| |
| |||||||
Mülltonne: Sammelsurium an Würmern, Trojanern...Formatieren?Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
13.11.2008, 20:02
| #1 |
| |  Sammelsurium an Würmern, Trojanern...Formatieren? Hallo, der Rechner meiner Mitbewohnerin gleicht einem Sammelsurium aller möglichen Schädlinge. Mit dem HJT-Log File konnte ich gerade mal einen Trojaner manuell entfernen. Habe nun den eScan im abgesicherten Modus laufen lassen. Hier das log-File: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 13 06:24:59 2008 => System found infected with combo Spyware/Adware ({3c78b8e2-6c4d-11d1-ade2-0000f8754b99})! Action taken: No Action Taken.
Thu Nov 13 06:24:59 2008 => System found infected with etlrlws toolbar Toolbar ({f4d76f09-7896-458a-890f-e1f05c46069f})! Action taken: No Action Taken.
Thu Nov 13 06:24:59 2008 => System found infected with etlrlws toolbar Toolbar ({f4d76f09-7896-458a-890f-e1f05c46069f})! Action taken: No Action Taken.
Thu Nov 13 06:25:21 2008 => System found infected with combo Spyware/Adware (C:\WINDOWS\system32\win.com)! Action taken: No Action Taken.
Thu Nov 13 06:25:24 2008 => System found infected with combo Spyware/Adware (hklm\software\policies\microsoft\windowsfirewall\domainprofile/enablefirewall)! Action taken: No Action Taken.
Thu Nov 13 06:25:26 2008 => System found infected with rohbot Worm (C:\WINDOWS\system32\pskill.exe)! Action taken: No Action Taken.
Thu Nov 13 06:25:27 2008 => System found infected with combo Spyware/Adware (C:\WINDOWS\system32\win.com)! Action taken: No Action Taken.
Thu Nov 13 06:25:28 2008 => System found infected with combo Spyware/Adware (C:\WINDOWS\system32\win.com)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hklm\system\currentcontrolset\services\lanmanserver\parameters/autosharewks)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hkus\.default\software\microsoft\internet explorer\new windows)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hklm\system\currentcontrolset\services\lanmanserver\parameters/autoshareserver)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hklm\software\microsoft\windows\currentversion\run/alcmtr)! Action taken: No Action Taken.
Thu Nov 13 06:26:07 2008 => File C:\WINDOWS\wksvcsc.MSNFix infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:28:00 2008 => File C:\WINDOWS\system32\uckif.MSNFix infected by "Email-Worm.Win32.Agent.ck" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:29:00 2008 => File C:\ddggs.MSNFix infected by "Backdoor.Win32.IRCBot.dsf" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:29:00 2008 => File C:\dgs.MSNFix infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:36:37 2008 => File C:\Documents and Settings\WTrust-Enigma\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpwmuz95.default\Cache\49A370C6d01 infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:55:20 2008 => File C:\Program Files\MSNFix\22062008_18433351.zip/backup/ddggs.exe infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:07:12 2008 => File C:\WINDOWS\system32\kazaabackupfiles\download_me.exe//PE_Patch.PECompact//PecBundle//PECompact infected by "P2P-Worm.Win32.SpyBot.gen" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:08:45 2008 => File C:\WINDOWS\system32\uckif.MSNFix infected by "Email-Worm.Win32.Agent.ck" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:09:30 2008 => File C:\WINDOWS\wksvcsc.MSNFix infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:25:16 2008 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 13 06:24:02 2008 => File C:\PROGRA~1\AskPBar\bar\1.bin\ASKPBAR.DLL tagged as "not-a-virus:WebToolbar.Win32.MyWebSearch.a". No Action Taken.
Thu Nov 13 06:24:04 2008 => File C:\PROGRA~1\AskPBar\bar\1.bin\ASKPBAR.DLL tagged as "not-a-virus:WebToolbar.Win32.MyWebSearch.a". No Action Taken.
Thu Nov 13 06:44:55 2008 => File C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL tagged as "not-a-virus:WebToolbar.Win32.MyWebSearch.a". No Action Taken.
Thu Nov 13 07:01:38 2008 => File C:\Program Files\Windows Trust\axhelper.exe//UPX tagged as "not-a-virus:PSWTool.Win32.IEPassView.l". No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 13 06:25:07 2008 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Thu Nov 13 06:25:21 2008 => Offending file found: C:\WINDOWS\system32\win.com
Thu Nov 13 06:25:24 2008 => Offending Registry Entry found: hklm\software\policies\microsoft\windowsfirewall\domainprofile/enablefirewall
Thu Nov 13 06:25:26 2008 => Offending file found: C:\WINDOWS\system32\pskill.exe
Thu Nov 13 06:25:27 2008 => Offending file found: C:\WINDOWS\system32\win.com
Thu Nov 13 06:25:28 2008 => Offending file found: C:\WINDOWS\system32\win.com
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hklm\system\currentcontrolset\services\lanmanserver\parameters/autosharewks
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hkus\.default\software\microsoft\internet explorer\new windows
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hklm\system\currentcontrolset\services\lanmanserver\parameters/autoshareserver
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hklm\software\microsoft\windows\currentversion\run/alcmtr
Thu Nov 13 07:25:17 2008 => Total Errors: 176
Thu Nov 13 07:25:17 2008 => Time Elapsed: 01:06:03
Thu Nov 13 07:25:16 2008 => Total Objects Scanned: 104713
Sun Aug 19 11:23:56 2007 => Virus Database Date: 8/18/2007
Sun Aug 19 11:24:14 2007 => Virus Database Date: 8/19/2007
Wed Nov 12 23:06:48 2008 => Virus Database Date: 8/19/2007
Wed Nov 12 23:32:04 2008 => Virus Database Date: 11/12/2008
Wed Nov 12 23:44:05 2008 => Virus Database Date: 11/12/2008
Thu Nov 13 07:25:17 2008 => Virus Database Date: 11/12/2008
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wäre für Tipps aller Art dankbar, bevor ich nach stundemlangem manuellen entfernen beim letzten Trojaner scheiter und doch alles formatieren muss. Dann lieber gleich. Danke im Voraus, freddy0815 |
| Themen zu Sammelsurium an Würmern, Trojanern...Formatieren? |
| .com, abgesicherten modus, application, download, escan, explorer, file, firefox, formatieren, hjt-log, infected, internet, internet explorer, log-file, microsoft, mozilla, registry, server, software, system, system32, tipps, trojaner, virus, windows, worm |
Linear-Darstellung
