| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC langsam, Downloads brechen abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.06.2007, 23:46
| #1 |
 |  PC langsam, Downloads brechen ab Hi, habe ein Problem mit meinem PC. Es handelt sich um ein älteres Teil aber es ging bis jetzt immer ganz okay. Jetzt is der PC super langsam, und wenn ich über den IE was runterladen will, dann bricht der Download nach einer kurzen Zeit ab. HiJackthis hab ich schon durch also hier ein Escan log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.06.16.01
Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NORMAL
eScan Version: 9.2.8
Sprache: English
Virus Database Date: 6/28/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "hotbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
File C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\ALW9UZC9\hbtools[1].exe//data0018//data0002 tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
File C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\ALW9UZC9\hbtools[1].exe//data0018//data0002 tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101572.exe tagged as "not-a-virus:AdWare.Win32.HotBar.bt". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101573.dll tagged as "not-a-virus:AdWare.Win32.HotBar.be". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101575.exe tagged as "not-a-virus:AdWare.Win32.HotBar.by". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101576.dll tagged as "not-a-virus:AdWare.Win32.HotBar.bz". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101578.exe tagged as "not-a-virus:AdWare.Win32.HotBar.by". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101579.exe tagged as "not-a-virus:AdWare.Win32.HotBar.bw". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101580.dll tagged as "not-a-virus:AdWare.Win32.HotBar.bj". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101582.exe tagged as "not-a-virus:AdWare.Win32.Hotbar.an". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101584.dll tagged as "not-a-virus:AdWare.Win32.Hotbar.ar". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101585.exe//data0002 tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0102443.dll tagged as "not-a-virus:AdWare.Win32.HotBar.bx". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0102444.exe//UPX tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0102445.dll tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102455.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102456.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102457.scr tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102458.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.at". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102459.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102460.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102461.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102462.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102463.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102464.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.at". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102466.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bc". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102467.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102468.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102469.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.af". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102470.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102471.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102472.SCR tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102473.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102474.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102475.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.an". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102476.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.aq". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102477.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102479.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bc". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102480.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ax". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102482.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.at". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102484.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102485.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.as". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102486.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ad". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102488.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102489.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102490.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102491.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102492.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102493.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.i". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102500.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102501.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102502.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102503.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102507.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.as". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102508.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.as". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102696.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Offending file found: C:\Documents and Settings\Victoria\Desktop\internet.lnk
Offending file found: C:\Documents and Settings\Victoria\Desktop\internet.lnk
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Offending Folder found: C:\Program Files\hotbar
Offending Folder found: C:\Program Files\mywebsearch
Offending Folder found: C:\Documents and Settings\Victoria\Application Data\funwebproducts
Offending Folder found: C:\Documents and Settings\Victoria\Application Data\funwebproducts
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Offending Key found: HKLM\Software\focusinteractive !!!
Offending Key found: HKLM\Software\fun web products !!!
Offending Key found: HKLM\Software\funwebproducts !!!
Offending Key found: HKLM\Software\magnet !!!
Offending Key found: HKLM\Software\mywebsearch !!!
Offending Key found: HKCU\Software\fun web products !!!
Offending Key found: HKCU\Software\funwebproducts !!!
Offending Key found: HKCU\Software\mywebsearch !!!
Offending Key found: HKCU\\magnet !!!
Offending Key found: HKLM\Software\focusinteractive !!!
Offending Key found: HKLM\Software\fun web products !!!
Offending Key found: HKLM\Software\funwebproducts !!!
Offending Key found: HKLM\Software\magnet !!!
Offending Key found: HKLM\Software\mywebsearch !!!
Offending Key found: HKCU\Software\fun web products !!!
Offending Key found: HKCU\Software\funwebproducts !!!
Offending Key found: HKCU\Software\mywebsearch !!!
Offending Key found: HKCU\\magnet !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
C:\DOCUME~1\Victoria\LOCALS~1\TEMPOR~1\Content.IE5\W7M72UV0\iTunesSetup[1].exe not Scanned. Possibly password protected...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
C:\WINDOWS\System32\drivers\etc\hosts :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Total Critical Objects: 18
Total Critical Objects: 70
Total Disinfected Objects: 0
Total Disinfected Objects: 0
Total Objects Renamed: 0
Total Objects Renamed: 0
Total Deleted Objects: 0
Total Deleted Objects: 0
Total Errors: 21
Total Errors: 11
Time Elapsed: 00:49:39
Time Elapsed: 02:13:05
Total Objects Scanned: 55309
Total Objects Scanned: 97365
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Memory Check: Enabled
Memory Check: Enabled
Registry Check: Enabled
Registry Check: Enabled
System Folder Check: Enabled
System Folder Check: Enabled
System Area Check: Disabled
System Area Check: Disabled
Services Check: Enabled
Services Check: Enabled
Drive Check: Disabled
All Drive Check :Enabled
Drive Check: Disabled
All Drive Check :Enabled
All Drive Check :Enabled
All Drive Check :Enabled
Batchstart: 15:39:05.86
Batchende: 15:39:28.43
|
|
30.06.2007, 17:40
| #2 |
| Administrator > Competence Manager  | PC langsam, Downloads brechen abHallo und  im Trojaner Board!Arbeite zunächst diese Punkte ab, damit wir einen besseren Überblick und mehr Informationen zu deinem System bekommen: Datenträgerbereinigung Zum Starten des Dienstprogramms Datenträgerbereinigung klicke auf Start -> Programme -> Zubehör -> Systemprogramme und klicken anschließend auf Datenträgerbereinigung. Lass die Partition bereinigen, auf dem dein Betriebssystem installiert ist! (wird normalerweise automatisch erkannt!) Schädlinge im Ordner der Systemwiederherstellung: * Deaktiviere die Systemwiederherstellung -> So wird es gemacht. * Danach das System neu starten, und mit deinem AV-Scanner nach dem Neustart alles überprüfen. (Systemwiederherstellung kann nun wieder aktiviert werden.) ComboFix -Lade dir das Tool hier herunter -> KLICK -Starte nun die combofix.exe, bestätige mit (Y)es, lass die Bereinigung durchlaufen und kopiere nun den Text ab, und füge ihn in deinen Beitrag im Board ein! Erstellung eines Hijacklog -Hier gibt es das Tool -> HijackThis (nur diese Version benutzen, nicht die BETA-Version!) -Suche die Datei HiJackThis.exe und benenne sie um in 'This.exe' (Klick rechte Maustaste -> umbenennen) -Starte nun mit Doppelklick auf This.exe -Klicke auf den rot markierten Button Do a system scan and save a log file -Nach dem Scan öffnet sich ein Editor Fenster, kopiere nun dieses Logfile ab und füge es in deinen Beitrag im Forum mit ein) Gruß  Sunny
__________________ |
|
30.06.2007, 18:20
| #3 |
| | PC langsam, Downloads brechen ab Combo Fix:
__________________Code:
ATTFilter 2004-08-04 05:00 135680 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\TASKMGR.COM.vir
2004-08-04 05:00 146432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\REGEDIT.COM.vir
2006-09-08 18:22 104 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Victoria\Desktop\Internet.lnk.vir
Folder PATH listing
Volume serial number is 3492-F15E
C:\QOOBOX
\---Quarantine
+---C
| +---DOCUME~1
| | \---Victoria
| | \---Desktop
| | Internet.lnk.vir
| |
| \---WINDOWS
| | REGEDIT.COM.vir
| |
| \---system32
| TASKMGR.COM.vir
|
\---Registry_backups
HJT hatte ein paar eintragungen, die hab ich gefixed. Soll ich die quarantäne von Combo Fix jetzt löschen? |
|
30.06.2007, 19:08
| #4 |
| Administrator > Competence Manager | PC langsam, Downloads brechen ab 1.) Poste bitte das gesamte Logfile von ComboFix! 2.) Hast du die anderen Schritte abgearbeitet? 3.) Wenn ja, wo ist dann das Hijacklog? Und warum suchst du Hilfe und löschst dann alle Einträge selbst?  Sunny
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
|
30.06.2007, 21:57
| #5 |
| | PC langsam, Downloads brechen abCode:
ATTFilter ComboFix 07-06-18.2 - C:\Documents and Settings\Victoria\Desktop\ComboFix.exe
"Victoria" - 2007-06-30 10:02:58 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Victoria\Desktop\internet.lnk
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))
2007-06-30 10:02 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 18:03 <DIR> d-------- C:\Program Files\iTunes
2007-06-29 15:39 <DIR> d-------- C:\bases_x
2007-06-28 10:56 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-06-28 10:56 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-06-28 10:56 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-06-28 10:56 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-06-28 10:56 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-06-28 10:56 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-06-28 10:50 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-28 10:46 146,432 --a------ C:\WINDOWS\R.COM
2007-06-28 10:46 135,680 --a------ C:\WINDOWS\system32\T.COM
2007-06-28 10:38 <DIR> d-------- C:\VundoFix Backups
2007-06-28 09:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-06-27 11:50 <DIR> d-------- C:\DOCUME~1\Victoria\APPLIC~1\ICQLite
2007-06-27 09:54 <DIR> d-------- C:\Program Files\CCleaner
2007-05-30 22:59 <DIR> d-------- C:\5df3ec659a6ea6f06db78fac6e51
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-30 01:03:52 -------- d-----w C:\Program Files\iPod
2007-06-30 01:00:34 -------- d-----w C:\Program Files\QuickTime
2007-06-28 17:49:58 -------- d-----w C:\Program Files\Google
2007-06-27 18:50:16 -------- d-----w C:\Program Files\ICQLite
2007-06-27 18:47:10 -------- d-----w C:\Program Files\MSN Messenger
2007-05-30 02:30:54 -------- d-----w C:\DOCUME~1\Victoria\APPLIC~1\Apple Computer
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 10:34]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 03:15]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-07-26 13:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-10-31 17:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-17 21:18]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 03:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 10:11:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-30 10:14:02
C:\ComboFix-quarantined-files.txt ... 2007-06-30 10:13
--- E O F ---
Jo die anderen Schritte hab ich alle gemacht. hier nochmal HJT log: Code:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 1:55:43 PM, on 6/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Victoria\LOCALS~1\Temp\Temporary Directory 3 for hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webkinz.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Beth\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe Aber naja ich wollte halt schon ein bisschen vorarbeiten mit dem Kram, den ich schon kannte. Naja trotzdem danke für Hilfe  |
|
01.07.2007, 08:14
| #6 |
| Administrator > Competence Manager | PC langsam, Downloads brechen ab Aus beiden Logfiles kann ich keinerlei Infizierungen entnehmen, das war dann wohl alles in der Systemwiederherstellung. Solltest du immer noch Probleme haben, führe nochmal einen eScan durch und zeig uns die Funde, ansonsten würde ich sagen das System ist wieder (halbwegs) keimfrei... Gruß Sunny
__________________ --> PC langsam, Downloads brechen ab |
|
| Themen zu PC langsam, Downloads brechen ab |
| .dll, 1.exe, application, brechen ab, check, content.ie5, dateien, desktop, download, drivers, escan, fehler, file, handel, hosts-datei, infected, langsam, log, object, ordner, pc langsam, problem, prozesse, registry, software, super, system, system volume information, system32, virus, windows, windows xp, windows\system32\drivers |
Linear-Darstellung
