|
Probleme mit der Auswertung Hallo, könntet ihr mir bitte bei der Auswertung meiner mwav.log helfen? Hab nicht wirklich viel Ahnung und bedanke mich schonmal für ne "einfache" Erklärung. Gruß Benjamin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:35:48 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:52 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:35:53 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Thu Oct 27 21:35:53 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:40:22 2005 => Total Disinfected Files: 0 Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:46:01 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:46:02 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Thu Oct 27 21:46:02 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:59:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77604A52.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77AB1000.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77C909DF.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. Thu Oct 27 22:12:59 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 22:13:45 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 22:20:10 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000538.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statisktiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 21:35:50 2005 => Offending Key found: HKLM\Software\edonkey2000 !!! Thu Oct 27 21:35:50 2005 => Offending Key found: HKCU\Software\gnu !!! Thu Oct 27 21:35:52 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:40:22 2005 => Total Virus(es) Found: 12 Thu Oct 27 21:45:58 2005 => Offending Key found: HKLM\Software\edonkey2000 !!! Thu Oct 27 21:45:58 2005 => Offending Key found: HKCU\Software\gnu !!! Thu Oct 27 21:46:01 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 22:20:10 2005 => Total Virus(es) Found: 21 Thu Oct 27 21:40:22 2005 => Total Errors: 48 Thu Oct 27 22:20:10 2005 => Total Errors: 49 Thu Oct 27 21:40:22 2005 => Time Elapsed: 00:05:15 Thu Oct 27 22:20:10 2005 => Time Elapsed: 00:34:37 Thu Oct 27 21:40:22 2005 => Total Objects Scanned: 23861 Thu Oct 27 22:20:10 2005 => Total Objects Scanned: 55804 Thu Oct 27 21:34:52 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:40:22 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:40:25 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:44:55 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 22:20:10 2005 => Virus Database Date: 2005/10/21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ |
Hallo B-Banjo, führe dies aus und poste die entspr. Logfiles: http://www.trojaner-board.de/showthread.php?t=21709 Bereinige Deine Registry z.B. mit Regseeker . Leere Deinen Papierkorb und den Quarantäne-Ordner Deiner Antivir-Progs. Deinstalliere sämtliche Filesharing-Programme (edonkey usw.). dartus |
Hallo, erstmal danke für die schnelle Hilfe. Hab hier jetzt die Logfiles von hijackthis und escan. Logfile of HijackThis v1.99.1 Scan saved at 22:06:21, on 28.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\wdfmgr.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\Programme\Motherboard Monitor 5\MBM5.EXE C:\Programme\Winamp\winampa.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\phonostar\ps_agent.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\FRITZ!DSL\FritzDsl.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Benji\LOKALE~1\Temp\Rar$EX00.453\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [MBM 5] "C:\Programme\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\System32\rdirector.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FRITZ!web DSL.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{D464DC66-6CF0-4D7D-9C36-A42B670FC959}: NameServer = 192.168.122.252,192.168.122.253 O20 - Winlogon Notify: st3i - C:\WINDOWS\q766250.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe E-Scan alt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 21:35:16 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:35:48 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:49 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:35:52 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:35:53 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Thu Oct 27 21:35:53 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:40:22 2005 => Total Disinfected Files: 0 Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 21:45:21 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:45:57 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Oct 27 21:46:01 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:46:02 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Thu Oct 27 21:46:02 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Thu Oct 27 21:59:50 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77604A52.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77AB1000.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. Thu Oct 27 21:59:51 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77C909DF.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus! Action Taken: No Action Taken. Thu Oct 27 22:12:59 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Thu Oct 27 22:13:45 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Thu Oct 27 22:20:10 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000538.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken. Thu Oct 27 22:02:39 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statisktiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Oct 27 21:35:50 2005 => Offending Key found: HKLM\Software\edonkey2000 !!! Thu Oct 27 21:35:50 2005 => Offending Key found: HKCU\Software\gnu !!! Thu Oct 27 21:35:52 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Thu Oct 27 21:35:53 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:40:22 2005 => Total Virus(es) Found: 12 Thu Oct 27 21:45:58 2005 => Offending Key found: HKLM\Software\edonkey2000 !!! Thu Oct 27 21:45:58 2005 => Offending Key found: HKCU\Software\gnu !!! Thu Oct 27 21:46:01 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Thu Oct 27 21:46:02 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Thu Oct 27 22:20:10 2005 => Total Virus(es) Found: 21 Thu Oct 27 21:40:22 2005 => Total Errors: 48 Thu Oct 27 22:20:10 2005 => Total Errors: 49 Thu Oct 27 21:40:22 2005 => Time Elapsed: 00:05:15 Thu Oct 27 22:20:10 2005 => Time Elapsed: 00:34:37 Thu Oct 27 21:40:22 2005 => Total Objects Scanned: 23861 Thu Oct 27 22:20:10 2005 => Total Objects Scanned: 55804 Thu Oct 27 21:34:52 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:40:22 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:40:25 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 21:44:55 2005 => Virus Database Date: 2005/10/21 Thu Oct 27 22:20:10 2005 => Virus Database Date: 2005/10/21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ E-Scan neu: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Oct 28 14:48:41 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Fri Oct 28 14:48:41 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Fri Oct 28 14:49:19 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Fri Oct 28 14:49:19 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Fri Oct 28 14:49:22 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Fri Oct 28 14:49:22 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Fri Oct 28 14:49:22 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Fri Oct 28 15:18:03 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Fri Oct 28 15:19:08 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Fri Oct 28 15:26:39 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000522.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken. Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000524.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. Fri Oct 28 15:06:17 2005 => File C:\RECYCLER\NPROTECT\00000543.EXE tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Oct 28 14:49:20 2005 => Offending Key found: HKCU\Software\gnu !!! Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Fri Oct 28 14:49:22 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Fri Oct 28 15:26:39 2005 => Total Virus(es) Found: 13 Fri Oct 28 15:26:39 2005 => Total Errors: 21 Fri Oct 28 15:26:39 2005 => Time Elapsed: 00:37:55 Fri Oct 28 15:26:39 2005 => Total Objects Scanned: 56065 Fri Oct 28 14:48:21 2005 => Virus Database Date: 2005/10/21 Fri Oct 28 15:26:39 2005 => Virus Database Date: 2005/10/21 Fri Oct 28 15:27:18 2005 => Virus Database Date: 2005/10/21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Gruß Benjamin |
Hallo B-Banjo, das sieht genauso aus wie vorher. Hast Du "smitrem" angewendet? Escan ist auch nicht upgedatet! dartus |
Hallo, ich hab jetzt nochmal alles gemacht. Hab smitrem angewendet, allerdings hab ich das vorher auch schon. Beim 1. Mal war ich als normaler Benutzer angemeldet, diesmal als Administrator. Kanns an dem liegen? Auf jeden Fall sieht meine Log File immer noch sehr ähnlich wie die vorher aus. Keine Ahnung was ich falsch mache. Hab mir jetzt escan nochmal runtergeladen. Hoff das ist ne neuere Version. Für ein Update müsst ichs ja kaufen, oder? Gruß Benjamin Logfile of HijackThis v1.99.1 Scan saved at 13:59:54, on 29.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\Motherboard Monitor 5\MBM5.EXE C:\Programme\Winamp\winampa.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\alg.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\phonostar\ps_agent.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\wdfmgr.exe C:\Programme\FRITZ!DSL\FritzDsl.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\B**\LOKALE~1\Temp\Rar$EX00.406\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [MBM 5] "C:\Programme\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FRITZ!web DSL.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{D464DC66-6CF0-4D7D-9C36-A42B670FC959}: NameServer = 192.168.122.252,192.168.122.253 O20 - Winlogon Notify: st3i - C:\WINDOWS\q766250.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Sat Oct 29 12:13:10 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Sat Oct 29 12:13:10 2005 => File C:\WINDOWS\System32\OLEEXT.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Sat Oct 29 12:13:48 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. Sat Oct 29 12:13:48 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Sat Oct 29 12:13:51 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. Sat Oct 29 12:13:51 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken. Sat Oct 29 12:45:23 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. Sat Oct 29 12:46:28 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. Sat Oct 29 12:56:44 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Sat Oct 29 12:13:51 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat Sat Oct 29 12:13:51 2005 => Offending file found: C:\Dokumente und Einstellungen\B**\Eigene Dateien\fifa 2005\user\config.dat Sat Oct 29 12:56:44 2005 => Total Virus(es) Found: 8 Sat Oct 29 12:56:44 2005 => Total Errors: 46 Sat Oct 29 12:56:44 2005 => Time Elapsed: 00:43:15 Sat Oct 29 12:56:44 2005 => Total Objects Scanned: 56448 Sat Oct 29 12:12:52 2005 => Virus Database Date: 2005/10/21 Sat Oct 29 12:56:44 2005 => Virus Database Date: 2005/10/21 Sat Oct 29 13:43:42 2005 => Virus Database Date: 2005/10/21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 23:55 Uhr. |
Copyright ©2000-2025, Trojaner-Board