Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
backdoor darkmoon virus

backdoor darkmoon virus


Log-Analyse und Auswertung: backdoor darkmoon virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.10.2005, 13:22   #1
seawolf
 
backdoor darkmoon virus - Standard

backdoor darkmoon virus


hi all bin neu hier und bekomme immer ne meldung backdoor darkmoon virus gefunden wie bekomme ich den weg ausser neu zu instalieren habe antivir 6 drauf und norten
norten vindet den aber wenn ich auf löschen gehe kommt der wieder kann mir einer helfen bitte

Alt 07.10.2005, 13:43   #2
gothicgamer91
 
backdoor darkmoon virus - Standard

backdoor darkmoon virus


Poste doch mal dein HijackThis Log.
HiJack Anleitung hier.
__________________
Alt 07.10.2005, 16:25   #3
seawolf
 
backdoor darkmoon virus - Standard

backdoor darkmoon virus


Logfile of HijackThis v1.99.1
Scan saved at 17:15:44, on 07.10.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\teamspeak2_RC2\TeamSpeak.exe
D:\Programme\Valve\Steam\Steam.exe
C:\Programme\Steganos AntiSpyware 2006\WRSSSDK.exe
C:\Programme\Steganos AntiSpyware 2006\saspy2006.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe
C:\Dokumente und Einstellungen\sack\Eigene Dateien\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h++p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h++p://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programme\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Antispyware 2006] "C:\Programme\Steganos AntiSpyware 2006\saspy2006.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] "d:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Browser-Anpassung - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04DA0F27-8594-48A5-BB0B-9BB6EEBF625A}: NameServer = 213.168.112.60 194.8.194.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{04DA0F27-8594-48A5-BB0B-9BB6EEBF625A}: NameServer = 213.168.112.60 194.8.194.60
O18 - Protocol: bw+0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F6FC7B67-53CA-48A4-9503-2CA9FC491FC4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programme\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Steganos AntiSpyware 2006\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
__________________
Alt 07.10.2005, 19:04   #4
felix1
/// Helfer-Team
 
backdoor darkmoon virus - Standard

backdoor darkmoon virus


Ausser einem veraltetem und ungepatchtem System kann ich so keine schädliche Datei finden. Deshalb mache einen escan genau nach anleitung und poste die mit der find.bat erzeugte Datei.
http://www.trojaner-board.de/showthread.php?t=17492

Alt 08.10.2005, 02:30   #5
seawolf
 
backdoor darkmoon virus - Standard

backdoor darkmoon virus


hi kann die log hie nicht rein machen ist zu gross ist das normal das die 10 mb gros ist hat 1 stunde gedauer

Fri Oct 07 23:38:35 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\lang\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\shaders\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Bones\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\CompiledDefs\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Defs\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\EngineCache\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\lang\English\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\LightingTable\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Misc\LoadProgress\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Misc\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\shaders\pc\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Defs\RetailHeaders\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Tattoos\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Defs\RetailHeaders\pc\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Sound\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Video\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Levels\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\graphics\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Misc\pc\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\graphics\pc\". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".adf". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".amx". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avc". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/adminmod/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/configs/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/configs/amxmd/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/configs/amxmd/leagues/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/configs/atac/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/configs/maps/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/configs/uaio/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/data/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/dlls/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/logs/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/modules/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/plugins/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/scripting/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/amxmodx/scripting/uaio_inc/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/clanmod/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/clanmod/addons/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/clanmod/configs/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/clanmod/configs/scripts/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/addons/statsme/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/maps/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/SAVE/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/sound/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/sound/misc/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/steam/cstrike/sounds/". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ide". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".media". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rom". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sma". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BitComet Toolbar". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "cFos". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "cFosSpeed". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ICQLite". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "kazaalite202_is1". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Nero - Burning Rom!UninstallKey". Action Taken: No Action Taken.

Fri Oct 07 23:38:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NimoCorp". Action Taken: No Action Taken.

Fri Oct 07 23:38:39 2005 => Entry "HKCR\cFosSpeed.Config" refers to invalid object "{A56B357E-7D66-474A-8CA1-C909109C88AF}". Action Taken: No Action Taken.

Fri Oct 07 23:38:39 2005 => Entry "HKCR\cFosSpeed.Config.1" refers to invalid object "{A56B357E-7D66-474A-8CA1-C909109C88AF}". Action Taken: No Action Taken.


Alt 08.10.2005, 02:35   #6
seawolf
 
backdoor darkmoon virus - Standard

backdoor darkmoon virus


Fri Oct 07 23:19:49 2005 => **********************************************************
Fri Oct 07 23:19:49 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Fri Oct 07 23:19:49 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri Oct 07 23:19:49 2005 => **********************************************************
Fri Oct 07 23:19:49 2005 => Version 7.2.2 (C:\Dokumente und Einstellungen\sack\Eigene Dateien\mwav\mwavscan.com)
Fri Oct 07 23:19:49 2005 => Log File: C:\DOKUME~1\sack\EIGENE~1\mwav\MWAV.LOG
Fri Oct 07 23:19:49 2005 => Last Scan Date and Time: 07.10.2005 23:04:12
Fri Oct 07 23:19:49 2005 => MWAV Registered: TRUE.
Fri Oct 07 23:19:49 2005 => MWAV Mode: Scan and Clean files.
Fri Oct 07 23:19:49 2005 => Database Path in KL Key: C:\PROGRA~1\eScan.
Fri Oct 07 23:19:49 2005 => Latest Date of files in KL key: 07 Oct 2005 19:56:02.
Fri Oct 07 23:19:49 2005 => Latest Date of files inside MWAV: 27 Sep 2005 10:51:30.
Fri Oct 07 23:19:49 2005 => eScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 07 23:19:49 2005 => MailScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 07 23:19:52 2005 => AV Library Loaded...
Fri Oct 07 23:19:52 2005 => MWAV doing self scanning...
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavss.exe
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\Getvlist.exe
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavss.dll
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavssdi.dll
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavssi.dll
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavvlg.dll
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\msvlclnt.dll
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\ipc.dll
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\main.avi
Fri Oct 07 23:19:52 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\virus.avi
Fri Oct 07 23:19:52 2005 => MWAV files are clean.
Fri Oct 07 23:19:59 2005 => Virus Database Date: 2005/10/07
Fri Oct 07 23:19:59 2005 => Virus Database Count: 148678
Fri Oct 07 23:20:10 2005 => AV Library Unloaded (3)...
Fri Oct 07 23:36:38 2005 => **********************************************************
Fri Oct 07 23:36:38 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Fri Oct 07 23:36:38 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri Oct 07 23:36:38 2005 => **********************************************************
Fri Oct 07 23:36:38 2005 => Version 7.2.2 (C:\Dokumente und Einstellungen\sack\Eigene Dateien\mwav\mwavscan.com)
Fri Oct 07 23:36:38 2005 => Log File: C:\DOKUME~1\sack\EIGENE~1\mwav\MWAV.LOG
Fri Oct 07 23:36:38 2005 => Last Scan Date and Time: 07.10.2005 23:04:12
Fri Oct 07 23:36:38 2005 => MWAV Registered: TRUE.
Fri Oct 07 23:36:38 2005 => MWAV Mode: Scan and Clean files.
Fri Oct 07 23:36:38 2005 => Database Path in KL Key: C:\PROGRA~1\eScan.
Fri Oct 07 23:36:40 2005 => Latest Date of files in KL key: 07 Oct 2005 19:56:02.
Fri Oct 07 23:36:42 2005 => Latest Date of files inside MWAV: 27 Sep 2005 10:51:30.
Fri Oct 07 23:36:42 2005 => eScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 07 23:36:42 2005 => MailScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 07 23:36:44 2005 => AV Library Loaded...
Fri Oct 07 23:36:44 2005 => MWAV doing self scanning...
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavss.exe
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\Getvlist.exe
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavss.dll
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavssdi.dll
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavssi.dll
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\kavvlg.dll
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\msvlclnt.dll
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\ipc.dll
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\main.avi
Fri Oct 07 23:36:44 2005 => Scanning File C:\DOKUME~1\sack\EIGENE~1\mwav\virus.avi
Fri Oct 07 23:36:44 2005 => MWAV files are clean.
Fri Oct 07 23:36:54 2005 => Virus Database Date: 2005/10/07
Fri Oct 07 23:36:54 2005 => Virus Database Count: 148678

Fri Oct 07 23:37:30 2005 => **********************************************************
Fri Oct 07 23:37:30 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Fri Oct 07 23:37:30 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri Oct 07 23:37:30 2005 =>
Fri Oct 07 23:37:30 2005 => Support: support@mwti.net
Fri Oct 07 23:37:30 2005 => Web: http://www.mwti.net
Fri Oct 07 23:37:30 2005 => **********************************************************
Fri Oct 07 23:37:30 2005 => Version 7.2.2 (C:\Dokumente und Einstellungen\sack\Eigene Dateien\mwav\mwavscan.com)
Fri Oct 07 23:37:30 2005 => Log File: C:\DOKUME~1\sack\EIGENE~1\mwav\MWAV.LOG
Fri Oct 07 23:37:30 2005 => User Account: sack
Fri Oct 07 23:37:30 2005 => Windows Root Folder: C:\WINDOWS
Fri Oct 07 23:37:30 2005 => Windows Sys32 Folder: C:\WINDOWS\System32
Fri Oct 07 23:37:30 2005 => OS: Windows NT
Fri Oct 07 23:37:30 2005 => Database Path in KL Key: C:\PROGRA~1\eScan.
Fri Oct 07 23:37:30 2005 => Latest Date of files in KL key: 07 Oct 2005 19:56:02.
Fri Oct 07 23:37:30 2005 => Latest Date of files inside MWAV: 27 Sep 2005 10:51:30.

Fri Oct 07 23:37:30 2005 => Options Selected by User:
Fri Oct 07 23:37:30 2005 => Memory Check: Enabled
Fri Oct 07 23:37:30 2005 => Registry Check: Enabled
Fri Oct 07 23:37:30 2005 => StartUp Folder Check: Enabled
Fri Oct 07 23:37:30 2005 => System Folder Check: Enabled
Fri Oct 07 23:37:30 2005 => System Area Check: Disabled
Fri Oct 07 23:37:30 2005 => Services Check: Enabled
Fri Oct 07 23:37:30 2005 => Drive Check: Disabled
Fri Oct 07 23:37:30 2005 => All Drive Check :Enabled
Fri Oct 07 23:37:30 2005 => Folder Check: Enabled
Fri Oct 07 23:37:30 2005 => Folder Selected = C:\WINDOWS

Antwort

Themen zu backdoor darkmoon virus
antivir, ausser, backdoor, gefunde, helfen, instalieren, löschen, meldung, neu, norten, virus, virus gefunden


« System sehr Langsam | Infiziert?? »


Ähnliche Themen: backdoor darkmoon virus


  1. Backdoor-Virus?
    Log-Analyse und Auswertung - 20.07.2012 (1)
  2. Facebook Virus (Backdoor)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (2)
  3. Virus Backdoor
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (21)
  4. Backdoor Virus
    Log-Analyse und Auswertung - 31.07.2010 (2)
  5. Verdacht auf Backdoor Virus.
    Log-Analyse und Auswertung - 01.08.2009 (8)
  6. N>virus (backdoor) killer
    Mülltonne - 10.08.2008 (1)
  7. Backdoor + Virus.Autorun
    Log-Analyse und Auswertung - 02.08.2008 (2)
  8. Was ist BACKDOOR.DARKMOON ?????
    Mülltonne - 30.06.2008 (1)
  9. Virusfund backdoor.darkmoon, nach E-Scan geht nun nix mehr
    Plagegeister aller Art und deren Bekämpfung - 21.03.2008 (4)
  10. msn Virus Backdoor.Agent.ZCN
    Plagegeister aller Art und deren Bekämpfung - 10.02.2008 (1)
  11. 1und1 Mail und Backdoor Darkmoon
    Plagegeister aller Art und deren Bekämpfung - 14.01.2007 (9)
  12. Backdoor Virus
    Plagegeister aller Art und deren Bekämpfung - 18.09.2006 (8)
  13. Backdoor Virus!
    Plagegeister aller Art und deren Bekämpfung - 17.05.2006 (1)
  14. Backdoor Virus!
    Log-Analyse und Auswertung - 05.08.2005 (6)
  15. Backdoor.Darkmoon.54
    Plagegeister aller Art und deren Bekämpfung - 04.08.2005 (1)
  16. BDS/DarkMoon.AZ
    Plagegeister aller Art und deren Bekämpfung - 01.08.2005 (5)
  17. BACKDOOR.SINIT - VIRUS
    Plagegeister aller Art und deren Bekämpfung - 23.10.2003 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema backdoor darkmoon virus - hi all bin neu hier und bekomme immer ne meldung backdoor darkmoon virus gefunden wie bekomme ich den weg ausser neu zu instalieren habe antivir 6 drauf und norten norten - backdoor darkmoon virus...
Archiv
Du betrachtest: backdoor darkmoon virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131