eSCan zeigt Viren ohne Ende an.....

Derril · 30.11.2005, 21:23

Hallo Leute,

beim durchlaufen von escan im abges. Modus hat es mir 91 Viren oder sowat angezeigt. Hier das Log von find.bat.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 30 18:44:37 2005 => System found infected with ExactSearchBar Spyware/Adware ({014da6c1-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Wed Nov 30 18:44:39 2005 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Wed Nov 30 18:54:49 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Wed Nov 30 18:55:05 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Wed Nov 30 19:03:37 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\1Click DVD Copy Pro 1.0.0.6.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:38 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\3DS Max7+SP13DS Max8.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:38 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Ahead Nero Premium 7.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:39 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Ashampoo Burning Studio 5.5.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:39 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Ashampoo Burning Studio 5.5.1.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:39 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Come and See.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:40 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Corel Painter Essentials 3.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:40 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Cucusoft Video Converter Pro 7.07.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:41 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Directory Opus 8.2.0.2.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:41 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Doom - Soundtrack (2005).zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:42 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Easy CD-DA Extractor 8.2.4.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:42 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\File & Folder Protectors AIO.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:42 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Hacker 2005 - The Broken Link.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:43 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Harry Potter And The Goblet Of Fire.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:43 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Hide IP Platinum 2.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:43 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Hiren`s BootCD 7.5.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:44 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Jarhead (2005).zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:44 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\NewLive All Media Fixer Pro 5.3.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:44 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Nico`s Commander 5.58.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:45 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\NTI CD & DVD Maker Platinum 7.0.0.4703.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:45 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\PC-Cillin Internet Security 2006.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:46 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Pinnacle TitleDeko Pro 2.0.1634.1.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:46 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Power Video Converter 1.5.1.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:46 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\RapidShare Harvester.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:47 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Rapidshare Premium Accounts.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:47 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\RegDoctor 1.43.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:48 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Selteco Bannershop GIF Animator 5.0.6.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:48 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\SpyRemover 2.45.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:48 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Stardock Aquarium Desktop 2006.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:49 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Symantec WinFax Pro 10.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:49 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\System Mechanic Professional 6.0 m.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:49 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\The Modern Survival Retreat.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:50 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\The Perfect Man 2005.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:50 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Trillian Pro 3.1.0.121.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:51 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Tuneup Utilities 2006 5.0.2331.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:51 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Vista Explorer.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:51 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\WinDVD Platinum 7.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:52 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\WinDVD Recorder 5 Platinum.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:52 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Worms 4 Mayhem.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:03:53 2005 => File C:\Dokumente und Einstellungen\Besitzer\Complete\Zoo Tycoon 2 Endangered Species.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:07 2005 => File C:\My Shared Folder\1Click DVD Copy Pro 1.0.0.6.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:07 2005 => File C:\My Shared Folder\3DS Max7+SP13DS Max8.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:08 2005 => File C:\My Shared Folder\Ahead Nero Premium 7.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:08 2005 => File C:\My Shared Folder\Ashampoo Burning Studio 5.5.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:09 2005 => File C:\My Shared Folder\Ashampoo Burning Studio 5.5.1.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:09 2005 => File C:\My Shared Folder\Come and See.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:09 2005 => File C:\My Shared Folder\Corel Painter Essentials 3.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:10 2005 => File C:\My Shared Folder\Cucusoft Video Converter Pro 7.07.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:10 2005 => File C:\My Shared Folder\Directory Opus 8.2.0.2.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:10 2005 => File C:\My Shared Folder\Doom - Soundtrack (2005).zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:11 2005 => File C:\My Shared Folder\Easy CD-DA Extractor 8.2.4.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:11 2005 => File C:\My Shared Folder\File & Folder Protectors AIO.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:12 2005 => File C:\My Shared Folder\Hacker 2005 - The Broken Link.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:12 2005 => File C:\My Shared Folder\Harry Potter And The Goblet Of Fire.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:12 2005 => File C:\My Shared Folder\Hide IP Platinum 2.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:13 2005 => File C:\My Shared Folder\Hiren`s BootCD 7.5.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:13 2005 => File C:\My Shared Folder\Jarhead (2005).zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:13 2005 => File C:\My Shared Folder\NewLive All Media Fixer Pro 5.3.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:14 2005 => File C:\My Shared Folder\Nico`s Commander 5.58.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:14 2005 => File C:\My Shared Folder\NTI CD & DVD Maker Platinum 7.0.0.4703.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:14 2005 => File C:\My Shared Folder\PC-Cillin Internet Security 2006.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:15 2005 => File C:\My Shared Folder\Pinnacle TitleDeko Pro 2.0.1634.1.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:15 2005 => File C:\My Shared Folder\Power Video Converter 1.5.1.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:16 2005 => File C:\My Shared Folder\RapidShare Harvester.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:16 2005 => File C:\My Shared Folder\Rapidshare Premium Accounts.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:16 2005 => File C:\My Shared Folder\RegDoctor 1.43.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:17 2005 => File C:\My Shared Folder\Selteco Bannershop GIF Animator 5.0.6.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:17 2005 => File C:\My Shared Folder\SpyRemover 2.45.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:18 2005 => File C:\My Shared Folder\Stardock Aquarium Desktop 2006.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:18 2005 => File C:\My Shared Folder\Symantec WinFax Pro 10.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:18 2005 => File C:\My Shared Folder\System Mechanic Professional 6.0 m.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:19 2005 => File C:\My Shared Folder\The Modern Survival Retreat.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:19 2005 => File C:\My Shared Folder\The Perfect Man 2005.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:19 2005 => File C:\My Shared Folder\Trillian Pro 3.1.0.121.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:20 2005 => File C:\My Shared Folder\Tuneup Utilities 2006 5.0.2331.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:20 2005 => File C:\My Shared Folder\Vista Explorer.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:20 2005 => File C:\My Shared Folder\WinDVD Platinum 7.0.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:21 2005 => File C:\My Shared Folder\WinDVD Recorder 5 Platinum.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:21 2005 => File C:\My Shared Folder\Worms 4 Mayhem.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 19:18:22 2005 => File C:\My Shared Folder\Zoo Tycoon 2 Endangered Species.zip infected by "Worm.Win32.VB.an" Virus! Action Taken: No Action Taken.
Wed Nov 30 20:15:31 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 30 18:44:05 2005 => File C:\Programme\MySearch\bar\1.bin\S4BAR.DLL tagged as "not-a-virus:AdWare.Win32.MySearch.g". Action Taken: No Action Taken.
Wed Nov 30 19:40:43 2005 => File C:\Programme\Mozilla Firefox\plugins\NPMySrch.dll tagged as "not-a-virus:AdWare.Win32.MyWebSearch.i". Action Taken: No Action Taken.
Wed Nov 30 19:40:54 2005 => File C:\Programme\MySearch\bar\1.bin\NPMYSRCH.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.i". Action Taken: No Action Taken.
Wed Nov 30 19:40:54 2005 => File C:\Programme\MySearch\bar\1.bin\S4PLUGIN.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 30 18:45:24 2005 => Offending value found in HKCU\Software\gnu !!!
Wed Nov 30 18:47:47 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!!
Wed Nov 30 18:47:47 2005 => Offending value found in HKLM\Software\magnet\handlers\limewire !!!
Wed Nov 30 18:47:47 2005 => Offending value found in HKLM\Software\limewire !!!
Wed Nov 30 18:47:47 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire !!!
Wed Nov 30 18:47:47 2005 => Offending Folder found: C:\PROGRA~1\limewire
Wed Nov 30 18:47:47 2005 => Offending Folder found: C:\DOKUME~1\Besitzer\STARTM~1\PROGRA~1\limewire
Wed Nov 30 18:48:01 2005 => Offending value found in HKLM\Software\mysearch !!!
Wed Nov 30 18:48:01 2005 => Offending Folder found: C:\PROGRA~1\mysearch
Wed Nov 30 18:55:05 2005 => Offending file found: C:\WINDOWS\iun6002.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 30 20:15:31 2005 => Total Virus(es) Found: 91
Wed Nov 30 20:15:31 2005 => Total Errors: 471
Wed Nov 30 20:15:31 2005 => Time Elapsed: 01:31:37
Wed Nov 30 20:15:31 2005 => Total Objects Scanned: 71507
Wed Nov 30 18:42:58 2005 => Virus Database Date: 2005/11/30
Wed Nov 30 20:15:31 2005 => Virus Database Date: 2005/11/30
Wed Nov 30 20:44:09 2005 => Virus Database Date: 2005/11/30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

bin ich komplett am Ar**** oder hab ich einfach nur viel Arbeit vor mir?? Bitte help me Meisters....

Im übrigen meldet mir jedes mal mein virenprogramm (McAffee) aber auch NUR DANN, wenn ich ad-aware starte, den wurm alcan. ich lösche ihn auch aus dem ordner wo er gefunden wird, allerdings vergebens, ist nach dem neustart wieder da

Yopie · 30.11.2005, 22:09

Das kommt von Filesharing ohne Sinn und Verstand.

Hier eine Beschreibung:
http://www.viruslist.com/de/viruses/encyclopedia?virusid=86228

Frickelei:
Lösche den Ordner "My Shared Folder", beende die in dem o.a. Link erwähnten Wurm-Prozesse und lösche die Wurm-Dateien.

Schneller und sicherer ist das Neuaufsetzen.

Gruß

Yopie

Derril · 01.12.2005, 17:13

also, hab sogut wie alle viren wegbekokmmen.....man puuhhh

wat sagt eigenltich das log von HJT:

Logfile of HijackThis v1.99.1
Scan saved at 17:11:46, on 01.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\eMule.de\emule.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\palstart.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = w**.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Eraser] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\****Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098777460890
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Yopie · 01.12.2005, 17:24

Zitat:

Zitat von Derril

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\palstart.exe

Wird als Backdoor benannt. Bitte Datei unter http://virusscan.jotti.org/ scannen und Ergebnis posten.

Zitat:

C:\PROGRA~1\Netscape\Netscape\Netscp.exe

Ist imho mittlerweile veraltet. Du solltest die Mozilla-Suite oder Firefox/Thunderbird (oder Opera) nutzen.

Auf http://hijackthis.de/logfiles/4e289c93216eee21682adde679efc927.html sind weitere unnütze Einträge, die du fixen kannst, verzeichnet.
Weiterhin nutzt du diverse Sicherheitsprogramme, die sich auch in die Quere kommen können. Weniger ist mehr. Eine Personal Firewall ist in den allermeisten Fällen überflüssig. Und zu Filesharing hab ich schon was gesagt.

Gruß

Yopie

Derril · 01.12.2005, 18:36

Service load:
0% 100%
File: palstart.exe
Status:
OK
MD5 d4012df4000db3f44764774ae7d0e146
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

Yopie · 01.12.2005, 18:42

Wenn du die Datei kennst, dann ist sie vermutlich ok.

Gruß

Yopie

30.11.2005, 22:09	#2
Yopie Moderator, a.D.	eSCan zeigt Viren ohne Ende an..... Das kommt von Filesharing ohne Sinn und Verstand. Hier eine Beschreibung: http://www.viruslist.com/de/viruses/encyclopedia?virusid=86228 Frickelei: Lösche den Ordner "My Shared Folder", beende die in dem o.a. Link erwähnten Wurm-Prozesse und lösche die Wurm-Dateien. Schneller und sicherer ist das Neuaufsetzen. Gruß Yopie __________________

01.12.2005, 18:42	#6
Yopie Moderator, a.D.	eSCan zeigt Viren ohne Ende an..... Wenn du die Datei kennst, dann ist sie vermutlich ok. Gruß Yopie

eSCan zeigt Viren ohne Ende an.....

Plagegeister aller Art und deren Bekämpfung: eSCan zeigt Viren ohne Ende an.....