Im Taskmanager wird iexplore.exe oft ausgeführt !

09.04.2008, 09:40

Sabina

Ehrenmitglied

Beiträge: 29434

#16 versuche es noch mal, hab das script verändert, klicke so oft, bis der avenger neustartet

Zitat

Registry keys to delete:
HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\Antispywar_B95596C82495334D92E4A7C6DDCCEF6AA6E672E4
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_IPSEC_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows IPSEC Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_IPSEC_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows IPSEC Monitor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_IPSEC_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IPSEC Monitor

Files to delete:
C:\WINDOWS\uninst.exe
C:\WINDOWS\system32\msipm_1.dll
C:\smaq.exe
C:\ovvbu.exe
C:\WINDOWS\system32\test12.exe
C:\opteax.exe

__________
MfG Sabina

rund um die PC-Sicherheit

10.04.2008, 14:28

Wytsche

...neu hier

Themenstarter

Beiträge: 9

#17 Avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 09 07:48:39 2008

07:48:39: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 09 07:49:46 2008

07:49:46: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 09 07:50:51 2008

07:50:51: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 09 07:51:55 2008

07:51:55: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 09 08:12:29 2008

08:12:29: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_IPSEC_MONITOR\0000" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows IPSEC Monitor" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_IPSEC_MONITOR\0000" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows IPSEC Monitor" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_IPSEC_MONITOR\0000" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_IPSEC_MONITOR\0000" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IPSEC Monitor" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IPSEC Monitor" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\uninst.exe" deleted successfully.
File "C:\WINDOWS\system32\msipm_1.dll" deleted successfully.
File "C:\smaq.exe" deleted successfully.
File "C:\ovvbu.exe" deleted successfully.
File "C:\WINDOWS\system32\test12.exe" deleted successfully.
File "C:\opteax.exe" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\Antispywar_B95596C82495334D92E4A7C6DDCCEF6AA6E672E4" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\Antispywar_B95596C82495334D92E4A7C6DDCCEF6AA6E672E4" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Kaspersky

Scan
----
Scanned: 1272
Detected: 48
Untreated: 0
Start time: 09.04.2008 15:32:21
Duration: 00:01:26
Finish time: 09.04.2008 15:33:47

Detected
--------
Status Object
------ ------
will be deleted when the computer is restarted: virus Virus.Win32.Parite.b File: C:\WINDOWS\TEMP\aoa1.tmp//UPX
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\msaccess.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\acrobat 8.0\acrobat\acrobat.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\excel.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\groove.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\windows nt\hypertrm.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\adobe utilities\extendscript toolkit 2\extendscript toolkit 2.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\mstore.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\adobe photoshop cs3\photoshop.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\powerpnt.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\winword.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\gemeinsame dateien\microsoft shared\office12\msoxmled.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\adobe dreamweaver cs3\dreamweaver.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\acrobat 8.0\acrobat\acrotray.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\quicktime\qttask.exe
deleted: virus Virus.Win32.Parite.b File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe
deleted: virus Virus.Win32.Parite.b File: c:\windows\system32\ati2sgag.exe
deleted: virus Virus.Win32.Parite.b File: C:\WINDOWS\system32\atmsrvc.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\bonjour\mdnsresponder.exe
deleted: virus Virus.Win32.Parite.b File: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
deleted: Trojan program Trojan.Win32.Small.aau File: c:\windows\system32\drivers\diag69xp.sys
deleted: virus Virus.Win32.Parite.b File: c:\programme\google\common\google updater\googleupdaterservice.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\grooveauditservice.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\gemeinsame dateien\microsoft shared\office12\odserv.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe
deleted: virus Virus.Win32.Parite.b File: c:\windows\system32\drivers\install.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\acrobat 8.0\acrobat\acrobatinfo.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\acrobat 8.0\acrobat\acrodist.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe type manager\atmfm.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\adobe\adobe bridge cs3\bridge.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\corel\coreldraw graphics suite x4\programs\capture.exe
deleted: virus Virus.Win32.Parite.b File: c:\dokumente und einstellungen\boss\desktop\combofix.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\corel\coreldraw graphics suite x4\programs\coreldrw.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\corel\coreldraw graphics suite x4\programs\corelpp.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\trend micro\hijackthis\hijackthis.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\infopath.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\itunes\itunes.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\mobackup\mobackup.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\messenger\msmsgs.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\mspub.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\ois.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\onenote.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\microsoft office\office12\outlook.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\quicktime\pictureviewer.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\quicktime\quicktimeplayer.exe
deleted: virus Virus.Win32.Parite.b File: c:\program files\real\realplayer\realplay.exe
deleted: virus Virus.Win32.Parite.b File: c:\programme\gemeinsame dateien\real\update_ob\rnxproc.exe
deleted: virus Virus.Win32.Parite.b File: c:\windows\downloaded program files\fp_ax_cab_installer.exe

Events
------
Time Name Status Reason
---- ---- ------ ------

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----

10.04.2008, 15:54

Sabina

Ehrenmitglied

Beiträge: 29434

#18 Hallo,

na wunderbar ! Hat ja gut geklappt !

«
starte den Rechner neu, damit der kaspersky den parite löschen kann.

--------------------------------------------------------------------
««
http://virus-protect.org/artikel/tools/regsearch.html

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

Diag69xp

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

-------------------------------------------------------------------
«
scanne mit bitdefender + poste den report
http://virus-protect.org/onlinescan.html
+
ein neues Log von HijackTHis + Combofix
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2