Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   LogFile (https://www.trojaner-board.de/19403-logfile.html)

Estel 30.06.2005 09:58
LogFile
 
Ich glaub, ich hab so allerhand Sachen auf dem Computer, die da nicht hingehören. Kann sich das bitte jemand angucken?

-------------
Logfile of HijackThis v1.99.1
Scan saved at 10:16:17, on 30.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Programme\CA\eTrust Antivirus\realmon.exe
C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Tbridge\Flatbed.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\WkDStore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wetterzentrale.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ebay.doubleclick.net/clk;NEW_15;8793645;k?http://cgi.ebay.de/ws/eBayISAPI.dll?ViewItem&item=6381288680&ssPageName=ADME:B:RECO:DE:2
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Programme\NavExcel\NavHelper\v2.0.4d\NHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\Programme\CA\eTrust Antivirus\realmon.exe
O4 - HKLM\..\Run: [navapp] C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Detector.lnk = ?
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119453248562
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--------------

Und dieses www.aldi.com habe ich nie irgendwo eingestellt...

Gruß
Estel
_____________
Anm.
Aktive Links editiert!
Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis.


LG Cidre
S-Mod TB

dartus 30.06.2005 10:21
Hallo Estel,

deinstalliere über Systemsteuerung/Software "NavExel oder NavHelper" sowie alle Dir unbekannte und zweifelhaft Software.

Desweiteren downloade Dir clearprog, nimm eine Datenträgerbereinigung vor (Häckchen bei “alles Löschen” und auf “löschen” klicken) und leere den Quarantäne-Ordner Deines Antivir-Programms.
Führe dannEscan aus und halte Dich genau an die Anleitung (abgesicherter Modus, Häckchen korrekt setzen, "Find.bat" anwenden usw.)

dartus

Estel 30.06.2005 21:09
dartus: so, alles gemacht.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

System found infected with ElitebarBHO Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken.

System found infected with ElitebarBHO Spyware/Adware ({28caeff3-0f18-4036-b504-51d73bd81abc})! Action taken: No Action Taken.

System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with NetPal Spyware/Adware ({00000ef1-0786-4633-87c6-1aa7a44296da})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with NetPal Spyware/Adware ({ef100007-f409-426a-9e7c-cb211f2a9786})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.

Thu Jun 30 10:42:19 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.

Thu Jun 30 10:44:13 2005 => File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:13 2005 => File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:43 2005 => File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Exidl.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:59 2005 => File C:\WINDOWS\system32\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:59 2005 => File C:\WINDOWS\system32\megaV2Wbr.dll infected by "Trojan-Dropper.Win32.Small.uv" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:45:44 2005 => File C:\WINDOWS\system32\setup_incred_10.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:45:47 2005 => File C:\WINDOWS\system32\Splpmt.dll infected by "Trojan-Dropper.Win32.Noname.a" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:45:55 2005 => File C:\WINDOWS\system32\tvmk1.dll infected by "Trojan-Dropper.Win32.Small.ly" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:46:01 2005 => File C:\WINDOWS\system32\vm_d.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:46:01 2005 => File C:\WINDOWS\system32\vm_d.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:31:40 2005 => File C:\Programme\Common Files\updater\delupdat.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:31:40 2005 => File C:\Programme\Common Files\updater\sui.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:31:40 2005 => File C:\Programme\Common Files\updater\wupdater.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:37:55 2005 => File C:\Programme\IncrediFind\BHO\IncFindBHO.dll infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:55:28 2005 => File C:\Programme\sf\sf.exe infected by "Trojan-Downloader.Win32.Small.hs" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:05:13 2005 => File C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with ElitebarBHO Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with ElitebarBHO Spyware/Adware ({28caeff3-0f18-4036-b504-51d73bd81abc})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with NetPal Spyware/Adware ({00000ef1-0786-4633-87c6-1aa7a44296da})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with NetPal Spyware/Adware ({ef100007-f409-426a-9e7c-cb211f2a9786})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken.

Thu Jun 30 12:06:03 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.

Thu Jun 30 12:08:08 2005 => File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:08 2005 => File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:38 2005 => File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Exidl.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:55 2005 => File C:\WINDOWS\system32\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:55 2005 => File C:\WINDOWS\system32\megaV2Wbr.dll infected by "Trojan-Dropper.Win32.Small.uv" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:37 2005 => File C:\WINDOWS\system32\setup_incred_10.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:40 2005 => File C:\WINDOWS\system32\Splpmt.dll infected by "Trojan-Dropper.Win32.Noname.a" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:48 2005 => File C:\WINDOWS\system32\tvmk1.dll infected by "Trojan-Dropper.Win32.Small.ly" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:54 2005 => File C:\WINDOWS\system32\vm_d.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:54 2005 => File C:\WINDOWS\system32\vm_d.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:45:03 2005 => File C:\Programme\Common Files\updater\delupdat.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:45:03 2005 => File C:\Programme\Common Files\updater\sui.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:45:03 2005 => File C:\Programme\Common Files\updater\wupdater.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:51:27 2005 => File C:\Programme\IncrediFind\BHO\IncFindBHO.dll infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:09:17 2005 => File C:\Programme\sf\sf.exe infected by "Trojan-Downloader.Win32.Small.hs" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:17:18 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0063051.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:17:53 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0080438.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:18:02 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP109\A0080518.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:18:36 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP110\A0081394.EXE infected by "Backdoor.Win32.Agobot.hl" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:19:06 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP115\A0083909.exe infected by "Backdoor.Win32.Agobot.hl" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:20:38 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP55\A0025784.exe infected by "Backdoor.Win32.Rirc.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:15 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP79\A0039782.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:21 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP80\A0039863.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:23 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP80\A0039899.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:32 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP81\A0040103.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:25:21 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP93\A0043695.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:25:30 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP94\A0043856.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:25:31 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP94\A0043885.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:12 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP99\A0049567.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:13 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP99\A0050618.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:14 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP99\A0052619.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:53 2005 => File C:\updaterInstall_112.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:46:11 2005 => File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:46:11 2005 => File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:47:15 2005 => File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Exidl.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:47:28 2005 => File C:\WINDOWS\system32\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:47:28 2005 => File C:\WINDOWS\system32\megaV2Wbr.dll infected by "Trojan-Dropper.Win32.Small.uv" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:19 2005 => File C:\WINDOWS\system32\setup_incred_10.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:24 2005 => File C:\WINDOWS\system32\Splpmt.dll infected by "Trojan-Dropper.Win32.Noname.a" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:45 2005 => File C:\WINDOWS\system32\tvmk1.dll infected by "Trojan-Dropper.Win32.Small.ly" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:53 2005 => File C:\WINDOWS\system32\vm_d.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:53 2005 => File C:\WINDOWS\system32\vm_d.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:57:14 2005 => File D:\aaaaa\prog\mIRC\mirc.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 14:12:12 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jun 30 10:40:55 2005 => File C:\WINDOWS\System32\ATPART~1.DLL tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 10:40:55 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\NHelper.dll tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 10:41:01 2005 => File C:\WINDOWS\Dit.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 10:41:02 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 10:43:48 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 10:44:12 2005 => File C:\WINDOWS\system32\ATPartners.dll tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 10:45:44 2005 => File C:\WINDOWS\system32\SHAgentNew.dll tagged as "not-a-virus:AdWare.Sahat.g". Action Taken: No Action Taken.

Thu Jun 30 10:45:44 2005 => File C:\WINDOWS\system32\shawn_1.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.ac". Action Taken: No Action Taken.

Thu Jun 30 10:46:04 2005 => File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.

Thu Jun 30 11:31:52 2005 => File C:\Programme\DS9\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:32:10 2005 => File C:\Programme\EasyDivX\Install\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:32:11 2005 => File C:\Programme\EasyDivX\softs\ck.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

Thu Jun 30 11:32:15 2005 => File C:\Programme\EasyDivX2\cd1\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:34:00 2005 => File C:\Programme\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:34:17 2005 => File C:\Programme\GameSpy Arcade\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:53:35 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\NHUninstaller.exe tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 11:54:31 2005 => File C:\Programme\Opera\Plugins\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:54:33 2005 => File C:\Programme\OutpostInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:05:13 2005 => File C:\WINDOWS\System32\ATPART~1.DLL tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 12:05:17 2005 => File C:\WINDOWS\Dit.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 12:07:43 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 12:08:07 2005 => File C:\WINDOWS\system32\ATPartners.dll tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 12:09:37 2005 => File C:\WINDOWS\system32\SHAgentNew.dll tagged as "not-a-virus:AdWare.Sahat.g". Action Taken: No Action Taken.

Thu Jun 30 12:09:37 2005 => File C:\WINDOWS\system32\shawn_1.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.ac". Action Taken: No Action Taken.

Thu Jun 30 12:09:56 2005 => File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.

Thu Jun 30 12:45:15 2005 => File C:\Programme\DS9\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:45:31 2005 => File C:\Programme\EasyDivX\Install\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:45:32 2005 => File C:\Programme\EasyDivX\softs\ck.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

Thu Jun 30 12:45:36 2005 => File C:\Programme\EasyDivX2\cd1\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:47:23 2005 => File C:\Programme\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:47:41 2005 => File C:\Programme\GameSpy Arcade\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:07:25 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\NHUninstaller.exe tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 13:08:16 2005 => File C:\Programme\Opera\Plugins\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:08:18 2005 => File C:\Programme\OutpostInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:14:35 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0061067.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:15:26 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0061343.exe tagged as "not-a-virus:Porn-Dialer.Win32.ALifeDialer". Action Taken: No Action Taken.

Thu Jun 30 13:25:57 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP97\A0047249.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:30:30 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 13:46:10 2005 => File C:\WINDOWS\system32\ATPartners.dll tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 13:47:26 2005 => File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:48:20 2005 => File C:\WINDOWS\system32\SHAgentNew.dll tagged as "not-a-virus:AdWare.Sahat.g". Action Taken: No Action Taken.
Thu Jun 30 13:48:20 2005 => File C:\WINDOWS\system32\shawn_1.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.ac". Action Taken: No Action Taken.

Thu Jun 30 13:49:04 2005 => File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.

Thu Jun 30 13:56:47 2005 => File D:\aaaaaaaaa\prog\DivX505Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:56:47 2005 => File D:\Aaaaaaaaa\prog\DivXLand_MediaSub_170.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:56:59 2005 => File D:\Aaaaaaaaaaa\prog\EasyDivX_0820_standard.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

Thu Jun 30 13:57:01 2005 => File D:\Aaaaa\prog\fgf165.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:57:14 2005 => File D:\aaaaa\prog\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.

Thu Jun 30 13:57:14 2005 => File D:\aaaaa\prog\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.

Thu Jun 30 13:57:18 2005 => File D:\aaaaaaaa\prog\npfg11.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:58:44 2005 => File D:\aaaaaaaaaa\prog\WinMPG_VideoConvert.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 14:06:07 2005 => File D:\Tools\DiVX Video\DivX505Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 14:06:51 2005 => File D:\Tools\ISDN\Classic Phonetools\driver\Setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 14:06:52 2005 => File D:\Tools\ISDN\Classic Phonetools\Goodies\awebpro.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jun 30 14:12:12 2005 => Total Virus(es) Found: 97
Thu Jun 30 14:12:12 2005 => Total Errors: 1648
Thu Jun 30 14:12:12 2005 => Time Elapsed: 02:06:35
Thu Jun 30 14:12:12 2005 => Total Objects Scanned: 145753
Thu Jun 30 10:39:56 2005 => Virus Database Date: 2005/06/24
Thu Jun 30 12:04:26 2005 => Virus Database Date: 2005/06/24
Thu Jun 30 14:12:12 2005 => Virus Database Date: 2005/06/24
Thu Jun 30 14:14:40 2005 => Virus Database Date: 2005/06/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Und was bedeutet das "tagged as" und "offending value" überhaupt?
Bringt das überhaupt noch was, das Ganze per Hand zu bereinigen??


Gruß
Estel

chaosman 30.06.2005 21:21
@Estel
Bringt das überhaupt noch was, das Ganze per Hand zu bereinigen??

Ich würde an deiner Stelle das System neuaufsetzen(format).
Du hast soviel Malware und downloader im System, neuaufsetzen geht schneller.

hier eine Anleitung
http://www.trojaner-board.de/showpos...28&postcount=2
sry
chaosman

Estel 30.06.2005 22:01
Das habe ich befürchtet. Habe auch nichts gegen ein Neuaufsetzen. Bloß: wenn ich meine Daten jetzt sichere (CD, DVD oder externe Festplatte), wie kann ich dann sichergehen, dass ich nachher nicht wieder was drauf habe? Reicht es aus, nur die Dateien bei "infected" zu meiden (wäre ja dann nur mirc, und das benutze ich schon ewig nicht mehr, von daher kommt es zur Sicherung auch nicht in Frage)?

Cidre 30.06.2005 22:12
Wirklich sicher gehen kannst du nur, wenn du keine Daten/Dateien vom durchseuchten- in dein neues und sauberes System integrierst.
Falls doch, dann prüfe die CD/DVD mit eScan gegen, bevor du diese integrierst.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131