Bitte um Analyse meines Logfiles

Pfeife · 11.01.2006, 12:42

Mein PC sendet, sobald er online ist, massenweise Spammails (im Subject steht immer nur "Re:"), allerdings nicht über mein E-Mail-Programm (TheBat), sondern offensichtilich mit einer eigenen SMTP-Einrichtung.

Norton Antivirus popt jedenfalls tausende Fenster auf mit der Meldung "Ausgehend E-Mail wird geprüft", bis der ganze Screen damit übersäht ist.

Diverse Scanner habe ich nun über den Rechner laufen lassen, alle haben auch irgendetwas gefunden, aber das Teil ist hartnäckig.

Mit HijackThis habe ich nun untenstehendes Logfile erstellt.

Wer kann mir bei der Analyse helfen, bzw. sagen, was nun zu tun ist? Für jeden Hinweis, wäre ich sehr dankbar!

Ciao, Pfeife

Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:25:29, on 11.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\apache\mysql\bin\mysqld-nt.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Eset\nod32krn.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\IconSaver\IconSaver.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trojancheck 6\tcguard.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
C:\Programme\Sony Handheld\USBSwt.exe
C:\Programme\ewido anti-malware\securitysuite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Dokumente und Einstellungen\T**\Desktop\Windows XP Update\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {6C23079E-34ED-4913-0CAD-4CA5D9F7B198} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\Programme\FolderBox\FolderBox.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner media GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEBayInterface.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [IconSaver] "C:\Programme\IconSaver\IconSaver.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [klickIdentPP.exe"] "C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe"
O4 - Startup: HotSync Manager.lnk = C:\Programme\Sony Handheld\HOTSYNC.EXE
O4 - Startup: klickIdent 15.lnk = C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
O4 - Startup: SonyPDA USB Switcher.lnk = C:\Programme\Sony Handheld\USBSwt.exe
O8 - Extra context menu item: &Google-Suche - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google AdSense Preview Tool - h**p://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .sib: C:\Programme\Internet Explorer\PLUGINS\NPSibelius.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.spartipps.com/
O16 - DPF: Yahoo! Chat - h**p://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - h**p://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - h**ps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=h**p://www2.minolta.de/foto/a1de/09_2.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - h**p://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - h**p://172.16.7.100/wfica.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - h**p://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - h**ps://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - h**p://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - h**p://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095436890020
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - h**p://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - h**p://toolbar.google.com/data/de/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - h**p://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - h**p://asp04.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: docent0 - docent0.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: CHIPDRIVESCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

cacatoa · 11.01.2006, 12:51

Hi,
das Logfile sehe ich nicht als zu tragisch an.
Das hier:
R3 - Default URLSearchHook is missing
gehört gefixt; über andere Einträge machen wir uns Gedanken, wenn du einen eScan genau nach Anleitung durchgeführt und das Ergebnis gepostet hast. Bitte beachten: Sprache auf Englisch lassen, damit er die automatische Auswertung (find.bat) nutzen kann!!
cacatoa

Princ_of_Galaxy · 11.01.2006, 12:54

was genau meinst du mit "das teil ist hartnäckig"

hast du die antivieren scanns etc. im abgesicherten modus durchgeführt nachdem die systhemwiederherstellung deaktiviert wurde?

auserdem sagt http://www.hijackthis.de
das

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - h**p://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - h**p://otx.ifilm.com/OTXMedia/OTXMedia.dll

O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten2\Searchamaz on.htm

O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten2\Searchamaz on.htm

und R3 - Default URLSearchHook is missing

böse sind.

denke also das es net schaden kann die zu fixen

edit: cacatoa war wol schneller;-)

@ cacatoa R3 - Default URLSearchHook is missing is das nen trojaner?
oder nur sypware?

cacatoa · 11.01.2006, 13:05

Also:
Den O16 kannst fixen; auch wenn ich ihn später beseitigt hätte.
Die O8 Amazon-Einträge kannst lassen, ebenso ifilm.
Was soll daran schlimm sein? Nur weil die automatische Auswertung hier zickt?
Wie gesagt; erst eScan durchführen, dann weitermachen.
cacatoa

Pfeife · 11.01.2006, 22:43

Zitat:

Zitat von Princ_of_Galaxy

was genau meinst du mit "das teil ist hartnäckig"

hast du die antivieren scanns etc. im abgesicherten modus durchgeführt nachdem die systhemwiederherstellung deaktiviert wurde?

Öhm, nöööö (Asche auf mein Haupt)
Mit hartnäckig meine ich, daß der Rechner sich immer noch so verhält, obwohl ich mit diversen Trojanercheckern, Antispyware-Programmen etc. den Rechner habe scannen lassen. Die gefixten oder gelöschten Dateien waren aber offensichtlich nicht die Ursache des Problems.

Zitat:

Zitat von Princ_of_Galaxy

denke also das es net schaden kann die zu fixen

Habe ich gemacht (bevor cacatoas 2. Nachricht kam).
Ciao, Pfeife

Pfeife · 11.01.2006, 23:18

Zitat:

Zitat von cacatoa

Hi,
das Logfile sehe ich nicht als zu tragisch an.
Das hier:
R3 - Default URLSearchHook is missing
gehört gefixt;

done.

Zitat:

Zitat von cacatoa

über andere Einträge machen wir uns Gedanken, wenn du einen eScan genau nach Anleitung durchgeführt und das Ergebnis gepostet hast. Bitte beachten: Sprache auf Englisch lassen, damit er die automatische Auswertung (find.bat) nutzen kann!!
cacatoa

Habe mich genau an die Hinweise gehalten. Die Scan-Ergebnisse in der MWAV.log ergeben mehr als 30 MB, darum habe ich mal nur die Virus Log- Information rausgezogen, und die poste ich hier:

######################################

File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "helper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "everad Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "speer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "speer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\googlenav.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OTXMedia.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OTXMedia.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton SystemWorks\Password Manager\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton SystemWorks\Norton Ghost\Agent\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\resource\de\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\resource\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{567DB2D4-9B01-4EBF-9FFA-543491BF3379}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E5526E3-4B91-11d4-876F-005004BCDA99}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E5526E4-4B91-11d4-876F-005004BCDA99}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{178F2316-1BF7-4436-B506-53BB8F75026F}" refers to invalid object " ". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1D0BC1B2-7F7F-4FAC-8FC9-4E57FA89C0D4}" refers to invalid object " ". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{32187E62-601A-4C7E-8A67-6FCD5F1FB53E}" refers to invalid object "C:\DOKUME~1\T**\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3A919507-FA94-4F7D-B3E0-B2C778C6B8F2}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OTXMedia.dll". Action Taken: No Action Taken.
Entry "HKCR\.x3d" refers to invalid object "X3D.Document". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND1.NFI tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND10.NFI infected by "Trojan.Win32.StartPage.aha" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND11.NFI infected by "Trojan-Spy.Win32.Agent.jl" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND12.NFI infected by "Trojan-Spy.Win32.Agent.jl" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND13.NFI infected by "Trojan-Spy.Win32.Goldun.gj" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND14.NFI infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDB.NFI infected by "Trojan-Downloader.Win32.Small.cfd" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDD.NFI infected by "Trojan-Spy.Win32.Goldun.gj" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDE.NFI infected by "Packed.Win32.Klone.b" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDF.NFI infected by "Trojan-Clicker.Win32.VB.kc" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00002647 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00271E1C infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\002F1C69 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\0038700A infected by "Email-Worm.Win32.NetSky.r" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00406BDF infected by "Email-Worm.Win32.NetSky.y" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\004263D0 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00426F39 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00444605 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00450C94 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\005535FA infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00554717 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00556B24 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\005F33EF infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00625DEC infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006507E8 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006931E4 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006B06B7 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006C0FD0 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006C33AB infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006E0574 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00721097 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\007659D6 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00782EA9 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00795B9D infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\007B2D66 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\007C2DCF infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\008C11F3 infected by "Email-Worm.Win32.Sober.g" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00932B80 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\009B66D9 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00A00DDE infected by "Email-Worm.Win32.Sober.g" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00AD35CF infected by "Email-Worm.Win32.NetSky.aa" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00AD5788 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00B648B4 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00B733C4 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00B77959 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00BB754B infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00BF2CA7 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00C45BB6 infected by "Email-Worm.Win32.Sober.g" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00C850DA infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00D01270 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00D01270.com infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00D66264 infected by "Email-Worm.Win32.NetSky.aa" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00DB4CC4 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00DF4324 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00EE7B11 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00F2493D infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00F6623C infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00F74F45 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00FF150A infected by "Email-Worm.Win32.NetSky.aa" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\01076FA5 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\010C3CFB infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\0110192E infected by "Email-Worm.Win32.Bagle.at" Virus! Action Taken: No Action Taken.

usw.

Und am Schluß:

File C:\RECYCLER\NPROTECT\00893668. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00893680. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
File D:\Downloads\Finale\Finale 2006\ngnf6u01.exe infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.

################################################

Dies war nur der Anfang der Virus Log Informationen, aber was dann folgt ist so ähnlich, nämlich:

Strings, die so anfangen:
C:\Programme\Eset\cache
oder so:
C:\RECYCLER\NPROTECT
oder so:
C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine

Wenn ich mich nicht irre, bezeichnen sie doch infizierte Dateien, die schon von anderen Scannern unter Quarantäne gestellt wurden und somit nichts mehr anrichten können, oder?

Den kompletten Text habe ich hier abgelegt:
http://www.kirchenmusikliste.de/dl/

Vielen Dank im Voraus, wenn sich jemand um diese Angaben kümmert und mir sagt, was ich machen soll.

Ciao, Pfeife

cacatoa · 12.01.2006, 07:34

@ Pfeife:

Zitat:

Die Scan-Ergebnisse in der MWAV.log ergeben mehr als 30 MB

Wie wär´s mal mit dem Einsatz der "find.bat"?
Das sind die wichtigsten Infos.
Allerdings möchte ich insgesamt kein solch verseuchtes System haben.
Aber, wie gesagt, schaun wir mal, wenn du die find.bat benutzt hast...
cacatoa

Pimperish · 12.01.2006, 13:24

Hallo Leute, ich werde noch verrückt.
Jedesmal wenn cih versuche mit Winmp ein lied abzuspielen, stürzt er ab.
Mein lahmt jetzt auch schon und immer wieder (zumindest so scheint es) wegen irgend so ner fu** datei dwwin.exe
ich bin echt am verzewifeln!!!
Bitte helft mir!!!und bitte so , dass ichs versteh check net wirklich allzu viel von der "Profi-Sprache"
Hoffe auf baldige antwort und hilfe....Niko!!!

Logfile of HijackThis v1.98.2
Scan saved at 13:17:45, on 12.01.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
D:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
D:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
D:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Eigene Dateien\Niko\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: bw+0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

cacatoa · 12.01.2006, 18:07

@ pimperish:
Mach bitte einen eigenen thread auf!
cacatoa

Pfeife · 12.01.2006, 23:01

Zitat:

Zitat von cacatoa

@ Pfeife:
Aber, wie gesagt, schaun wir mal, wenn du die find.bat benutzt hast...
cacatoa

Ich hatte den Hinweis auf die find.bat im Kleingedruckten bei www.cidres-security.de/escan_neu.html tatsächlich übersehen

Aber jetzt!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:25:26 2006 => File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:14 2006 => System found infected with limewire Spyware/Adware (options.js)! Action taken: No Action Taken.
Thu Jan 12 17:26:24 2006 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:40 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with imiserver ieplugin Spyware/Adware (migrate.dll)! Action taken: No Action Taken.
Thu Jan 12 17:27:02 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:10 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:27:12 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:13 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:14 2006 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:56:19 2006 => File C:\Dokumente und Einstellungen\T**\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 18:31:31 2006 => Scanning Folder: C:\Programme\Eset\infected\*.*
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQI
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQI
Thu Jan 12 19:57:28 2006 => File C:\Programme\The Bat!\MAIL\GMX\Sent\MESSAGES.TBB infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:01:04 2006 => File C:\Programme\The Bat!\MAIL\Vocalscene\Inbox\MESSAGES.TBB infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:29 2006 => File C:\Programme\TweakNow PowerPack\Backup\FileBackup2.zip infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:36 2006 => File C:\Programme\TweakNow PowerPack 2006\Backup\Disk_Cleaner_08.11.2005_18%b15%b30.zip infected by "Net-Worm.Win32.Mytob.h" Virus! Action Taken: No Action Taken.

####################################
Dann sehr viele Einträge wie dieser (darum alle gesnippt):
Thu Jan 12 20:11:50 2006 => C:\RECYCLER\NPROTECT\00518771. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:50 2006 => File C:\RECYCLER\NPROTECT\00518771. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:50 2006 => C:\RECYCLER\NPROTECT\00519056. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:50 2006 => File C:\RECYCLER\NPROTECT\00519056. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Diese Dateien lassen sich übrigens weder löschen, noch umbenennen. Im Explorer werden sie alle mit einigen kb Dateigröße angezeigt. Läßt man sich aber ihre Eigenschaften anzeigen, so haben sie alle 0 byte Gewicht.
Ich kann mir nicht vorstellen, daß sie die Ursache meines Problems sind, denn diese Dateien liegen dort schon seit vielen Monaten.
#####################################

Thu Jan 12 21:37:44 2006 => File D:\Downloads\Finale\Finale 2006\ngnf6u01.exe infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
Thu Jan 12 22:27:32 2006 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 18:03:29 2006 => File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Thu Jan 12 18:04:04 2006 => File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
Thu Jan 12 19:43:19 2006 => File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
Thu Jan 12 21:33:44 2006 => File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
Thu Jan 12 21:41:09 2006 => File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:26:04 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\bullseye network !!!
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\conscorr.ini
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\helper.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Thu Jan 12 17:26:06 2006 => Offending Folder found: C:\Programme\password-finder
Thu Jan 12 17:26:07 2006 => Offending Folder found: C:\Dokumente und Einstellungen\T**\Anwendungsdaten\everad
Thu Jan 12 17:26:14 2006 => Offending file found: C:\Dokumente und Einstellungen\T**\Anwendungsdaten\mozilla\firefox\profiles\default.6pr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences\options.js
Thu Jan 12 17:26:24 2006 => Offending file found: C:\WINDOWS\Favoriten\links\ebay.url
Thu Jan 12 17:26:30 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:26:40 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:26:51 2006 => Offending Folder found: C:\Dokumente und Einstellungen\T**\Lokale Einstellungen\anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:53 2006 => Offending Folder found: C:\Dokumente und Einstellungen\T**\Lokale Einstellungen\Anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\projec_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\custsu_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\pages\search_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\office10\migrate\migrate.dll
Thu Jan 12 17:27:01 2006 => Offending Folder found: D:\CD\gnu
Thu Jan 12 17:27:02 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:03 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\password-finder
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:04 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\password-finder
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:06 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:27:10 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:27:12 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:27:13 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:27:14 2006 => Offending file found: C:\WINDOWS\iun6002.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 22:27:32 2006 => Total Errors: 12500
Thu Jan 12 22:27:32 2006 => Time Elapsed: 04:59:52
Thu Jan 12 22:27:32 2006 => Total Objects Scanned: 255370
Thu Jan 12 17:16:19 2006 => Virus Database Date: 1/3/2006
Thu Jan 12 17:17:23 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 17:24:17 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 22:27:32 2006 => Virus Database Date: 1/12/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Ich kann diese Angaben nur rudimentär deuten, weiß aber noch nicht einmal, was danach zu tun ist. Kann man z.B.
C:\WINDOWS\system32\msctl32.dll
einfach löschen? Oder muß man diese Datei durch eine nicht infizierte Originaldatei ersetzen? Oder läßt die sich reparieren?

cacatoa, wenn Du mir sagen könntest, was jetzt getan werden muß, wäre ich Dir sehr dankbar!

Ciao, Pfeife

cacatoa · 13.01.2006, 08:52

Holla, Pfeife:
Folgendes lädst Du Dir jetzt runter:
1. Spybot S&D 1.4
2. AdAware SE
3. Ewido Testversion
4. RegSeeker
Dann jedes Programm außer Regseeker manuell updaten (die update-Funktion bei Spybot S&D bei der Installation funktioniert meistens nicht richtig).
Dann: mit RegSeeker die Registrierung säubern.
Dann den Java-cache leeren (Start> Einstellungen> Systemsteuerung> Java> Dateien löschen> Haken bei allen drei Punkten> löschen> ok.
Dann im abgesicherten Modus bei deaktivierter Systemwiederherstellung hintereinander laufen lassen und alles löschen lassen, was sie finden:
Spyvot S&D, AdAware SE und ewido.
Anschließend neu booten und diese Anleitung abarbeiten.
Dann gibt es noch zu beachten: Die Recycler (Systemweiderherstellung) bei XP lassen sich leeren, in dem man die Systemwiederherstellung ausschaltet, Rechner aus, Rechner an, Systemwiederherstellung wieder an. Allerdings: Die Norton-Benutzer müssen sich damit abfinden, daß Norton in jedem Laufwerk noch einen zweiten Recycler anlegt, der sich so nicht löschen läßt... na,ja, Norton halt...

Wenn du fertig bist, dann meldest Dich wieder mit einem neuen HJT-Logfile und einem neuen eScan log. Wird zwar ganz schön dauern, aber es sollte dann o.k. sein.
cacatoa

Pfeife · 13.01.2006, 09:38

Zitat:

Zitat von cacatoa

Wenn du fertig bist, dann meldest Dich wieder mit einem neuen HJT-Logfile und einem neuen eScan log. Wird zwar ganz schön dauern, aber es sollte dann o.k. sein.
cacatoa

WOW! Hier werde ich geholfen. Vielen Dank!!
Wenn ich alles befolgt habe, melde ich mich wieder.
Jetzt muß ich erst zur Arbeit.

Ciao, Pfeife

Pfeife · 14.01.2006, 12:28

Zitat:

Zitat von cacatoa

Wenn du fertig bist, dann meldest Dich wieder mit einem neuen HJT-Logfile und einem neuen eScan log. Wird zwar ganz schön dauern, aber es sollte dann o.k. sein.
cacatoa

Hat auch ganz schön gedauert, aber die lästigen Popups von Norton (daß jetzt E-Mails gesendet werden), die den ganzen Screen überfluteten, sind weg. Auch wird das System nicht mehr ausgebremst.

HJT sagt dies:

Logfile of HijackThis v1.99.1
Scan saved at 00:18:24, on 14.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\IconSaver\IconSaver.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Sony Handheld\USBSwt.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\Dokumente und Einstellungen\T**\Desktop\Windows XP Update\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {6C23079E-34ED-4913-0CAD-4CA5D9F7B198} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\Programme\FolderBox\FolderBox.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner media GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEBayInterface.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IconSaver] "C:\Programme\IconSaver\IconSaver.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [klickIdentPP.exe"] "C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programme\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: HotSync Manager.lnk = C:\Programme\Sony Handheld\HOTSYNC.EXE
O4 - Startup: klickIdent 15.lnk = C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
O4 - Startup: SonyPDA USB Switcher.lnk = C:\Programme\Sony Handheld\USBSwt.exe
O8 - Extra context menu item: &Google-Suche - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google AdSense Preview Tool - h**p://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .sib: C:\Programme\Internet Explorer\PLUGINS\NPSibelius.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.spartipps.com/
O16 - DPF: Yahoo! Chat - h**p://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - h**p://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - h**ps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=h**p://www2.minolta.de/foto/a1de/09_2.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - h**p://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - h**p://172.16.7.100/wfica.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - h**p://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - h**ps://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - h**p://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095436890020
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - h**p://toolbar.google.com/data/de/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - h**p://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - h**p://asp04.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: docent0 - docent0.dll (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: CHIPDRIVESCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

escan sagt dies:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:25:26 2006 => File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:14 2006 => System found infected with limewire Spyware/Adware (options.js)! Action taken: No Action Taken.
Thu Jan 12 17:26:24 2006 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:40 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with imiserver ieplugin Spyware/Adware (migrate.dll)! Action taken: No Action Taken.
Thu Jan 12 17:27:02 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:10 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:27:12 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:13 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:14 2006 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:56:19 2006 => File C:\Dokumente und Einstellungen\T**\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 18:31:31 2006 => Scanning Folder: C:\Programme\Eset\infected\*.*
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQI
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQI
Thu Jan 12 19:57:28 2006 => File C:\Programme\The Bat!\MAIL\GMX\Sent\MESSAGES.TBB infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:01:04 2006 => File C:\Programme\The Bat!\MAIL\Vocalscene\Inbox\MESSAGES.TBB infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:29 2006 => File C:\Programme\TweakNow PowerPack\Backup\FileBackup2.zip infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:36 2006 => File C:\Programme\TweakNow PowerPack 2006\Backup\Disk_Cleaner_08.11.2005_18%b15%b30.zip infected by "Net-Worm.Win32.Mytob.h" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:33 2006 => C:\RECYCLER\NPROTECT\00000000. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:33 2006 => File C:\RECYCLER\NPROTECT\00000000. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.

usw....

Thu Jan 12 20:13:51 2006 => File C:\RECYCLER\NPROTECT\00886136. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:13:51 2006 => C:\RECYCLER\NPROTECT\00886137. possibly infected and removed by background antivirus package!
Thu Jan 12 20:13:51 2006 => File C:\RECYCLER\NPROTECT\00886137. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:13:51 2006 => C:\RECYCLER\NPROTECT\00893528. possibly infected and removed

Sieht das jetzt besser aus als die ersten Logfiles? Für mich ist das alles ja sehr kryptisch. Vielen Dank, cacatoa, für Deine Hilfe!

Ciao, Thomas

cacatoa · 14.01.2006, 13:04

??
Das eScan Logfile ist das vom 12. 01.; also kein neues>> nochmal nachschauen!
Folgende mit HJT noch fixen:
O2 - BHO: (no name) - {6C23079E-34ED-4913-0CAD-4CA5D9F7B198} - (no file)
O20 - Winlogon Notify: docent0 - docent0.dll (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\
Ansonsten ist das Logfile schon o.k.!
Was haben ewido, Spybot S&D und AdAware SE gefunden?
cacatoa

Pfeife · 14.01.2006, 14:05

Zitat:

Zitat von cacatoa

??
Das eScan Logfile ist das vom 12. 01.; also kein neues>> nochmal nachschauen!

Uuuuuuups! Da ist mir beim Speichern der verschiedenen eScan-Logs ein Fehler unterlaufen. Sorry!

Jetzt aber richtig:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:25:26 2006 => File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:14 2006 => System found infected with limewire Spyware/Adware (options.js)! Action taken: No Action Taken.
Thu Jan 12 17:26:24 2006 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:40 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with imiserver ieplugin Spyware/Adware (migrate.dll)! Action taken: No Action Taken.
Thu Jan 12 17:27:02 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:10 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:27:12 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:13 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:14 2006 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:56:19 2006 => File C:\Dokumente und Einstellungen\Tom\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 18:31:31 2006 => Scanning Folder: C:\Programme\Eset\infected\*.*
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQI
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQI
Thu Jan 12 19:57:28 2006 => File C:\Programme\The Bat!\MAIL\GMX\Sent\MESSAGES.TBB infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:01:04 2006 => File C:\Programme\The Bat!\MAIL\Vocalscene\Inbox\MESSAGES.TBB infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:29 2006 => File C:\Programme\TweakNow PowerPack\Backup\FileBackup2.zip infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:36 2006 => File C:\Programme\TweakNow PowerPack 2006\Backup\Disk_Cleaner_08.11.2005_18%b15%b30.zip infected by "Net-Worm.Win32.Mytob.h" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:33 2006 => C:\RECYCLER\NPROTECT\00000000. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:33 2006 => File C:\RECYCLER\NPROTECT\00000000. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:33 2006 => C:\RECYCLER\NPROTECT\00000001. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:33 2006 => File C:\RECYCLER\NPROTECT\00000001. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.

usw.

Sat Jan 14 03:13:10 2006 => File C:\RECYCLER\NPROTECT\00894714. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Sat Jan 14 03:13:10 2006 => C:\RECYCLER\NPROTECT\00894723. possibly infected and removed by background antivirus package!
Sat Jan 14 03:13:10 2006 => File C:\RECYCLER\NPROTECT\00894723. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Sat Jan 14 04:38:28 2006 => File D:\Downloads\Finale\Finale 2006\ngnf6u01.exe infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
Sat Jan 14 05:27:20 2006 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 18:03:29 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Thu Jan 12 18:04:04 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
Thu Jan 12 19:43:19 2006 => File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
Thu Jan 12 21:33:44 2006 => File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
Thu Jan 12 21:41:09 2006 => File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.
Sat Jan 14 01:05:36 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Sat Jan 14 01:06:10 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
Sat Jan 14 02:42:04 2006 => File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
Sat Jan 14 04:34:26 2006 => File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
Sat Jan 14 04:41:57 2006 => File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:26:04 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\bullseye network !!!
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\conscorr.ini
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\helper.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Thu Jan 12 17:26:06 2006 => Offending Folder found: C:\Programme\password-finder
Thu Jan 12 17:26:07 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\everad
Thu Jan 12 17:26:14 2006 => Offending file found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\mozilla\firefox\profiles\default.6pr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences\options.js
Thu Jan 12 17:26:24 2006 => Offending file found: C:\WINDOWS\Favoriten\links\ebay.url
Thu Jan 12 17:26:30 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:26:40 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:26:51 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:53 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\projec_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\custsu_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\pages\search_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\office10\migrate\migrate.dll
Thu Jan 12 17:27:01 2006 => Offending Folder found: D:\CD\gnu
Thu Jan 12 17:27:02 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:03 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\password-finder
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:04 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\password-finder
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:06 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:27:10 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:27:12 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:27:13 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:27:14 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Sat Jan 14 00:29:41 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\bullseye network !!!
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\conscorr.ini
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\helper.exe
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Sat Jan 14 00:29:47 2006 => Offending Folder found: C:\Programme\password-finder
Sat Jan 14 00:29:48 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\everad
Sat Jan 14 00:29:55 2006 => Offending file found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\mozilla\firefox\profiles\default.6pr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences\options.js
Sat Jan 14 00:30:04 2006 => Offending file found: C:\WINDOWS\Favoriten\links\ebay.url
Sat Jan 14 00:30:11 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Sat Jan 14 00:30:21 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Sat Jan 14 00:30:26 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Sat Jan 14 00:30:27 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Sat Jan 14 00:30:32 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Sat Jan 14 00:30:33 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\projec_t\search.htm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\custsu_t\search.htm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\pages\search_t\search.htm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\office10\migrate\migrate.dll
Sat Jan 14 00:30:41 2006 => Offending Folder found: D:\CD\gnu
Sat Jan 14 00:30:43 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Sat Jan 14 00:30:44 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\password-finder
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\powerdesk pro 5.0\toolbar.lnk
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Sat Jan 14 00:30:44 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\password-finder
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\powerdesk pro 5.0\toolbar.lnk
Sat Jan 14 00:30:47 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Sat Jan 14 00:30:51 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Sat Jan 14 00:30:53 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Sat Jan 14 00:30:54 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Sat Jan 14 00:30:55 2006 => Offending file found: C:\WINDOWS\iun6002.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 22:27:32 2006 => Total Errors: 12500
Sat Jan 14 05:27:20 2006 => Total Errors: 12545
Thu Jan 12 22:27:32 2006 => Time Elapsed: 04:59:52
Sat Jan 14 05:27:20 2006 => Time Elapsed: 04:56:49
Thu Jan 12 22:27:32 2006 => Total Objects Scanned: 255370
Sat Jan 14 05:27:20 2006 => Total Objects Scanned: 250353
Thu Jan 12 17:16:19 2006 => Virus Database Date: 1/3/2006
Thu Jan 12 17:17:23 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 17:24:17 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 22:27:32 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 22:32:02 2006 => Virus Database Date: 1/12/2006
Sat Jan 14 00:20:12 2006 => Virus Database Date: 1/12/2006
Sat Jan 14 00:21:03 2006 => Virus Database Date: 1/14/2006
Sat Jan 14 00:28:03 2006 => Virus Database Date: 1/14/2006
Sat Jan 14 05:27:20 2006 => Virus Database Date: 1/14/2006
Sat Jan 14 09:13:51 2006 => Virus Database Date: 1/14/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Zitat:

Zitat von cacatoa

Folgende mit HJT noch fixen:

done.

Zitat:

Zitat von cacatoa

Ansonsten ist das Logfile schon o.k.!
Was haben ewido, Spybot S&D und AdAware SE gefunden?
cacatoa

Die Logfiles von AdAware undSpybot habe ich noch nicht gefunden, aber das von ewido schreibt:

[Kommt in separater Antwort, weil der Platz hier nicht reicht]

Ciao, Pfeife

Bitte um Analyse meines Logfiles

Log-Analyse und Auswertung: Bitte um Analyse meines Logfiles