So,da bin ich wieder

Ich hoffe jetzt habe ich es richtig gemacht,wobei mir dieses Logfile besser gefällt als das letztere

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mon Jun 26 19:22:33 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Mon Jun 26 19:22:36 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Mon Jun 26 19:22:41 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 16:37:11 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Tue Jun 27 16:37:15 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 16:37:20 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 18:23:18 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Tue Jun 27 18:23:22 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 18:23:25 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 18:47:23 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Tue Jun 27 18:47:27 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 18:47:34 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 18:53:10 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Tue Jun 27 18:53:13 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Tue Jun 27 18:53:17 2006 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Mon Jun 26 19:22:36 2006 => Offending file found: C:\DOKUME~1\Papa\LOKALE~1\Temp\cmdlineext02.dll
Mon Jun 26 19:22:41 2006 => Offending file found: C:\Dokumente und Einstellungen\Papa\Lokale Einstellungen\temp\cmdlineext02.dll
Tue Jun 27 16:37:15 2006 => Offending file found: C:\DOKUME~1\Papa\LOKALE~1\Temp\cmdlineext02.dll
Tue Jun 27 16:37:20 2006 => Offending file found: C:\Dokumente und Einstellungen\Papa\Lokale Einstellungen\temp\cmdlineext02.dll
Tue Jun 27 18:23:22 2006 => Offending file found: C:\DOKUME~1\Papa\LOKALE~1\Temp\cmdlineext02.dll
Tue Jun 27 18:23:25 2006 => Offending file found: C:\Dokumente und Einstellungen\Papa\Lokale Einstellungen\temp\cmdlineext02.dll
Tue Jun 27 18:47:27 2006 => Offending file found: C:\DOKUME~1\Papa\LOKALE~1\Temp\cmdlineext02.dll
Tue Jun 27 18:47:34 2006 => Offending file found: C:\Dokumente und Einstellungen\Papa\Lokale Einstellungen\temp\cmdlineext02.dll
Tue Jun 27 18:53:13 2006 => Offending file found: C:\DOKUME~1\Papa\LOKALE~1\Temp\cmdlineext02.dll
Tue Jun 27 18:53:17 2006 => Offending file found: C:\Dokumente und Einstellungen\Papa\Lokale Einstellungen\temp\cmdlineext02.dll
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mon Jun 26 19:23:16 2006 => Total Errors: 1
Mon Jun 26 19:53:28 2006 => Total Errors: 0
Tue Jun 27 17:56:06 2006 => Total Errors: 4
Tue Jun 27 18:23:49 2006 => Total Errors: 0
Tue Jun 27 18:26:39 2006 => Total Errors: 0
Tue Jun 27 18:48:14 2006 => Total Errors: 0
Tue Jun 27 19:34:02 2006 => Total Errors: 3
Mon Jun 26 19:23:16 2006 => Time Elapsed: 00:01:13
Mon Jun 26 19:53:28 2006 => Time Elapsed: 00:03:45
Tue Jun 27 17:56:06 2006 => Time Elapsed: 01:36:37
Tue Jun 27 18:23:49 2006 => Time Elapsed: 00:01:39
Tue Jun 27 18:26:39 2006 => Time Elapsed: 00:00:06
Tue Jun 27 18:48:14 2006 => Time Elapsed: 00:01:21
Tue Jun 27 19:34:02 2006 => Time Elapsed: 00:41:23
Mon Jun 26 19:23:16 2006 => Total Objects Scanned: 13644
Mon Jun 26 19:53:28 2006 => Total Objects Scanned: 451
Tue Jun 27 17:56:06 2006 => Total Objects Scanned: 61934
Tue Jun 27 18:23:49 2006 => Total Objects Scanned: 13167
Tue Jun 27 18:26:39 2006 => Total Objects Scanned: 16
Tue Jun 27 18:48:14 2006 => Total Objects Scanned: 13380
Tue Jun 27 19:34:02 2006 => Total Objects Scanned: 58740
Mon Jun 26 19:23:16 2006 => Virus Database Date: 6/26/2006
Mon Jun 26 19:49:14 2006 => Virus Database Date: 6/26/2006
Mon Jun 26 19:53:28 2006 => Virus Database Date: 6/26/2006
Mon Jun 26 19:53:33 2006 => Virus Database Date: 6/26/2006
Tue Jun 27 16:19:05 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 17:56:06 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 18:01:02 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 18:21:20 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 18:23:49 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 18:26:39 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 18:48:14 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 18:48:16 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 18:52:16 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 19:34:02 2006 => Virus Database Date: 6/27/2006
Tue Jun 27 19:44:29 2006 => Virus Database Date: 6/27/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Danke an euch!!!

Zitat:

wobei mir dieses Logfile besser gefällt als das letztere

Jetzt gefällt es mit auch...

1.) Deinstalliere Savenow (sofern vorhanden!) über: START->Systemsteuerung->Software

2.) Lade dir Clearprog und bereinige dein System

3.) Deaktiviere die Systemwiederherstellung --> http://www.systemwiederherstellung-d...indows-xp.html
und starte dann den Rechner neu! (danach kann die STW wieder aktiviert werden!)

4.) lade dir dann noch Ad-Aware und scanne dein System, danach sollte alles wieder i.O. sein..

Gruß
Daniel

Und was ist damit so alles???

Zitat:

[Welchia]
Reg1=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\RPCPatch,"","",""
Reg2=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\RPCTFTPD,"","",""
DeleteFile1=%winsysdir%\wins\svchost.exe
DeleteFile2=%winsysdir%\wins\Dllhost.exe

[LovGate]
Reg1=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\ll_reg,"","",""
Reg2=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\NetMeeting\RemoteDesktop(RPC),"","",""
Reg3=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\Microsoft\NetWork File Wall Services,"","",""
Reg4=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\Windows\Management Instrumentation Driver Extension,"","",""
DeleteFile1=%winsysdir%\NetServices.exe
DeleteFile2=%winsysdir%\RAVMOND.EXE
DeleteFile3=%winsysdir%\RAVMOND.EXE
DeleteFile4=%winsysdir%\WinGate.exe
DeleteFile5=%winsysdir%\WinDriver.exe
DeleteFile6=%winsysdir%\WinHelp.exe
DeleteFile7=%winsysdir%\winrpc.exe
DeleteFile8=%winsysdir%\ily.dll
DeleteFile9=%winsysdir%\task.dll
DeleteFile10=%winsysdir%\reg.dll
DeleteFile11=%winsysdir%\1.dll
DeleteFile12=%winsysdir%\win32vxd.dll
DeleteFile13=%winsysdir%\kernel66.dll
DeleteFile14=%winsysdir%\kernel66.dll
DeleteFile15=%winsysdir%\iky668.dll
DeleteFile16=%winsysdir%\reg678.dll
DeleteFile17=%winsysdir%\task688.dll
DeleteFile18=%winsysdir%\111.dll

[CodeRed]
DeleteFile1=%inetpub%\scripts\root.exe
DeleteFile2=%PF%\common~1\system\MSADC\root.exe
;DeleteFile3=%SYSTEMDIR%explorer.exe
;DeleteFile3 commented because in XP (64-bit OS), explorer.exe is kept in system32 folder!!!
Reg1=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\W3SVC\Parameters\Virtual Roots\C
Reg2=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S ervices\W3SVC\Parameters\Virtual Roots\D

[OpaServ]
DeleteFile1=%SYSTEMDIR%\Tmp.ini
; this is Opaserv.M
DeleteFile2=%SYSTEMDIR%\MSLICENF.COM
DeleteFile3=%SYSTEMDIR%\BOOT.EXE
BAT1=Autoexec.bat,MSLICENF
BAT2=Autoexec.bat,BOOT.EXE

[Sobig.e]
DeleteFile1=%winsysdir%\cgtask.exe
DeleteFile2=%winsysdir%\mmtask.exe

[Winupie]
DeleteFile1=%winsysdir%\AxConfig.dll,regsvr32 /s /u AxConfig.dll

[Swen]
DeleteFile1=%winsysdir%\SWEN*.DAT

[JS.Fortnight]
DeleteFile1=%PF%\sign.htm
DeleteFile2=%PF%\sign.html

[Novarg]
DeleteFile1=%winsysdir%\shimgapi.dll

[Pagabot]
Reg1=HKEY_LOCAL_MACHINE\Software\Microsoft\windows \currentversion\run,Cryptographic Service,"",""

[Parite.b]
Reg1=HKEY_CURRENT_USER\Software\Microsoft\windows\ currentversion\explorer,PINF,"",""

[Parite.a]
Reg1=HKEY_CURRENT_USER\Software\Microsoft\windows\ currentversion\explorer,ZANF,"",""

[Adware.SeekSeek]
Reg1=HKEY_CURRENT_USER\Console,UUID,"",""
Reg2=HKEY_CURRENT_USER\Console,lp,"",""

Zitat:

Und was ist damit so alles???

Das kann ich dir auch nicht sagen, da ich nicht weiß wer eScan programmiert hat und somit auch keinerlei Informationen bestehen was eScan wie & wo überall sucht. Mit was es Daten abgleicht usw...

Jo schon klar,nur weil da bekannte sachen wie Sober e standen und so,deswegen dachte ich es wäre von bedeutung.

Und weil du vorher auch sagtest das mein system sehr verseucht sei,deshalb meine frage.

Trotzdem danke für die Hilfe

malibu

Zitat:

Zitat von malibu

Und weil du vorher auch sagtest das mein system sehr verseucht sei

Habe ich nie gesagt!!! Das muss ich dementieren!
Wenn dein System verseucht wäre, würde ich dir keine Anleitung geben um es wieder sauber zu bekommen, oder?!

Führe nach den ganzen Schritten die ich dir geschrieben habe nochmals einen eScan durch...

Gruß
Daniel

Guten morgen,Sorry wenn ich dich angegriffen habe das wollte ich nicht@sunny.

Aber das Problem was ich auch schon am anfang hatte bleibt,wenn ich ein.avi löschen will startet der Rechner sich neu,auch beim abspielen oder Eigenschaften anzeigen.Weiß denn da keiner einen Rat???

Danke