| freddy0815 | 13.11.2008 20:02 |
Sammelsurium an Würmern, Trojanern...Formatieren?
Hallo,
der Rechner meiner Mitbewohnerin gleicht einem Sammelsurium aller möglichen Schädlinge. Mit dem HJT-Log File konnte ich gerade mal einen Trojaner manuell entfernen. Habe nun den eScan im abgesicherten Modus laufen lassen. Hier das log-File: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 13 06:24:59 2008 => System found infected with combo Spyware/Adware ({3c78b8e2-6c4d-11d1-ade2-0000f8754b99})! Action taken: No Action Taken.
Thu Nov 13 06:24:59 2008 => System found infected with etlrlws toolbar Toolbar ({f4d76f09-7896-458a-890f-e1f05c46069f})! Action taken: No Action Taken.
Thu Nov 13 06:24:59 2008 => System found infected with etlrlws toolbar Toolbar ({f4d76f09-7896-458a-890f-e1f05c46069f})! Action taken: No Action Taken.
Thu Nov 13 06:25:21 2008 => System found infected with combo Spyware/Adware (C:\WINDOWS\system32\win.com)! Action taken: No Action Taken.
Thu Nov 13 06:25:24 2008 => System found infected with combo Spyware/Adware (hklm\software\policies\microsoft\windowsfirewall\domainprofile/enablefirewall)! Action taken: No Action Taken.
Thu Nov 13 06:25:26 2008 => System found infected with rohbot Worm (C:\WINDOWS\system32\pskill.exe)! Action taken: No Action Taken.
Thu Nov 13 06:25:27 2008 => System found infected with combo Spyware/Adware (C:\WINDOWS\system32\win.com)! Action taken: No Action Taken.
Thu Nov 13 06:25:28 2008 => System found infected with combo Spyware/Adware (C:\WINDOWS\system32\win.com)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hklm\system\currentcontrolset\services\lanmanserver\parameters/autosharewks)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hkus\.default\software\microsoft\internet explorer\new windows)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hklm\system\currentcontrolset\services\lanmanserver\parameters/autoshareserver)! Action taken: No Action Taken.
Thu Nov 13 06:25:29 2008 => System found infected with combo Spyware/Adware (hklm\software\microsoft\windows\currentversion\run/alcmtr)! Action taken: No Action Taken.
Thu Nov 13 06:26:07 2008 => File C:\WINDOWS\wksvcsc.MSNFix infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:28:00 2008 => File C:\WINDOWS\system32\uckif.MSNFix infected by "Email-Worm.Win32.Agent.ck" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:29:00 2008 => File C:\ddggs.MSNFix infected by "Backdoor.Win32.IRCBot.dsf" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:29:00 2008 => File C:\dgs.MSNFix infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:36:37 2008 => File C:\Documents and Settings\WTrust-Enigma\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpwmuz95.default\Cache\49A370C6d01 infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 06:55:20 2008 => File C:\Program Files\MSNFix\22062008_18433351.zip/backup/ddggs.exe infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:07:12 2008 => File C:\WINDOWS\system32\kazaabackupfiles\download_me.exe//PE_Patch.PECompact//PecBundle//PECompact infected by "P2P-Worm.Win32.SpyBot.gen" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:08:45 2008 => File C:\WINDOWS\system32\uckif.MSNFix infected by "Email-Worm.Win32.Agent.ck" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:09:30 2008 => File C:\WINDOWS\wksvcsc.MSNFix infected by "Trojan.Win32.StartPage.bhg" Virus! Action Taken: No Action Taken.
Thu Nov 13 07:25:16 2008 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 13 06:24:02 2008 => File C:\PROGRA~1\AskPBar\bar\1.bin\ASKPBAR.DLL tagged as "not-a-virus:WebToolbar.Win32.MyWebSearch.a". No Action Taken.
Thu Nov 13 06:24:04 2008 => File C:\PROGRA~1\AskPBar\bar\1.bin\ASKPBAR.DLL tagged as "not-a-virus:WebToolbar.Win32.MyWebSearch.a". No Action Taken.
Thu Nov 13 06:44:55 2008 => File C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL tagged as "not-a-virus:WebToolbar.Win32.MyWebSearch.a". No Action Taken.
Thu Nov 13 07:01:38 2008 => File C:\Program Files\Windows Trust\axhelper.exe//UPX tagged as "not-a-virus:PSWTool.Win32.IEPassView.l". No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 13 06:25:07 2008 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Thu Nov 13 06:25:21 2008 => Offending file found: C:\WINDOWS\system32\win.com
Thu Nov 13 06:25:24 2008 => Offending Registry Entry found: hklm\software\policies\microsoft\windowsfirewall\domainprofile/enablefirewall
Thu Nov 13 06:25:26 2008 => Offending file found: C:\WINDOWS\system32\pskill.exe
Thu Nov 13 06:25:27 2008 => Offending file found: C:\WINDOWS\system32\win.com
Thu Nov 13 06:25:28 2008 => Offending file found: C:\WINDOWS\system32\win.com
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hklm\system\currentcontrolset\services\lanmanserver\parameters/autosharewks
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hkus\.default\software\microsoft\internet explorer\new windows
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hklm\system\currentcontrolset\services\lanmanserver\parameters/autoshareserver
Thu Nov 13 06:25:29 2008 => Offending Registry Entry found: hklm\software\microsoft\windows\currentversion\run/alcmtr
Thu Nov 13 07:25:17 2008 => Total Errors: 176
Thu Nov 13 07:25:17 2008 => Time Elapsed: 01:06:03
Thu Nov 13 07:25:16 2008 => Total Objects Scanned: 104713
Sun Aug 19 11:23:56 2007 => Virus Database Date: 8/18/2007
Sun Aug 19 11:24:14 2007 => Virus Database Date: 8/19/2007
Wed Nov 12 23:06:48 2008 => Virus Database Date: 8/19/2007
Wed Nov 12 23:32:04 2008 => Virus Database Date: 11/12/2008
Wed Nov 12 23:44:05 2008 => Virus Database Date: 11/12/2008
Thu Nov 13 07:25:17 2008 => Virus Database Date: 11/12/2008
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lassen sich alle diese Schädlinge manuell entfernen?
Wäre für Tipps aller Art dankbar, bevor ich nach stundemlangem manuellen entfernen beim letzten Trojaner scheiter und doch alles formatieren muss. Dann lieber gleich.
Danke im Voraus,
freddy0815 | 