Home » Viren, Trojaner & Malware Forum » windows has detected spyware/systsem langsam/shutdown countdown » Themenansicht
windows has detected spyware/systsem langsam/shutdown countdown |
||
|---|---|---|
| #0
| ||
|
26.01.2006, 17:06
Member
Themenstarter Beiträge: 33 |
||
 
|
|
|
|
26.01.2006, 23:52
Ehrenmitglied
 Beiträge: 29434 |
#17
Zitat # Navigieren Sie zum Unterschlüssel:scanne noch mal mit allen 4 Scannern , also Option 1,2,3 und 4 suche die Scanreporte in C:\AV-CLS und kopiere sie hier.(falls etwas gefunden wurde) http://virus-protect.org/multiavtool.html dann poste auch das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2006, 01:42
Member
Themenstarter Beiträge: 33 |
#18
HKEY_LOCAL_MACHINE\\Software\Microsoft\security center
-> sind schon alle werte auf 0 gesetzt! HKEY_CURRENT_USER\Software\Microsoft\security center -> finde ich nur dies: FirstRun mit Wert 1 |
|
|
|
|
|
|
27.01.2006, 01:43
Ehrenmitglied
Beiträge: 29434 |
#19
o.k. poste folgendes:
HijackThis (StartupListe) Starte den Rechner bitte im abgesicherten Modus und erstelle dort ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lassen. *HijackThis - Config *List also minor sections (full) -- Häkchen setzen *List empty sections (complete) -- Häkchen setzen *HijackThis - Config - MiscTools -- Generate StartupListlog *(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2006, 02:15
Member
Themenstarter Beiträge: 33 |
#20
StartupList report, 27.01.2006, 02:07:53
StartupList version: 1.52.2 Started from : C:\Dokumente und Einstellungen\Test\Desktop\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\Test\Desktop\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Autostart] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\WINDOWS\System32\spfile\] Adobe Acrobat - Schnellstart.lnk = ? Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE OfficeManager Terminerinnerung.lnk = ? Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: [C:\WINDOWS\System32\spfile\] Adobe Acrobat - Schnellstart.lnk = ? Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE OfficeManager Terminerinnerung.lnk = ? User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run GSICONEXE = GSICON.EXE DSLAGENTEXE = dslagent.exe USB NVRT = HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe OtbStart = C:\Programme\TelefonCD\OtbStart.EXE mmtask = C:\Programme\MusicMatch\MusicMatch Jukebox\mmtask.exe SunJavaUpdateSched = C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot avast! = C:\PROGRA~1\Avast4\ashDisp.exe iTunesHelper = "C:\Programme\iTunes\iTunesHelper.exe" QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe InCD = C:\Programme\Nero\Nero 7\InCD\InCD.exe Adobe Version Cue CS2 = "C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" Acrobat Assistant 7.0 = "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Default) = -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = "C:\Programme\Messenger\msmsgs.exe" /background AOLMIcon = C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce NeroHomeFirstStart = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [nView] NVIEW = -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registrierungs-Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll - {49E0E0F0-5C30-11D4-945D-000000000003} (no name) - C:\Programme\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - c:\windows\downloaded program files\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [Creative Software AutoUpdate] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEng.ocx CODEBASE = http://creative.com/su/ocx/15015/CTSUEng.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [{41F17733-B041-4099-A042-B518BB6A408C}] CODEBASE = http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/de/win/QuickTimeInstaller.exe [EPUImageControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll CODEBASE = http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab [{6CB5E471-C305-11D3-99A8-000086395495}] CODEBASE = http://toolbar.google.com/data/de/big/1.1.62-big/GoogleNav.cab [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132762024375 [Java Plug-in 1.4.2_06] InProcServer32 = C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37628.2085416667 [Symantec RuFSI Registry Information Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab [Java Plug-in 1.4.2_06] InProcServer32 = C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [EPSImageControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPScontrol.dll CODEBASE = http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab [QDiagHUpdateObj Class] InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx CODEBASE = http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?312 [Creative Software AutoUpdate Support Package] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx CODEBASE = http://creative.com/su/ocx/15016/CTPID.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services a347bus: system32\DRIVERS\a347bus.sys (system) a347scsi: System32\Drivers\a347scsi.sys (system) Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system) Adobe LM Service: "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) Adobe Version Cue CS2: "C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (autostart) Adaptec USB 2.0 Enhanced Host Controller Driver: System32\DRIVERS\aehcd.sys (manual start) Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start) Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP-Bus-Filter: System32\DRIVERS\agp440.sys (system) Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start) Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394-ARP-Clientprotokoll: System32\DRIVERS\arp1394.sys (manual start) ASP.NET-Statusdienst: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) aswRdr: \??\C:\WINDOWS\system32\drivers\aswRdr.sys (manual start) avast! iAVS4 Control Service: "C:\Programme\Avast4\aswUpdSv.exe" (autostart) Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start) Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system) Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start) Adaptec USB 2.0 Port Enumeration Driver: System32\DRIVERS\ausbd.sys (manual start) avast! Antivirus: "C:\Programme\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Programme\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Programme\Avast4\ashWebSv.exe" /service (manual start) AVK Service: C:\Programme\AntiVirenKit 2005\AVKService.exe (autostart) AVK Wächter: C:\Programme\AntiVirenKit 2005\AVKWCtl.exe (autostart) Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Untertiteldecoder: System32\DRIVERS\CCDECODE.sys (manual start) CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system) Indexdienst: C:\WINDOWS\System32\cisvc.exe (manual start) Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled) C-Media PCI Audio Driver (WDM): system32\drivers\cmaudio.sys (manual start) COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (autostart) Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Laufwerktreiber: System32\DRIVERS\disk.sys (system) Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start) DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start) ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart) COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Programme\ewido anti-malware\ewidoctrl.exe (autostart) ewido security suite driver: \??\C:\Programme\ewido anti-malware\guard.sys (system) ewido security suite guard: C:\Programme\ewido anti-malware\ewidoguard.exe (autostart) Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start) Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system) ZyXEL USB ADSL Loader: System32\DRIVERS\gafwload.sys (autostart) Gameport-Enumerator: System32\DRIVERS\gameenum.sys (manual start) GDInterceptor: \??\C:\WINDOWS\system32\interceptor.sys (manual start) GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start) ZyXEL USB ADSL LAN Modem: System32\DRIVERS\glausb.sys (manual start) Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start) V9X HAM 1394V: System32\DRIVERS\CTXH51.sys (manual start) Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Eingabegerätezugang: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class-Treiber: System32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system) IMAPI CD-Burning COM Service: C:\WINDOWS\System32\ImapiRox.exe (manual start) InCD File System: system32\drivers\InCDFs.sys (disabled) InCDPass: system32\drivers\InCDPass.sys (system) InCD Reader: system32\drivers\InCDRm.sys (system) InCD Helper: C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (autostart) IntelIde: System32\DRIVERS\intelide.sys (system) IPv6-Windows-Firewalltreiber: system32\drivers\ip6fw.sys (manual start) Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start) IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start) Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start) iPodService: C:\Programme\iPod\bin\iPodService.exe (manual start) IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system) IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start) PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system) Jukebox3: system32\DRIVERS\ctpdusb.sys (manual start) Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system) Klmc: System32\drivers\klmc.sys (system) Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" (autostart) Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Mausklassentreiber: System32\DRIVERS\mouclass.sys (system) Maus-HID-Treiber: System32\DRIVERS\mouhid.sys (manual start) Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start) Microsoft-Systemverwaltungs-BIOS-Treiber: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink-Konvertierung: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART-Treiber: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI-Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV-/Videoverbindung: System32\DRIVERS\NdisIP.sys (manual start) RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start) NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start) RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled) Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled) Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start) Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394-Netzwerktreiber: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start) Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) nVidia WDM Video Capture (universal): System32\DRIVERS\nvcap.sys (autostart) NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart) nVidia WDM A/V Crossbar: System32\DRIVERS\NVxbar.sys (autostart) Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start) Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start) VIA OHCI-konformer IEEE 1394-Hostcontroller: System32\DRIVERS\ohci1394.sys (system) Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start) PCI-Bus-Treiber: System32\DRIVERS\pci.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug & Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart) USB Flash Memory Controller Service  ortRST: System32\Drivers\PortRST.sys (manual start)WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) PrecSim: System32\DRIVERS\precsim.sys (system) Star Force copy protection driver v4: \SystemRoot\System32\drivers\prodrv04.sys (system) StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system) StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system) StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system) Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart) Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system) Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start) Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start) Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system) Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) RPC-Locator: %SystemRoot%\System32\locator.exe (manual start) Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start) NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernetadapter: System32\DRIVERS\RTL8139.SYS (manual start) Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart) SANDRA: \??\C:\Programme\System Programme\SiSoftware Sandra Standard\sandra.sys (manual start) Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start) Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum-Filtertreiber: System32\DRIVERS\serenum.sys (manual start) Treiber für seriellen Anschluss: System32\DRIVERS\Seri*hier nicht!*.sys (system) StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system) Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start) Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart) Filtertreiber für Systemwiederherstellung: System32\DRIVERS\sr.sys (system) Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) SSHDRV61: \??\C:\WINDOWS\System32\drivers\SSHDRV61.sys (system) Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA-IPSink: System32\DRIVERS\StreamIP.sys (manual start) Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{72C75DE9-12AD-4AFC-8B58-3ECE5DCBA57A} (manual start) SymEvent: \??\C:\Programme\Symantec\SYMEVENT.SYS (manual start) SYMIDSCO: \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS (manual start) Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start) 32bit system bus driver: \??\C:\WINDOWS\system32\drivers\sysbus32.sys (system) Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start) Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system) Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system) Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start) Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start) USB Flash Memory Controller Service: System32\Drivers\USBFMC.sys (manual start) USB2-aktivierter Hub: System32\DRIVERS\usbhub.sys (manual start) Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start) Microsoft USB-Druckerklasse: System32\DRIVERS\usbprint.sys (manual start) USB-Scannertreiber: System32\DRIVERS\usbscan.sys (manual start) USB-Massenspeichertreiber: System32\DRIVERS\USBSTOR.SYS (manual start) Miniporttreiber für universellen Microsoft USB-Hostcontroller: System32\DRIVERS\usbuhci.sys (manual start) VGA-Anzeigecontroller.: \SystemRoot\System32\drivers\vga.sys (system) Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start) Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start) WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start) Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start) Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Media Connect-Dienst: C:\Programme\Windows Media Connect 2\wmccds.exe (manual start) Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) WpdUsb: System32\Drivers\wpdusb.sys (manual start) Sicherheitscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext-Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatische Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 37.644 bytes Report generated in 0,422 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
|
|
|
|
|
|
27.01.2006, 11:36
Ehrenmitglied
Beiträge: 29434 |
#21
ich nehme mal an, ass inzwischen zuviele Antivren-Tools geladen sind.
deinstalliere avast! , ewido und berichte, wie es laeuft. Dann sehen wir weiter p.s: haben die 4 DOS-Scanner noch was gefunden ??? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2006, 11:58
Member
Themenstarter Beiträge: 33 |
#22
Sophos Anti-Virus
Version 4.01.0 [Win32/Intel] Virus data version 4.01, January 2006 Includes detection for 117563 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 02:31:54, System date 27 January 2006 Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet Destroy\Recovery\WurldMedia2.zip\comment Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not check c:\Dokumente und Einstellungen\User\Desktop\Downloads\Uni\Block 8\3.4.4_Folien.ppt (corrupt) Could not check c:\Dokumente und Einstellungen\User\Desktop\Downloads\Uni\Block 8\Binder\5.1_Atherosklerose.ppt (corrupt) Could not check c:\Dokumente und Einstellungen\User\Desktop\Downloads\Uni\Block 8\Binder\5.1_Immun-Arteriitiden.ppt (corrupt) Could not check c:\Dokumente und Einstellungen\User\Desktop\Downloads\Uni\Block 9\b-Diagnostik_Symptome_Befunde_1.ppt (corrupt) Could not check c:\Dokumente und Einstellungen\User\Desktop\Downloads\Uni\Block 9\katschnig_psychiatrieeinfuehrung.doc (corrupt) >>> Virus 'Troj/Drsmartl-F' found in file c:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BN7VBFVG\toolbar[1].txt Removal successful Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open c:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open c:\hiberfil.sys Password protected file c:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\WebSearch\WebSearchENU.pdf Could not check c:\Programme\Adobe\Adobe Version Cue CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp41608.instance (virus scan failed) Could not check c:\Programme\Filesharing\eMule\Temp\012.part\porn pictures vol. 41.rar\raijmmar porn pictures 419.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\012.part\porn pictures vol. 41.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\012.part\porn pictures vol. 42.rar\raijmmar porn pictures 430.rar\raijmmar porn pictures 430\A895s010.jpg (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\012.part\porn pictures vol. 42.rar\raijmmar porn pictures 430.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\012.part\porn pictures vol. 42.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\012.part (corrupt) Password protected file c:\Programme\Filesharing\eMule\Temp\016.part\Yolka2006.rar\Yolka 2006\01.ŸCould not check c:\Programme\Filesharing\eMule\Temp\016.part\Yolka2006.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\016.part\Yolka2006.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\016.part (part of multi volume archive) c:\Programme\Filesharing\eMule\Temp\064.part\4evermodels\4evermodels.com-mikaela_155pics.rar\4evermodels.com-mikaela\!4Ever_Mikaela_pool - jAckdex003.jpg (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\064.part\4evermodels\4evermodels.com-mikaela_155pics.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\064.part\4evermodels\4evermodels.jodie.blackdress.nnp2p.rar\IMG_3022.JPG (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\064.part\4evermodels\4evermodels.jodie.blackdress.nnp2p.rar (corrupt) Could not check c:\Programme\Filesharing\eMule\Temp\064.part (corrupt) Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\~GLH0007.TMP\Ad-Aware SE Default.skn Password protected file c:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\~GLH0009.TMP\bt51.bmp Could not check c:\Programme\Medion\PowerVCR II\Skins\Taurus\CyberEPG.dlg (virus scan failed) Could not check c:\Programme\Medion\PowerVCR II\Skins\Taurus\Default.dlg (virus scan failed) Could not check c:\Programme\Medion\PowerVCR II\Skins\Taurus\Default.skn (virus scan failed) Could not check c:\Programme\Medion\VideoLiveMail\VLMSkin\VLMSkin.skn (virus scan failed) Could not check c:\Programme\Multi Media Software\MusicMatch Jukebox\WebSys\mmsl\mm\gui\AlbumViewer.htc (virus scan failed) Password protected file c:\Programme\The Cleaner\cleaner4.cdb\cleaner4.dbf Password protected file c:\Programme\The Cleaner\cleaner4.cdb\cleaner4.dbt Password protected file c:\Programme\The Cleaner\cleaner4.cdb.bak\cleaner4.dbf Password protected file c:\Programme\The Cleaner\cleaner4.cdb.bak\cleaner4.dbt Could not check c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1145\snapshot\ComDb.Dat (corrupt) >>> Virus 'Troj/Torpig-AA' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1158\A0163640.exe Removal successful >>> Virus 'Troj/Spywad-T' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1158\A0163647.exe Removal successful >>> Virus 'Troj/Clicker-CD' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1158\A0163649.exe Removal successful >>> Virus 'Troj/StartPa-NI' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1158\A0163650.exe Removal successful >>> Virus 'Troj/Drsmartl-F' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1158\A0163654.exe Removal successful >>> Virus 'Troj/Spywad-T' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1158\A0163656.exe Removal successful Could not check c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1158\snapshot\ComDb.Dat (corrupt) >>> Virus 'Dial/Intex-B' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1159\A0168926.exe Removal successful Could not check c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1159\snapshot\ComDb.Dat (corrupt) Could not check c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1160\snapshot\ComDb.Dat (corrupt) >>> Virus 'Troj/Torpig-AA' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1161\A0172946.exe Removal successful >>> Virus 'Troj/Spywad-T' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1161\A0172950.exe Removal successful >>> Virus 'Troj/Spywad-T' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1161\A0172951.exe Removal successful >>> Virus 'Troj/Clicker-CD' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1161\A0172952.exe Removal successful >>> Virus 'Troj/StartPa-NI' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1161\A0172953.exe Removal successful Could not check c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1161\snapshot\ComDb.Dat (corrupt) >>> Virus 'Troj/Drsmartl-F' found in file c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1162\A0184225.exe Removal successful Could not check c:\System Volume Information\_restore{82A5659D-CF30-4B37-8F25-57D6B1091131}\RP1162\snapshot\ComDb.Dat (corrupt) Could not check c:\WINDOWS\Registration\R000000000015.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000001c.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000001d.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000001e.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000001f.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000020.clb (corrupt) Could not open c:\WINDOWS\system32\config\system.LOG Could not open c:\WINDOWS\system32\drivers\atapi.sys Could not check c:\WINDOWS\system32\emptyregdb.dat (corrupt) Could not open c:\WINDOWS\Temp\hsperfdata_SYSTEM\1300 Could not open c:\WINDOWS\Temp\ib20 Could not open c:\WINDOWS\Temp\ib21 Could not open c:\WINDOWS\Temp\ib22 Could not open c:\WINDOWS\Temp\JETCEE8.tmp Could not open c:\WINDOWS\Temp\Perflib_Perfdata_54c.dat Could not open c:\WINDOWS\Temp\_avast4_\Webshlock.txt Could not check d:\emule temp\225.part\Pure Dee, Canadian model(complete)\pureDee\05\09.jpg (corrupt) Could not check d:\emule temp\225.part (corrupt) Password protected file d:\Musik\Alben\Bryan_Adams-Anthology-2CD-2005-XXL_www.goldesel.6x.to.rar\Bryan_Adams-Anthology-2CD-2005-XXL_www.goldesel.to\000-bryan_adams-anthology-2cd-2005-xxl.m3u |
|
|
|
|
|
|
27.01.2006, 13:22
Ehrenmitglied
Beiträge: 29434 |
#23
nun weiter... der Platz reicht nicht
 Vergiss nicht...avast zu deinstallieren und deaktiviere die Systemwiederherstellung... nach der Reinigung wieder aktivieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2006, 15:09
Member
Themenstarter Beiträge: 33 |
#24
avast ist weg, spybot und ewido auch....noch immer 45 prozesse...
der rest des sophos log: 1 master boot record swept. 184908 files swept in 6 hours, 37 minutes and 43 seconds. 457 errors were encountered. 15 viruses were discovered. 15 files out of 184908 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 348 encrypted files were not checked. Ending Sophos Anti-Virus. Trend scan rennt grad.... systemwiederhestellung hatte ich bis jetzt nicht deaktiviert....problem? |
|
|
|
|
|
|
27.01.2006, 15:31
Ehrenmitglied
Beiträge: 29434 |
#25
deaktiviere die Systemwiederherstellung
TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner scanne mit panda und kopiere hier den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2006, 15:44
Member
Themenstarter Beiträge: 33 |
#26
alle 3 hdds (partitionen) mit panda scannen?
sollich den trend scan beenden oder fertig laufen lassen? der trend scan hat bis jetzt 2mal das gefunden -> TROJ_DRSMARTL.F Dieser Beitrag wurde am 27.01.2006 um 15:59 Uhr von freeskier editiert.
|
|
|
|
|
|
|
27.01.2006, 16:05
Ehrenmitglied
Beiträge: 29434 |
#27
lasse erst mal den anderen scan zu ende scannen ...und kopiere dann den scanreport...danach der panda
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2006, 16:07
Member
Themenstarter Beiträge: 33 |
||
|
|
|
|
|
27.01.2006, 16:10
Ehrenmitglied
Beiträge: 29434 |
#29
starte erst mal neu...damit die Viren geloescht werden...dann scanne mit panda
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2006, 16:55
Member
Themenstarter Beiträge: 33 |
#30
/--------------------------------------------------------------\
| Trend Micro Sysclean Package | | Copyright 2002, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2006-01-27, 13:43:15, Auto-clean mode specified. 2006-01-27, 13:43:15, Running scanner "c:\AV-CLS\Trend\TSC.BIN"... 2006-01-27, 13:46:29, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running. 2006-01-27, 13:46:29, TSC Log: Damage Cleanup Engine (DCE) 3.98(Build 1012) Windows XP(Build 2600: Service Pack 2) Start time : Fr Jän 27 2006 13:43:15 Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 700) [success] Complete time : Fr Jän 27 2006 13:46:29 Execute pattern count(4688), Virus found count(0), Virus clean count(0), Clean failed count(0) 2006-01-27, 13:47:52, Could not set file for reading on "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys\67b6351100d23e9f52f288571d22798d_d6a5d238-2250-4eed-9842-2388f636d16a": Zugriff verweigert 2006-01-27, 13:48:04, Could not set file for reading on "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Dr Watson\user.dmp": Zugriff verweigert 2006-01-27, 13:48:47, An error occurred while scanning file "c:\Dokumente und Einstellungen\LocalService\ntuser.dat": Zugriff verweigert 2006-01-27, 13:48:47, An error occurred while scanning file "c:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG": Zugriff verweigert 2006-01-27, 13:48:47, An error occurred while scanning file "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert 2006-01-27, 13:48:47, An error occurred while scanning file "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert 2006-01-27, 14:09:55, An error occurred while scanning file "c:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT": Zugriff verweigert 2006-01-27, 14:09:55, An error occurred while scanning file "c:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG": Zugriff verweigert 2006-01-27, 14:09:55, An error occurred while scanning file "c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert 2006-01-27, 14:09:55, An error occurred while scanning file "c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert 2006-01-27, 14:30:19, An error occurred while scanning file "c:\Dokumente und Einstellungen\Test\ntuser.dat": Zugriff verweigert 2006-01-27, 14:30:19, An error occurred while scanning file "c:\Dokumente und Einstellungen\Test\ntuser.dat.LOG": Zugriff verweigert 2006-01-27, 14:30:48, An error occurred while scanning file "c:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert 2006-01-27, 14:30:48, An error occurred while scanning file "c:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert 2006-01-27, 15:16:04, An error was detected on "c:\System Volume Information\*.*": Zugriff verweigert die windows updates lass ich mal weg... 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ACDSEE7.EXE-32B29597.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ACROBAT.EXE-03161C48.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ACROBATINFO.EXE-09BC4804.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ACROBAT_SL.EXE-054EDF5E.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ACRODIST.EXE-1CFEA581.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ACROTRAY.EXE-05895215.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-1FD09C3A.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ASHDISP.EXE-022E2A3A.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ASHMAISV.EXE-1DFA1C18.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ASHPOPWZ.EXE-1EC54148.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ASHWEBSV.EXE-10609AF0.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\AU_.EXE-36BCD25D.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\AVAST.SETUP-17A8D9B1.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\AVK.EXE-36CDEF3F.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\CTDETECT.EXE-2501E4F9.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\DSLAGENT.EXE-11E24C1A.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ENC2002.EXE-371554E8.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\GSICON.EXE-3763290A.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\HIJACKTHIS.EXE-192A8325.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\HPZTSB04.EXE-2611387D.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\INCD.EXE-348E921D.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\IPODSERVICE.EXE-233792DA.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\ITUNESHELPER.EXE-08906EB7.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\JUSCHED.EXE-141A6CCC.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\KIX32.EXE-0D30371A.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\MMTASK.EXE-0895BF3C.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\MSMSGS.EXE-32066BA5.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\MULTI_AV.EXE-34B7A09E.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\MYSQLADMIN.EXE-27910EC9.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\MYSQLD-NT.EXE-0C18C6C5.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\NMBGMONITOR.EXE-0BC10095.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\NMINDEXSTORESVR.EXE-1DBCF9FD.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\OMALARM.EXE-0D30DD75.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\OPERA.EXE-10515FAB.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\OSA.EXE-0082CBE3.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\OTBSTART.EXE-0690AFA9.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\POWERREG SCHEDULER.EXE-23984AAF.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\QTTASK.EXE-2D7EEF34.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\REALPLAY.EXE-362DD80A.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf": Zugriff verweigert 2006-01-27, 15:21:39, Could not set file for reading on "c:\WINDOWS\Prefetch\RUNDLL32.EXE-156A6F97.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\RUNDLL32.EXE-247FE6B9.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\RUNDLL32.EXE-3D97474F.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\RUNDLL32.EXE-455ED366.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\RUNDLL32.EXE-4A5A9D78.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\SC.EXE-012262AF.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\SETUP.OVR-25A10178.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\SHUTDOWN.EXE-12DAD820.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\SOL.EXE-1C0C14EB.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\SPYBOTSD.EXE-1D495A65.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\SYSCLEAN.COM-1EF28012.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\SYSCLEAN.EXE-31AEB4DC.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\T.EXE-2C5E72A5.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\TEATIMER.EXE-38E505A8.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\TSC.BIN-25A3BE24.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\UNINS000.EXE-322F758F.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\UNINSTALL.EXE-1E66612E.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\VERSIONCUECS2TRAY.EXE-18436C16.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\WGET.EXE-106A43C1.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Zugriff verweigert 2006-01-27, 15:21:40, Could not set file for reading on "c:\WINDOWS\Prefetch\_IU14D2N.TMP-00EF6815.pf": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\default": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\default.LOG": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\SAM": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\SAM.LOG": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\SECURITY": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\SECURITY.LOG": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\software": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\software.LOG": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\system": Zugriff verweigert 2006-01-27, 15:24:00, An error occurred while scanning file "c:\WINDOWS\system32\config\system.LOG": Zugriff verweigert 2006-01-27, 15:24:31, An error occurred while scanning file "c:\WINDOWS\system32\drivers\atapi.sys": Zugriff verweigert 2006-01-27, 15:25:17, Could not set file for reading on "c:\WINDOWS\Temp\hsperfdata_SYSTEM\1252": Zugriff verweigert 2006-01-27, 15:25:41, Running scanner "c:\AV-CLS\Trend\VSCANTM.BIN"... 2006-01-27, 16:49:40, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 1/27/2006 15:25:42 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 181 (120806 Patterns) (2006/01/26) (318100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 c:\*.* /P=c:\AV-CLS\Trend c:\!KillBox\drsmartload1.exe [TROJ_DRSMARTL.F] c:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YE7SLYWK\drsmartload[1].exe [TROJ_DRSMARTL.F] 154810 files have been read. 154810 files have been checked. 102046 files have been scanned. 193651 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 1/27/2006 16:49:36 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-01-27, 16:49:40, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 1/27/2006 15:25:42 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 181 (120806 Patterns) (2006/01/26) (318100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 c:\*.* /P=c:\AV-CLS\Trend Success Clean [ TROJ_DRSMARTL.F]( 1) from c:\!KillBox\drsmartload1.exe Success Clean [ TROJ_DRSMARTL.F]( 1) from c:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YE7SLYWK\drsmartload[1].exe 154810 files have been read. 154810 files have been checked. 102046 files have been scanned. 193651 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 1/27/2006 16:49:36 1 hour 23 minutes 51 seconds (5031.69 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-01-27, 16:49:40, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 1/27/2006 15:25:42 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 181 (120806 Patterns) (2006/01/26) (318100) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 c:\*.* /P=c:\AV-CLS\Trend 154810 files have been read. 154810 files have been checked. 102046 files have been scanned. 193651 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 1/27/2006 16:49:36 1 hour 23 minutes 51 seconds (5031.69 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-01-27, 16:49:40, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. edit: TuneUp 2006 lässt sich nicht installieren -> windows installer fehler..... status bericht: pc war nach nuestart kurz fast der "alte" - dann kam shutdown window und es war wieder alles langsam......  @ panda: krieg ich nicht zum laufen -> IE streikt sofort...... Dieser Beitrag wurde am 27.01.2006 um 17:46 Uhr von freeskier editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 26.01.2006 - 15:32
Wert 0
Name: AntiVirusDisableNotify
Typ: REG_DWORD
Daten: 0x0
Wert 1
Name: FirewallDisableNotify
Typ: REG_DWORD
Daten: 0x0
Wert 2
Name: UpdatesDisableNotify
Typ: REG_DWORD
Daten: 0x0
Wert 3
Name: AntiVirusOverride
Typ: REG_DWORD
Daten: 0x0
Wert 4
Name: FirewallOverride
Typ: REG_DWORD
Daten: 0x0
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 25.01.2006 - 23:48
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 25.01.2006 - 23:48
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 29.08.2004 - 22:40
HKEY_CURRENT_USER\Software\Microsoft\security center -> kann ich nicht finden
C:\windows\winsysupd2.exe (loeschen)
C:\windows\winsysban.exe
-> beide nicht zu finden
win32delfkil.exe -> habe kein log speichern/finden können ; nach fix.bat hat das programm sofort rebooted
http://virus-protect.org/multiavtool.html -> konnte ich bis jetzt nicht ausführen.... edit: hab c:\windows\system32 , c:\windows\ und c:\ gescant. kann aber keine logs finden....
das alles war anscheinend wieder ohne ergebnisse:
-shutdown window kommt noch immer bei internet benutzung (opera).
-system ist langsam
-sind 52 ausgeführte prozesse normal????
-das windows security center scheint abe wieder zu funktionieren