Hallo zusammen!

Wer kann mir helfen??? Habe mir den spysheriff eingefangen...PLZ help!!!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Jun 28 10:24:17 2005 => File C:\WINDOWS\iau.exe infected by "Trojan-Proxy.Win32.Symbab.ar" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:17 2005 => File C:\WINDOWS\lssas.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:18 2005 => File C:\WINDOWS\svshost.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:18 2005 => File C:\WINDOWS\msqdevl.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:18 2005 => File C:\WINDOWS\mservice.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:18 2005 => File C:\WINDOWS\stisvsq.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:25 2005 => File C:\WINDOWS\iau.exe infected by "Trojan-Proxy.Win32.Symbab.ar" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:25 2005 => File C:\WINDOWS\stisvsq.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:25 2005 => File C:\WINDOWS\svshost.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:25 2005 => File C:\WINDOWS\msqdevl.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:25 2005 => File C:\WINDOWS\lssas.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:25 2005 => File C:\WINDOWS\mservice.exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:24:25 2005 => File C:\winstall.exe infected by "not-virus:Hoax.Win32.Renos.a" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:30 2005 => File C:\WINDOWS\csrss.dll infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:30 2005 => File C:\WINDOWS\desktop.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:32 2005 => File C:\WINDOWS\msiau.dll infected by "Trojan-Proxy.Win32.Symbab.ar" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:32 2005 => File C:\WINDOWS\msras.exe infected by "not-virus:Hoax.Win32.Renos.a" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:33 2005 => File C:\WINDOWS\smssa.dll infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:33 2005 => File C:\WINDOWS\taskmgr.dll infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:33 2005 => File C:\WINDOWS\uvchost.dll infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:25:33 2005 => File C:\WINDOWS\winlogon.dll infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:30:47 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\5377X10E\s1p1y[1].exe infected by "Trojan.Win32.Liewar.q" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:32:03 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\B3MN65QR\file_0[1].exe infected by "Trojan-Downloader.Win32.Small.uv" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:34:40 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\N7LJ790W\index[18].htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:35:32 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\OLCLURC1\x3[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:36:00 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\Q9HUBY5S\wininet32[1].exe infected by "Trojan-Proxy.Win32.Symbab.ar" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:37:10 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\RT3RQS18\index[14].htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:37:16 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\RT3RQS18\start[1].htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:38:34 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\T3LJT2BP\counter[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:38:47 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\T3LJT2BP\winupdate54141450[1].exe infected by "Trojan-Dropper.Win32.Small.ue" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:39:37 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\WPEFSH6F\loader7[1].htm infected by "Trojan-Downloader.VBS.Psyme.ap" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:41:02 2005 => File C:\DOKUME~1\Buttler\LOKALE~1\TEMPOR~1\Content.IE5\ZJHFFXKW\counter[2].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
Tue Jun 28 10:41:12 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Jun 28 10:41:12 2005 => Total Virus(es) Found: 33
Tue Jun 28 10:41:12 2005 => Total Errors: 48
Tue Jun 28 10:41:12 2005 => Time Elapsed: 00:17:13
Tue Jun 28 10:41:12 2005 => Total Objects Scanned: 51261
Tue Jun 28 10:23:17 2005 => Virus Database Date: 2005/06/28
Tue Jun 28 10:41:12 2005 => Virus Database Date: 2005/06/28
Tue Jun 28 10:46:23 2005 => Virus Database Date: 2005/06/28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

@der alde
du kannst gern ein HJT logfile posten
http://www.trojaner-board.de/showthread.php?t=17493

aber bereite dich geistig mal vor auf neu aufsetzen
hast du die boardsuche benützt, da gibt es mehrere threads zum thema.

chaosman

Logfile of HijackThis v1.99.1
Scan saved at 11:17:32, on 28.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\KEN!\KENSERV.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Programme\KEN!\kentbsrv.exe
C:\WINDOWS\iau.exe
C:\WINDOWS\lssas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe
C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\http_tfd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\svshost.exe
C:\WINDOWS\msqdevl.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\stisvsq.exe
C:\Programme\KEN!\KENPROXY.EXE
C:\Programme\KEN!\KENMAIL.EXE
C:\Programme\KEN!\KENDNS.EXE
C:\Programme\KEN!\KENSOCKS.EXE
C:\Programme\KEN!\KENMAP.EXE
C:\Programme\KEN!\KENFTPGW.EXE
C:\Programme\KEN!\KENCRON.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Buttler\LOKALE~1\Temp\Rar$EX02.797\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KEN Taskbar Service] "C:\Programme\KEN!\kentbsrv.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: GENO lite ZV Fälligkeiten.lnk = C:\WINLITE\ZAWF.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeManager Terminerinnerung.lnk = ?
O4 - Global Startup: TVG WebServer.lnk = ?
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {09954582-CAC3-4E05-A09C-4955BBD3187F} (Privat-X Client) - http://www.px24.com/ax/px_client_en.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF1847B-6354-4153-9D11-498DC29533D2}: NameServer = 212.6.108.140,212.6.108.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DF1847B-6354-4153-9D11-498DC29533D2}: NameServer = 212.6.108.140,212.6.108.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{3DF1847B-6354-4153-9D11-498DC29533D2}: NameServer = 212.6.108.140,212.6.108.141
O23 - Service: AVM KEN (KEN Service) - AVM Berlin - C:\Programme\KEN!\KENSERV.EXE

@der alde
es war zu befürchten
http://www.sophos.de/virusinfo/analy...2agobotrl.html
C:\WINDOWS\lssas.exe

deswegen kann ich dir nur raten dein rechner so schnell wie möglich vom netz zu nehmen und dein system neu aufzusetzen
hier eine anleitung
http://www.trojaner-board.de/showthread.php?t=12154


sry
chaosman