Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internetverbindung unterbricht teilweise (https://www.trojaner-board.de/23388-internetverbindung-unterbricht-teilweise.html)

creeper 06.11.2005 21:02
Internetverbindung unterbricht teilweise
 
hallo

ich habe ein riesenproblem...wenn ich z.t. auf irgendwelche homepages möchte...wird die internetverbindung automatisch unterbrochen!
keine ahnung wieso...!

als ich die mit ad-aware meinen pc durchsuchen liess, meldete mir AntiVir folgende Trojaner:

TR/Dldr.TSUpdat.F.1
TR/Dldr.TSUpdat.K
TR/Dldr.VB.RI
TR/Dldr.ISTBar.IQ
TR/Inst_gunbot.1
TR/Dldr.ISTBar18944
TR/Dldr.ISTBar.IJ.1
TR/Dldr.Dyfunca.ds
TR/DelProx.A
TR/Perfect.3


was kann ich dagegen tun?
wie kann ich die trojaner entfernen?
ich kann mir vorstellen dass das mit den internetverbindungsunterbrüchen etwas mit diesen Trojanern zutun hat...

THX

chaosman 06.11.2005 22:00
@creeper
poste ein HJT logfile
http://www.trojaner-board.de/showthread.php?t=17493

scanne dein system mit escan
http://www.trojaner-board.de/showthread.php?t=17492

chaosman

creeper 07.11.2005 18:14
Logfile of HijackThis v1.99.1
Scan saved at 18:14:02, on 07.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\WinTV\Ir.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\avmclient\panapp.exe
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\SLEE12.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Candrian\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\winampa.exe"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_020e.dll"
O4 - HKCU\..\Run: [wkor] C:\PROGRA~1\COMMON~1\wkor\wkorm.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

creeper 08.11.2005 12:48
was muss ich unternehmen?

könnte mir jemand helfen?

besten dank im voraus

stupormundi 08.11.2005 13:04
@creeper:
Zitat:
was muss ich unternehmen?
Bring uns zuerst die notwendige Info
Zitat:
Zitat von chaosman
scanne dein system mit escan
Lass mal escan nach Cidres Anleitung http://www.trojaner-board.de/showthread.php?t=17492 im abgesicherten Modus http://www.systemwiederherstellung-d...indows-xp.html laufen und poste anschließend das Ergebnis von Hauis45´s 'find.bat' (ist in der Anleitung ebenfalls beschrieben). Halte Dich genau an diese Anleitung (Speicherort von escan-entpacken nach C:\bases_x, update vor dem Scan, Spracheinstellung "English", alle Häkchen wie beschrieben setzen) sonst funktioniert die find.bat nicht. Lies´ die Anleitung zuerst ganz durch, sonst übersiehst Du vielleicht etwas!
Zitat:
könnte mir jemand helfen?
Du bist am Zug - ohne Info können wir nur raten - im HJT Log ist nichts Auffälliges zu finden
stupormundi

creeper 08.11.2005 20:24
habe mein system mit escan gemäss beschreibung durchgescannt.
wie geht es weiter??


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Nov 08 19:29:47 2005 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
Tue Nov 08 19:29:47 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Tue Nov 08 19:29:47 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
Tue Nov 08 19:29:47 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Tue Nov 08 19:29:47 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Tue Nov 08 19:29:48 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken.
Tue Nov 08 19:29:48 2005 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Tue Nov 08 19:29:48 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken.
Tue Nov 08 19:29:51 2005 => System found infected with travelling salesman Spyware/Adware (inst.dat)! Action taken: No Action Taken.
Tue Nov 08 19:29:51 2005 => System found infected with target saver Spyware/Adware (tsuninst.exe)! Action taken: No Action Taken.
Tue Nov 08 19:29:52 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Tue Nov 08 19:29:52 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Tue Nov 08 19:29:55 2005 => System found infected with target saver Spyware/Adware (C:\WINDOWS\system32\tsuninst.exe)! Action taken: No Action Taken.
Tue Nov 08 19:34:28 2005 => File C:\Dokumente und Einstellungen\Candrian\Lokale Einstellungen\Temp\istsv_.exe infected by "Trojan-Downloader.Win32.IstBar.mx" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:34:29 2005 => File C:\Dokumente und Einstellungen\Candrian\Lokale Einstellungen\Temp\jfghjhhfgudk.exe infected by "Trojan-Downloader.Win32.IstBar.mw" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:49 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0004290.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0004290.EXE.VIR infected by "Trojan-Downloader.Win32.TSUpdate.j" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0005186.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0005186.EXE.VIR infected by "Trojan-Downloader.Win32.TSUpdate.k" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0005187.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0005187.EXE.VIR infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0005217.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0005217.EXE.VIR infected by "Trojan-Downloader.Win32.VB.ri" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0005218.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0005218.EXE.VIR infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0005681.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0005681.EXE.VIR infected by "Trojan-Spy.Win32.Perfloger.f" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0006676.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0006676.EXE.VIR infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0006679.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0006679.EXE.VIR infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0006681.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0006681.EXE.VIR infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0006682.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0006682.EXE.VIR infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0007038.EXE.VIR
Tue Nov 08 19:42:50 2005 => File C:\Programme\AVPersonal\INFECTED\A0007038.EXE.VIR infected by "Trojan.Win32.Small.cy" Virus! Action Taken: No Action Taken.
Tue Nov 08 19:42:50 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0007081.DLL.VIR
Tue Nov 08 19:42:51 2005 => File C:\Programme\AVPersonal\INFECTED\A0007081.DLL.VIR tagged as not-a-virus:Monitor.Win32.Perflogger.al. No Action Taken.
Tue Nov 08 19:42:51 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\sp2update00.VIR
Tue Nov 08 19:42:51 2005 => File C:\Programme\AVPersonal\INFECTED\sp2update00.VIR infected by "Trojan-Downloader.Win32.VB.nh" Virus! Action Taken: No Action Taken.
Tue Nov 08 20:16:07 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Nov 08 19:35:54 2005 => File C:\Dokumente und Einstellungen\Candrian\Lokale Einstellungen\Temp\NNCLXA638.EXE tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
Tue Nov 08 19:36:56 2005 => File C:\Dokumente und Einstellungen\Candrian\Lokale Einstellungen\Temp\VVSNInst.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Tue Nov 08 19:37:43 2005 => File C:\Eigene Dateien\Clemens\Ashlee Simpson\ashleesimpson.exe tagged as "not-a-virus:AdWare.Win32.EZula.bm". Action Taken: No Action Taken.
Tue Nov 08 19:40:06 2005 => File C:\mte3ndi6odoxng.exe tagged as "not-a-virus:AdWare.Win32.ISearch.d". Action Taken: No Action Taken.
Tue Nov 08 19:42:51 2005 => File C:\Programme\AVPersonal\INFECTED\A0007081.DLL.VIR tagged as not-a-virus:Monitor.Win32.Perflogger.al. No Action Taken.
Tue Nov 08 19:42:58 2005 => File C:\Programme\BearShare\Installer\BSINSTALL.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Tue Nov 08 20:06:23 2005 => File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
Tue Nov 08 20:07:51 2005 => File C:\WINDOWS\system32\bpk.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Nov 08 19:29:49 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Tue Nov 08 19:29:49 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!!
Tue Nov 08 19:29:49 2005 => Offending Key found: HKLM\Software\bearshare !!!
Tue Nov 08 19:29:49 2005 => Offending Key found: HKLM\Software\gnu !!!
Tue Nov 08 19:29:49 2005 => Offending Key found: HKLM\Software\mysearch !!!
Tue Nov 08 19:29:49 2005 => Offending Key found: HKLM\Software\myway !!!
Tue Nov 08 19:29:49 2005 => Offending Key found: HKLM\Software\ucontrol !!!
Tue Nov 08 19:29:49 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!!
Tue Nov 08 19:29:49 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!!
Tue Nov 08 19:29:51 2005 => Offending file found: C:\WINDOWS\system32\inst.dat
Tue Nov 08 19:29:51 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Tue Nov 08 19:29:51 2005 => Offending Folder found: C:\Programme\bearshare
Tue Nov 08 19:29:52 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
Tue Nov 08 19:29:52 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
Tue Nov 08 19:29:55 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Nov 08 20:16:07 2005 => Total Virus(es) Found: 45
Tue Nov 08 20:16:07 2005 => Total Errors: 95
Tue Nov 08 20:16:07 2005 => Time Elapsed: 00:47:06
Tue Nov 08 20:16:07 2005 => Total Objects Scanned: 47515
Tue Nov 08 19:28:10 2005 => Virus Database Date: 2005/11/08
Tue Nov 08 20:16:07 2005 => Virus Database Date: 2005/11/08
Tue Nov 08 20:16:31 2005 => Virus Database Date: 2005/11/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

creeper 08.11.2005 21:21
wie geht es weiter??? :headbang:

danke im voraus für euere antworten..!

felix1 08.11.2005 21:38
Lade und update Spybot S&D und lasse das Programm laufen.
http://www.comsafe.de/download.html
Immunisiere mit S&D
Installiere Clearprog, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken.
http://www.clearprog.de/
Leere den Quarantäneordner Deines Antivirenprogrammes.
Deinstalliere über Systemsteuerung->Software Produkte wie NewdotNet usw.
Installiere:
http://www.ewido.net/de/download/
Lasse Ewido das System scannen und bereinigen.
Poste das Ergebnis des Scans mit ewido.

creeper 08.11.2005 22:24
Zitat:
Zitat von felix1
Deinstalliere über Systemsteuerung->Software Produkte wie NewdotNet usw.
das ist das einzige das ich nicht ganz kapiert habe...den rest habe ich durchgeführt. newdotnet ist bei systemsteuerung -> software nicht aufzufinden.

hier noch die reportdatei:

---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 22:21:29, 08.11.2005
+ Report-Checksumme: D29332EA

+ Scanergebnis:

C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\system32\bpk.exe -> Not-A-Virus.Monitor.Perflogger.ad : Gesäubert mit Backup


::Report Ende





wie weiter??

felix1 09.11.2005 16:15
Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Anschließend neuer escan und wieder das mit der find.bat erstellte Log posten.

creeper 09.11.2005 18:55
das wäre der neue scan.
wie geht es weiter?? scheint als wären immer noch diverse dateien infiziert.
und was ist eigentlich mit diesem clearprogramm und mit ewido? kann ich diese wieder deinstallieren??


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 18:48:05 2005 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
Wed Nov 09 18:48:05 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Wed Nov 09 18:48:06 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Wed Nov 09 18:48:06 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Wed Nov 09 18:48:09 2005 => System found infected with travelling salesman Spyware/Adware (inst.dat)! Action taken: No Action Taken.
Wed Nov 09 18:48:09 2005 => System found infected with target saver Spyware/Adware (tsuninst.exe)! Action taken: No Action Taken.
Wed Nov 09 18:48:10 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Wed Nov 09 18:48:10 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Wed Nov 09 18:48:14 2005 => System found infected with target saver Spyware/Adware (C:\WINDOWS\system32\tsuninst.exe)! Action taken: No Action Taken.
Wed Nov 09 18:48:27 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\bearshare !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\gnu !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\mysearch !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\myway !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\ucontrol !!!
Wed Nov 09 18:48:07 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!!
Wed Nov 09 18:48:07 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!!
Wed Nov 09 18:48:09 2005 => Offending file found: C:\WINDOWS\system32\inst.dat
Wed Nov 09 18:48:09 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Wed Nov 09 18:48:09 2005 => Offending Folder found: C:\Programme\bearshare
Wed Nov 09 18:48:10 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
Wed Nov 09 18:48:10 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
Wed Nov 09 18:48:14 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 18:48:27 2005 => Total Virus(es) Found: 19
Wed Nov 09 18:48:27 2005 => Total Errors: 94
Wed Nov 09 18:48:27 2005 => Time Elapsed: 00:01:13
Wed Nov 09 18:48:27 2005 => Total Objects Scanned: 20800
Wed Nov 09 18:47:09 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 18:48:27 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 18:50:54 2005 => Virus Database Date: 2005/11/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

felix1 09.11.2005 19:57
Lade RegSeeker


Sichern vor Löschen anhaken und nur die grünen Funde entfernen!
Gehe mal in die Systemsteuerung->Software und entferne Dir unbekannte Programme.

Danach wie gehabt:
Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Anschließend neuer escan und wieder das mit der find.bat erstellte Log posten.

creeper 09.11.2005 21:36
das wäre das neue log file

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 18:48:05 2005 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
Wed Nov 09 18:48:05 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Wed Nov 09 18:48:06 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Wed Nov 09 18:48:06 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Wed Nov 09 18:48:09 2005 => System found infected with travelling salesman Spyware/Adware (inst.dat)! Action taken: No Action Taken.
Wed Nov 09 18:48:09 2005 => System found infected with target saver Spyware/Adware (tsuninst.exe)! Action taken: No Action Taken.
Wed Nov 09 18:48:10 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Wed Nov 09 18:48:10 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Wed Nov 09 18:48:14 2005 => System found infected with target saver Spyware/Adware (C:\WINDOWS\system32\tsuninst.exe)! Action taken: No Action Taken.
Wed Nov 09 18:48:27 2005 => Total Disinfected Files: 0
Wed Nov 09 20:47:50 2005 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
Wed Nov 09 20:47:50 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Wed Nov 09 20:47:50 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Wed Nov 09 20:47:50 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Wed Nov 09 20:47:54 2005 => System found infected with travelling salesman Spyware/Adware (inst.dat)! Action taken: No Action Taken.
Wed Nov 09 20:47:54 2005 => System found infected with target saver Spyware/Adware (tsuninst.exe)! Action taken: No Action Taken.
Wed Nov 09 20:47:55 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Wed Nov 09 20:47:55 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Wed Nov 09 20:47:58 2005 => System found infected with target saver Spyware/Adware (C:\WINDOWS\system32\tsuninst.exe)! Action taken: No Action Taken.
Wed Nov 09 20:56:16 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Wed Nov 09 21:32:42 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 20:51:09 2005 => File C:\Eigene Dateien\Clemens\Ashlee Simpson\ashleesimpson.exe tagged as "not-a-virus:AdWare.Win32.EZula.bm". Action Taken: No Action Taken.
Wed Nov 09 20:56:23 2005 => File C:\Programme\BearShare\Installer\BSINSTALL.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Wed Nov 09 21:14:30 2005 => File C:\System Volume Information\_restore{97F3DF2E-49F1-4F74-BE04-9551A5CFDB7A}\RP0\A0000357.exe tagged as "not-a-virus:AdWare.Win32.ISearch.d". Action Taken: No Action Taken.
Wed Nov 09 21:14:30 2005 => File C:\System Volume Information\_restore{97F3DF2E-49F1-4F74-BE04-9551A5CFDB7A}\RP0\A0000358.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
Wed Nov 09 21:14:30 2005 => File C:\System Volume Information\_restore{97F3DF2E-49F1-4F74-BE04-9551A5CFDB7A}\RP0\A0000359.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\bearshare !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\gnu !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\mysearch !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\myway !!!
Wed Nov 09 18:48:07 2005 => Offending Key found: HKLM\Software\ucontrol !!!
Wed Nov 09 18:48:07 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!!
Wed Nov 09 18:48:07 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!!
Wed Nov 09 18:48:09 2005 => Offending file found: C:\WINDOWS\system32\inst.dat
Wed Nov 09 18:48:09 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Wed Nov 09 18:48:09 2005 => Offending Folder found: C:\Programme\bearshare
Wed Nov 09 18:48:10 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
Wed Nov 09 18:48:10 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
Wed Nov 09 18:48:14 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Wed Nov 09 20:47:52 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Wed Nov 09 20:47:52 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!!
Wed Nov 09 20:47:52 2005 => Offending Key found: HKLM\Software\bearshare !!!
Wed Nov 09 20:47:52 2005 => Offending Key found: HKLM\Software\mysearch !!!
Wed Nov 09 20:47:52 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!!
Wed Nov 09 20:47:52 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!!
Wed Nov 09 20:47:54 2005 => Offending file found: C:\WINDOWS\system32\inst.dat
Wed Nov 09 20:47:54 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Wed Nov 09 20:47:54 2005 => Offending Folder found: C:\Programme\bearshare
Wed Nov 09 20:47:55 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
Wed Nov 09 20:47:55 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
Wed Nov 09 20:47:58 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 18:48:27 2005 => Total Virus(es) Found: 19
Wed Nov 09 21:32:42 2005 => Total Virus(es) Found: 21
Wed Nov 09 18:48:27 2005 => Total Errors: 94
Wed Nov 09 21:32:43 2005 => Total Errors: 24
Wed Nov 09 18:48:27 2005 => Time Elapsed: 00:01:13
Wed Nov 09 21:32:43 2005 => Time Elapsed: 00:45:33
Wed Nov 09 18:48:27 2005 => Total Objects Scanned: 20800
Wed Nov 09 21:32:42 2005 => Total Objects Scanned: 46523
Wed Nov 09 18:47:09 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 18:48:27 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 18:50:54 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 20:46:54 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 21:32:43 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 21:32:47 2005 => Virus Database Date: 2005/11/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

felix1 10.11.2005 14:26
Wenn man Dir hier hilft, dann solltest Du auch die Anleitungen und Hinweise beachten, ansonsten hat das keinen Sinn:kloppen:

Zitat:
Danach wie gehabt:
Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Anschließend neuer escan und wieder das mit der find.bat erstellte Log posten.
Das Löschen hast Du nicht getan:

Zitat:
Wed Nov 09 18:48:27 2005 => Total Virus(es) Found: 19
Wed Nov 09 21:32:42 2005 => Total Virus(es) Found: 21
Wed Nov 09 18:48:27 2005 => Total Errors: 94
Wed Nov 09 21:32:43 2005 => Total Errors: 24
Wed Nov 09 18:48:27 2005 => Time Elapsed: 00:01:13
Wed Nov 09 21:32:43 2005 => Time Elapsed: 00:45:33
Wed Nov 09 18:48:27 2005 => Total Objects Scanned: 20800
Wed Nov 09 21:32:42 2005 => Total Objects Scanned: 46523
Wed Nov 09 18:47:09 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 18:48:27 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 18:50:54 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 20:46:54 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 21:32:43 2005 => Virus Database Date: 2005/11/08
Wed Nov 09 21:32:47 2005 => Virus Database Date: 2005/11/08
Damit ist nicht zu sehen, was wirklich noch vorhanden ist.

Also die Datei mwav.log löschen und escan erneut durchführen. Neues Ergebnis posten.

creeper 10.11.2005 22:23
diesesmal sollte es richtig sein...!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 10 19:22:54 2005 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
Thu Nov 10 19:22:55 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Thu Nov 10 19:22:55 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Thu Nov 10 19:22:55 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Thu Nov 10 19:22:58 2005 => System found infected with travelling salesman Spyware/Adware (inst.dat)! Action taken: No Action Taken.
Thu Nov 10 19:22:59 2005 => System found infected with target saver Spyware/Adware (tsuninst.exe)! Action taken: No Action Taken.
Thu Nov 10 19:22:59 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Thu Nov 10 19:22:59 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Thu Nov 10 19:23:03 2005 => System found infected with target saver Spyware/Adware (C:\WINDOWS\system32\tsuninst.exe)! Action taken: No Action Taken.
Thu Nov 10 19:31:25 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Thu Nov 10 20:06:34 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 10 19:26:20 2005 => File C:\Eigene Dateien\Clemens\Ashlee Simpson\ashleesimpson.exe tagged as "not-a-virus:AdWare.Win32.EZula.bm". Action Taken: No Action Taken.
Thu Nov 10 19:31:32 2005 => File C:\Programme\BearShare\Installer\BSINSTALL.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Thu Nov 10 19:48:55 2005 => File C:\System Volume Information\_restore{97F3DF2E-49F1-4F74-BE04-9551A5CFDB7A}\RP0\A0000357.exe tagged as "not-a-virus:AdWare.Win32.ISearch.d". Action Taken: No Action Taken.
Thu Nov 10 19:48:55 2005 => File C:\System Volume Information\_restore{97F3DF2E-49F1-4F74-BE04-9551A5CFDB7A}\RP0\A0000358.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
Thu Nov 10 19:48:55 2005 => File C:\System Volume Information\_restore{97F3DF2E-49F1-4F74-BE04-9551A5CFDB7A}\RP0\A0000359.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 10 19:22:56 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Thu Nov 10 19:22:56 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!!
Thu Nov 10 19:22:56 2005 => Offending Key found: HKLM\Software\bearshare !!!
Thu Nov 10 19:22:56 2005 => Offending Key found: HKLM\Software\mysearch !!!
Thu Nov 10 19:22:57 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!!
Thu Nov 10 19:22:57 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!!
Thu Nov 10 19:22:58 2005 => Offending file found: C:\WINDOWS\system32\inst.dat
Thu Nov 10 19:22:59 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
Thu Nov 10 19:22:59 2005 => Offending Folder found: C:\Programme\bearshare
Thu Nov 10 19:22:59 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
Thu Nov 10 19:22:59 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
Thu Nov 10 19:23:03 2005 => Offending file found: C:\WINDOWS\system32\tsuninst.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 10 20:06:34 2005 => Total Virus(es) Found: 21
Thu Nov 10 20:06:34 2005 => Total Errors: 24
Thu Nov 10 20:06:34 2005 => Time Elapsed: 00:50:26
Thu Nov 10 20:06:34 2005 => Total Objects Scanned: 46757
Thu Nov 10 20:06:34 2005 => Virus Database Date: 2005/11/08
Thu Nov 10 21:06:28 2005 => Virus Database Date: 2005/11/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:37 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131