Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Agent.BI und HTML/Exploit.Mh.B.1 (https://www.trojaner-board.de/16993-tr-agent-bi-html-exploit-mh-b-1-a.html)

woidl 23.04.2005 16:58
TR/Agent.BI und HTML/Exploit.Mh.B.1
 
AntiVir meldet seit heute früh immer wieder TR/Agent.BI.
Einmal auch HTML/Exploit.Mh.B.1.
ZoneAlarm meldet immer wieder, dass apidj32.exe versucht, auf das Internet zuzugreifen. Vermute, dass diese .exe mit dem Trojaner zusammenhängt.
Bin selber in Computerangelegenheiten nicht sehr fit und benötige daher dringend Hilfe.
Danke im voraus!
Woidl

Cidre 23.04.2005 17:15
Hallo woidl,

erstelle mit Hilfe dieser bebilderten Anleitung ein HiJackThis Log-File und poste es hier rein.
Persönliche Informationen, wie Benutzername und dergleichen, bitte unkenntlich machen.

woidl 23.04.2005 17:47
Hallo Cidre!

Hier das HJT logfile. Hoffe, ich hab alles richtig gemacht.
Kannst Du was rauslesen?


Logfile of HijackThis v1.99.0
Scan saved at 18:38:47, on 23.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
E:\programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\apidj32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rkzax.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rkzax.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rkzax.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rkzax.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rkzax.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rkzax.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rkzax.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {283715D8-4B32-91ED-58C5-CDF8C4F6A0D0} - C:\WINDOWS\sdkbp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [iegs32.exe] C:\WINDOWS\system32\iegs32.exe
O4 - HKLM\..\Run: [7.tmp] C:\DOKUME~1\Walter\LOKALE~1\Temp\7.tmp.exe 3 10001
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Programme\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [apidj32.exe] C:\WINDOWS\apidj32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\winbx32.exe (file missing)
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

cronos 23.04.2005 18:02
Das sieht nicht gut aus.

Lad dir bitte Escan runter:
http://www.trojaner-board.de/42731-escan-anleitung.html
Führe die gegebene Anleitung bitte genau so aus, wie sie da steht.

Teile uns da Ergebnis mit,dazu

Speichere außerdem diese Datei mittels Rechtsklick-> "Ziel speichern unter..." auf deiner Festplatte. Führe sie nach dem Scan mit eScan aus (Doppelklick). Danach solltest du die Datei C:\eScan_neu.txt auf deiner Festplatte finden. Den Inhalt dieser Datei postest du dann bitte in diesen Thread.

woidl 24.04.2005 08:26
Hallo,

hab alles nach Anleitung ausgeführt.
Unten der Inhalt von eScan_neu.txt.
Sieht schlimm aus - was mach ich jetzt?
Danke u. Gruß
Woidl


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 00:03:28 2005 => File C:\WINDOWS\sdkbp32.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:36 2005 => File C:\WINDOWS\apidj32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => System found infected with cydoor Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => File System Found infected by "cydoor Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 00:03:46 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:48 2005 => File C:\WINDOWS\jxdrye.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:03:50 2005 => File C:\WINDOWS\jzidoy.dat infected by "Trojan-Downloader.Win32.Agent.lz" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:14:35 2005 => File C:\WINDOWS\jxdrye.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:15:23 2005 => File C:\WINDOWS\jzidoy.dat infected by "Trojan-Downloader.Win32.Agent.lz" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:21:20 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:22:24 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AWYWYWKR\gxbplug[1].dll infected by "not-a-virus:AdWare.GXB.a" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:41:15 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Apr 24 00:49:04 2005 => File E:\Treiber u Utilities\Musikprogramme\KaZaa\KaZaa_exe\kmd161_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:49:06 2005 => File E:\Treiber u Utilities\Musikprogramme\KaZaa\KaZaa_exe\kmd171gu_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 00:58:07 2005 => Total Disinfected Files: 0
Sun Apr 24 08:17:38 2005 => File C:\WINDOWS\sdkbp32.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:17:46 2005 => File C:\WINDOWS\apidj32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => System found infected with cydoor Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => File System Found infected by "cydoor Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 08:17:56 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:17:58 2005 => File C:\WINDOWS\jxdrye.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:18:00 2005 => File C:\WINDOWS\jzidoy.dat infected by "Trojan-Downloader.Win32.Agent.lz" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:28:46 2005 => File C:\WINDOWS\jxdrye.log infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:29:36 2005 => File C:\WINDOWS\jzidoy.dat infected by "Trojan-Downloader.Win32.Agent.lz" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:35:57 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:37:04 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AWYWYWKR\gxbplug[1].dll infected by "not-a-virus:AdWare.GXB.a" Virus. Action Taken: No Action Taken.
Sun Apr 24 08:56:25 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Apr 24 09:04:08 2005 => File E:\Treiber u Utilities\Musikprogramme\KaZaa\KaZaa_exe\kmd161_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 09:04:10 2005 => File E:\Treiber u Utilities\Musikprogramme\KaZaa\KaZaa_exe\kmd171gu_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 09:13:21 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 00:37:36 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 00:44:57 2005 => File C:\j2sdk1.4.2\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 00:45:18 2005 => File C:\j2sdk1.4.2\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 00:48:34 2005 => File E:\Treiber u Utilities\Musikprogramme\napv2b7.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun Apr 24 08:52:34 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 09:00:00 2005 => File C:\j2sdk1.4.2\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 09:00:21 2005 => File C:\j2sdk1.4.2\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 09:03:38 2005 => File E:\Treiber u Utilities\Musikprogramme\napv2b7.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 00:58:07 2005 => Total Virus(es) Found: 19
Sun Apr 24 09:13:21 2005 => Total Virus(es) Found: 19
Sun Apr 24 00:58:07 2005 => Total Errors: 6
Sun Apr 24 09:13:21 2005 => Total Errors: 2
Sun Apr 24 00:58:07 2005 => Time Elapsed: 00:55:05
Sun Apr 24 09:13:21 2005 => Time Elapsed: 00:56:09
Sun Apr 24 00:58:07 2005 => Total Objects Scanned: 52104
Sun Apr 24 09:13:21 2005 => Total Objects Scanned: 52097
Sun Apr 24 00:02:23 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 00:58:07 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 01:20:51 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 08:16:43 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 09:13:21 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 09:18:33 2005 => Virus Database Date: 2005/04/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Rene-gad 24.04.2005 09:02
@woidl
Zitat:
Sieht schlimm aus - was mach ich jetzt?
Als erster Schritt musst du Kazaa deinstallieren, Spybot Search & Destroy herunterladen und alle Probleme beheben.
Zitat:
C:\WINDOWS\sdkbp32.dll
C:\WINDOWS\apidj32.exe
C:\WINDOWS\jxdrye.log
C:\WINDOWS\jzidoy.dat
Diese Dateien im abgesicherten Modus löschen.
Dieses Bereinigungsprogramm hilft dir, den ganzen Müll aus den Temp-Ordner und Papierkorb zu entfernen.
Ordner C:\Programme\AVPersonal\INFECTED\*.* leeren.
Danach eScan wiederholen.

Haui45 24.04.2005 10:57
Vor dem erneuten Scan mit eScan bitte die alte mwav.log löschen!

woidl 24.04.2005 19:52
So, hab jetzt alles genau so gemacht.
Hier der Inhalt der aktuellen eScan_neu.txt.
Sieh so aus, als ob immer noch was da wäre, obwohl Spybot S&D nichts mehr findet.
Noch irgendwelche Ideen?

Danke u. Gruß
Woidl


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 19:27:15 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:45:13 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:46:20 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AWYWYWKR\gxbplug[1].dll infected by "not-a-virus:AdWare.GXB.a" Virus. Action Taken: No Action Taken.
Sun Apr 24 20:05:25 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Apr 24 20:22:11 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 20:01:39 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 20:08:57 2005 => File C:\j2sdk1.4.2\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 20:09:19 2005 => File C:\j2sdk1.4.2\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 20:22:11 2005 => Total Virus(es) Found: 9
Sun Apr 24 20:22:11 2005 => Total Errors: 11
Sun Apr 24 20:22:11 2005 => Time Elapsed: 01:00:33
Sun Apr 24 20:22:11 2005 => Total Objects Scanned: 52410
Sun Apr 24 19:21:27 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 20:22:11 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 20:44:43 2005 => Virus Database Date: 2005/04/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

chaosman 24.04.2005 20:02
@woidl
leere den quarantäne ordner vom avscanner
leere deine TIFs
Temporary Internet Files
Leere diese Ordner:
C:\Dokumente und Einstellungen\*Benutzername*\Lokale Einstellungen\Temp
C:\WINDOWS\Downloaded Program Files
C:\Dokumente und Einstellungen\*Benutzername*\Lokale Einstellungen\Temporary Internet Files

lade Adaware, update es und in den abgesicherten modus scannen lassen
download
neu booten,

chaosman

woidl 24.04.2005 21:23
Hi,
hab alles gemacht wie beschrieben. Auch alle Ordner 'temp' und 'temporary internet files' sowie den AV-Quarantine-Ordner geleert.
Unten das aktuelle eScan_neu.txt. Es wird zwar immer weniger, scheint aber noch immer nicht ganz virenfrei zu sein.
Beim Neustart des Rechners startet auch immer IE, obwohl ich keinen autostart Eintrag finden kann.
Hoffe, es weiß noch jemand Rat.

Danke + Gruß
Woidl



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 19:27:15 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sun Apr 24 19:27:15 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:45:13 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Sun Apr 24 19:46:20 2005 => File C:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AWYWYWKR\gxbplug[1].dll infected by "not-a-virus:AdWare.GXB.a" Virus. Action Taken: No Action Taken.
Sun Apr 24 20:05:25 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Apr 24 20:22:11 2005 => Total Disinfected Files: 0
Sun Apr 24 21:44:39 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun Apr 24 21:44:39 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Apr 24 22:03:47 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Apr 24 22:13:19 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 20:01:39 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 20:08:57 2005 => File C:\j2sdk1.4.2\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 20:09:19 2005 => File C:\j2sdk1.4.2\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 22:00:36 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 22:06:20 2005 => File C:\j2sdk1.4.2\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
Sun Apr 24 22:06:32 2005 => File C:\j2sdk1.4.2\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Apr 24 20:22:11 2005 => Total Virus(es) Found: 9
Sun Apr 24 22:13:19 2005 => Total Virus(es) Found: 4
Sun Apr 24 20:22:11 2005 => Total Errors: 11
Sun Apr 24 22:13:19 2005 => Total Errors: 13
Sun Apr 24 20:22:11 2005 => Time Elapsed: 01:00:33
Sun Apr 24 22:13:19 2005 => Time Elapsed: 00:29:14
Sun Apr 24 20:22:11 2005 => Total Objects Scanned: 52410
Sun Apr 24 22:13:19 2005 => Total Objects Scanned: 31303
Sun Apr 24 19:21:27 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 20:22:11 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 20:44:43 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 21:43:53 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 22:13:19 2005 => Virus Database Date: 2005/04/24
Sun Apr 24 22:13:29 2005 => Virus Database Date: 2005/04/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

woidl 26.04.2005 17:52
Hi,

ich nocheinmal.
Hat schon jemand eine Idee, wie ich die Plagegeister loswerde?
Oder hilft da ohnehin nurmehr neu aufsetzen?
Bitte um Hilfe - danke.
Woidl

Haui45 26.04.2005 19:07
Lösche die alte mwav.log und scanne erneut. Wahrscheinlich wird gar nichts mehr gefunden.

redbull55 30.04.2005 06:53
hi leute hab den deselben trojaner.

das kahm mit hijack raus, bitte m hilfe .

------------------------
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\apitx.exe
D:\Programme\AVPersonal\AVGUARD.EXE
D:\Programme\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\Explorer.EXE
D:\Programme\VIAudioi\SBADeck\ADeck.exe
D:\Programme\D-Tools\daemon.exe
D:\Programme\Java\jre1.5.0_02\bin\jusched.exe
D:\Programme\AVPersonal\AVGNT.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Programme\Messenger\msmsgs.exe
D:\Programme\MSN Messenger\MsnMsgr.Exe
D:\Programme\MicroStar\WLANUtility\WlanUtility.exe
D:\WINDOWS\system32\ntvdm.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Programme\Crazy Browser\Crazy Browser.exe
D:\Programme\Windows Media Player\wmplayer.exe
D:\Dokumente und Einstellungen\Burhan.DIRTY-62IRCA2VW\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\fpfea.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\fpfea.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\fpfea.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\fpfea.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\fpfea.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\fpfea.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E2AAE708-7C06-EB89-99CD-EE6A96283C8C} - D:\WINDOWS\system32\apiab.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O4 - HKLM\..\Run: [AudioDeck] D:\Programme\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programme\D-Tools\daemon.exe" -lang 1031
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Crazy Browser.exe] D:\Programme\Crazy Browser\Crazy Browser.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WlanUtility.lnk = D:\Programme\MicroStar\WLANUtility\WlanUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\system32\apitx.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE

Rene-gad 30.04.2005 08:52
@redbull55
Zitat:
Zitat von Haui45
Bei der Registrierung hast du den Nutzungshinweisen zugestimmt!
Zitat:
Dialogstörung:
Dialogstörung liegt vor, wenn ein Mitglied absichtlich den normalen Verlauf der Dialoge in einem Thread stört. Das kann z.B. durch wiederholtes Unterbrechen der Konversation zwischen anderen Mitgliedern geschehen
Wie poste ich falsch?

Maahk 27.07.2007 08:52
Bei mir hat sich Antivir heute gemeldet, dass ich den
TR/Agent.BYZ habe. Google findet nur TR/Agent.BI und
deshalb wollt ich ja mal fragen, ob das derselbe ist?
Wenn ja brauch ich keinen neuen Fred dazu zu setzen...
Thxalot


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:01 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131