|
Hab mir was eingefangen und brauche hilfe! Hallo allerseits! Hab mir bei der Datensicherung meiner Freundin was eingeholt, und krieg den kleinen Mistkerl nicht weg. Hier mein Hijackthis-Log, was kann ich jetzt machen? Vielen Dank im Voraus, muaddib81 Logfile of HijackThis v1.99.1 Scan saved at 23:06:15, on 07.03.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe D:\Muli\eMule\Incoming\eTrust.PestPatrol.v5.0.Anti.Spyware-YAG\PPActiveDetection.exe C:\WINDOWS\system32\ctfmon.exe D:\Appz and Toolz\Adobe\Acrobat Reader 7.0\Reader\reader_sl.exe C:\Program Files\IDETOOL\IDETOOL.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe D:\Muli\hijackthis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Appz and Toolz\Adobe\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [eTrustPPAP] "D:\Muli\eMule\Incoming\eTrust.PestPatrol.v5.0.Anti.Spyware-YAG\PPActiveDetection.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\system32\winupd.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Appz and Toolz\Adobe\Acrobat Reader 7.0\Reader\reader_sl.exe O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\APPZAN~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPZAN~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1109088700672 O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe |
Hallo muaddib81, um sicher zu gehen was da noch alles passiert ist, führe bitte dies mal aus: 1. Downloade Dir escan und befolge genau diese Anleitung (dauert etwa eine Stunde), 2. starte nach dem Scan wieder in den normalen Modus, 3. öffne die Datei "mwav.log", klicke auf "bearbeiten" danach auf "suchen" 4. gebe dann "infected" ein, 5. suche weiter bei Treffern, markiere diese und kopiere sie ins Forum, 6. neben den Treffern auch das Gesamtergebnis (befindet sich ganz unter im Logfile) posten. Beispiel: Wed Feb 02 19:48:56 2005 => Total Files Scanned: Wed Feb 02 19:48:56 2005 => Total Virus(es) Found: . . . . dartus |
Aua, aua... Hab den Scan mal drüberlaufen, und mir ist erstmal die Kinnlade runter... Knapp 1200 Treffer beim Scan, die alle zu kopieren dürfte dauern, hier der erste Teil der escan-log-Treffer falls der Hilft, ich muss jetzt erstmal ins Bettchen... Danke, muaddib81 edit: na toll, die ganzen Sachen einzufügen klappt nicht, ich bekomme ne fehlermeldung, und die textdatei ist auch zu gross... hier dann ein ganz kleiner abschnitt... Tue Mar 08 03:45:54 2005 => File C:\WINDOWS\system32\winupd.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:05 2005 => File C:\WINDOWS\system32\userinit.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:06 2005 => File C:\WINDOWS\inf\unregmp2.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:06 2005 => File C:\WINDOWS\system32\shmgrate.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:06 2005 => File C:\WINDOWS\system32\RunDLL32.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:06 2005 => File C:\WINDOWS\system32\regsvr32.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:06 2005 => File C:\PROGRA~1\OUTLOO~1\setup50.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:07 2005 => File C:\WINDOWS\system32\ie4uinit.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:07 2005 => File C:\PROGRA~1\LEXMAR~1\lxbtbmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:07 2005 => File C:\WINDOWS\system32\dumprep.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:08 2005 => File C:\WINDOWS\system32\winupd.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:09 2005 => File C:\WINDOWS\System32\mshta.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:11 2005 => File C:\WINDOWS\system32\cisvc.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:11 2005 => File C:\WINDOWS\system32\clipsrv.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:11 2005 => File C:\WINDOWS\System32\dllhost.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:11 2005 => File C:\WINDOWS\System32\dmadmin.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:12 2005 => File C:\WINDOWS\System32\imapi.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:13 2005 => File C:\WINDOWS\system32\lxbtcoms.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:13 2005 => File C:\WINDOWS\System32\mnmsrvc.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:14 2005 => File C:\WINDOWS\System32\msdtc.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:14 2005 => File C:\WINDOWS\System32\msiexec.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:15 2005 => File C:\WINDOWS\system32\netdde.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:16 2005 => File C:\WINDOWS\system32\sessmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:17 2005 => File C:\WINDOWS\system32\smlogsvc.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:17 2005 => File C:\WINDOWS\System32\tlntsvr.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:19 2005 => File C:\WINDOWS\hh.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:19 2005 => File C:\WINDOWS\IsUn0407.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:19 2005 => File C:\WINDOWS\IsUninst.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken Tue Mar 08 03:46:21 2005 => File C:\WINDOWS\notepad.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:22 2005 => File C:\WINDOWS\R.COM infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:22 2005 => File C:\WINDOWS\REGEDIT.COM infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:22 2005 => File C:\WINDOWS\regedit.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:24 2005 => File C:\WINDOWS\winhlp32.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:25 2005 => File C:\WINDOWS\system32\accwiz.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:26 2005 => File C:\WINDOWS\system32\actmovie.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:26 2005 => File C:\WINDOWS\system32\ahui.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:27 2005 => File C:\WINDOWS\system32\asr_fmt.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:27 2005 => File C:\WINDOWS\system32\asr_ldm.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:27 2005 => File C:\WINDOWS\system32\asr_pfu.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:31 2005 => File C:\WINDOWS\system32\calc.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:33 2005 => File C:\WINDOWS\system32\charmap.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:33 2005 => File C:\WINDOWS\system32\ckcnv.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:33 2005 => File C:\WINDOWS\system32\cleanmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:34 2005 => File C:\WINDOWS\system32\cliconfg.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:34 2005 => File C:\WINDOWS\system32\clipbrd.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:35 2005 => File C:\WINDOWS\system32\cmdl32.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:35 2005 => File C:\WINDOWS\system32\cmmon32.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:35 2005 => File C:\WINDOWS\system32\cmstp.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:37 2005 => File C:\WINDOWS\system32\conime.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:37 2005 => File C:\WINDOWS\system32\control.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. Tue Mar 08 03:46:41 2005 => File C:\WINDOWS\system32\dcomcnfg.exe infected by "Email-Worm.Win32.Bagle.n" Virus. Action Taken: No Action Taken. |
Hallo muaddib81, Zitat:
http://www.mathematik.uni-marburg.de...c-removal.html hier eine empfehlenswerte Anleitung: http://www.trojaner-board.de/showthread.php?t=12154 Thema Datensicherung: http://www.trojaner-board.de/showpos...8&postcount=11 sry dartus |
Ok, vielen Dank für die Hilfe. Den Format C: hätte ich schon längst gemacht, aber ich wollte sichergehen, weil ich noch etliche Daten auf der Platte hab, die nicht mir gehören (meine Freundin ist derzeit im Begriff, ihr System neu aufzusetzen, und den ganzen Kram zu brennen hätte ewig gedauert, da haben wir meine HDD angeschlossen... dabei hab ich mir wohl auch was eingeholt...) Mal sehen, wie ich das mache. Danke nochmal, muaddib81 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 03:53 Uhr. |
Copyright ©2000-2025, Trojaner-Board