Habe immer wieder Virenwarnung in C:\WINDOWS\system32\xdatxzap.zxp |
||
---|---|---|
#0
| ||
10.12.2005, 10:39
Member
Beiträge: 20 |
||
|
||
10.12.2005, 10:59
Moderator
Beiträge: 7805 |
#2
Das scheint ein Zip Archiv zu sein. Was meldet KAV fuer eine Malware darin?
Sonst kannst du auch die von datfind.bat erzeugten logfiles hier posten. http://virus-protect.org/datfindbat.html __________ MfG Ralf SEO-Spam Hunter |
|
|
||
10.12.2005, 11:13
Member
Themenstarter Beiträge: 20 |
#3
Hallo Ralf,
hier der erste Teil von datfind.bat! Reicht das aus oder soll ich die ellenlange Liste posten??? Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3C6F-6CCA Verzeichnis von C:\WINDOWS\system32 09.12.2005 14:35 2.206 wpa.dbl 06.12.2005 01:41 4 fsdbcrpt.kar.{fbdfea4c-c65a-477f-864c-f28667e6277a} 06.12.2005 01:41 4 msdbcrpt.kar.{fbdfea4c-c65a-477f-864c-f28667e6277a} 03.12.2005 01:15 183 imon1.dat 30.10.2005 10:15 380.486 perfh009.dat 30.10.2005 10:15 52.900 perfc009.dat 30.10.2005 10:15 391.330 perfh007.dat 30.10.2005 10:15 63.778 perfc007.dat 30.10.2005 10:15 897.954 PerfStringBackup.INI 22.10.2005 02:18 302.621 SetupCarnival.exe 12.07.2005 18:04 520.456 LegitCheckControl.dll 12.07.2005 18:04 23.304 GWFSPidGen.dll 06.07.2005 16:13 499.712 msvcp71.dll 28.06.2005 19:57 157.698 mscmcde.dll 05.06.2005 13:24 16.832 amcompat.tlb 05.06.2005 13:24 23.392 nscompat.tlb 27.05.2005 00:11 2.535 qtplugin.log 26.05.2005 04:19 173.536 wuweb.dll |
|
|
||
10.12.2005, 12:16
Moderator
Beiträge: 7805 |
#4
Hm, dann muessen wir es etwas anders machen.Lade dir loacate.com von hier herunter:
http://castlecops.com/modules/Forums/attachments/locate_720.zip entpacke es in einen extra Ordner, starte von dort die locate.bat, dadurch wird eine report.txt in dem Ordner erstellt. Poste den Inhalt dieser TXT Datei hier. BTW: Was meldet KAV nocheinmal fuer einen Schaedling in der Datei? __________ MfG Ralf SEO-Spam Hunter |
|
|
||
10.12.2005, 13:42
Member
Themenstarter Beiträge: 20 |
#5
Hallo Ralf,
ich habe das gemacht wie Du gesagt hast, aber die Textdatei ist ganz merkwürdig, sie wiederholt ständig dasselbe??? C:\Dokumente und Einstellungen\bho\Eigene Dateien\Datenbanken\Privat\locate>LOCATE c:\windows\system32\* /D- /D:T-90 /NR 1>>report.txt sonst nichts.... habe ich was falsch gemacht??? Die Kaspersky Virenwarnung war: C:\WINDOWS\system32\xdatxzap.zxp und auch C:\WINDOWS\system32\xdatxzap.zxp\p-zipped_file_data pif Binn für jede Hilfe Dankbar!!! Gruß Birgit Hallo, das schmeist mir Spybot raus... kann man damit vielleicht etwas anfangen??? Windows.System: Einstellungen (Registrierungsdatenbank-Änderung, nothing done) HKEY_USERS\S-1-5-21-789336058-1682526488-1060284298-1006\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage!=W=0 Windows.System: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, nothing done) HKEY_USERS\S-1-5-21-789336058-1682526488-1060284298-1006\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage!=W=0 DoubleClick: Verfolgender Cookie (Internet Explorer: bho) (Cookie, nothing done) Dieser Beitrag wurde am 11.12.2005 um 14:49 Uhr von maju editiert.
|
|
|
||
11.12.2005, 14:55
Ehrenmitglied
Beiträge: 29434 |
#6
Zitat 03.12.2005 01:15 183 imon1.datdas sollte ueberprueft werden Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\imon1.dat C:\WINDOWS\system32\SetupCarnival.exe C:\WINDOWS\system32\xdatxzap.zxp ------------------------------------------------------------------------------------ und die datfindbat hat 4 Textdateien, nicht nur eine http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.12.2005, 15:57
Member
Themenstarter Beiträge: 20 |
#7
Hallo Sabina,
hier die Ergebnisse von virustotal, ich hoffe, das ich das richtig gemacht habe... 1. Scan: This is a report processed by VirusTotal on 12/11/2005 at 15:33:28 (CET) after scanning the file "imon1.dat" file. Antivirus Version Update Result AntiVir 6.33.0.61 12.09.2005 no virus found Avast 4.6.695.0 12.10.2005 no virus found AVG 718 12.08.2005 no virus found Avira 6.33.0.61 12.09.2005 no virus found BitDefender 7.2 12.11.2005 no virus found CAT-QuickHeal 8.00 12.09.2005 no virus found ClamAV devel-20051108 12.09.2005 no virus found DrWeb 4.33 12.11.2005 no virus found eTrust-Iris 7.1.194.0 12.11.2005 no virus found eTrust-Vet 11.9.1.0 12.09.2005 no virus found Fortinet 2.54.0.0 12.10.2005 no virus found F-Prot 3.16c 12.09.2005 no virus found Ikarus 0.2.59.0 12.11.2005 no virus found Kaspersky 4.0.2.24 12.11.2005 no virus found McAfee 4647 12.09.2005 no virus found NOD32v2 1.1317 12.09.2005 no virus found Norman 5.70.10 12.09.2005 no virus found Panda 8.02.00 12.11.2005 no virus found Sophos 4.00.0 12.10.2005 no virus found Symantec 8.0 12.11.2005 no virus found TheHacker 5.9.1.052 12.09.2005 no virus found VBA32 3.10.5 12.10.2005 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. 2.Scan: This is a report processed by VirusTotal on 12/11/2005 at 15:40:07 (CET) after scanning the file "SetupCarnival.exe" file. Antivirus Version Update Result AntiVir 6.33.0.61 12.09.2005 no virus found Avast 4.6.695.0 12.10.2005 no virus found AVG 718 12.08.2005 no virus found Avira 6.33.0.61 12.09.2005 no virus found BitDefender 7.2 12.11.2005 no virus found CAT-QuickHeal 8.00 12.09.2005 no virus found ClamAV devel-20051108 12.09.2005 no virus found DrWeb 4.33 12.11.2005 no virus found eTrust-Iris 7.1.194.0 12.11.2005 no virus found eTrust-Vet 11.9.1.0 12.09.2005 no virus found Fortinet 2.54.0.0 12.10.2005 suspicious F-Prot 3.16c 12.09.2005 no virus found Kaspersky 4.0.2.24 12.11.2005 no virus found McAfee 4647 12.09.2005 no virus found NOD32v2 1.1317 12.09.2005 no virus found Norman 5.70.10 12.09.2005 no virus found Panda 8.02.00 12.11.2005 no virus found Sophos 4.00.0 12.10.2005 no virus found Symantec 8.0 12.11.2005 no virus found TheHacker 5.9.1.052 12.09.2005 no virus found VBA32 3.10.5 12.10.2005 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Scan3: This is a report processed by VirusTotal on 12/11/2005 at 15:46:19 (CET) after scanning the file "xdatxzap.zxp" file. Antivirus Version Update Result AntiVir 6.33.0.61 12.09.2005 Worm/Sober.G Avast 4.6.695.0 12.10.2005 no virus found AVG 718 12.08.2005 no virus found Avira 6.33.0.61 12.09.2005 no virus found BitDefender 7.2 12.11.2005 Win32.Sober.G@mm CAT-QuickHeal 8.00 12.09.2005 no virus found ClamAV devel-20051108 12.09.2005 no virus found DrWeb 4.33 12.11.2005 no virus found eTrust-Iris 7.1.194.0 12.11.2005 no virus found eTrust-Vet 11.9.1.0 12.09.2005 no virus found Fortinet 2.54.0.0 12.10.2005 W32/Sober.G-mm F-Prot 3.16c 12.09.2005 W32/Sober.G@mm Ikarus 0.2.59.0 12.11.2005 no virus found Kaspersky 4.0.2.24 12.11.2005 Email-Worm.Win32.Sober.g McAfee 4647 12.09.2005 W32/Sober.g@MM!zip NOD32v2 1.1317 12.09.2005 no virus found Norman 5.70.10 12.09.2005 no virus found Panda 8.02.00 12.11.2005 no virus found Sophos 4.00.0 12.10.2005 no virus found Symantec 8.0 12.11.2005 no virus found TheHacker 5.9.1.052 12.09.2005 no virus found VBA32 3.10.5 12.10.2005 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Die 4 Datfindbat Textdateien sind sooo lang, die bekomme ich hier gar nicht alle gepostet!? Dieser Beitrag wurde am 11.12.2005 um 16:04 Uhr von maju editiert.
|
|
|
||
11.12.2005, 17:38
Moderator
Beiträge: 7805 |
#8
Dafuer ist die locate.com. Die musst du nur nach c:\temp entpacken und von da starten. Da es eine alte Dosversion ist, kommt sie nicht damit klar, wenn sie aus einem Ordner mit langem Dateinamen gestartet wird( die Verschahtelung der Ordner ist auch etwas gross)
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
11.12.2005, 17:54
Member
Themenstarter Beiträge: 20 |
#9
Hallo Ralf,
hier die Textdatei: C:\WINDOWS\SYSTEM32\ abg.dat Sun Jan 16 2005 12:48:42p A.... 11 0.01 K browseui.dll Tue Dec 7 2004 5:41:16p A.... 1,017,856 994.00 K cblatcq.dll Sun Jan 16 2005 11:58:26a ..SH. 2,014 1.96 K cdfview.dll Tue Dec 7 2004 5:43:02p A.... 143,360 140.00 K comdlg32.oca Sun Feb 20 2005 10:47:56p A.... 35,840 35.00 K cws.txt Fri Feb 25 2005 9:19:12a A.... 222,750 217.53 K e1.txt Fri Feb 25 2005 9:50:32a A.... 111,422 108.81 K fntcache.dat Thu Jan 13 2005 6:58:48p A.... 209,696 204.78 K hashlib.dll Thu Feb 10 2005 10:32:18p A.... 81,120 79.22 K hhctrl.ocx Thu Dec 2 2004 1:15:00p A.... 512,512 500.50 K ide21201.vxd Sun Jan 30 2005 6:51:00a A.... 4,720 4.61 K iepeers.dll Tue Dec 7 2004 11:51:58a A.... 236,032 230.50 K imon1.dat Thu Jan 13 2005 6:57:48p A.... 92 0.09 K java.exe Mon Dec 6 2004 8:04:12p A.... 49,248 48.09 K javaw.exe Mon Dec 6 2004 8:04:20p A.... 49,250 48.09 K javaws.exe Mon Dec 6 2004 9:31:50p A.... 127,078 124.10 K jpicpl32.cpl Mon Dec 6 2004 9:31:48p A.... 49,265 48.11 K mapisvc.inf Wed Jan 19 2005 8:07:08p A.... 12 0.01 K mmf.sys Tue Mar 1 2005 1:38:34p A.SH. 769 0.75 K mscomctl.oca Sun Feb 20 2005 10:47:56p A.... 265,728 259.50 K mshtml.dll Thu Jan 27 2005 3:35:12p A.... 2,806,272 2.68 M ole32.dll Thu Jan 13 2005 11:33:52p A.... 1,258,496 1.20 M olecli32.dll Thu Jan 13 2005 11:33:52p A.... 68,608 67.00 K olecnv32.dll Thu Jan 13 2005 11:33:52p A.... 35,328 34.50 K pav.sig Wed Feb 16 2005 10:45:44a A.... 8,471,343 8.08 M perfc009.dat Tue Mar 1 2005 4:33:06p A.... 63,108 61.63 K perfh009.dat Tue Mar 1 2005 4:33:06p A.... 402,578 393.14 K perfst~1.ini Fri Feb 25 2005 4:46:10p A.... 477,662 466.46 K regabg.dat Sun Jan 16 2005 12:48:42p A.... 11 0.01 K richtx32.oca Wed Feb 23 2005 12:02:22p A.... 64,000 62.50 K richtx32.ocx Thu Feb 10 2005 10:03:26p A.... 212,240 207.27 K rmsmrt.dat Sun Jan 16 2005 12:48:42p A.... 11 0.01 K rpcss.dll Thu Jan 13 2005 11:33:52p A.... 284,672 278.00 K shdocvw.dll Tue Dec 7 2004 5:34:48p A.... 1,337,344 1.27 M shell32.dll Tue Dec 21 2004 2:55:12p A.... 8,443,904 8.05 M shlwapi.dll Tue Dec 7 2004 6:11:50p A.... 402,432 393.00 K srvsvc.dll Tue Dec 7 2004 1:34:38p A.... 79,872 78.00 K urlmon.dll Tue Dec 7 2004 4:37:46p A.... 495,104 483.50 K user32.dll Tue Dec 28 2004 7:31:44p A.... 574,464 561.00 K wininet.dll Tue Dec 7 2004 4:37:02p A.... 590,336 576.50 K wpa.dbl Tue Mar 1 2005 12:12:44p A.... 13,646 13.32 K 41 items found: 41 files (2 H/S), 0 directories. Total of file sizes: 29,200,206 bytes 27.84 M C:\WINDOWS\ 0.log Tue Mar 1 2005 1:38:54p A.... 0 0.00 K aiepr.ini Tue Dec 28 2004 11:46:42p A.... 943 0.92 K aimpr.ini Tue Dec 28 2004 11:14:00p A.... 115 0.11 K archpr.ini Tue Dec 28 2004 11:04:22p A.... 884 0.86 K atid.ini Wed Jan 26 2005 8:09:16p A.... 24 0.02 K bootstat.dat Tue Mar 1 2005 1:38:16p A.S.. 2,048 2.00 K cd Mon Feb 14 2005 6:30:00p A.... 0 0.00 K coffee~1.bmp Sun Feb 27 2005 3:16:00a A.... 17,632 17.22 K comsetup.log Mon Feb 28 2005 10:10:06a A.... 47,602 46.48 K cws.txt Fri Feb 25 2005 9:19:12a A.... 17,296 16.89 K e2.txt Fri Feb 25 2005 9:50:32a A.... 8,741 8.54 K ed.log Mon Feb 28 2005 7:31:28a A.... 235 0.23 K faxsetup.log Mon Feb 28 2005 10:10:06a A.... 140,720 137.42 K firefo~1.bmp Sun Jan 16 2005 2:47:34a A.... 12,822 12.52 K hosts Wed Dec 29 2004 11:34:42p A.... 686 0.67 K hotcore.log Mon Feb 28 2005 7:22:08a A.... 23 0.02 K iis6.log Mon Feb 28 2005 10:10:06a A.... 20,525 20.04 K imsins.bak Mon Feb 28 2005 10:09:56a A.... 1,374 1.34 K imsins.log Mon Feb 28 2005 10:10:06a A.... 1,374 1.34 K install.ini Wed Feb 16 2005 8:07:20a A.... 45 0.04 K kb820291.log Thu Feb 17 2005 8:51:22p A.... 11,060 10.80 K kb833407.log Mon Feb 28 2005 10:05:34a A.... 3,111 3.04 K kb840987.log Mon Feb 28 2005 10:05:58a A.... 8,636 8.43 K kb841356.log Mon Feb 28 2005 10:09:56a A.... 22,540 22.01 K kb871250.log Mon Feb 28 2005 10:06:16a A.... 8,556 8.36 K kb873333.log Mon Feb 28 2005 10:09:42a A.... 24,094 23.53 K kb885250.log Mon Feb 28 2005 10:10:06a A.... 27,147 26.51 K kb885835.log Mon Feb 28 2005 10:07:04a A.... 15,204 14.85 K kb885836.log Mon Feb 28 2005 10:06:06a A.... 10,288 10.05 K kb888113.log Mon Feb 28 2005 10:09:06a A.... 20,514 20.03 K kb888302.log Mon Feb 28 2005 10:08:16a A.... 14,997 14.64 K kb890047.log Mon Feb 28 2005 10:08:42a A.... 17,033 16.63 K kb890175.log Mon Feb 28 2005 10:06:36a A.... 11,290 11.02 K kb891711.log Mon Feb 28 2005 10:06:44a A.... 8,823 8.61 K kb891781.log Mon Feb 28 2005 10:08:46a A.... 16,918 16.52 K mdm.ini Sun Feb 20 2005 3:44:32a A.... 185 0.18 K mozver.dat Fri Dec 24 2004 8:55:46a A.... 13,306 12.99 K msgsocm.log Mon Feb 28 2005 10:10:06a A.... 7,727 7.54 K nerodi~1.ini Thu Feb 17 2005 11:17:06p A.... 49 0.05 K nsreg.dat Wed Jan 26 2005 8:14:04p A.... 335 0.32 K nsw.log Mon Feb 28 2005 1:27:42p A.... 418 0.41 K ocgen.log Mon Feb 28 2005 10:10:06a A.... 94,833 92.61 K ocmsn.log Mon Feb 28 2005 10:10:06a A.... 5,792 5.66 K odbc.ini Sun Feb 20 2005 3:44:22a A.... 636 0.62 K odbcinst.ini Sun Feb 20 2005 3:44:22a A.... 4,161 4.06 K pavsig.txt Wed Feb 16 2005 10:44:58a A.... 32 0.03 K popcinfo.dat Wed Dec 29 2004 4:02:02p A.... 29 0.03 K qtfont.for Sat Feb 19 2005 9:16:26p A.... 1,409 1.38 K qtfont.qfn Tue Feb 22 2005 3:19:50p A..H. 54,156 52.89 K regsvr32 Mon Feb 14 2005 6:30:08p A.... 0 0.00 K resetlog.txt Tue Feb 1 2005 7:38:16a A.... 3,755 3.66 K schedlgu.txt Tue Mar 1 2005 1:37:14p A.... 32,542 31.78 K setupact.log Sun Feb 20 2005 4:17:46p A.... 120 0.12 K setupapi.log Tue Mar 1 2005 4:34:00p A.... 268,247 261.96 K setuperr.log Sat Feb 12 2005 2:43:38p A.... 0 0.00 K soapbu~1.bmp Sun Feb 27 2005 3:16:00a A.... 66,548 64.99 K system.ini Sun Feb 27 2005 3:37:14p A.... 227 0.22 K system32.txt Fri Feb 25 2005 10:12:26a A.... 111,475 108.86 K thxcfg.ini Sun Feb 20 2005 2:16:40p A.... 32 0.03 K tsoc.log Mon Feb 28 2005 10:10:06a A.... 60,603 59.18 K vb.ini Sun Feb 20 2005 3:42:44a A.... 1,309 1.28 K vbaddin.ini Wed Feb 23 2005 12:02:00p A.... 133 0.13 K w32dasm8.ini Sun Feb 20 2005 5:45:48p A.... 265 0.26 K wiadebug.log Fri Jan 28 2005 6:41:40p A.... 216 0.21 K wiaservc.log Wed Jan 19 2005 9:04:04p ..... 49 0.05 K win.ini Sun Feb 27 2005 3:37:14p A.... 4,024 3.93 K winamp.ini Sun Feb 27 2005 5:30:02p A.... 1,125 1.10 K wmsetup.log Mon Feb 21 2005 3:04:04p A.... 4,882 4.77 K wplog.txt Fri Feb 18 2005 3:47:38p A.... 0 0.00 K 69 items found: 69 files (2 H/S), 0 directories. Total of file sizes: 1,231,920 bytes 1.17 M C:\DOCUME~1\DAVE\LOCALS~1\TEMP\ 1575.exe Mon Feb 28 2005 12:57:02p A.... 0 0.00 K 16612.exe Sun Feb 27 2005 3:00:52p A.... 5,632 5.50 K 41.exe Tue Mar 1 2005 11:57:10a A.... 14,848 14.50 K fccadd4f.tmp Wed Feb 23 2005 3:17:04p A.... 21 0.02 K imtfc.xml Mon Feb 28 2005 7:10:02a A.... 1,994 1.95 K imtfd.xml Mon Feb 28 2005 7:10:02a A.... 426 0.41 K imtfe.xml Mon Feb 28 2005 7:10:02a A.... 686,420 670.33 K jusched.log Mon Feb 28 2005 9:56:58a A.... 204 0.20 K kbdummy.0 Mon Feb 28 2005 8:04:56p A.... 56 0.05 K msiae542.log Sun Feb 27 2005 2:22:02a A.... 294 0.29 K netfxsl.log Mon Feb 28 2005 10:07:58a A.... 10,986 10.73 K vminst.log Tue Mar 1 2005 4:34:08p A.... 36,426 35.57 K ~76.tmp Sun Feb 27 2005 2:22:04a A.... 0 0.00 K ~df1a37.tmp Wed Mar 2 2005 9:13:16a A.... 16,384 16.00 K ~df3372.tmp Tue Mar 1 2005 12:11:04p A.... 16,384 16.00 K ~df5e34.tmp Tue Mar 1 2005 1:36:48p A.... 16,384 16.00 K ~df9472.tmp Tue Mar 1 2005 12:17:50p A.... 16,384 16.00 K ~dfb3f8.tmp Tue Mar 1 2005 12:25:06p A.... 16,384 16.00 K ~dfc6e5.tmp Tue Mar 1 2005 1:27:30p A.... 16,384 16.00 K ~dfce0a.tmp Tue Mar 1 2005 1:09:28p A.... 16,384 16.00 K ~dfd6de.tmp Tue Mar 1 2005 1:14:14p A.... 16,384 16.00 K ~dfd814.tmp Tue Mar 1 2005 1:04:52p A.... 16,384 16.00 K ~dfe79b.tmp Tue Mar 1 2005 12:53:52p A.... 16,384 16.00 K 23 items found: 23 files, 0 directories. Total of file sizes: 921,147 bytes 899.55 K C:\DOCUME~1\Dave\Desktop\locate\ locate.bat Wed Mar 2 2005 9:51:44a A.... 194 0.19 K report.txt Wed Mar 2 2005 9:51:50a A.... 10,893 10.64 K 2 items found: 2 files, 0 directories. Total of file sizes: 11,087 bytes 10.82 K C:\WINDOWS\SYSTEM32\ fsdbcr~1.{fb Tue 6 Dec 2005 1:41:34 A.... 4 0,00 K imon1.dat Sat 3 Dec 2005 1:15:26 A.... 183 0,18 K msdbcr~1.{fb Tue 6 Dec 2005 1:41:34 A.... 4 0,00 K perfc007.dat Sun 30 Oct 2005 10:15:06 A.... 63.778 62,28 K perfc009.dat Sun 30 Oct 2005 10:15:06 A.... 52.900 51,66 K perfh007.dat Sun 30 Oct 2005 10:15:06 A.... 391.330 382,16 K perfh009.dat Sun 30 Oct 2005 10:15:06 A.... 380.486 371,57 K perfst~1.ini Sun 30 Oct 2005 10:15:06 A.... 897.954 876,91 K qtplugin.log Sun 11 Dec 2005 14:41:54 A.... 3.049 2,98 K setupc~1.exe Sat 22 Oct 2005 2:18:08 A.... 302.621 295,53 K wpa.dbl Fri 9 Dec 2005 14:35:20 A.... 2.206 2,15 K 11 items found: 11 files, 0 directories. Total of file sizes: 2.094.515 bytes 1,99 M C:\WINDOWS\ 0.log Sun 11 Dec 2005 16:28:24 A.... 0 0,00 K bootstat.dat Sun 11 Dec 2005 16:27:56 A.S.. 2.048 2,00 K comsetup.log Thu 8 Dec 2005 11:08:46 A.... 160.239 156,48 K cperror.log Fri 28 Oct 2005 16:04:30 A.... 1.588 1,55 K faxsetup.log Thu 8 Dec 2005 11:08:46 A.... 431.843 421,72 K iedit.ini Sat 12 Nov 2005 21:23:28 A.... 30 0,03 K iis6.log Thu 8 Dec 2005 11:08:46 A.... 692.364 676,14 K imsins.bak Thu 8 Dec 2005 11:08:28 A.... 1.374 1,34 K imsins.log Thu 8 Dec 2005 11:08:46 A.... 1.374 1,34 K kb8938~1.log Thu 8 Dec 2005 11:08:28 A.... 5.350 5,22 K kb898461.log Thu 8 Dec 2005 11:08:46 A.... 7.244 7,07 K libeay32.dll Fri 21 Oct 2005 14:55:36 A.... 684.032 668,00 K lic.xxx Thu 27 Oct 2005 21:32:32 A.... 0 0,00 K medctroc.log Thu 8 Dec 2005 11:08:46 A.... 13.445 13,13 K mozver.dat Sun 11 Dec 2005 14:35:24 A.... 2.258 2,20 K msgsocm.log Thu 8 Dec 2005 11:08:46 A.... 23.792 23,23 K msmqinst.log Thu 8 Dec 2005 11:08:46 A.... 185.802 181,45 K netfxocm.log Thu 8 Dec 2005 11:08:46 A.... 80.468 78,58 K nsreg.dat Sun 11 Dec 2005 14:35:36 A.... 0 0,00 K ntdtcs~1.log Thu 8 Dec 2005 11:08:46 A.... 102.945 100,53 K ocgen.log Thu 8 Dec 2005 11:08:46 A.... 287.578 280,84 K ocmsn.log Thu 8 Dec 2005 11:08:46 A.... 20.484 20,00 K oewablog.txt Thu 27 Oct 2005 2:47:18 A.... 345 0,34 K qtfont.for Sun 11 Dec 2005 15:15:12 A.... 1.409 1,38 K qtfont.qfn Sun 11 Dec 2005 16:28:10 A..H. 54.156 52,89 K schedlgu.txt Sun 11 Dec 2005 16:26:46 A.... 32.546 31,78 K setupact.log Fri 28 Oct 2005 13:27:38 A.... 187.416 183,02 K setupapi.log Fri 9 Dec 2005 0:25:24 A.... 574.315 560,85 K ssleay32.dll Fri 21 Oct 2005 14:55:36 A.... 155.648 152,00 K tabletoc.log Thu 8 Dec 2005 11:08:46 A.... 21.375 20,87 K tsoc.log Thu 8 Dec 2005 11:08:46 A.... 231.866 226,43 K uninst~1.exe Sun 11 Dec 2005 14:35:26 A.... 107.132 104,62 K wiadebug.log Sun 11 Dec 2005 16:28:22 A.... 159 0,15 K wiaservc.log Sun 11 Dec 2005 16:28:22 A.... 50 0,05 K win.ini Fri 28 Oct 2005 13:00:14 A.... 870 0,85 K window~2.log Sun 11 Dec 2005 16:28:18 A.... 494.958 483,36 K wmsetup.log Thu 27 Oct 2005 2:47:18 A.... 8.715 8,51 K wrunin~1.dll Mon 24 Oct 2005 11:30:54 A.... 468.480 457,50 K 38 items found: 38 files (2 H/S), 0 directories. Total of file sizes: 5.043.698 bytes 4,81 M C:\DOKUME~1\BHO\LOKALE~1\TEMP\ locate~1.zip Sun 11 Dec 2005 17:50:18 A.... 93.593 91,40 K locate~2.zip Sun 11 Dec 2005 17:56:38 A.... 93.593 91,40 K mfpl7014.dll Sun 11 Dec 2005 17:47:42 A.... 917.504 896,00 K report.txt Sun 11 Dec 2005 17:50:40 A.... 0 0,00 K ~dfbc54.tmp Sun 11 Dec 2005 16:24:30 A.... 16.384 16,00 K 5 items found: 5 files, 0 directories. Total of file sizes: 1.121.074 bytes 1,07 M |
|
|
||
11.12.2005, 18:00
Ehrenmitglied
Beiträge: 29434 |
#10
Zitat Sabina postete __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.12.2005, 20:17
Member
Themenstarter Beiträge: 20 |
#11
Hallo Sabina,
hier der Log vom Winpfind: »»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! 29.10.2005 14:55:26 9933766 C:\nentgest.exe Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 18.08.2001 20:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 12.07.2005 18:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll aspack 04.08.2004 08:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 04.08.2004 08:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 22.10.2005 02:18:08 302621 C:\WINDOWS\SYSTEM32\SetupCarnival.exe winsync 18.08.2001 20:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 04.08.2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 11.12.2005 16:27:56 S 2048 C:\WINDOWS\bootstat.dat 11.12.2005 16:28:10 H 54156 C:\WINDOWS\QTFont.qfn 08.12.2005 11:03:58 H 0 C:\WINDOWS\inf\oem18.inf 11.12.2005 16:45:12 H 1024 C:\WINDOWS\system32\config\default.LOG 11.12.2005 16:28:06 H 1024 C:\WINDOWS\system32\config\SAM.LOG 11.12.2005 19:58:30 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 11.12.2005 20:19:24 H 1024 C:\WINDOWS\system32\config\software.LOG 11.12.2005 19:58:10 H 1024 C:\WINDOWS\system32\config\system.LOG 11.12.2005 16:28:00 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04.08.2004 08:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04.08.2004 08:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04.08.2004 08:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 04.08.2004 08:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04.08.2004 08:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04.08.2004 08:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 04.08.2004 08:58:22 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04.08.2004 08:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04.08.2004 08:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04.08.2004 08:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04.08.2004 08:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04.08.2004 08:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04.08.2004 08:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 06.10.2003 13:16:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 04.08.2004 08:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 04.08.2004 08:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Apple Computer, Inc. 10.07.2002 20:01:38 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl Microsoft Corporation 04.08.2004 08:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04.08.2004 08:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 04.08.2004 08:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl NVIDIA Corporation 02.05.2003 14:19:00 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvtuicpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 01.07.2003 21:20:24 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 01.07.2003 22:04:12 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini 26.07.2003 23:42:08 3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DirectCDUserNameG.txt Checking files in %USERPROFILE%\Startup folder... Checking files in %USERPROFILE%\Application Data folder... 10.02.2004 12:47:04 52968 C:\Dokumente und Einstellungen\bho\Anwendungsdaten\GDIPFONTCACHEV1.DAT 10.03.2004 21:39:20 26792 C:\Dokumente und Einstellungen\bho\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = Versatel.de ISDN 0404 = IEAK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CIB pdf brewer {9CB3ED0A-1CFA-11D9-9A43-000476F770CC} = C:\Programme\CIB software GmbH\CIB pdf brewer\CIBpdfBrContextMenu.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt {F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRA~1\INCRED~1\bin\ImShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} Yahoo! Companion BHO = C:\Programme\Yahoo!\Messenger\ycomp.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Programme\Yahoo!\Messenger\ycomp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Programme\Yahoo!\Messenger\ycomp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup KernelFaultCheck %systemroot%\system32\dumprep 0 -k QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime KAVPersonal50 "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize AVGCtrl C:\Programme\AVPersonal\AVGNT.EXE /min [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] Gruß maju |
|
|
||
11.12.2005, 23:16
Ehrenmitglied
Beiträge: 29434 |
#12
hast du das angewendet?
removaltool: http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.g@mm.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.12.2005, 23:39
Member
Themenstarter Beiträge: 20 |
#13
Hallo Sabina,
ja, vor dem Log Winpfind habe ich mit symantec W32.Sober Removal Tool gescannt!!! Das hat auch ziemlich lange gedauert! Gruß maju |
|
|
||
12.12.2005, 00:21
Ehrenmitglied
Beiträge: 29434 |
#14
kommt die Meldung vom Kaspersky noch, oder ist alles geleoscht?
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.12.2005, 00:30
Member
Themenstarter Beiträge: 20 |
#15
Hallo Sabina,
ich habe mit Kaspersky auch schon gescannt und der meldet nichts mehr! Glaubst Du, der Virus ist lahm gelegt oder sollte ich noch mal mit einem anderen Virenscan kontrolieren? Gruß maju |
|
|
||
vielleicht könnt ihr mir helfen!? Ich bekomme von Kaspersky die Vierenwarnung
C:\WINDOWS\system32\xdatxzap.zxp und auch C:\WINDOWS\system32\xdatxzap.zxp\p-zipped_file_data pif
Ich kann löschen so viel ich will, die Warnug ist beim nächsten Neustart wieder da!? Würdet Ihr euch bitte mal meinen Lofile ansehen, Danke!
Logfile of HijackThis v1.99.1
Scan saved at 10:10:46, on 10.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\bho\LOKALE~1\Temp\Rar$EX00.772\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134036202604
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, München - C:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE