| |
| |||||||
Log-Analyse und Auswertung: VIRUS :WARNING!Network attack detected!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.09.2010, 13:11
| #6 |
| |  VIRUS :WARNING!Network attack detected! vielen Dank das du dir die Zeit nimmst !!!! erstmal die txt-Datei (hoffe das ich das andere auch hinbekomme) All processes killed ========== OTL ========== No active process named wscsvc32.exe was found! No active process named avt.exe was found! No active process named dfrgsnapnt.exe was found! Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\S-1-5-21-2207201219-1213773270-907797075-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus deleted successfully. C:\Users\Gharbi\AppData\Roaming\AnVi\avt.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2207201219-1213773270-907797075-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dfrgsnapnt.exe deleted successfully. C:\Users\Gharbi\AppData\Local\Temp\dfrgsnapnt.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2207201219-1213773270-907797075-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Eqamanuva deleted successfully. C:\Users\Gharbi\AppData\Local\qucorv.DLL moved successfully. Registry value HKEY_USERS\S-1-5-21-2207201219-1213773270-907797075-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Exeexxxxxx.exe deleted successfully. C:\Exeexxxxxx.exe\Exeexxxxxx.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2207201219-1213773270-907797075-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully. Registry value HKEY_USERS\S-1-5-21-2207201219-1213773270-907797075-1000\Software\Microsoft\Windows\CurrentVersion\Run\\userinit deleted successfully. C:\Users\Gharbi\AppData\Roaming\msqnaz32.exe moved successfully. C:\Users\Gharbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monmvr32.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\Users\Gharbi\AppData\Roaming\AnVi folder moved successfully. C:\Users\Gharbi\AppData\Local\ozizixuqoto.dll moved successfully. C:\Users\Gharbi\Desktop\troj000.exe moved successfully. C:\Users\Gharbi\Desktop\spam003.exe moved successfully. C:\Users\Gharbi\Desktop\spam001.exe moved successfully. C:\Users\Gharbi\AppData\Local\Tvayirazohitozo.dat moved successfully. C:\Users\Gharbi\AppData\Local\Vxayumaxagawo.bin moved successfully. C:\Users\Gharbi\AppData\Roaming\apiqfw.dat moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 83 bytes User: Default User ->Flash cache emptied: 0 bytes User: Gharbi ->Flash cache emptied: 638 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gharbi ->Temp folder emptied: 2249325 bytes ->Temporary Internet Files folder emptied: 6515553 bytes ->Java cache emptied: 53318971 bytes ->FireFox cache emptied: 63447265 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3273278 bytes RecycleBin emptied: 6451076 bytes Total Files Cleaned = 129,00 mb OTL by OldTimer - Version 3.2.12.1 log created on 09172010_140559 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. File\Folder C:\Windows\temp\TMP00000006AB47DD2C83C198FD not found! Registry entries deleted on Reboot... |
| Themen zu VIRUS :WARNING!Network attack detected! |
| adobe, antivirus, bho, defender, desktop, ebay, excel, explorer, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, local\temp, monitor, mozilla, object, plug-in, programdata, rundll, software, spigot, system, temp, virus, virus eingefangen, vista, windows |
Baum-Darstellung