc3\*.*
Fri Jun 25 15:38:56 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc4.exe
Fri Jun 25 15:38:57 2004 => File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc4.exe tagged as not-a-virus:AdvWare.NavExcel. No Action Taken.

Fri Jun 25 15:38:57 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc5.exe
Fri Jun 25 15:38:58 2004 => File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc5.exe tagged as not-a-virus:AdvWare.BookedSpace.a. No Action Taken.

Fri Jun 25 15:38:58 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc6.exe
Fri Jun 25 15:38:58 2004 => File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc6.exe tagged as not-a-virus:AdvWare.PowerScan.b. No Action Taken.

Fri Jun 25 15:38:58 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc7.exe
Fri Jun 25 15:38:58 2004 => File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\Dc7.exe tagged as not-a-virus:AdvWare.TotalVelocity.g. No Action Taken.

Fri Jun 25 15:38:58 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\desktop.ini
Fri Jun 25 15:38:58 2004 => Scanning File C:\RECYCLER\S-1-5-21-725345543-920026266-1343024091-1004\INFO2
Fri Jun 25 15:38:58 2004 => Scanning File C:\Setup.log
Fri Jun 25 15:38:58 2004 => Scanning Folder: C:\System Volume Information\*.*
Fri Jun 25 15:38:58 2004 => ERROR!!! FindFirstFile For C:\System Volume Information\*.* Failed!!! Reason is Zugriff verweigert (0x5)
Fri Jun 25 15:38:58 2004 => Scanning File C:\vlist.log
Fri Jun 25 15:38:58 2004 => Scanning Folder: C:\WUTemp\*.*

Fri Jun 25 15:38:58 2004 => ***** Checking for specific ITW Viruses *****
Fri Jun 25 15:38:58 2004 => Checking for Welchia Virus...
Fri Jun 25 15:38:58 2004 => Checking for LovGate Virus...
Fri Jun 25 15:38:58 2004 => Checking for CodeRed Virus...
Fri Jun 25 15:38:58 2004 => Checking for OpaServ Virus...
Fri Jun 25 15:38:58 2004 => Checking for Sobig.e Virus...
Fri Jun 25 15:38:58 2004 => Checking for Winupie Virus...
Fri Jun 25 15:38:58 2004 => Checking for Swen Virus...
Fri Jun 25 15:38:58 2004 => Checking for JS.Fortnight Virus...
Fri Jun 25 15:38:58 2004 => Checking for Novarg Virus...

Fri Jun 25 15:38:58 2004 => ***** Scanning complete. *****

Fri Jun 25 15:38:58 2004 => Total Number of Files Scanned: 106118
Fri Jun 25 15:38:58 2004 => Total Number of Virus(es) Found: 9
Fri Jun 25 15:38:58 2004 => Total Number of Disinfected Files: 0
Fri Jun 25 15:38:58 2004 => Total Number of Files Renamed: 0
Fri Jun 25 15:38:58 2004 => Total Number of Deleted Files: 0
Fri Jun 25 15:38:58 2004 => Total Number of Errors: 1
Fri Jun 25 15:38:58 2004 => Time Elapsed: 01:15:31
Fri Jun 25 15:38:58 2004 => Virus Database Date: 2004/06/20
Fri Jun 25 15:38:58 2004 => Virus Database Count: 95240

Fri Jun 25 15:38:58 2004 => Scan Completed.

------------------------

Wie gesagt, nach dem Mumu habe ich gesucht, aber nichts gefunden

----------------------

Der Xoft Spy sagt mir noch folgendes:

Starting Scanning (Smart Scan Mode)
Scanning running processes.
1) : C:\Programme\XoftSpy\XoftSpy.exe
2) : System
3) : smss.exe
4) : csrss.exe
5) : winlogon.exe
6) : services.exe

12) : C:\WINDOWS\Explorer.EXE
13) : spoolsv.exe
14) : C:\WINDOWS\SOUNDMAN.EXE
15) : C:\Programme\AVPersonal\AVGNT.EXE
16) : C:\Programme\Motherboard Monitor 5\MBM5.EXE
17) : C:\Programme\IMONC\Imonc.exe
18) : C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
19) : AVGUARD.EXE
20) : AVWUPSRV.EXE

26) : nvsvc32.exe
27) : svchost.exe
28) : LcSvrAuf.exe
29) : C:\Programme\Opera7\opera.exe
30) : C:\Programme\XoftSpy\XoftSpy.exe
1) MainPean Dialer
Name: Software\Freeware
Type: Registry Key
2) Winpup32
Name: Interface\{48E59291-9880-11CF-9754-00AA00C00908}
Type: Registry Key
3) Winpup32
Name: Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Type: Registry Key
4) Bat/Mumu-A
Name: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiz
Type: Registry Value
Scan Finished

Noch ein paar Tipps, bitte!

Systemwiederherstellung ist nach wie vor aus!

09.07.2004, 12:36

Sabina

Ehrenmitglied

Beiträge: 29434

#20 Hallo Falk

1.)Als erstes loeschst du alles, was im Papierkorb ist.

2.)
Lade AdAware free und scanne alle Datein<
http://www.lavasoft.de/support/download/

Lade Spybot und scanne
http://www.safer-networking.org/de/download/index.html

konfiguriere den Antivirus
<Heuristic :hoch
<alle Dateien scannen
<bei Fund loesche

Dann gehe in den abgesicherten Modus
http://www.bsi.de/av/texte/winsave.htm

und mache einen Vollscann mit dem Antivirus

Dann loesche unter <InternetOptionen die Temporary InternetFiles und stelle eine Startseite ein.

Dann poste das Log noch mal.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 09.07.2004 um 12:38 Uhr von Sabina editiert.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2