Hilfe,Trojaner an Bord

Locke733 · 26.03.2006, 17:14

Hi,
bin gerade neu zu euch gestoßen und würde mich freuen wenn Ihr mir helfen könnt. Habe wohl Trojaner und Keylogger bei mir an Bord.(entfernen, aber wie?)
Habe escan durchlaufen lassen und dann die Find.bat benutzt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Mar 25 10:57:23 2006 => System found infected with troj/taladra-f BackDoor ({e7bc34a3-ba86-11cf-84b1-cbc2da68bf6c})! Action taken: No Action Taken.
Sat Mar 25 10:57:32 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Sat Mar 25 10:57:35 2006 => System found infected with family keylogger Commercial KeyLogger (C:\WINDOWS\system32\ctfmon.exe)! Action taken: No Action Taken.
Sat Mar 25 11:02:02 2006 => File C:\Dokumente und Einstellungen\Test\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv437.jar-34ea88ad-298163b5.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Sat Mar 25 14:21:32 2006 => Total Disinfected Objects: 0
Sun Mar 26 15:36:16 2006 => System found infected with troj/taladra-f BackDoor ({e7bc34a3-ba86-11cf-84b1-cbc2da68bf6c})! Action taken: No Action Taken.
Sun Mar 26 15:36:26 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Sun Mar 26 15:36:29 2006 => System found infected with family keylogger Commercial KeyLogger (C:\WINDOWS\system32\ctfmon.exe)! Action taken: No Action Taken.
Sun Mar 26 15:41:13 2006 => File C:\Dokumente und Einstellungen\Test\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv437.jar-34ea88ad-298163b5.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Sun Mar 26 16:56:12 2006 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Mar 25 10:57:18 2006 => File C:\Programme\TightVNC\WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Sat Mar 25 11:03:05 2006 => File C:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{5B8A38BF-855D-4323-8EFA-195FBD5022F9}\Message Store\Attachments\gewinnspiel.zip tagged as "not-a-virus:AdWare.Win32.Gratis.b". Action Taken: No Action Taken.
Sat Mar 25 11:03:06 2006 => File C:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{5B8A38BF-855D-4323-8EFA-195FBD5022F9}\Message Store\Attachments\tightvnc-1.2.9-setup.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Sat Mar 25 11:43:31 2006 => File C:\Programme\TightVNC\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
Sun Mar 26 15:36:12 2006 => File C:\Programme\TightVNC\WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Sun Mar 26 15:42:16 2006 => File C:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{5B8A38BF-855D-4323-8EFA-195FBD5022F9}\Message Store\Attachments\gewinnspiel.zip tagged as "not-a-virus:AdWare.Win32.Gratis.b". Action Taken: No Action Taken.
Sun Mar 26 15:42:17 2006 => File C:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{5B8A38BF-855D-4323-8EFA-195FBD5022F9}\Message Store\Attachments\tightvnc-1.2.9-setup.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Sun Mar 26 16:22:27 2006 => File C:\Programme\TightVNC\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Mar 25 10:57:32 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sat Mar 25 10:57:33 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Favoriten\online pharmacy
Sat Mar 25 10:57:35 2006 => Offending file found: C:\WINDOWS\system32\ctfmon.exe
Sun Mar 26 15:36:26 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sun Mar 26 15:36:27 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Favoriten\online pharmacy
Sun Mar 26 15:36:29 2006 => Offending file found: C:\WINDOWS\system32\ctfmon.exe
Sat Mar 25 14:21:33 2006 => Total Errors: 21
Sun Mar 26 16:56:12 2006 => Total Errors: 17
Sat Mar 25 14:21:33 2006 => Time Elapsed: 03:09:12
Sun Mar 26 16:56:12 2006 => Time Elapsed: 02:59:45
Sat Mar 25 14:21:32 2006 => Total Objects Scanned: 67176
Sun Mar 26 16:56:12 2006 => Total Objects Scanned: 63501
Sat Mar 25 10:44:06 2006 => Virus Database Date: 3/24/2006
Sat Mar 25 10:53:03 2006 => Virus Database Date: 3/24/2006
Sat Mar 25 14:21:33 2006 => Virus Database Date: 3/24/2006
Sat Mar 25 14:25:02 2006 => Virus Database Date: 3/24/2006
Sun Mar 26 13:55:10 2006 => Virus Database Date: 3/24/2006
Sun Mar 26 16:56:12 2006 => Virus Database Date: 3/24/2006
Sun Mar 26 18:10:09 2006 => Virus Database Date: 3/24/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

thx
Locke733

Hilfe,Trojaner an Bord

Log-Analyse und Auswertung: Hilfe,Trojaner an Bord

Hilfe,Trojaner an Bord

Ähnliche Themen: Hilfe,Trojaner an Bord