| |
| |||||||
Log-Analyse und Auswertung: Trojaner?!? Nebuler, Downloader,...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.05.2007, 16:59
| #11 |
 |  Trojaner?!? Nebuler, Downloader,... hier der neue Escan-Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.05.07.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NORMAL eScan Version: 9.2.3 Sprache: English Virus Database Date: 5/18/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken. System found infected with cws.loadadv.400 Browser Hijacker (kl.exe)! Action taken: No Action Taken. System found infected with paymite Browser Hijacker (secure32.html)! Action taken: No Action Taken. System found infected with cws.loadadv.400 Browser Hijacker (tool2.exe)! Action taken: No Action Taken. System found infected with purityscan Spyware/Adware (usbmonit.exe)! Action taken: No Action Taken. System found infected with ace club casino Spyware/Adware (blackjack.dll)! Action taken: No Action Taken. System found infected with ace club casino Spyware/Adware (blackjack.dll)! Action taken: No Action Taken. System found infected with harnig Trojan (C:\WINDOWS\kl.exe)! Action taken: No Action Taken. System found infected with paymite Browser Hijacker (C:\WINDOWS\system32\paytime.exe)! Action taken: No Action Taken. System found infected with paymite Browser Hijacker (C:\WINDOWS\tool2.exe)! Action taken: No Action Taken. Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "savenow Adware" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ File C:\WINDOWS\system32\wincqt32.dll//PE_Patch.PECompact//PecBundle//PECompact infected by "Trojan.Win32.Dialer.qn" Virus! Action Taken: No Action Taken. File C:\WINDOWS\system32\wincqt32.dll//PE_Patch.PECompact//PecBundle//PECompact infected by "Trojan.Win32.Dialer.qn" Virus! Action Taken: No Action Taken. File C:\WINDOWS\system32\wincqt32.dll//PE_Patch.PECompact//PecBundle//PECompact infected by "Trojan.Win32.Dialer.qn" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Allgemein\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9\3c0ee589-6c74c234/FcPred.class infected by "Trojan-Downloader.Java.Agent.c" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Allgemein\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-10bfbdb3-3b6fc022.zip/FcPred.class infected by "Trojan-Downloader.Java.Agent.c" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0155104.dll//Virtumonde//PE_Patch.UPX//UPX infected by "Trojan.Win32.BHO.g" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156135.exe//CryptFF infected by "Trojan-Downloader.Win32.Tibs.fb" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156136.exe//CryptFF infected by "Email-Worm.Win32.Brontok.q" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156137.exe//CryptFF infected by "Email-Worm.Win32.Brontok.q" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156138.exe//CryptFF infected by "Email-Worm.Win32.Brontok.q" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156139.exe//CryptFF infected by "Trojan.Win32.Agent.vg" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156140.exe//CryptFF infected by "Trojan.Win32.Agent.vg" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156141.exe//CryptFF//UPX infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156142.com//CryptFF infected by "EICAR-Test-File" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156143.exe//CryptFF infected by "Trojan-Downloader.Win32.Small.dys" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156144.exe//CryptFF//UPX infected by "P2P-Worm.Win32.VB.dw" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{B3B2DA0A-8513-46EF-B8CA-B736BE40C6FB}\RP703\A0156145.dll//CryptFF infected by "Trojan-Spy.Win32.VBStat.h" Virus! Action Taken: No Action Taken. File C:\WINDOWS\system32\wincqt32.dll//PE_Patch.PECompact//PecBundle//PECompact infected by "Trojan.Win32.Dialer.qn" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ File C:\WINDOWS\system32\vtutrqp.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.jp". Action Taken: No Action Taken. File C:\WINDOWS\system32\vtutrqp.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.jp". Action Taken: No Action Taken. File C:\WINDOWS\system32\vtutrqp.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.jp". Action Taken: No Action Taken. File C:\WINDOWS\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken. File C:\WINDOWS\NDNuninstall7_14.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken. File C:\WINDOWS\system32\vtutrqp.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.jp". Action Taken: No Action Taken. File C:\WINDOWS\system32\yaywttt.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.jp". Action Taken: No Action Taken. File C:\Programme\BearShare\BearShareZangoInstaller.exe/clientax.dll tagged as "not-a-virus:AdWare.Win32.180Solutions.ao". Action Taken: No Action Taken. File C:\Programme\BearShare\Installer\BSInstallDE_DE5.2.5.5.exe//WiseSFX Dropper//WISE0027.BIN/clientax.dll tagged as "not-a-virus:AdWare.Win32.180Solutions.ao". Action Taken: No Action Taken. File C:\Programme\MP3 Player Utilities 3.5.02\DelDrv.exe tagged as "not-a-virus:RiskTool.Win32.Deleter.b". Action Taken: No Action Taken. File C:\Programme\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.i". No Action Taken. File C:\WINDOWS\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken. File C:\WINDOWS\NDNuninstall7_14.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken. File C:\WINDOWS\system32\vtutrqp.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.jp". Action Taken: No Action Taken. File C:\WINDOWS\system32\yaywttt.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.jp". Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Offending file found: C:\WINDOWS\kl.exe Offending file found: C:\WINDOWS\secure32.html Offending file found: C:\WINDOWS\tool2.exe Offending file found: C:\WINDOWS\system32\usbmonit.exe Offending file found: D:\Eigene Dateien\poker\partycasino\images\games\cardgames\blackjack\blackjack.dll Offending file found: D:\Eigene Dateien\poker\partycasino\language\en_us\images\games\cardgames\blackjack\blackjack.dll Offending file found: C:\WINDOWS\kl.exe Offending file found: C:\WINDOWS\system32\paytime.exe Offending file found: C:\WINDOWS\tool2.exe ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ ~~~~~~~~~~~ Registry ~~~~~~~~~~~ Offending Key found: HKLM\Software\magnet !!! Offending Key found: HKCU\\magnet !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc C:\WINDOWS\System32\drivers\etc\hosts : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Critical Objects: 46 Total Disinfected Objects: 0 Total Objects Renamed: 0 Total Deleted Objects: 0 Total Errors: 57 Time Elapsed: 01:14:36 Total Objects Scanned: 125920 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory Check: Enabled Registry Check: Enabled System Folder Check: Enabled System Area Check: Disabled Services Check: Enabled Drive Check: Enabled All Drive Check  isabled All Drive Check isabled Batchstart: 17:57:17,71 Batchende: 17:57:36,07 |
| Themen zu Trojaner?!? Nebuler, Downloader,... |
| adobe, antivirus, canon, computer, dll, downloader, drivers, excel, explorer, hijack, hijackthis, internet explorer, internet security, logfile, monitor, nvidia, object, rundll, security, seiten, software, symantec, system, trojan, trojaner, trojaner?, trojaner?!, windows, windows xp |
Baum-Darstellung