|
best-web-search.com Hi Leutz, bin total ratlos. Wäre für Hilfe sehr dankbar. Hier mein Log: Logfile of HijackThis v1.99.0 Scan saved at 09:08:05, on 25.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Network Associates\VirusScan\Avsynmgr.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Network Associates\VirusScan\VsStat.exe C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe C:\Programme\Network Associates\VirusScan\Vshwin32.exe C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe C:\Programme\Network Associates\VirusScan\Avconsol.exe C:\WINDOWS\Explorer.EXE C:\Programme\Creative\ShareDLL\CtNotify.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\System32\mshelp32.exe C:\WINDOWS\System32\devldr32.exe C:\Programme\Creative\ShareDLL\MediaDet.Exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Outlook Express\msimn.exe D:\install\Hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-on-the-net.com/search.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.de.msn.com/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-web-search.com/adult/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online O1 - Hosts: 127.0.0.0 localhost O1 - Hosts: 127.0.0.2 auditmypc.com O1 - Hosts: 127.0.0.4 bulletproofsoft.net O1 - Hosts: 127.0.0.5 camtech2000.net O1 - Hosts: 127.0.0.7 computercops.us O1 - Hosts: 127.0.0.8 ct7support.com O1 - Hosts: 127.0.0.9 doxdesk.com O1 - Hosts: 127.0.0.20 kellys-korner-xp.com O1 - Hosts: 127.0.0.25 majorgeeks.com O1 - Hosts: 127.0.0.28 moosoft.com O1 - Hosts: 127.0.0.29 mvps.org O1 - Hosts: 127.0.0.30 net-integration.net O1 - Hosts: 127.0.0.31 noadware.net O1 - Hosts: 127.0.0.33 onlinepcfix.com O1 - Hosts: 127.0.0.35 pestpatrol.com O1 - Hosts: 127.0.0.36 safer-networking.org O1 - Hosts: 127.0.0.37 secure.spykiller.com O1 - Hosts: 127.0.0.38 secureie.com O1 - Hosts: 127.0.0.40 spybot.info O1 - Hosts: 127.0.0.43 spycop.com O1 - Hosts: 127.0.0.44 spyguard.com O1 - Hosts: 127.0.0.45 spykiller.com O1 - Hosts: 127.0.0.47 spyware-cop.com O1 - Hosts: 127.0.0.49 spywarenuker.com O1 - Hosts: 127.0.0.50 spywareremove.com O1 - Hosts: 127.0.0.51 spywareremove.com O1 - Hosts: 127.0.0.52 stopzillapro.com O1 - Hosts: 127.0.0.54 thiefware.com O1 - Hosts: 127.0.0.56 unwantedlinks.com O1 - Hosts: 127.0.0.57 webattack.com O1 - Hosts: 127.0.0.58 wilders.org O1 - Hosts: 127.0.0.59 www.auditmypc.com O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net O1 - Hosts: 127.0.0.62 www.computercops.us O1 - Hosts: 127.0.0.63 www.ct7support.com O1 - Hosts: 127.0.0.64 www.doxdesk.com O1 - Hosts: 127.0.0.65 www.eblocs.com O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com O1 - Hosts: 127.0.0.68 www.free-web-browsers.com O1 - Hosts: 127.0.0.70 www.grisoft.com O1 - Hosts: 127.0.0.71 www.hackfaq.org O1 - Hosts: 127.0.0.72 www.hazeleger.net O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com O1 - Hosts: 127.0.0.79 www.majorgeeks.com O1 - Hosts: 127.0.0.82 www.moosoft.com O1 - Hosts: 127.0.0.83 www.mvps.org O1 - Hosts: 127.0.0.84 www.net-integration.net O1 - Hosts: 127.0.0.85 www.noadware.net O1 - Hosts: 127.0.0.87 www.onlinepcfix.com O1 - Hosts: 127.0.0.89 www.pestpatrol.com O1 - Hosts: 127.0.0.90 www.safer-networking.org O1 - Hosts: 127.0.0.91 www.secureie.com O1 - Hosts: 127.0.0.93 www.spybot.info O1 - Hosts: 127.0.0.96 www.spycop.com O1 - Hosts: 127.0.0.97 www.spyguard.com O1 - Hosts: 127.0.0.98 www.spykiller.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Programme\IESearchToolbar\IESearchToolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\install\SpyBot\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Programme\IESearchToolbar\IESearchToolbar.dll O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\System32\mshelp32.exe O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe O4 - Startup: PowerReg Scheduler.exe O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987507} - C:\SEXO126de\SEXO126de.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/0...es/initial.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317...dxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093722566875 O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://access.phonecookie.nl/users/penasus_12/de.exe O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?319 O17 - HKLM\System\CCS\Services\Tcpip\..\{1345B7C1-526D-4C07-94CD-8CD484D78694}: NameServer = 192.168.121.252,192.168.121.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{486217EB-689A-4DBF-9301-4E4A43A0F44F}: NameServer = 62.27.27.62 62.27.53.66 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A9102C-3072-483E-A105-38B1B006CB6D}: NameServer = 192.168.0.254 O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVSync Manager - Unknown - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\PROGRAMME\TELEDAT\de_serv.exe O23 - Service: e-DiagTools LAN Configuration Agent - Hewlett-Packard - C:\Programme\HP\e-DiagTools\edtsrv.exe O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: McShield - Network Associates, Inc. - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
Moin, Zitat:
Mach mal einen Scan mit eScan (siehe Signatur) und poste anschließend, was gefunden wurde. Öffne dazu die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen. |
N'abend, Keine Treffer unter 'tagged' dafür umso mehr unter 'infected' - zu viel für ein Post, daher hier der 1. Teil: Tue Jan 25 10:01:21 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 10:01:27 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken. Tue Jan 25 10:01:28 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:01:29 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken. Tue Jan 25 10:01:35 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:01:35 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 10:01:36 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken. Tue Jan 25 10:02:00 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken. Tue Jan 25 10:02:01 2005 => File c:\windows\jjfixer.exe infected by "Trojan-Dropper.Win32.Small.ql" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:12 2005 => File C:\WINDOWS\sys053.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:12 2005 => Scanning File C:\WINDOWS\sys059.exe Tue Jan 25 10:03:12 2005 => File C:\WINDOWS\sys059.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:12 2005 => Scanning File C:\WINDOWS\sys112.exe Tue Jan 25 10:03:13 2005 => File C:\WINDOWS\sys112.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:13 2005 => Scanning File C:\WINDOWS\sys118.exe Tue Jan 25 10:03:13 2005 => File C:\WINDOWS\sys118.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:13 2005 => Scanning File C:\WINDOWS\sys12.exe Tue Jan 25 10:03:13 2005 => File C:\WINDOWS\sys12.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:13 2005 => Scanning File C:\WINDOWS\sys144.exe Tue Jan 25 10:03:14 2005 => File C:\WINDOWS\sys144.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:14 2005 => Scanning File C:\WINDOWS\sys18.exe Tue Jan 25 10:03:14 2005 => File C:\WINDOWS\sys18.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:14 2005 => Scanning File C:\WINDOWS\sys218.exe Tue Jan 25 10:03:15 2005 => File C:\WINDOWS\sys218.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:15 2005 => Scanning File C:\WINDOWS\sys222.exe Tue Jan 25 10:03:15 2005 => File C:\WINDOWS\sys222.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:15 2005 => Scanning File C:\WINDOWS\sys254.exe Tue Jan 25 10:03:15 2005 => File C:\WINDOWS\sys254.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:15 2005 => Scanning File C:\WINDOWS\sys718.exe Tue Jan 25 10:03:16 2005 => File C:\WINDOWS\sys718.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:16 2005 => Scanning File C:\WINDOWS\sys747.exe Tue Jan 25 10:03:16 2005 => File C:\WINDOWS\sys747.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:16 2005 => Scanning File C:\WINDOWS\sys753.exe Tue Jan 25 10:03:17 2005 => File C:\WINDOWS\sys753.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:17 2005 => Scanning File C:\WINDOWS\sys81.exe Tue Jan 25 10:03:17 2005 => File C:\WINDOWS\sys81.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:17 2005 => Scanning File C:\WINDOWS\sys815.exe Tue Jan 25 10:03:17 2005 => File C:\WINDOWS\sys815.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:03:18 2005 => Scanning File C:\WINDOWS\sys87.exe Tue Jan 25 10:03:18 2005 => File C:\WINDOWS\sys87.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:05:21 2005 => File C:\WINDOWS\System32\dsmanager.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 10:05:21 2005 => Scanning File C:\WINDOWS\System32\dsmanager32.dll Tue Jan 25 10:05:21 2005 => File C:\WINDOWS\System32\dsmanager32.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 10:05:57 2005 => File C:\WINDOWS\System32\IEHelper.dll_tobedeleted infected by "Trojan-Spy.Win32.Banker.iv" Virus. Action Taken: No Action Taken. Tue Jan 25 10:06:03 2005 => File C:\WINDOWS\System32\init32m.exe.tcf infected by "Trojan-Downloader.Win32.Agent.ho" Virus. Action Taken: No Action Taken. Tue Jan 25 10:26:30 2005 => File C:\hawa.chm infected by "Trojan.Win32.Dialer.ce" Virus. Action Taken: No Action Taken. Tue Jan 25 10:37:40 2005 => Total Disinfected Files: 0 Tue Jan 25 10:57:27 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 10:57:31 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken. Tue Jan 25 10:57:39 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:57:40 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken. Tue Jan 25 10:57:46 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:57:47 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 10:57:47 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken. Tue Jan 25 10:58:11 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken. Tue Jan 25 10:58:12 2005 => File c:\windows\jjfixer.exe infected by "Trojan-Dropper.Win32.Small.ql" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:20 2005 => File C:\WINDOWS\sys053.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:20 2005 => Scanning File C:\WINDOWS\sys059.exe Tue Jan 25 10:59:21 2005 => File C:\WINDOWS\sys059.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:21 2005 => Scanning File C:\WINDOWS\sys112.exe Tue Jan 25 10:59:21 2005 => File C:\WINDOWS\sys112.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:21 2005 => Scanning File C:\WINDOWS\sys118.exe Tue Jan 25 10:59:21 2005 => File C:\WINDOWS\sys118.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:22 2005 => Scanning File C:\WINDOWS\sys12.exe Tue Jan 25 10:59:22 2005 => File C:\WINDOWS\sys12.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:22 2005 => Scanning File C:\WINDOWS\sys144.exe Tue Jan 25 10:59:22 2005 => File C:\WINDOWS\sys144.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:22 2005 => Scanning File C:\WINDOWS\sys18.exe Tue Jan 25 10:59:23 2005 => File C:\WINDOWS\sys18.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:23 2005 => Scanning File C:\WINDOWS\sys218.exe Tue Jan 25 10:59:23 2005 => File C:\WINDOWS\sys218.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:23 2005 => Scanning File C:\WINDOWS\sys222.exe Tue Jan 25 10:59:24 2005 => File C:\WINDOWS\sys222.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:24 2005 => Scanning File C:\WINDOWS\sys254.exe Tue Jan 25 10:59:24 2005 => File C:\WINDOWS\sys254.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:24 2005 => Scanning File C:\WINDOWS\sys718.exe Tue Jan 25 10:59:24 2005 => File C:\WINDOWS\sys718.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:25 2005 => Scanning File C:\WINDOWS\sys747.exe Tue Jan 25 10:59:25 2005 => File C:\WINDOWS\sys747.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:25 2005 => Scanning File C:\WINDOWS\sys753.exe Tue Jan 25 10:59:25 2005 => File C:\WINDOWS\sys753.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. |
...und hier der 2. Teil - also Rest: Tue Jan 25 10:59:25 2005 => Scanning File C:\WINDOWS\sys81.exe Tue Jan 25 10:59:26 2005 => File C:\WINDOWS\sys81.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:26 2005 => Scanning File C:\WINDOWS\sys815.exe Tue Jan 25 10:59:26 2005 => File C:\WINDOWS\sys815.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 10:59:26 2005 => Scanning File C:\WINDOWS\sys87.exe Tue Jan 25 10:59:27 2005 => File C:\WINDOWS\sys87.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 11:01:21 2005 => File C:\WINDOWS\System32\dsmanager.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 11:01:21 2005 => Scanning File C:\WINDOWS\System32\dsmanager32.dll Tue Jan 25 11:01:21 2005 => File C:\WINDOWS\System32\dsmanager32.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 11:01:55 2005 => File C:\WINDOWS\System32\IEHelper.dll_tobedeleted infected by "Trojan-Spy.Win32.Banker.iv" Virus. Action Taken: No Action Taken. Tue Jan 25 11:02:02 2005 => File C:\WINDOWS\System32\init32m.exe.tcf infected by "Trojan-Downloader.Win32.Agent.ho" Virus. Action Taken: No Action Taken. Tue Jan 25 11:23:04 2005 => File C:\hawa.chm infected by "Trojan.Win32.Dialer.ce" Virus. Action Taken: No Action Taken. Tue Jan 25 12:36:07 2005 => File C:\info6.cab infected by "Trojan.Win32.Dialer.t" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:01 2005 => File C:\WINDOWS\sys053.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:01 2005 => Scanning File C:\WINDOWS\sys059.exe Tue Jan 25 13:54:01 2005 => File C:\WINDOWS\sys059.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:01 2005 => Scanning File C:\WINDOWS\sys112.exe Tue Jan 25 13:54:02 2005 => File C:\WINDOWS\sys112.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:02 2005 => Scanning File C:\WINDOWS\sys118.exe Tue Jan 25 13:54:02 2005 => File C:\WINDOWS\sys118.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:02 2005 => Scanning File C:\WINDOWS\sys12.exe Tue Jan 25 13:54:02 2005 => File C:\WINDOWS\sys12.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:03 2005 => Scanning File C:\WINDOWS\sys144.exe Tue Jan 25 13:54:03 2005 => File C:\WINDOWS\sys144.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:03 2005 => Scanning File C:\WINDOWS\sys18.exe Tue Jan 25 13:54:03 2005 => File C:\WINDOWS\sys18.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:03 2005 => Scanning File C:\WINDOWS\sys218.exe Tue Jan 25 13:54:04 2005 => File C:\WINDOWS\sys218.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:04 2005 => Scanning File C:\WINDOWS\sys222.exe Tue Jan 25 13:54:04 2005 => File C:\WINDOWS\sys222.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:04 2005 => Scanning File C:\WINDOWS\sys254.exe Tue Jan 25 13:54:05 2005 => File C:\WINDOWS\sys254.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:05 2005 => Scanning File C:\WINDOWS\sys718.exe Tue Jan 25 13:54:05 2005 => File C:\WINDOWS\sys718.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:05 2005 => Scanning File C:\WINDOWS\sys747.exe Tue Jan 25 13:54:06 2005 => File C:\WINDOWS\sys747.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:06 2005 => Scanning File C:\WINDOWS\sys753.exe Tue Jan 25 13:54:06 2005 => File C:\WINDOWS\sys753.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:06 2005 => Scanning File C:\WINDOWS\sys81.exe Tue Jan 25 13:54:07 2005 => File C:\WINDOWS\sys81.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:07 2005 => Scanning File C:\WINDOWS\sys815.exe Tue Jan 25 13:54:07 2005 => File C:\WINDOWS\sys815.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken. Tue Jan 25 13:54:07 2005 => Scanning File C:\WINDOWS\sys87.exe Tue Jan 25 13:54:08 2005 => File C:\WINDOWS\sys87.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken. Tue Jan 25 14:00:31 2005 => File C:\WINDOWS\system32\dsmanager.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 14:00:31 2005 => Scanning File C:\WINDOWS\system32\dsmanager32.dll Tue Jan 25 14:00:32 2005 => File C:\WINDOWS\system32\dsmanager32.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken. Tue Jan 25 14:01:08 2005 => File C:\WINDOWS\system32\IEHelper.dll_tobedeleted infected by "Trojan-Spy.Win32.Banker.iv" Virus. Action Taken: No Action Taken. Tue Jan 25 14:01:14 2005 => File C:\WINDOWS\system32\init32m.exe.tcf infected by "Trojan-Downloader.Win32.Agent.ho" Virus. Action Taken: No Action Taken. Tue Jan 25 14:45:51 2005 => File D:\install\Hijack this\log\hijackthis.log infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. Tue Jan 25 14:45:51 2005 => File D:\install\Hijack this\log\hijackthis.log.vir1 infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. Tue Jan 25 15:19:41 2005 => File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd1.vir.vir infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. Tue Jan 25 15:19:41 2005 => Scanning File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd2.vir1.vir Tue Jan 25 15:19:41 2005 => File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd2.vir1.vir infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. Tue Jan 25 15:19:41 2005 => Scanning File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd23.pdf Tue Jan 25 15:19:41 2005 => Scanning File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd3.vir.vir Tue Jan 25 15:19:41 2005 => File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd3.vir.vir infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. Tue Jan 25 15:19:46 2005 => Total Disinfected Files: 0 |
Moin, ich habe es mir fast gedacht, wenn auch nicht Rbot, sondern folgendes zu der Datei angegeben wird: Zitat:
Bei den ganzen Downloadern habe ich jetzt nicht im Einzelnen nachgesehen, was die u.U. veranstalten... Wenn Du Deinem Rechner wieder 'vertrauen' willst, solltest Du ihn unter Beachtung dieser Anleitung neu aufsetzen. Zur Datensicherung noch dieser Hinweis, allerdings solltest Du hierbei auf ausführbare Dateien gänzlich verzichten. Da auch ein paar Dialer gefunden wurden, solltest Du diese zwecks evtl. Beweissicherung bei erhöhten Telefonrechnungen vorher auf Diskette (o. vgl.) speichern. Wenn Du eine reine DSL-Verbindung hast, also weder ISDN, noch Modem und auch keine Telefonanlage am PC angeschlossen hast, kannst Du Dir diese Beweissicherung sparen. |
best-web-search.com Hallo, kann bitte nochmal jemand meinen log checken....? Ich glaub' der Hijacker ist irgendwie weg... Danke im voraus !!! Logfile of HijackThis v1.99.0 Scan saved at 19:54:01, on 04.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Network Associates\VirusScan\Avsynmgr.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe C:\Programme\Creative\ShareDLL\CtNotify.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programme\Creative\ShareDLL\MediaDet.Exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\System32\mshelp32.exe C:\WINDOWS\system32\devldr32.exe C:\Programme\HP\hpcoretech\comp\hptskmgr.exe C:\Programme\Network Associates\VirusScan\VsStat.exe C:\Programme\Network Associates\VirusScan\Webscanx.exe C:\Programme\Network Associates\VirusScan\Avconsol.exe C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE C:\Programme\Sophos SWEEP for NT\ICMON.EXE C:\WINDOWS\explorer.exe C:\Programme\Internet Explorer\iexplore.exe D:\install\Hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ka-news.de/ O1 - Hosts: 127.0.0.0 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\install\SpyBot\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\System32\mshelp32.exe O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Programme\Sophos SWEEP for NT\ICMON.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317...dxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093722566875 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?319 O17 - HKLM\System\CCS\Services\Tcpip\..\{1345B7C1-526D-4C07-94CD-8CD484D78694}: NameServer = 192.168.121.252,192.168.121.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{486217EB-689A-4DBF-9301-4E4A43A0F44F}: NameServer = 62.27.27.62 62.27.53.66 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A9102C-3072-483E-A105-38B1B006CB6D}: NameServer = 192.168.0.254 O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVSync Manager - Unknown - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\PROGRAMME\TELEDAT\de_serv.exe O23 - Service: e-DiagTools LAN Configuration Agent - Hewlett-Packard - C:\Programme\HP\e-DiagTools\edtsrv.exe O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: McShield - Network Associates, Inc. - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sophos Anti-Virus Network - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS |
Du hast einen rbot drauf. der wurm hat backdoor qualitäten; dein system ist kompromittiert und muss neu installiert werden. beachte auch diese Anleitung |
@escobar wie lutz schon postete, kuckst du hier http://www3.ca.com/securityadvisor/v....aspx?id=39437 C:\WINDOWS\System32\mshelp32.exe da kann man dich nur empfehlen neuaufzusetzen (format C) hier eine hilfestellung http://www.trojaner-board.de/showpos...28&postcount=2 sry chaosman |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 22:45 Uhr. |
Copyright ©2000-2025, Trojaner-Board