von Spyaxe befallen wie bekomm ich den entfernt? |
||
---|---|---|
#0
| ||
01.01.2006, 23:56
Member
Themenstarter Beiträge: 39 |
||
|
||
02.01.2006, 10:37
Ehrenmitglied
Beiträge: 29434 |
#32
da kommt ja so einiges zusammen...das der webhancer drauf war, wusste ich, aber die Virenscanner finden noch so einiges...dein PC war ganz schoen verseucht.....
------------------------------------------------------------------------------- http://virus-protect.org/multiavtool.html beinhaltet noch zwei andere Scanner --> scanne und berichte, ob noch was gefunden wird. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 13:38
...neu hier
Beiträge: 3 |
#33
Hallo Leute. Ich schätze ich habe mich mit spyaxe und noch ein paar Dingern infiziert. Hier mal mein Logfile:
Logfile of HijackThis v1.99.1 Scan saved at 13:33:48, on 02.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\netdde.exe C:\PROGRAMME\ANTIVIRPERSONAL\AVGUARD.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\AntiVirPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Programme\ahead\InCD\InCD.exe C:\Programme\AntiVirPersonal\AVGNT.EXE C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\ESB.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Winamp\winampa.exe C:\Programme\D-Link\Air Utility\AirCFG.exe C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Programme\Java\jre1.5.0_05\bin\jusched.exe C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe C:\Programme\TCM\TCM Mouse Only\MouseDrv.exe C:\Programme\Lexmark 3100 Series\lxbrbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Markus Erath\Eigene Dateien\Chris\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vol.at/ O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp5858.tmp (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AntiVirPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [ESB] C:\WINDOWS\system32\ESB.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Programme\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe" O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe O4 - HKLM\..\Run: [WireLessMouse] C:\Programme\TCM\TCM Mouse Only\MouseDrv.exe O4 - HKLM\..\Run: [SpyAxe] C:\Programme\SpyAxe\spyaxe.exe /h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129241052729 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIRPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AntiVirPersonal\AVWUPSRV.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
02.01.2006, 13:44
Ehrenmitglied
Beiträge: 29434 |
#34
Penegrin
stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html kopiere hier die 4 Textdateien http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 13:54
...neu hier
Beiträge: 3 |
#35
Erst mal danke für die schnelle Antwort!
1) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D82A-64BC Verzeichnis von C:\WINDOWS\system32 02.01.2006 13:49 5.632 msvol.tlb 02.01.2006 13:49 5.096 ncompat.tlb 02.01.2006 13:49 24.064 ldD65E.tmp 02.01.2006 07:39 0 asfiles.txt 02.01.2006 07:36 2.550 Uninstall.ico 02.01.2006 07:36 1.406 Help.ico 02.01.2006 07:36 1.718 Open.ico 02.01.2006 07:36 1.406 AddQuit.ico 02.01.2006 07:36 5.350 IE.ico 02.01.2006 07:36 9.470 Desktop.ico 02.01.2006 07:36 1.718 Quick.ico 02.01.2006 06:30 2.422 wpa.dbl 02.01.2006 05:22 102.400 wbeconm.dll 02.01.2006 05:22 4.286 ot.ico 02.01.2006 05:22 4.286 ts.ico 02.01.2006 05:22 9.796 mssearchnet.exe 02.01.2006 05:22 15.712 nvctrl.exe 02.01.2006 05:20 14.664 mscornet.exe 09.12.2005 01:21 2.723.680 MRT.exe 06.12.2005 17:22 2.177 LXBRSET.INI 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 1.022.464 browseui.dll 2) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D82A-64BC Verzeichnis von C:\DOKUME~1\MARKUS~1\LOKALE~1\Temp 02.01.2006 13:49 31.692 SALanguage.ini 02.01.2006 13:49 206 jusched.log 02.01.2006 13:49 16.384 Perflib_Perfdata_35c.dat 29.12.2005 19:09 120 0FD1A8EB.TMP 4 Datei(en) 48.402 Bytes 0 Verzeichnis(se), 12.894.371.840 Bytes frei 3) Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D82A-64BC Verzeichnis von C:\WINDOWS 02.01.2006 13:49 159 wiadebug.log 02.01.2006 13:49 1.937.296 WindowsUpdate.log 02.01.2006 13:49 50 wiaservc.log 02.01.2006 13:48 0 0.log 02.01.2006 13:48 2.048 bootstat.dat 02.01.2006 13:47 32.630 SchedLgU.Txt 02.01.2006 13:25 23 FLASHKSK.INI 02.01.2006 07:38 658 win.ini 02.01.2006 07:37 976.917 setupapi.log 02.01.2006 06:25 233.522 ntbtlog.txt 29.12.2005 19:39 794 DirectX.log 26.12.2005 16:06 192 winamp.ini 24.12.2005 22:47 395.511 Historical Stony Road Uninstaller.exe 24.12.2005 22:39 539.644 Stony Road Graphics Pack Uninstaller.exe 21.12.2005 13:07 49 NeroDigital.ini 16.12.2005 11:38 71.250 ntdtcsetup.log 16.12.2005 11:38 46.698 iis6.log |
|
|
||
02.01.2006, 14:12
Ehrenmitglied
Beiträge: 29434 |
#36
Penegrin
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp5858.tmp (file missing) O4 - HKLM\..\Run: [SpyAxe] C:\Programme\SpyAxe\spyaxe.exe /h --------------------------------------------------------------------- mit der rechten Maustaste auf den Link klicken und aus dem Auswahlmenü, Ziel speichern unter -> Desktop wählen -> dann erscheint eine mcor.reg auf dem Bildschirm http://virus-protect.org/reg/mcor.reg rechtsklick auf den Link --> Ziel speichern unter... --> wähle Desktop - dann erscheint eine spyaxe.reg auf dem Bildschirm. http://virus-protect.org/reg/spyaxe.reg ---------------------------------------------------------------------- KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot / Process all in List )--> anhaken reinkopieren: und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\msvol.tlb C:\WINDOWS\system32\ncompat.tlb C:\WINDOWS\system32\ldD65E.tmp C:\WINDOWS\system32\asfiles.txt C:\DOKUME~1\MARKUS~1\LOKALE~1\Temp\SALanguage.ini C:\WINDOWS\system32\Uninstall.ico C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\Open.ico C:\WINDOWS\system32\AddQuit.ico C:\WINDOWS\system32\IE.ico C:\WINDOWS\system32\Desktop.ico C:\WINDOWS\system32\Quick.ico C:\WINDOWS\system32\wbeconm.dll C:\WINDOWS\system32\ot.ico C:\WINDOWS\system32\ts.ico C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mscornet.exe starten den PC neu --> in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt , waehle abgesicherter Modus, melde dich als Administrator an und klicke die mcor.reg spyaxe.reg doppelt --> fuege sie mit "ja" oder "yes" der Registry bei ----------------------------------------------------------------- loeschen C:\Programme\SpyAxe ---------------------------------------------------------------------- SmitRem2.8 http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 laden--> in den abgesicherten Modus booten --> öffne smitRem folder --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) ----------------------------------------------------------------------------- deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder) http://virus-protect.org/systemwiederherstellung.html scanne mit Kaspersky --> loesche dann manuell, was gefunden wird http://virus-protect.org/onlinescan.html scanne mit Panda --> loesche dann manuell, was gefunden wird http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 17:44
Member
Themenstarter Beiträge: 39 |
#37
Zitat Sabina posteteja sabina ich weiss auch nicht wieso mein pc so verseucht ist ich habe symantec und immer auf dem neuesten stand aber so wie es aussieht erkennt der wohl ja nothing wenn ich mit den beiden andern scannern also sophos und trend scanne soll ich da die drei sachen - C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ mit jedem scanner abscannen lassen oder reicht einfach nur C:\ sabina??? |
|
|
||
02.01.2006, 18:01
Ehrenmitglied
Beiträge: 29434 |
#38
Tikar
die anderen zwei Scanner (Sophos und MicroTrend) scannen automatisch alles durch, da muss man nichts einstellen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 18:11
Member
Themenstarter Beiträge: 39 |
#39
Zitat Sabina posteteHallo Sabina habe grade trend und sophos starten wollen geht aber nicht da wird gefragt welchen ordner oder so geb ich C:\ ein und er geht wieder danach ins start menü was soll ich machen? mit dem 4 scanner irgendwas mit kasper... geht es auch nicht mfg Tikar |
|
|
||
02.01.2006, 18:16
Ehrenmitglied
Beiträge: 29434 |
#40
Zitat klicke "1" nun beginnt der Scan von Sophos Zitat klicke "2" , nun beginnt der Scan von Trend Microhttp://virus-protect.org/multiavtool.html funktioniert es nicht ??? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 18:49
...neu hier
Beiträge: 3 |
#41
Besten Dank für die tolle und schnelle Hilfe. Scheinbar ist das System jetzt wieder sauber!
|
|
|
||
03.01.2006, 00:34
Member
Themenstarter Beiträge: 39 |
#42
so sabina habe beide scans durch geführt hier die logfile von trend und sophos ich hoffe du kannst was damit anfangen
Could not check c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP1\snapshot\ComDb.Dat (corrupt) Could not check c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP2\snapshot\ComDb.Dat (corrupt) >>> Virus 'Troj/Spyaks-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005336.dll Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005338.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005340.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005341.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005343.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005346.exe Removal successful >>> Virus 'Troj/Istsvc-A' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005348.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005349.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005350.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005351.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005352.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005355.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005356.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\A0005357.exe Removal successful Could not check c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP3\snapshot\ComDb.Dat (corrupt) >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005379.exe Removal successful >>> Virus 'Dial/Intex-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005382.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005384.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005385.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005386.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005387.exe Removal successful >>> Virus 'Troj/Istsvc-A' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005388.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005389.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005390.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005391.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005392.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005393.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005394.exe Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005395.exe Removal successful >>> Virus 'Troj/Spyaks-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005396.dll Removal successful >>> Virus 'Troj/SpyDldr-B' found in file c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005397.exe Removal successful Could not check c:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\snapshot\ComDb.Dat (corrupt) Could not check c:\WINDOWS\Registration\R000000000018.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000001c.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000001d.clb (corrupt) Could not open c:\WINDOWS\system32\config\system.LOG Could not open c:\WINDOWS\system32\drivers\dtscsi.sys Could not open c:\WINDOWS\system32\drivers\sptd.sys Could not open c:\WINDOWS\system32\drivers\sptd2109.sys Could not check c:\WINDOWS\system32\emptyregdb.dat (corrupt) Could not open d:\ 1 master boot record swept. 118810 files swept in 3 hours, 21 minutes and 3 seconds. 145 errors were encountered. 30 viruses were discovered. 30 files out of 118810 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 54 encrypted files were not checked. Ending Sophos Anti-Virus. |
|
|
||
03.01.2006, 01:19
Ehrenmitglied
Beiträge: 29434 |
#43
Tikar
nun wird das System so langsam sauber Zitat 30 viruses were discovered.scanne mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.01.2006, 03:34
Member
Themenstarter Beiträge: 39 |
#44
Zitat Sabina posteteso sabina endlich dieser lange scan jetzt auch durch also hier der report ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, January 03, 2006 03:26:44 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 3/01/2006 Kaspersky Anti-Virus database records: 158488 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 122984 Number of viruses found: 4 Number of infected objects: 7 Number of suspicious objects: 0 Duration of the scan process: 6755 sec Infected Object Name - Virus Name C:\data Infected: Trojan-Downloader.Win32.IstBar.nh C:\Programme\Shareaza\Downloads\1.reg Infected: Trojan.WinREG.StartPage.d C:\Programme\Shareaza\Downloads\Spyware Doctor 3.2.1.359 keyg*hier nicht* Seri*hier nicht!* Crack.zip/1.reg Infected: Trojan.WinREG.StartPage.d C:\Programme\Shareaza\Downloads\Spyware Doctor 3.2.1.359 keyg*hier nicht* Seri*hier nicht!* Crack.zip Infected: Trojan.WinREG.StartPage.d C:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005378.INI:hhikeo:$DATA Infected: Trojan.Win32.Agent.iu C:\System Volume Information\_restore{04B40973-DB0E-4C5B-88D0-0E4F996AF7F6}\RP4\A0005406.exe Infected: Trojan-Downloader.Win32.IstBar.gen C:\WINDOWS\system32\1.reg Infected: Trojan.WinREG.StartPage.d Scan process completed. |
|
|
||
03.01.2006, 14:58
Ehrenmitglied
Beiträge: 29434 |
#45
Tikar
loesche: C:\WINDOWS\system32\1.reg C:\data C:\Programme\Shareaza\Downloads\1.reg tst..tst... so brauchst du dich nicht zu wundern, warum dein System so verseucht ist.... deistalliere den Doctor gleich mit. C:\Programme\Shareaza\Downloads\Spyware Doctor 3.2.1.359 keyg*hier nicht* Seri*hier nicht!* Crack.zip deaktiviere die systemwiederherstellung, booten, dann wieder aktivieren. Dann scanne noch mal mit kaspersky http://virus-protect.org/systemwiederherstellung.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Zitat
streams habe ich gelöscht , und alle 3 scan reporte habe ich erstellt01/01/2006 23:48:11
Options:
"C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"
Scanning C: [53_01_02]
C:\WINDOWS\SYSTEM32\ntyp32.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
Scanning C:\WINDOWS\SYSTEM32\*.*
C:\WINDOWS\SYSTEM32\wins\SVCHOST.EXE ... Found the W32/Nachi!tftpd virus !!!
The file or process has been deleted.
Summary report on C:\WINDOWS\SYSTEM32\*.*
File(s)
Total files: ........... 8295
Clean: ................. 8280
Possibly Infected: ..... 2
Cleaned: ............... 0
Deleted: ............... 2
Non-critical Error(s): 1
Time: 00:05.09
01/01/2006 23:58:43
Options:
"C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"
Scanning C: [53_01_02]
C:\WINDOWS\NDNuninstall6_38.exe ... Found potentially unwanted program Adware-NDotNet.
The file or process has been deleted.
C:\WINDOWS\ratgeber[rgf-10006,de,clairin].exe\ratgeber[rgf-10006,de,clairin].exe ... Found potentially unwanted program Dialer-192.
The file or process has been deleted.
Scanning C:\WINDOWS\*.*
Summary report on C:\WINDOWS\*.*
File(s)
Total files: ........... 66825
Clean: ................. 66811
Possibly Infected: ..... 0
Cleaned: ............... 0
Deleted: ............... 2
Non-critical Error(s): 1
Time: 00:19.13
01/02/2006 00:22:46
Options:
"C:\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"
Scanning C: [53_01_02]
Scanning C:\*.*
C:\!KillBox\addny.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\apipq32.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\atldc.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\crtf32.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\eyptj.exe ... Found potentially unwanted program Adware-ISTbar.dldr.
The file or process has been deleted.
C:\!KillBox\iefj32.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\iehl.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\iels.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\netrr32.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\ntor32.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\sdkwl.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\sysrc.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\!KillBox\vkhet.log:cgzai ... Found the AdClicker-AJ.gen trojan !!!
The file or process has been deleted.
C:\!KillBox\wbeconm.dll ... Found the Spyaxe trojan !!!
The file or process has been deleted.
C:\!KillBox\wingz32.exe ... Found the AdClicker-AJ trojan !!!
The file or process has been deleted.
C:\Dokumente und Einstellungen\Tarik\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\country.exe ... Found potentially unwanted program Adware-HotBar.
The file or process has been deleted.
C:\Dokumente und Einstellungen\Tarik\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\country.exe ... Found potentially unwanted program Adware-HotBar.
The file or process has been deleted.
C:\Program Files\webHancer\Programs\webhdll.dll ... Found potentially unwanted program Spyware-WebHancer.
The file or process has been deleted.
C:\Program Files\webHancer\Programs\whagent.exe ... Found potentially unwanted program Spyware-WebHancer.
The file or process has been deleted.
C:\Program Files\webHancer\Programs\whiehlpr.dll ... Found potentially unwanted program Spyware-WebHancer.
The file or process has been deleted.
C:\Program Files\webHancer\Programs\whinstaller.exe ... Found potentially unwanted program Spyware-WebHancer.dr.
The file or process has been deleted.
C:\Program Files\webHancer\Programs\whsurvey.exe ... Found potentially unwanted program Spyware-WebHancer.
The file or process has been deleted.
C:\Programme\DAEMON Tools\SetupDTSB.exe ... Found potentially unwanted program Adware-SaveNow.
The file or process has been deleted.
C:\Programme\ISTsvc\istsvc.exe\istsvc.exe ... Found potentially unwanted program Adware-ISTbar.b.
The file or process has been deleted.
C:\Programme\SurfAccuracy\SAcc.exe\SAcc.exe ... Found potentially unwanted program Adware-SurfAccuracy.
The file or process has been deleted.
Summary report on C:\*.*
File(s)
Total files: ........... 250044
Clean: ................. 249819
Possibly Infected: ..... 14
Cleaned: ............... 0
Deleted: ............... 25
Non-critical Error(s): 2
Time: 01:23.25