Ich habe einen Trojaner und bekomme ihn einfach nicht weg |
||
---|---|---|
#0
| ||
05.08.2006, 18:28
Ehrenmitglied
Beiträge: 29434 |
||
|
||
05.08.2006, 18:38
Member
Themenstarter Beiträge: 30 |
#17
Das erste geht nicht da kommt eine Fehlermeldung.
C:\WINDOWS\TGFiaQ existiert nicht. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779} ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bayinnme ******************* Script file located at: \??\C:\fcofcvtp.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Status: 0xc0000034 File c:\dokumente und einstellungen\all users\favoriten\Online Chat With Nude Girls.url deleted successfully. File C:\WINDOWS\TGFiaQ\asappsrv.dl not found! Deletion of file C:\WINDOWS\TGFiaQ\asappsrv.dl failed! Could not process line: C:\WINDOWS\TGFiaQ\asappsrv.dl Status: 0xc0000034 File C:\WINDOWS\TGFiaQ\n3I2uk.vbs deleted successfully. File ** not found! Deletion of file ** failed! Could not process line: ** Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} deleted successfully. Completed script processing. ******************* Finished! Terminate. Nun das andere: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Adition Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@ad.adition[1].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@ad.yieldmanager[1].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@adbrite[2].txt Risk: Medium Name: TrackingCookie.71i Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@adicq.71i[2].txt Risk: Medium Name: TrackingCookie.Euroclick Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@adopt.euroclick[1].txt Risk: Medium Name: TrackingCookie.Tacoda Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@anad.tacoda[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@axelspringer.122.2o7[1].txt Risk: Medium Name: TrackingCookie.Burstnet Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@burstnet[2].txt Risk: Medium Name: TrackingCookie.Com Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@com[1].txt Risk: Medium Name: TrackingCookie.Clickzs Path: C:\Dokumente und Einstellungen\Labi\Cookies\labi@cz4.clickzs[2].txt Risk: Medium dit __________ mfg LaBi Dieser Beitrag wurde am 05.08.2006 um 18:57 Uhr von LaBi editiert.
|
|
|
||
05.08.2006, 20:21
Ehrenmitglied
Beiträge: 29434 |
#18
loesche unbedingt: C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Registry Cleaner
dann sollte wieder alles o.k sein. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.08.2006, 20:27
Member
Themenstarter Beiträge: 30 |
||
|
||
05.08.2006, 20:49
Ehrenmitglied
Beiträge: 29434 |
#20
multiavtool
http://virus-protect.org/multiavtool.html * klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster. bei der Eingabe "3" im MULTIAVTOOL muss eine Internetverbindung vorhanden sein - man muss eingeben, was gescannt werden soll - C:\Windows\System32 - dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ * klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 09:18
Member
Themenstarter Beiträge: 30 |
#21
Ich hab keinen Durchblick mehr. Ich hoffe das ist das richtige.
Virus Scan Report File Virus Scan Information McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4822 created Aug 04 2006 Scanning for 202891 viruses, trojans and variants. Virus Scan Results 08/06/2006 08:41:43 Options: "C:\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [BOOT] Scanning C:\*.* C:\Dokumente und Einstellungen\Labi\Startmenü\Programme\GameSpy Arcade\GameSpy Arcade Help.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Dokumente und Einstellungen\Labi\Startmenü\Programme\GameSpy Arcade\GameSpy Arcade Website.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Dokumente und Einstellungen\Labi\Startmenü\Programme\GameSpy Arcade\GameSpy.com Gaming's Homepage.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Dokumente und Einstellungen\Labi\Startmenü\Programme\GameSpy Arcade\Register GameSpy Arcade.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\privat\icq\ICQToolbar\toolbaru.inf ... Found potentially unwanted program Adware-Softomate. The file or process has been deleted. Summary report on C:\*.* File(s) Total files: ........... 97208 Clean: ................. 97172 Possibly Infected: ..... 0 Cleaned: ............... 0 Deleted: ............... 5 Non-critical Error(s): 3 Time: 00:26.51 Visit the McAfee Online Web Site Need some help or advice? Send email to Technical Support. __________ mfg LaBi |
|
|
||
06.08.2006, 13:46
Ehrenmitglied
Beiträge: 29434 |
#22
ich nehme mal an, du hast auch
C:\Windows\System32 C:\Windows gescannt, es muesste wieder alles o.k. sein, wenn wieder Probleme auftreten, melde dich __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 15:54
Member
Themenstarter Beiträge: 30 |
#23
Ich hab alles gescannt. Aber nur diesen Bericht gefunden. Danke für alles. Das nächste mal kommt besimmt . Kannst mir noch ein paar Programme sagen die vor so SAchen schützen???
mfg LaBi __________ mfg LaBi Dieser Beitrag wurde am 06.08.2006 um 16:47 Uhr von LaBi editiert.
|
|
|
||
http://virus-protect.org/artikel/tools/agentransack.html
schreibe in Suche:
Registry Cleaner
poste das log
2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:
Zitat
**loesche alle backups vom avenger
C:\avenger\backup-05.08.2006-16.28.46,98.zip
**
loesche:
C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Registry Cleaner
C:\WINDOWS\TGFiaQ
**
scanne mit ewido und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina
rund um die PC-Sicherheit