Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   adware sysupudt.exe TR/Dldr.Agent.FZ.1 (https://www.trojaner-board.de/18597-adware-sysupudt-exe-tr-dldr-agent-fz-1-a.html)

jaltadi 04.06.2005 16:16
adware sysupudt.exe TR/Dldr.Agent.FZ.1
 
Hilfe!

keines weg aus fur dieses trojanisches pferd

AntiVir hat es entdeckt:
adware sysupudt.exe TR/Dldr.Agent.FZ.1
und auch
adpopup DCF5678.EXE
aber unmoglich zu loschen!

Logfile of HijackThis v1.99.1
Scan saved at 16:18:08, on 04/06/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
D:\PROGRAM FILES\UTILITAIRES INTERNET\PARE FEU\SYGATE PERSONNAL FIREWALL\SMC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DRIVERS\MICROSOFT HARDWARE\GAME CONTROLLERS\COMMON\SWTRAYV4.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVSCHED32.EXE
C:\WINDOWS\WLANCFG.EXE
D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVGCTRL.EXE
D:\PROGRAM FILES\CDVIRTUEL\DAEMONTOOLS347\DAEMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSUPUDT.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PRINTER\HP\AIO\HP PSC 900 SERIES\BIN\HPOBRT07.EXE
C:\PROGRAM FILES\PHOTO\NIKON\NKVIEW6\NKVMON.EXE
D:\PROGRAM FILES\BUREAUTIQUE\OPENOFFICE\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\PRINTER\HP\AIO\SHARED\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\ANTI VIRUS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eurocockpit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.net-up.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: load=c:\windows\progfile\quickenw\MEMENTO.EXE
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\WINDOWS\APPLICATION DATA\METAPRODUCTS\MASS DOWNLOADER\MDHELPER.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINDOWS\SYSTEM\CTXPOPUP.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\WINDOWS\SYSTEM\DRIVERS\MICROS~1\GAMECO~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [AVSCHED32] D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [wlancfg] wlancfg.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAM FILES\ANTI VIRUS\ANTIVIR\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\UTILIT~1\PAREFE~1\SYGATE~1\SMC.EXE -startgui
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\CDvirtuel\DaemonTools347\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install_Choix] E:\choix.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdUpdater] C:\WINDOWS\SYSUPUDT.EXE
O4 - HKLM\..\Run: [AdPopup] C:\WINDOWS\DCF5678.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SmcService] D:\PROGRAM FILES\UTILITAIRES INTERNET\PARE FEU\SYGATE PERSONNAL FIREWALL\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Photo\Nikon\NkView6\NkvMon.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: OpenOffice.org 1.1.3.lnk = D:\Program Files\Bureautique\OpenOffice\program\quickstart.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\WINDOWS\SYSTEM\Printer\HP\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Utilitaires internet\GetRight\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Utilitaires internet\GetRight\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Utilitaires internet\Telechargements\DownloadExpress\Download Express\Add_Url.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.net-up.com/

chaosman 04.06.2005 16:38
@jaltadi
überprüfe dein system mit escan
chaosman

jaltadi 06.06.2005 00:31
escannen ist ein bischen lang...
und so bin ich

Ich habe auch Registry Fix benutz

Yetz habe ich 2 logs; hier ist der kleinerer

Viele viren habe ich selbst geloscht
Aber unmoglich mit viren im _RESTORE\TEMP
Und viren sind yetz gefunden im _RECYCLED

Losche Ich diese einfach?


1.TEIL

Sat Jun 04 19:44:55 2005 => **********************************************************
Sat Jun 04 19:44:55 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sat Jun 04 19:44:55 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sat Jun 04 19:44:55 2005 => **********************************************************
Sat Jun 04 19:44:55 2005 => Version 6.2.9 (C:\BASES_X\MWAVSCAN.COM)
Sat Jun 04 19:44:55 2005 => Log File: C:\BASES_X\MWAV.LOG
Sat Jun 04 19:44:55 2005 => MWAV Registered: FALSE.
Sat Jun 04 19:44:55 2005 => MWAV Mode: Only Scan files.
Sat Jun 04 19:44:55 2005 => Latest Date of files inside MWAV: 29 May 2005 13:10:21.
Sat Jun 04 19:45:14 2005 => AV Library Loaded...
Sat Jun 04 19:45:14 2005 => MWAV doing self scanning...
Sat Jun 04 19:45:14 2005 => Scanning File C:\BASES_X\kavss.exe
Sat Jun 04 19:45:14 2005 => Scanning File C:\BASES_X\Getvlist.exe
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavss.dll
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavssdi.dll
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavssi.dll
Sat Jun 04 19:45:15 2005 => Scanning File C:\BASES_X\kavvlg.dll
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\msvlclnt.dll
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\ipc.dll
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\main.avi
Sat Jun 04 19:45:16 2005 => Scanning File C:\BASES_X\virus.avi
Sat Jun 04 19:45:16 2005 => MWAV files are clean.
Sat Jun 04 19:45:27 2005 => MWAV License Agreement and conditions NOT accepted by user. Aborting...
Sat Jun 04 19:45:27 2005 => AV Library Unloaded (2)...
Sun Jun 05 01:12:39 2005 => **********************************************************
Sun Jun 05 01:12:39 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sun Jun 05 01:12:39 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Jun 05 01:12:39 2005 => **********************************************************
Sun Jun 05 01:12:39 2005 => Version 6.2.9 (C:\BASES_X\MWAVSCAN.COM)
Sun Jun 05 01:12:39 2005 => Log File: C:\BASES_X\MWAV.LOG
Sun Jun 05 01:12:39 2005 => MWAV Registered: FALSE.
Sun Jun 05 01:12:39 2005 => MWAV Mode: Only Scan files.
Sun Jun 05 01:12:39 2005 => Latest Date of files inside MWAV: 04 Jun 2005 20:44:09.
Sun Jun 05 01:12:45 2005 => AV Library Loaded...
Sun Jun 05 01:12:45 2005 => MWAV doing self scanning...
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavss.exe
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\Getvlist.exe
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavss.dll
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavssdi.dll
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavssi.dll
Sun Jun 05 01:12:45 2005 => Scanning File C:\BASES_X\kavvlg.dll
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\msvlclnt.dll
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\ipc.dll
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\main.avi
Sun Jun 05 01:12:46 2005 => Scanning File C:\BASES_X\virus.avi
Sun Jun 05 01:12:46 2005 => MWAV files are clean.
Sun Jun 05 01:13:06 2005 => Virus Database Date: 2005/06/04
Sun Jun 05 01:13:06 2005 => Virus Database Count: 133383

Sun Jun 05 01:14:03 2005 => **********************************************************
Sun Jun 05 01:14:03 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sun Jun 05 01:14:03 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Jun 05 01:14:03 2005 =>
Sun Jun 05 01:14:03 2005 => Support: support@mwti.net
Sun Jun 05 01:14:03 2005 => Web: http://www.mwti.net
Sun Jun 05 01:14:03 2005 => **********************************************************
Sun Jun 05 01:14:03 2005 => Version 6.2.9 (C:\BASES_X\MWAVSCAN.COM)
Sun Jun 05 01:14:03 2005 => Log File: C:\BASES_X\MWAV.LOG
Sun Jun 05 01:14:03 2005 => Windows Root Folder: C:\WINDOWS
Sun Jun 05 01:14:03 2005 => Windows Sys32 Folder: C:\WINDOWS\SYSTEM
Sun Jun 05 01:14:03 2005 => OS: Windows ME
Sun Jun 05 01:14:03 2005 => Latest Date of files inside MWAV: 04 Jun 2005 20:44:09.

Sun Jun 05 01:14:03 2005 => Options Selected by User:
Sun Jun 05 01:14:03 2005 => Memory Check: Enabled
Sun Jun 05 01:14:03 2005 => Registry Check: Enabled
Sun Jun 05 01:14:03 2005 => StartUp Folder Check: Disabled
Sun Jun 05 01:14:03 2005 => System Folder Check: Disabled
Sun Jun 05 01:14:03 2005 => System Area Check: Disabled
Sun Jun 05 01:14:03 2005 => Services Check: Enabled
Sun Jun 05 01:14:03 2005 => Drive Check Option Disabled
Sun Jun 05 01:14:03 2005 => Folder Check: Disabled

Sun Jun 05 01:14:03 2005 => ***** Scanning Memory Files *****
Sun Jun 05 01:14:03 2005 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL
[...]
Sun Jun 05 01:14:17 2005 => Scanning File C:\BASES_X\MWAVSCAN.COM
Sun Jun 05 01:14:18 2005 => Scanning File C:\WINDOWS\SYSTEM\RICHED32.DLL
Sun Jun 05 01:14:18 2005 => Scanning File IPC.DLL
Sun Jun 05 01:14:18 2005 => Scanning File KAVSSDI.DLL
Sun Jun 05 01:14:18 2005 => Scanning File KAVSSD.DLL
Sun Jun 05 01:14:19 2005 => Scanning File KAVSSI.DLL
Sun Jun 05 01:14:19 2005 => Scanning File MSVLCLNT.DLL
Sun Jun 05 01:14:19 2005 => Scanning File MWAVSCAN.COM
Sun Jun 05 01:14:20 2005 => Scanning File C:\BASES_X\KAVSS.EXE
Sun Jun 05 01:14:20 2005 => Scanning File KAVSS.EXE
Sun Jun 05 01:14:20 2005 => Scanning File KAVSS.DLL

Sun Jun 05 01:14:20 2005 => ***** Scanning Registry Files *****

Sun Jun 05 01:14:20 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Sun Jun 05 01:14:20 2005 => Scanning File C:\WINDOWS\SYSTEM\WEBCHECK.DLL
Sun Jun 05 01:14:20 2005 => Scanning File C:\WINDOWS\SYSTEM\UPNPUI.DLL
Sun Jun 05 01:14:20 2005 => Scanning File C:\WINDOWS\SYSTEM\AUHOOK.DLL

Sun Jun 05 01:14:20 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Sun Jun 05 01:14:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
Sun Jun 05 01:14:21 2005 => Scanning File C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

Sun Jun 05 01:14:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Sun Jun 05 01:14:21 2005 => Scanning File C:\WINDOWS\SYSTEM\MSDXM.OCX

Sun Jun 05 01:14:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Sun Jun 05 01:14:21 2005 => {B930BA63-9E5A-11D3-A288-0000E80E2EDE} = C:\WINDOWS\APPLICATION DATA\METAPRODUCTS\MASS DOWNLOADER\MDHELPER.DLL
Sun Jun 05 01:14:21 2005 => ERROR!!! Invalid Entry = C:\WINDOWS\APPLICATION DATA\METAPRODUCTS\MASS DOWNLOADER\MDHELPER.DLL (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B930BA63-9E5A-11D3-A288-0000E80E2EDE}). No Action Taken.
Sun Jun 05 01:14:21 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\PROGRAM FILES\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
Sun Jun 05 01:14:21 2005 => Scanning File C:\PROGRA~1\ACROBA~1.0\READER\ACTIVEX\ACROIE~1.OCX
Sun Jun 05 01:14:21 2005 => {07B18EA1-A523-4961-B6BB-170DE4475CCA} = C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
Sun Jun 05 01:14:21 2005 => Scanning File C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSBAR.DLL
Sun Jun 05 01:14:41 2005 => File C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSBAR.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.

Sun Jun 05 01:14:41 2005 => {00A6FAF1-072E-44cf-8957-5838F569A31D} = C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
Sun Jun 05 01:14:41 2005 => ERROR!!! Invalid Entry = C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}). No Action Taken.

Sun Jun 05 01:14:41 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Sun Jun 05 01:14:41 2005 => Scanning File C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[...]
Sun Jun 05 01:14:54 2005 => Scanning File C:\WINDOWS\SYSTEM\vserver.vxd

Sun Jun 05 01:14:54 2005 => ***** Scanning Important System Files *****
Sun Jun 05 01:14:54 2005 => Scanning File C:\WINDOWS\WINSOCK.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\WSCRIPT.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHEXT.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHFR.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHOM.OCX
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WS2_32.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WS2HELP.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WS2THK.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSCTHUNK.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSASRV.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSHTCP.VXD
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSOCK.VXD
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSOCK2.VXD
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSOCK32.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\WSTDECOD.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\EXPLORER.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\RUNDLL.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\RUNDLL32.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\BROWSEUI.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\NTDLL.DLL
Sun Jun 05 01:14:55 2005 => Scanning File C:\WINDOWS\SYSTEM\ADVAPI32.DLL
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\SYSTEM\USER32.DLL
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\SYSTEM\GDI32.DLL
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\COMMAND.COM
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\COMMAND.PIF
Sun Jun 05 01:14:56 2005 => Scanning File C:\WINDOWS\TASKMON.EXE

cronos 06.06.2005 00:34
Gehe wie folgt vor, damit wir das korrekte Ergebnis bekommen:

Rechtsklick auf diesen Link -> Ziel speichern unter… z.B. 'C:\Find.rar' -> 'Find.rar' entpacken z.B. 'C:\Find.bat' -> 'Find.bat' doppelklicken und den Scan abwarten -> den Inhalt der automatisch erstellten 'C:\eScan_neu.txt' posten.

jaltadi 06.06.2005 00:37
2.TEIL

Sun Jun 05 01:14:56 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Sun Jun 05 01:14:57 2005 => System found infected with FunWeb Spyware/Adware ({147A976F-EEE1-4377-8EA7-4716E4CDD239})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({ADB01E81-3C79-4272-A0F1-7B2BE7A782DC})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({9FF05104-B030-46FC-94B8-81276E4E27DF})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({7473D292-B7BB-4f24-AE82-7E2CE94BB6A9})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({F42228FB-E84E-479E-B922-FBBD096E792C})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({7473D290-B7BB-4F24-AE82-7E2CE94BB6A9})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with MyWebSearch Spyware/Adware ({29D67D3C-509A-4544-903F-C8C1B8236554})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:57 2005 => System found infected with IBIS Spyware/Adware ({1d4db7d2-6ec9-47a3-bd87-1e41684e07bb})! Action taken: No Action Taken.
Sun Jun 05 01:14:57 2005 => Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EA1-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EAA-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EAC-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({63D0ED2B-B45B-4458-8B3B-60C69BBBD83C})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({63D0ED2D-B45B-4458-8B3B-60C69BBBD83C})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({00A6FAF1-072E-44cf-8957-5838F569A31D})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({00A6FAF0-072E-44CF-8957-5838F569A31D})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({07B18EA0-A523-4961-B6BB-170DE4475CCA})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({8E6F1830-9607-4440-8530-13BE7C4B1D14})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with MyWebSearch Spyware/Adware ({E47CAEE0-DEEA-464A-9326-3F2801535A4D})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:58 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun Jun 05 01:14:58 2005 => Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with MyBar Spyware/Adware ({3646C2BD-3554-49CA-8125-44DEEFB881DE})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({9bbcf06c-dcd7-495d-80df-cdd5399d0ff8})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({e813099d-5529-47f4-9b37-4afafcb00a43})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware ({ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb})! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.adm25)! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:14:59 2005 => System found infected with WhenU Spyware/Adware (wusn)! Action taken: No Action Taken.
Sun Jun 05 01:14:59 2005 => Object "WhenU Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:04 2005 => Offending value found in HKLM\Software\FocusInteractive !!!
Sun Jun 05 01:15:04 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:04 2005 => Offending value found in HKLM\software\microsoft\office\outlook\addins\MyWebSearch.OutlookAddin !!!
Sun Jun 05 01:15:04 2005 => Offending value found in HKLM\software\microsoft\office\word\addins\MyWebSearch.OutlookAddin !!!
Sun Jun 05 01:15:04 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:14 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Sun Jun 05 01:15:14 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:14 2005 => Offending value found in HKCU\Software\Fun Web Products !!!
Sun Jun 05 01:15:14 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\Fun Web Products !!!
Sun Jun 05 01:15:14 2005 => Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:15 2005 => Offending value found in HKCU\Software\FunWebProducts !!!
Sun Jun 05 01:15:15 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\FunWebProducts !!!
Sun Jun 05 01:15:15 2005 => Offending Folder C:\PROGRA~1\FUNWEB~1 present...
Sun Jun 05 01:15:15 2005 => Object "FunWebProducts Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:15 2005 => Offending value found in HKCU\Software\mywebsearch !!!
Sun Jun 05 01:15:15 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\mywebsearch !!!
Sun Jun 05 01:15:15 2005 => Offending Folder C:\PROGRA~1\MYWEBS~1 present...
Sun Jun 05 01:15:15 2005 => Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:19 2005 => Offending value found in HKCU\Software\cydoor !!!
Sun Jun 05 01:15:19 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\cydoor !!!
Sun Jun 05 01:15:19 2005 => Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:19 2005 => Offending value found in HKLM\Software\altnet !!!
Sun Jun 05 01:15:19 2005 => Offending Folder C:\PROGRA~1\ALTNET present...
Sun Jun 05 01:15:19 2005 => Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:36 2005 => Offending value found in HKLM\Software\WhenU !!!
Sun Jun 05 01:15:36 2005 => Object "WhenU Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:42 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Sun Jun 05 01:15:42 2005 => Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:55 2005 => System found infected with MyWebSearch Spyware/Adware (MyWebSearch Email Plugin.lnk)! Action taken: No Action Taken.
Sun Jun 05 01:15:55 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:55 2005 => System found infected with MyWebSearch Spyware/Adware (f3initialsetup1.0.0.8-2.inf)! Action taken: No Action Taken.
Sun Jun 05 01:15:55 2005 => Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:57 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Jun 05 01:15:57 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:15:57 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Jun 05 01:15:57 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jun 05 01:16:01 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Jun 05 01:16:01 2005 => Object "AltnetBDE Spyware/Adware" found in File System! Action Taken: No Action Taken.


Sun Jun 05 01:16:58 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sun Jun 05 01:16:58 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\vxiewer.ocx". Action Taken: No Action Taken.
[...]

Sun Jun 05 01:17:17 2005 => Entry "HKCR\CtxPopup.IEObject" refers to invalid object "{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}". Action Taken: No Action Taken.


Sun Jun 05 01:17:17 2005 => ***** Checking for specific ITW Viruses *****
Sun Jun 05 01:17:17 2005 => Checking for Welchia Virus...
Sun Jun 05 01:17:17 2005 => Checking for LovGate Virus...
Sun Jun 05 01:17:17 2005 => Checking for CodeRed Virus...
Sun Jun 05 01:17:17 2005 => Checking for OpaServ Virus...
Sun Jun 05 01:17:17 2005 => Checking for Sobig.e Virus...
Sun Jun 05 01:17:17 2005 => Checking for Winupie Virus...
Sun Jun 05 01:17:17 2005 => Checking for Swen Virus...
Sun Jun 05 01:17:17 2005 => Checking for JS.Fortnight Virus...
Sun Jun 05 01:17:17 2005 => Checking for Novarg Virus...
Sun Jun 05 01:17:17 2005 => Checking for Pagabot Virus...
Sun Jun 05 01:17:17 2005 => Checking for Parite.b Virus...
Sun Jun 05 01:17:17 2005 => Checking for Parite.a Virus...
Sun Jun 05 01:17:17 2005 => Checking for Adware.SeekSeek Virus...

Sun Jun 05 01:17:17 2005 => ***** Scanning complete. *****

Sun Jun 05 01:17:17 2005 => Total Objects Scanned: 7784
Sun Jun 05 01:17:17 2005 => Total Virus(es) Found: 43
Sun Jun 05 01:17:17 2005 => Total Disinfected Files: 0
Sun Jun 05 01:17:17 2005 => Total Files Renamed: 0
Sun Jun 05 01:17:17 2005 => Total Deleted Objects: 0
Sun Jun 05 01:17:17 2005 => Total Errors: 329
Sun Jun 05 01:17:17 2005 => Time Elapsed: 00:03:05
Sun Jun 05 01:17:17 2005 => Virus Database Date: 2005/06/04
Sun Jun 05 01:17:17 2005 => Virus Database Count: 133383

Sun Jun 05 01:17:17 2005 => Scan Completed.

cronos 06.06.2005 00:40
Falls das untergegangen sein sollte, gehe bitte wie von mir oben beschrieben vor.

jaltadi 09.06.2005 20:33
find.bat hast nie ausgefahren!

Trotzdem, nach ein schrecklickes kampf sind viren weg

Nur im _RESTORE sind sie noch gefunden

Vielen dank

jaltadi


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131