Ich hab heute mal meine Festplate, nach dem ich sie mit Kaspersky untersucht habe(es wurden keine Viren gefunden), mit e` Scan untersucht.
Dabei habe ich 77 Viren gefunden!!!
Es sind Trojaner, Würmer, Dialer, ... Alles dabei.
...Aller dings is die log File zu groß...

Hier die Hijack log File:

Logfile of HijackThis v1.99.0
Scan saved at 13:58:35, on 05.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky\avpcc.exe
C:\Programme\Kaspersky\avpm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\htpatch.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~2\Toolbar\comwiz.exe
C:\Programme\Kaspersky\avpcc.exe
D:\Programme\D-Tools\daemon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
C:\PROGRA~1\wwpwsuxw\MgABAQcY.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Lukas\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.giga.de/index.php?bereichid=34
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
F0 - system.ini: Shell=Explorer.exe C:\windows\system32\msiexec16.exe
F1 - win.ini: run=C:\windows\system32\msiexec16.exe
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] C:\Programme\Kaspersky\ogrc.exe
O4 - HKLM\..\Run: [AVPCC] C:\Programme\Kaspersky\avpcc.exe /wait
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZUVJYoEx] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [ZQVGXwov] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [dAFHWcow] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [dg0HY51x] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [eQ0HVkUw] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [Zk0GZg1w] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [QkpGXwox] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [bwVJX9Ux] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [ZAVGUkEx] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [ek0GQgov] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [YAFHX1ox] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKLM\..\Run: [cIFHUsow] C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: Add A Page Note - C:\Programme\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Programme\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Programme\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Programme\CommonName\Toolbar\navigate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [CommonName] CommonName
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/A091EMT.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/...14006/thin.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/download/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...tx/install.cab
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} (DownloadUL Class) - http://www2.skoobidoo.com/softwares//Download_UL.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.fordaleltd.com/install/setup.cab
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Programme\Kaspersky\avpcc.exe
O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Programme\Kaspersky\avpm.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


wie soll ich euch denn die log file von e scan schreib wenn die so groß is?!



S0RceReR

Was wurde wo von eScan gefunden?
"öffne die mwav.log (oder die mwXface.log) -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)


Poste bitte folgendes aus der mwav.log (steht ganz am Ende):

Zitat:

Total Number of Files Scanned:
Total Number of Virus(es) Found:
Total Number of Disinfected Files:
Total Number of Files Renamed:
Total Number of Deleted Files:
Total Number of Errors:
Time Elapsed:

btw: eScan verwendet die Signaturen von Kaspersky! => Entweder du hast Kaspersky nicht richtig verwendet oder die Malware hat deinen Virenscanner schon "zerschossen".

btw: das Logfile schaut katastrophal aus. Wenn du Zeit sparen willst kannst du auch gleich dies ausführen.

File C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll infected by "not-a-virus:AdWare.CommonName.c" Virus. Action Taken: No Action Taken.

File C:\PROGRA~1\COMMON~2\Toolbar\comwiz.exe infected by "not-a-virus:AdWare.CommonName.b" Virus. Action Taken: No Action Taken.

File C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe infected by "not-a-virus:AdWare.CommonName.i" Virus. Action Taken: No Action Taken.

File C:\PROGRA~1\wwpwsuxw\MgABAQcY.exe infected by "not-a-virus:AdWare.CommonName.g" Virus. Action Taken: No Action Taken.

File C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll infected by "not-a-virus:AdWare.CommonName.c" Virus. Action Taken: No Action Taken.

File C:\PROGRA~1\wwpwsuxw\YcQABAgM.exe infected by "not-a-virus:AdWare.CommonName.i" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\System32\WebRebates_Auto_InstallSilent.exe infected by "not-a-virus:AdWare.WebRebates.b" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[10].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[11].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[12].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[13].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[14].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[15].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.


File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[1].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[2].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[2].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[3].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[3].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[4].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[4].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[5].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[5].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[6].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[6].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[7].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[7].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[8].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[8].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:10 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[9].exe
Sat Feb 05 13:09:10 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\11711[9].exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[1].chm infected by "Trojan-Downloader.JS.Weis.b" Virus. Action Taken: No Action Taken.

der 2. teil kommt gleich...

2. Teil:

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[1].chm infected by "Trojan-Downloader.JS.Weis.b" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:44 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[2].chm
Sat Feb 05 13:09:44 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[2].chm infected by "Trojan-Downloader.JS.Weis.b" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:44 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[3].chm
Sat Feb 05 13:09:44 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[3].chm infected by "Trojan-Downloader.JS.Weis.b" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:44 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[4].chm
Sat Feb 05 13:09:44 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[4].chm infected by "Trojan-Downloader.JS.Weis.b" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:44 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[5].chm
Sat Feb 05 13:09:44 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\cr[5].chm infected by "Trojan-Downloader.JS.Weis.b" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[10].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[11].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[11].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[12].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[12].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[13].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[13].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[14].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[14].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[15].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[15].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[16].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[16].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[17].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[17].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[18].chm
Sat Feb 05 13:09:48 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[18].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:48 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[19].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[19].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[1].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[1].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[20].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[20].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[21].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[21].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[22].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[22].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[23].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[23].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[24].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[24].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[25].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[25].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[26].chm
Sat Feb 05 13:09:49 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[26].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:49 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[27].chm
Sat Feb 05 13:09:50 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[27].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:50 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[28].chm
Sat Feb 05 13:09:50 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[28].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:50 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[29].chm
Sat Feb 05 13:09:50 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[29].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:50 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[2].chm
Sat Feb 05 13:09:51 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[2].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:51 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[30].chm
Sat Feb 05 13:09:51 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[30].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.



der 3. Teil kommt gleich...

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[31].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:51 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[32].chm
Sat Feb 05 13:09:51 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[32].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:51 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[33].chm
Sat Feb 05 13:09:51 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[33].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:51 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[34].chm
Sat Feb 05 13:09:51 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[34].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:51 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[35].chm
Sat Feb 05 13:09:51 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[35].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:51 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[36].chm
Sat Feb 05 13:09:51 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[36].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:51 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[37].chm
Sat Feb 05 13:09:52 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[37].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:52 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[38].chm
Sat Feb 05 13:09:52 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[38].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:52 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[39].chm
Sat Feb 05 13:09:52 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[39].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:52 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[3].chm
Sat Feb 05 13:09:52 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[3].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:52 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[40].chm
Sat Feb 05 13:09:52 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[40].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:52 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[41].chm
Sat Feb 05 13:09:53 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[41].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:53 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[42].chm
Sat Feb 05 13:09:53 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[42].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:53 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[43].chm
Sat Feb 05 13:09:53 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[43].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:53 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[44].chm
Sat Feb 05 13:09:53 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[44].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:53 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[4].chm
Sat Feb 05 13:09:53 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[4].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:53 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[5].chm
Sat Feb 05 13:09:53 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[5].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:53 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[6].chm
Sat Feb 05 13:09:53 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[6].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:53 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[7].chm
Sat Feb 05 13:09:54 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[7].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:54 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[8].chm
Sat Feb 05 13:09:54 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[8].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:09:54 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[9].chm
Sat Feb 05 13:09:54 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\2X9INE50\eu[9].chm infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.

der... ka wievielte teil kommt gleich...

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\7ASVNTK1\games3[1].cab infected by "Trojan.Win32.Dialui" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\LYKL3V5A\games3[1].cab infected by "Trojan.Win32.Dialui" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\LYKL3V5A\s722[1].zip infected by "Backdoor.Win32.SubSeven.22.a" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\Q5VCT4FE\ikw[1].exe infected by "not-a-virus:AdWare.CommonName.i" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\W1IFOHUN\games3[1].cab infected by "Trojan.Win32.Dialui" Virus. Action Taken: No Action Taken.

File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\YXPY3MTS\POP[1].CHM infected by "Trojan-Downloader.VBS.Psyme.q" Virus. Action Taken: No Action Taken.

Sat Feb 05 13:45:31 2005 => Scanning File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\YXPY3MTS\POP[2].CHM
Sat Feb 05 13:45:31 2005 => File C:\DOKUME~1\Lukas\LOKALE~1\TEMPOR~1\Content.IE5\YXPY3MTS\POP[2].CHM infected by "Trojan-Downloader.VBS.Psyme.q" Virus. Action Taken: No Action Taken.

Abschlussbericht:

--->
Sat Feb 05 13:46:15 2005 => Total Files Scanned: 37833
Sat Feb 05 13:46:15 2005 => Total Virus(es) Found: 77
Sat Feb 05 13:46:15 2005 => Total Disinfected Files: 0
Sat Feb 05 13:46:15 2005 => Total Files Renamed: 0
Sat Feb 05 13:46:15 2005 => Total Deleted Files: 0
Sat Feb 05 13:46:15 2005 => Total Errors: 1
Sat Feb 05 13:46:15 2005 => Time Elapsed: 01:21:28
Sat Feb 05 13:46:15 2005 => Virus Database Date: 2005/02/05
Sat Feb 05 13:46:15 2005 => Virus Database Count: 117200

...das wars auch schon

Bevor wir versuchen das System zu säubern, macht bitte folgedes:
Scanne die Datei

Zitat:

C:\windows\system32\msiexec16.exe

online bei http://virusscan.jotti.org/

Falls du die Dateien nicht finden kannst, nimm bitte folgende Einstellungen vor:
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

@haui45 das können wir uns sparen. msiexec16.exe ist der optix trojan. der hat backdoor funktionalität.
@s0rcerer dein system ist kompromittiert; es ist nicht mehr vertrauenswürdig.
installiere windows neu und beachte diese Anleitung

@Chris14
Das habe ich auch gelesen, ich will aber sicher gehen! Namen sind Schall und Rauch, jedes Programm kann sich so nennen, wie es will!

der punkt geht klar an dich. allerdings kann man davon ausgehen, dass es einer ist.
aber ok, soll er scannen. die warscheinlichkeit ist allerdings sehr hoch, das es optix ist.

Die Wahrscheinlichkeit ist natürlich sehr hoch, da sich gewöhnliche Downloader meist nicht in die system.ini oder win.ini eintragen.

Ich hab zwar die einstellungen vorgenommen aber ich find die datei trotzdem net!

ich hab nur eine ohne 16...
also nur msiexec.exe ...

Hast du bzw. Kaspersky die Datei vielleicht schonmal gelöscht? (auch mal die Logs von Kaspersky durchlesen)

Zitat:

ich hab nur eine ohne 16...
also nur msiexec.exe ...

Die gehört zu Windows...

ähm... ka ob ich die mal gelöscht hab, aber wo finde ich die log datei von kaspersky?