![]() |
infected by "Exploit.HTML.Mht" Virus! Hallo zusammen, im Moment arbeite ich auf Windows XP SP2 mit AntiVir und AVG als Virenscanner und Ad-Aware und Spybot. Habe heute einmal spasseshalber eScan drüber laufen lassen und nachfolgendes entdeckt: File C:\Dokumente und Einstellungen\M**s\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\zr0i3cv4.default\Cache\D9EE634Bd01 infected by "Exploit.HTML.Mht" Virus! Action Taken: File Renamed. Wenn ich die Meldung richtig verstehe, dann versteckt sich im Browser Cache ein Fießling :lmaa: . Natürlich habe ich sofort manuell nochmals den Cache gelöscht. Nur ist mein System jetzt wirklich rein? Ich würde mich über unterstützung von Euch freuen :D Anbei mein HiJackThis Logfile: Vielen Dank für Eure Hilfe Squiq Logfile of HijackThis v1.99.1 Scan saved at 16:36:16, on 12.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programme\AntiVir PersonalEdition Classic\sched.exe D:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe d:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\System32\drivers\PhiBtn.exe C:\WINDOWS\System32\drivers\Tray900.exe C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Spybot - Search & Destroy\TeaTimer.exe D:\Programme\FRITZ!DSL\StCenter.exe D:\Programme\FRITZ!DSL\FwebProt.exe C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe D:\Programme\Mozilla Firefox\firefox.exe C:\DOKUME~1\Ma**hias\LOKALE~1\Temp\mexe.com C:\DOKUME~1\Ma**hias\LOKALE~1\Temp\ScanningProcess.exe C:\WINDOWS\system32\taskmgr.exe C:\DOKUME~1\Ma**hias\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FRITZ!DSL Protect.lnk = D:\Programme\FRITZ!DSL\FwebProt.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = D:\Programme\FRITZ!DSL\StCenter.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - h**p://h20270.***2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - h**ps://h17000.***1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - d:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe |
...anbei noch das Ergebnis von eScan. Ein zweiter Scan blieb zum Glück ohne Meldungen :-) Aber ist das System jetzt auch sauber? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Microsoft Windows XP [Version 5.1.2600] Thu Apr 12 14:59:58 2007 => Version 9.1.9 (C:\DOKUME~1\M*\LOKALE~1\Temp\mexe.com) Thu Apr 12 00:17:45 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 00:19:48 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 01:35:28 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 01:37:48 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 02:13:04 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 03:40:01 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 09:18:39 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 10:13:36 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 10:13:48 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 10:13:52 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 10:23:11 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 10:31:29 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 10:32:56 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 14:59:21 2007 => Virus Database Date: 4/11/2007 Thu Apr 12 14:59:53 2007 => Virus Database Date: 4/12/2007 Thu Apr 12 16:16:00 2007 => Virus Database Date: 4/12/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thu Apr 12 00:22:03 2007 => System found infected with wareout Adware (3.dat)! Action taken: Entries Removed. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ Thu Apr 12 00:48:12 2007 => File C:\Dokumente und Einstellungen\M*\Anwendungsdaten\Thunderbird\Profiles\98f2a9ff.default\Mail\pop.gmx.net\Inbox//[From M* *i T*l <i**i@gmx.de>][Date Wed, 31 May 2006 23:50:41 +0200]/UNNAMED//[From M* *i T*... infected by "Email-Worm.Win32.Warezov.ev" Virus! Action Taken: No Action Taken. Thu Apr 12 02:30:29 2007 => File C:\Dokumente und Einstellungen\M*\Anwendungsdaten\Thunderbird\Profiles\98f2a9ff.default\Mail\pop.gmx.net\Inbox//[From M* *i T*l <i**i@gmx.de>][Date Wed, 31 May 2006 23:50:41 +0200]/UNNAMED//[From M* *i T*... infected by "Email-Worm.Win32.Warezov.ev" Virus! Action Taken: No Action Taken. Thu Apr 12 09:38:37 2007 => File C:\Dokumente und Einstellungen\M*\Anwendungsdaten\Thunderbird\Profiles\98f2a9ff.default\Mail\pop.gmx.net\Inbox//[From M* *i T*l <i**i@gmx.de>][Date Wed, 31 May 2006 23:50:41 +0200]/UNNAMED//[From M* *i T*... infected by "Email-Worm.Win32.Warezov.ev" Virus! Action Taken: No Action Taken. Thu Apr 12 15:24:36 2007 => File C:\Dokumente und Einstellungen\M*\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\zr0i3cv4.default\Cache\D9EE634Bd01 infected by "Exploit.HTML.Mht" Virus! Action Taken: File Renamed. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Thu Apr 12 00:22:03 2007 => Offending file found: C:\DOKUME~1\M*\LOKALE~1\ANWEND~1\hp\DIGITA~1\cache\3.dat ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Thu Apr 12 00:21:57 2007 => Offending Folder found: C:\Dokumente und Einstellungen\M*\Anwendungsdaten\load ~~~~~~~~~~~ Registry ~~~~~~~~~~~ Thu Apr 12 00:21:09 2007 => Offending Key found: HKLM\Software\magnet !!! Thu Apr 12 00:21:55 2007 => Offending Key found: HKCU\\magnet !!! Thu Apr 12 00:21:55 2007 => Offending Key found: HKLM\System\CurrentControlSet\Services\iprip !!! Thu Apr 12 00:21:55 2007 => Offending Key found: HKLM\System\ControlSet002\Services\iprip !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
..................? |
Alle Zeitangaben in WEZ +1. Es ist jetzt 11:26 Uhr. |
Copyright ©2000-2025, Trojaner-Board