| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AsizWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.06.2004, 17:21
| #1 |
 |  Asiz anybody knows what this is..? every day there are new folders created in my C:/Program Files called ASize, ASize Size, AntiSize, Anti CloseSize, etc. and inside them is a file called "BAGS FROM META" it's a DAT file. |
|
06.06.2004, 18:51
| #2 |
 | Asiz Hi,
__________________have you run a virusscanner, and Ad-Aware & SPYBOT ? Google for links please supply more info & post a hijackthis-Logfile: http://www.trojaner-board.de/51130-a...ackthis.htmlen  |
|
06.06.2004, 19:58
| #3 |
| | Asiz Logfile of HijackThis v1.97.7
__________________Scan saved at 20:58:14, on 6-6-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Common files\updmgr\updmgr.exe C:\Program Files\Altnet\Points Manager\Points Manager.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\PROGRA~1\FIVEBU~1\1HTM.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\DV Series\Console\Watch.exe C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {6C9E0F95-EA43-E6A1-8F1C-0FD7488454CC} - C:\PROGRA~1\ANTICL~1\Wipe web.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: pure city bone - {1EEDAA5E-5E4F-BC7A-E39C-152A19B3E3CA} - C:\PROGRA~1\ANTICL~1\Wipe web.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [JugsVc] C:\PROGRA~1\FIVEBU~1\1HTM.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [CSIM] C:\Program Files\CSIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.ntsearch.com/popengine/POP.CHM::/sp.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab |
|
06.06.2004, 20:00
| #4 |
| | Asiz norton antivirus found nothing but those folders keep on comin back everyday. |
|
06.06.2004, 20:03
| #5 |
| | Asiz this just popped up... Norton AntiVirus has detected a virus on your computer. Object Name: ...... Virus Name: Bloodhound.Exploit.6 Action Taken Unable to repair this file. and what is ad-aware and spybot?? |
|
08.06.2004, 03:09
| #7 |
| | Asiz test
__________________ Ich fange alles ein. Besonders Viren |
|
| Themen zu Asiz |
| files, inside, this |
Linear-Darstellung
