|
Schaut mal bitte ... eScan & Hijack Log Könntet ihr des bitte mal prüfen!? Danke! Gruß LeXy eScan: Thu Oct 06 17:13:55 2005 => Offending Key found: HKCU\Software\casino !!! Thu Oct 06 17:14:02 2005 => Object "gohip Spyware/Adware" found in File System! Action Taken: Keine Aktion vorgenommen. Thu Oct 06 17:14:06 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas Thu Oct 06 17:14:06 2005 => Object "casinoclient Spyware/Adware" found in File System! Action Taken: Keine Aktion vorgenommen. Thu Oct 06 17:14:09 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas Thu Oct 06 17:14:09 2005 => Object "casinoclient Spyware/Adware" found in File System! Action Taken: Keine Aktion vorgenommen. Thu Oct 06 17:14:09 2005 => Offending file found: C:\WINDOWS\iun6002.exe Thu Oct 06 17:14:09 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: Keine Aktion vorgenommen. Hijackthis: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [RemoteControl] F:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_ 04\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [GameJack 5] F:\Programme\GameJack 5\GameJack.exe -autorun O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] F:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SAFE8] "F:\Programme\Steganos Safe 8\SAFE8.exe" -boot O4 - HKCU\..\Run: [PcSync] F:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digitale Telefonauskunft 2005 - Schnellstarter.lnk = C:\Programme\Digitale Telefonauskunft\Digitale Telefonauskunft 2005\KSTART32.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109864001078 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programme\ANYCOM\Blue USB-130-250\bin\btwdins.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe |
Werder der Escan- noch der Hijackthis-Log sind vollständig! Lies dir speziell für den Escan-Log nochmal die Anleitung durch, wie die Ergebnisse übermittelt werden sollen. |
okay, so besser? Funde für "infected" Thu Oct 06 17:14:09 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: Keine Aktion vorgenommen. Thu Oct 06 17:43:28 2005 => Scanne Verzeichniss: F:\Programme\AVPersonal\INFECTED\*.* Funde für "offending" Thu Oct 06 17:13:55 2005 => Offending Key found: HKCU\Software\casino !!! Thu Oct 06 17:14:06 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas Thu Oct 06 17:14:09 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas Thu Oct 06 17:14:09 2005 => Offending file found: C:\WINDOWS\iun6002.exe Summary: Thu Oct 06 18:07:26 2005 => Gescannte Dateien: 80138 Thu Oct 06 18:07:26 2005 => Gefundene Viren: 4 Thu Oct 06 18:07:26 2005 => Anzahl der desinfizierten Dateien: 0 Thu Oct 06 18:07:26 2005 => Umbenannte Dateien: 0 Thu Oct 06 18:07:26 2005 => Anzahl der gelöschten Dateien: 0 Thu Oct 06 18:07:26 2005 => Anzahl Fehler: 101 Thu Oct 06 18:07:26 2005 => Zeit vergangen: 00:53:24 Thu Oct 06 18:07:26 2005 => Virus Datenbank Datum: 2005/10/04 Thu Oct 06 18:07:26 2005 => Virus Datenbank Zähler: 152426 |
HJT-Log Logfile of HijackThis v1.99.1 Scan saved at 19:10:19, on 06.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE F:\PROGRAMME\AVPERSONAL\AVGUARD.EXE F:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\SOUNDMAN.EXE F:\Programme\ANYCOM\Blue USB-130-250\bin\btwdins.exe F:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe F:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE F:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SLEE12.exe F:\Programme\GameJack 5\GameJack.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe F:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe F:\Programme\Microsoft ActiveSync\WCESCOMM.EXE F:\Programme\Steganos Safe 8\SAFE8.exe F:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programme\Messenger\msmsgs.exe F:\Programme\ANYCOM\Blue USB-130-250\BTTray.exe C:\Programme\Digitale Telefonauskunft\Digitale Telefonauskunft 2005\KSTART32.EXE C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\ctfmon.exe F:\Programme\Firefox\firefox.exe C:\Dokumente und Einstellungen\***\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [RemoteControl] F:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [GameJack 5] F:\Programme\GameJack 5\GameJack.exe -autorun O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] F:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SAFE8] "F:\Programme\Steganos Safe 8\SAFE8.exe" -boot O4 - HKCU\..\Run: [PcSync] F:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digitale Telefonauskunft 2005 - Schnellstarter.lnk = C:\Programme\Digitale Telefonauskunft\Digitale Telefonauskunft 2005\KSTART32.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109864001078 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programme\ANYCOM\Blue USB-130-250\bin\btwdins.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 19:53 Uhr. |
Copyright ©2000-2025, Trojaner-Board