Probleme mit der Auswertung

B-Banjo · 27.10.2005, 22:01

Hallo,

könntet ihr mir bitte bei der Auswertung meiner mwav.log helfen? Hab nicht wirklich viel Ahnung und bedanke mich schonmal für ne "einfache" Erklärung.

Gruß Benjamin

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:35:48 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:35:52 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:35:53 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Oct 27 21:35:53 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:40:22 2005 => Total Disinfected Files: 0
Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:46:01 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:46:02 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Oct 27 21:46:02 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:59:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77604A52.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77AB1000.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77C909DF.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken.
Thu Oct 27 22:12:59 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 22:13:45 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Oct 27 22:20:10 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken.
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000538.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken.
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Thu Oct 27 21:35:50 2005 => Offending Key found: HKLM\Software\edonkey2000 !!!
Thu Oct 27 21:35:50 2005 => Offending Key found: HKCU\Software\gnu !!!
Thu Oct 27 21:35:52 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 21:40:22 2005 => Total Virus(es) Found: 12
Thu Oct 27 21:45:58 2005 => Offending Key found: HKLM\Software\edonkey2000 !!!
Thu Oct 27 21:45:58 2005 => Offending Key found: HKCU\Software\gnu !!!
Thu Oct 27 21:46:01 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 22:20:10 2005 => Total Virus(es) Found: 21
Thu Oct 27 21:40:22 2005 => Total Errors: 48
Thu Oct 27 22:20:10 2005 => Total Errors: 49
Thu Oct 27 21:40:22 2005 => Time Elapsed: 00:05:15
Thu Oct 27 22:20:10 2005 => Time Elapsed: 00:34:37
Thu Oct 27 21:40:22 2005 => Total Objects Scanned: 23861
Thu Oct 27 22:20:10 2005 => Total Objects Scanned: 55804
Thu Oct 27 21:34:52 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 21:40:22 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 21:40:25 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 21:44:55 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 22:20:10 2005 => Virus Database Date: 2005/10/21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

dartus · 28.10.2005, 00:06

Hallo B-Banjo,

führe dies aus und poste die entspr. Logfiles:
http://www.trojaner-board.de/showthread.php?t=21709

Bereinige Deine Registry z.B. mit Regseeker .

Leere Deinen Papierkorb und den Quarantäne-Ordner Deiner Antivir-Progs.

Deinstalliere sämtliche Filesharing-Programme (edonkey usw.).

dartus

B-Banjo · 28.10.2005, 21:14

Hallo,

erstmal danke für die schnelle Hilfe. Hab hier jetzt die Logfiles von HijackThis und escan.

Logfile of HijackThis v1.99.1
Scan saved at 22:06:21, on 28.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\Programme\Motherboard Monitor 5\MBM5.EXE
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Benji\LOKALE~1\Temp\Rar$EX00.453\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MBM 5] "C:\Programme\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\System32\rdirector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: FRITZ!web DSL.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D464DC66-6CF0-4D7D-9C36-A42B670FC959}: NameServer = 192.168.122.252,192.168.122.253
O20 - Winlogon Notify: st3i - C:\WINDOWS\q766250.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe

E-Scan alt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:35:48 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:35:52 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:35:53 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Oct 27 21:35:53 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:40:22 2005 => Total Disinfected Files: 0
Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Oct 27 21:46:01 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:46:02 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Oct 27 21:46:02 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Thu Oct 27 21:59:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77604A52.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77AB1000.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77C909DF.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken.
Thu Oct 27 22:12:59 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Oct 27 22:13:45 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Oct 27 22:20:10 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken.
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000538.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken.
Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Thu Oct 27 21:35:50 2005 => Offending Key found: HKLM\Software\edonkey2000 !!!
Thu Oct 27 21:35:50 2005 => Offending Key found: HKCU\Software\gnu !!!
Thu Oct 27 21:35:52 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 21:40:22 2005 => Total Virus(es) Found: 12
Thu Oct 27 21:45:58 2005 => Offending Key found: HKLM\Software\edonkey2000 !!!
Thu Oct 27 21:45:58 2005 => Offending Key found: HKCU\Software\gnu !!!
Thu Oct 27 21:46:01 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Thu Oct 27 22:20:10 2005 => Total Virus(es) Found: 21
Thu Oct 27 21:40:22 2005 => Total Errors: 48
Thu Oct 27 22:20:10 2005 => Total Errors: 49
Thu Oct 27 21:40:22 2005 => Time Elapsed: 00:05:15
Thu Oct 27 22:20:10 2005 => Time Elapsed: 00:34:37
Thu Oct 27 21:40:22 2005 => Total Objects Scanned: 23861
Thu Oct 27 22:20:10 2005 => Total Objects Scanned: 55804
Thu Oct 27 21:34:52 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 21:40:22 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 21:40:25 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 21:44:55 2005 => Virus Database Date: 2005/10/21
Thu Oct 27 22:20:10 2005 => Virus Database Date: 2005/10/21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

E-Scan neu:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Oct 28 14:48:41 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Fri Oct 28 14:48:41 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Fri Oct 28 14:49:19 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken.
Fri Oct 28 14:49:19 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Fri Oct 28 14:49:22 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Fri Oct 28 14:49:22 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Fri Oct 28 14:49:22 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Fri Oct 28 15:18:03 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Fri Oct 28 15:19:08 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Fri Oct 28 15:26:39 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken.
Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Oct 28 14:49:20 2005 => Offending Key found: HKCU\Software\gnu !!!
Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Fri Oct 28 15:26:39 2005 => Total Virus(es) Found: 13
Fri Oct 28 15:26:39 2005 => Total Errors: 21
Fri Oct 28 15:26:39 2005 => Time Elapsed: 00:37:55
Fri Oct 28 15:26:39 2005 => Total Objects Scanned: 56065
Fri Oct 28 14:48:21 2005 => Virus Database Date: 2005/10/21
Fri Oct 28 15:26:39 2005 => Virus Database Date: 2005/10/21
Fri Oct 28 15:27:18 2005 => Virus Database Date: 2005/10/21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Gruß Benjamin

dartus · 28.10.2005, 21:44

Hallo B-Banjo,

das sieht genauso aus wie vorher.
Hast Du "smitrem" angewendet?
Escan ist auch nicht upgedatet!

dartus

B-Banjo · 29.10.2005, 13:07

Hallo,

ich hab jetzt nochmal alles gemacht. Hab smitrem angewendet, allerdings hab ich das vorher auch schon. Beim 1. Mal war ich als normaler Benutzer angemeldet, diesmal als Administrator. Kanns an dem liegen? Auf jeden Fall sieht meine Log File immer noch sehr ähnlich wie die vorher aus. Keine Ahnung was ich falsch mache. Hab mir jetzt escan nochmal runtergeladen. Hoff das ist ne neuere Version. Für ein Update müsst ichs ja kaufen, oder?

Gruß Benjamin

Logfile of HijackThis v1.99.1
Scan saved at 13:59:54, on 29.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Motherboard Monitor 5\MBM5.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\B**\LOKALE~1\Temp\Rar$EX00.406\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MBM 5] "C:\Programme\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: FRITZ!web DSL.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D464DC66-6CF0-4D7D-9C36-A42B670FC959}: NameServer = 192.168.122.252,192.168.122.253
O20 - Winlogon Notify: st3i - C:\WINDOWS\q766250.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Oct 29 12:13:10 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Sat Oct 29 12:13:10 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Sat Oct 29 12:13:48 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken.
Sat Oct 29 12:13:48 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sat Oct 29 12:13:51 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Sat Oct 29 12:13:51 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
Sat Oct 29 12:45:23 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Sat Oct 29 12:46:28 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Sat Oct 29 12:56:44 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Oct 29 12:13:51 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sat Oct 29 12:13:51 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat
Sat Oct 29 12:56:44 2005 => Total Virus(es) Found: 8
Sat Oct 29 12:56:44 2005 => Total Errors: 46
Sat Oct 29 12:56:44 2005 => Time Elapsed: 00:43:15
Sat Oct 29 12:56:44 2005 => Total Objects Scanned: 56448
Sat Oct 29 12:12:52 2005 => Virus Database Date: 2005/10/21
Sat Oct 29 12:56:44 2005 => Virus Database Date: 2005/10/21
Sat Oct 29 13:43:42 2005 => Virus Database Date: 2005/10/21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Probleme mit der Auswertung

Log-Analyse und Auswertung: Probleme mit der Auswertung