escan LOG warsch. Nali drauf!

codename · 08.06.2005, 20:16

Ich hab ein kleines prob. !und zwar immer wenn ich den ie oder FF öffne und ne seite aufrufe funtzt das mal und mal auch nicht !(die seite kann nich angezeigt werden) und ich bekomme immer Werbepopups von Aurora !
hier meine escan log (gefiltert):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Tue Jun 07 21:12:56 2005 => File c:\windows\system32\usnmgh.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Tue Jun 07 21:13:35 2005 => File C:\WINDOWS\svcproc.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Tue Jun 07 21:14:05 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.
Tue Jun 07 21:14:56 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Tue Jun 07 21:16:47 2005 => File C:\DOKUME~1\DON_CO~1\LOKALE~1\Temp\temp.fr62AA infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Tue Jun 07 21:16:54 2005 => Total Disinfected Files: 0
Tue Jun 07 21:20:20 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.
Tue Jun 07 21:21:06 2005 => Total Disinfected Files: 0
Tue Jun 07 21:22:00 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.
Tue Jun 07 21:22:44 2005 => Total Disinfected Files: 0
Wed Jun 08 00:07:05 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.
Wed Jun 08 00:15:59 2005 => File C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400002.VBN infected by "not-virus:BadJoke.Win32.Badgame" Virus! Action Taken: No Action Taken.
Wed Jun 08 02:49:49 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0010899.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Wed Jun 08 02:49:50 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0010919.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Wed Jun 08 02:49:59 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\snapshot\MFEX-1.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Wed Jun 08 03:05:01 2005 => Scanning File D:\Eigene Musik\iTunes\iTunes Music\Bad Religion\Stranger Than Fiction\07 Infected.mp3
Wed Jun 08 15:05:16 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.
Wed Jun 08 15:09:29 2005 => File C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400002.VBN infected by "not-virus:BadJoke.Win32.Badgame" Virus! Action Taken: No Action Taken.
Wed Jun 08 17:32:42 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0010899.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Wed Jun 08 17:32:43 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0010919.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Wed Jun 08 17:32:58 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\snapshot\MFEX-1.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Wed Jun 08 17:52:48 2005 => Scanning File D:\Eigene Musik\iTunes\iTunes Music\Bad Religion\Stranger Than Fiction\07 Infected.mp3
Wed Jun 08 18:14:49 2005 => File D:\Torrent\Gedownloadete Torrents\Programme\WebcamXP.Pro.v1.04.790.rar infected by "Trojan-Dropper.Win32.Delf.dh" Virus! Action Taken: No Action Taken.
Wed Jun 08 18:15:05 2005 => File D:\Torrent\Gedownloadete Torrents\Programme\WinTasks Professional v4.45.rar infected by "Trojan-Dropper.Win32.Delf.dh" Virus! Action Taken: No Action Taken.
Wed Jun 08 18:30:21 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Tue Jun 07 21:14:24 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Tue Jun 07 21:14:28 2005 => File C:\WINDOWS\xognnnoqr.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
Tue Jun 07 21:15:16 2005 => File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
Tue Jun 07 21:16:54 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 00:07:27 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 00:19:49 2005 => File C:\Dokumente und Einstellungen\dOn_CoDeNaMe\Lokale Einstellungen\Anwendungsdaten\{32A3A4F2-B792-11D6-A78A-00B0D0150020}\J2SE Development Kit 5.0 Update 2.msi tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 00:20:10 2005 => File C:\Dokumente und Einstellungen\dOn_CoDeNaMe\Lokale Einstellungen\Anwendungsdaten\{35A3A4F2-B792-11D6-A78A-00B0D0142080}\Java 2 SDK, SE v1.4.2_08.msi tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 00:23:31 2005 => File C:\Downloads\Filesharing\BitTorrent-4.1.0-Beta.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
Wed Jun 08 01:19:18 2005 => File C:\Downloads\WinXP\StyleXP\Styles\41217.exe tagged as "not-a-virus:AdWare.EZula.z". Action Taken: No Action Taken.
Wed Jun 08 01:37:20 2005 => File C:\Programme\DVD2SVCD\D2SRoBa360.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
Wed Jun 08 01:38:23 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 01:39:06 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jdk1.5.0.b64\demos.zip tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 01:46:13 2005 => File C:\Programme\Java\jdk1.5.0_02\demo\applets\BarChart\BarChart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 01:46:26 2005 => File C:\Programme\Java\jdk1.5.0_02\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 01:52:31 2005 => File C:\Programme\jdk1.2.1\demo\applets\BarChart\Chart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 02:49:50 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0010923.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
Wed Jun 08 02:49:58 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0011926.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 02:50:02 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP48\A0011988.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 02:57:12 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 15:05:28 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 15:11:47 2005 => File C:\Dokumente und Einstellungen\dOn_CoDeNaMe\Lokale Einstellungen\Anwendungsdaten\{32A3A4F2-B792-11D6-A78A-00B0D0150020}\J2SE Development Kit 5.0 Update 2.msi tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 15:11:52 2005 => File C:\Dokumente und Einstellungen\dOn_CoDeNaMe\Lokale Einstellungen\Anwendungsdaten\{35A3A4F2-B792-11D6-A78A-00B0D0142080}\Java 2 SDK, SE v1.4.2_08.msi tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 15:14:17 2005 => File C:\Downloads\Filesharing\BitTorrent-4.1.0-Beta.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
Wed Jun 08 15:39:23 2005 => File C:\Downloads\WinXP\StyleXP\Styles\41217.exe tagged as "not-a-virus:AdWare.EZula.z". Action Taken: No Action Taken.
Wed Jun 08 15:54:46 2005 => File C:\Programme\DVD2SVCD\D2SRoBa360.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
Wed Jun 08 15:56:09 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 15:57:04 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jdk1.5.0.b64\demos.zip tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 16:07:32 2005 => File C:\Programme\Java\jdk1.5.0_02\demo\applets\BarChart\BarChart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 16:07:50 2005 => File C:\Programme\Java\jdk1.5.0_02\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 16:17:10 2005 => File C:\Programme\jdk1.2.1\demo\applets\BarChart\Chart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.
Wed Jun 08 17:32:43 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0010923.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
Wed Jun 08 17:32:55 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP47\A0011926.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 17:33:03 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP48\A0011988.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 17:33:04 2005 => File C:\System Volume Information\_restore{5F48B68F-762E-47C3-B3B5-29854DDDE8C6}\RP48\A0012926.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 17:42:22 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Wed Jun 08 18:22:02 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Tue Jun 07 21:16:54 2005 => Total Virus(es) Found: 11
Tue Jun 07 21:21:06 2005 => Total Virus(es) Found: 3
Tue Jun 07 21:22:44 2005 => Total Virus(es) Found: 3
Wed Jun 08 18:30:21 2005 => Total Virus(es) Found: 26
Tue Jun 07 21:16:54 2005 => Total Errors: 56
Tue Jun 07 21:21:06 2005 => Total Errors: 58
Tue Jun 07 21:22:45 2005 => Total Errors: 58
Wed Jun 08 18:30:21 2005 => Total Errors: 146
Tue Jun 07 21:16:54 2005 => Time Elapsed: 00:05:31
Tue Jun 07 21:21:06 2005 => Time Elapsed: 00:01:22
Tue Jun 07 21:22:45 2005 => Time Elapsed: 00:01:09
Wed Jun 08 18:30:21 2005 => Time Elapsed: 03:26:50
Tue Jun 07 21:16:54 2005 => Total Objects Scanned: 12203
Tue Jun 07 21:21:06 2005 => Total Objects Scanned: 12242
Tue Jun 07 21:22:44 2005 => Total Objects Scanned: 12242
Wed Jun 08 18:30:21 2005 => Total Objects Scanned: 267883
Tue Jun 07 19:56:18 2005 => Virus Database Date: 2005/06/06
Tue Jun 07 21:11:06 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 21:16:54 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 21:21:06 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 21:21:32 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 21:22:45 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 21:23:04 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 23:44:13 2005 => Virus Database Date: 2005/06/07
Wed Jun 08 00:04:42 2005 => Virus Database Date: 2005/06/08
Wed Jun 08 15:03:23 2005 => Virus Database Date: 2005/06/08
Wed Jun 08 18:30:21 2005 => Virus Database Date: 2005/06/08
Wed Jun 08 21:13:02 2005 => Virus Database Date: 2005/06/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Rene-gad · 08.06.2005, 20:56

@codename

Zitat:

Ich hab ein kleines prob.

Stimmt: es gibt Schlimmeres, als ein kompromittierter PC. Und Nail.exe ist ein kleines Übel.

Zitat:

File c:\windows\system32\usnmgh.exe infected by "Trojan.Win32.Agent.cp"

Ist ein Trojan mit Backdoor-Funktionen.
Bitte PC nach Anleitung in meiner Signatur neu aufsetzen.

codename · 08.06.2005, 21:09

Gibt es keine andere nöglichkeit als ganz XP und alles neu zu installieren ???

escan LOG warsch. Nali drauf!

Plagegeister aller Art und deren Bekämpfung: escan LOG warsch. Nali drauf!