Trojaner-Board - Seltsamer Spam vom Browser

Danke chaosman, habs durchgearbeitet.

Escan Logfile:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Funde für "infected" 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Sat Dec 17 20:10:47 2005 => System found infected with cws.loadadv.400 Browser Hijacker (tool2.exe)! Action taken: No Action Taken.

Sat Dec 17 20:10:47 2005 => System found infected with downloadplus Spyware/Adware (installer.exe)! Action taken: No Action Taken.

Sat Dec 17 20:10:48 2005 => System found infected with thelocalsearch Spyware/Adware (uninstal.exe)! Action taken: No Action Taken.

Sat Dec 17 20:10:50 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:50 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:50 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:50 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Sat Dec 17 20:10:50 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:50 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:51 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:51 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:51 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:51 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Sat Dec 17 20:10:51 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:51 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.

Sat Dec 17 20:10:52 2005 => System found infected with cws.smartsearch Spyware/Adware (C:\WINDOWS\start.exe)! Action taken: No Action Taken.

Sat Dec 17 20:43:27 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\install[1].exe.bac_a03360 infected by "Trojan-Dropper.Win32.Agent.aed" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:28 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\install.exe.bac_a03360 infected by "Trojan-Dropper.Win32.Agent.aed" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:30 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\stub_113_4_0_4_0[1].exe.bac_a03360 infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:30 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\A0037152.exe.bac_a03360 infected by "Trojan-Downloader.Win32.TSUpdate.p" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:30 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\A0037153.exe.bac_a03360 infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:30 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\A0037190.exe.bac_a03360 infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:30 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\A0037191.exe.bac_a03360 infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\stub_113_4_0_4_0.exe.bac_a03360 infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\timessquare[1].exe.bac_a03360 infected by "Trojan.Win32.StartPage.aw" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\timessquare.exe.bac_a03360 infected by "Trojan.Win32.StartPage.aw" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\timessquare.VIR.bac_a03360 infected by "Trojan.Win32.StartPage.aw" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\timessquare.VIR00.bac_a03360 infected by "Trojan.Win32.StartPage.aw" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\toolbar[1].txt.bac_a03360 infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\toolbar.exe.bac_a03360 infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\kl[1].txt.bac_a03360 infected by "Trojan-Spy.Win32.Small.dg" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\kl.exe.bac_a03360 infected by "Trojan-Spy.Win32.Small.dg" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:31 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\MTE3NDI6ODoxNg[1].exe.bac_a03360 infected by "Trojan-Downloader.Win32.Small.buy" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:32 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\MTE3NDI6ODoxNg.exe.bac_a03360 infected by "Trojan-Downloader.Win32.Small.buy" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:32 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\tool3[1].txt.bac_a03360 infected by "Packed.Win32.Klone.b" Virus! Action Taken: No Action Taken.

Sat Dec 17 20:43:32 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\tool3.exe.bac_a03360 infected by "Packed.Win32.Klone.b" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:12 2005 => File E:\Programme\Norton AntiVirus\Quarantine\17B92691.exe infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:13 2005 => File E:\Programme\Norton AntiVirus\Quarantine\17BF7A8A.exe infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:14 2005 => File E:\Programme\Norton AntiVirus\Quarantine\17C32486.EXE infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:24 2005 => File E:\Programme\Norton AntiVirus\Quarantine\3D2B641E.exe infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:24 2005 => File E:\Programme\Norton AntiVirus\Quarantine\18014242.exe infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:24 2005 => File E:\Programme\Norton AntiVirus\Quarantine\18046C3E.exe infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:25 2005 => File E:\Programme\Norton AntiVirus\Quarantine\184C07EF.exe infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\7C334287.exe infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E2F5C48.exe infected by "Packed.Win32.Klone.b" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E2F5C48.txt infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\66B02F8C.exe infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\66B02F8C.txt infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\6A2C5266.exe infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\6A2C5266.txt infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\0A5C25BF.exe infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E320644.txt infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E320644.exe infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2C790D8B.txt infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E353041.exe infected by "Trojan.Win32.StartPage.agi" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:28 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E395A3D.txt infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E395A3D.exe infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E3C043A.txt infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E3C043A.exe infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\7DD12789.txt infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\7DD12789.exe infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E3F2E36.txt infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E435833.exe infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2E435833.txt infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\09616388.exe infected by "Trojan-Downloader.Win32.Small.buh" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:29 2005 => File E:\Programme\Norton AntiVirus\Quarantine\2EF00974.exe infected by "Trojan-Clicker.Win32.VB.kc" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:32 2005 => File E:\Programme\Norton AntiVirus\Quarantine\5AF830FF infected by "Virus.Win32.Tenga.a" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:04:32 2005 => File E:\Programme\Norton AntiVirus\Quarantine\7F5E133A.exe infected by "Trojan-Clicker.Win32.VB.kc" Virus! Action Taken: No Action Taken.

Sat Dec 17 21:56:40 2005 => Total Disinfected Files: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Funde für "tagged" 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Sat Dec 17 20:09:55 2005 => File C:\Dokumente und Einstellungen\****\Desktop\Daten\[inwc.de]mirc_6.16.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

Sat Dec 17 20:13:03 2005 => File C:\WINDOWS\system32\msdsrv32.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:13:08 2005 => File C:\WINDOWS\system32\uthisapi.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:13:12 2005 => File C:\WINDOWS\system32\pzcAdimg.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:13:17 2005 => File C:\WINDOWS\system32\lv8m09l1e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:13:17 2005 => File C:\WINDOWS\system32\l62slgf7162.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:13:18 2005 => File C:\WINDOWS\system32\jtju0719e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:25:48 2005 => File C:\WINDOWS\SYSTEM32\msdsrv32.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:25:57 2005 => File C:\WINDOWS\SYSTEM32\uthisapi.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:26:02 2005 => File C:\WINDOWS\SYSTEM32\pzcAdimg.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:26:07 2005 => File C:\WINDOWS\SYSTEM32\lv8m09l1e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:26:07 2005 => File C:\WINDOWS\SYSTEM32\l62slgf7162.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:26:08 2005 => File C:\WINDOWS\SYSTEM32\jtju0719e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:26 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\Installer[1].exe.bac_a03360 tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:27 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\Installer.exe.bac_a03360 tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:28 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\A0037195.dll.bac_a03360 tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:28 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\A0037199.dll.bac_a03360 tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:28 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\A0037322.dll.bac_a03360 tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:29 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\bjrezxp.dll.bac_a03360 tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:29 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\iaign32.dll.bac_a03360 tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 20:43:29 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\command.exe.bac_a03360 tagged as "not-a-virus:AdWare.Win32.CommAd.a". Action Taken: No Action Taken.

Sat Dec 17 20:43:32 2005 => File C:\Dokumente und Einstellungen\****\.housecall\Quarantine\asappsrv.dll.bac_a03360 tagged as "not-a-virus:AdWare.Win32.CommAd.a". Action Taken: No Action Taken.

Sat Dec 17 20:45:19 2005 => File C:\Dokumente und Einstellungen\****\Desktop\Daten\[inwc.de]mirc_6.16.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

Sat Dec 17 21:49:14 2005 => File C:\WINDOWS\SYSTEM32\msdsrv32.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 21:49:23 2005 => File C:\WINDOWS\SYSTEM32\uthisapi.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 21:49:28 2005 => File C:\WINDOWS\SYSTEM32\pzcAdimg.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 21:49:33 2005 => File C:\WINDOWS\SYSTEM32\lv8m09l1e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 21:49:34 2005 => File C:\WINDOWS\SYSTEM32\l62slgf7162.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

Sat Dec 17 21:49:34 2005 => File C:\WINDOWS\SYSTEM32\jtju0719e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Funde für "offending" 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Sat Dec 17 20:10:47 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\time zones !!!

Sat Dec 17 20:10:47 2005 => Offending file found: C:\WINDOWS\tool2.exe

Sat Dec 17 20:10:47 2005 => Offending file found: C:\WINDOWS\installer.exe

Sat Dec 17 20:10:48 2005 => Offending file found: C:\WINDOWS\system32\uninstal.exe

Sat Dec 17 20:10:50 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temporary internet files\content.ie5\caeojzfp\adswrapper[1].js

Sat Dec 17 20:10:50 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temporary internet files\content.ie5\caeojzfp\show_ads[2].js

Sat Dec 17 20:10:50 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temporary internet files\content.ie5\w3yc8us9\adsend[1].js

Sat Dec 17 20:10:50 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temporary internet files\content.ie5\8n12be17\blank[1].htm

Sat Dec 17 20:10:50 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temporary internet files\content.ie5\8n12be17\adspopup2[1].js

Sat Dec 17 20:10:50 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\temporary internet files\content.ie5\yrcnhlr5\adsend[1].js

Sat Dec 17 20:10:51 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\content.ie5\caeojzfp\adswrapper[1].js

Sat Dec 17 20:10:51 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\content.ie5\caeojzfp\show_ads[2].js

Sat Dec 17 20:10:51 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\content.ie5\w3yc8us9\adsend[1].js

Sat Dec 17 20:10:51 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\content.ie5\8n12be17\blank[1].htm

Sat Dec 17 20:10:51 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\content.ie5\8n12be17\adspopup2[1].js

Sat Dec 17 20:10:51 2005 => Offending file found: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temporary Internet Files\content.ie5\yrcnhlr5\adsend[1].js

Sat Dec 17 20:10:52 2005 => Offending file found: C:\WINDOWS\start.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Statistiken: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Sat Dec 17 21:56:40 2005 => Total Virus(es) Found: 98

Sat Dec 17 21:56:40 2005 => Total Errors: 96

Sat Dec 17 21:56:40 2005 => Time Elapsed: 01:47:22

Sat Dec 17 21:56:40 2005 => Total Objects Scanned: 95280

Sat Dec 17 20:06:44 2005 => Virus Database Date: 2005/12/12

Sat Dec 17 21:56:40 2005 => Virus Database Date: 2005/12/12

Sat Dec 17 21:59:44 2005 => Virus Database Date: 2005/12/12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

~~~~~~~ © Haui ;-) ~~~~~~~ 

~~~~~~~ Dank an Cidre ~~~~~~~

Kann man hier Doppelposten? Wenn nicht brauch ich noch einen Zwischenpost für das hijackthis-Log und das SmitRem-Log sofern erforderlich.

Was soll ich weiterhin tun? Lohnt es sich überhaupt das alles zu entfernen, da laut

Zitat:

Zitat von Cidre

Egal, welche Möglichkeit du nun auswählst, sei dir darüber im Klaren, dass damit nur die Symptome und nicht die Ursache beseitigt wird.
Sollte eine Malware eine Schadfunktion besitzen, die es erlaubt, dass Dritte auf dein System zugreifen können, dann solltest du ohnehin ein Neuaufsetzen deines Systems mit anschliessender Absicherung in Erwägung ziehen und durchführen. Somit wäre auch die Vertrauenswürdigkeit deines Systems wiedergegeben.

eine Neuaufsetzung besser wäre? oder kann ich mein System wieder so in Schuß kriegen, dass die bestehenden Schädlinge mir nicht mehr zusetzen können?

Gruß, Schmatta

hijackthis Logfile:

Code:

Logfile of HijackThis v1.99.1

Scan saved at 22:03:31, on 17.12.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programme\HP\hpcoretech\hpcmpmgr.exe

C:\Programme\Microsoft IntelliPoint\point32.exe

C:\Programme\Java\jre1.5.0_06\bin\jusched.exe

C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\devldr32.exe

E:\Programme\Bluetooth Software\BTTray.exe

E:\Programme\Bluetooth Software\bin\btwdins.exe

e:\Programme\ewido security suite\ewidoctrl.exe

e:\Programme\ewido security suite\ewidoguard.exe

E:\Programme\Norton AntiVirus\navapsvc.exe

E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

E:\Programme\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Download\HijackThis.exe
 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R3 - URLSearchHook: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: Senden an &Bluetooth - E:\Programme\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\Programme\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\Programme\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D867DC1C-E28A-40F0-A2F4-0C7D9A3DF6CA}: NameServer = 10.0.0.10,10.0.52.1,10.0.0.20

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\lv2s09f7e.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - E:\Programme\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe

O23 - Service: ewido security suite control - ewido networks - e:\Programme\ewido security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - e:\Programme\ewido security suite\ewidoguard.exe

O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUp 2004\WinStylerThemeSvc.exe

SmitRem Logfile:

Code:



   smitRem © log file

     version 2.8
 

     by noahdfear
 
 

Microsoft Windows XP [Version 5.1.2600]
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 checking for ShudderLTD key
 

ShudderLTD key not present!
 

 checking for PSGuard.com key
 
 

PSGuard.com key not present!
 

spyaxe uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 Existing Pre-run Files
 
 

 ~~~ Program Files ~~~
 
 
 

 ~~~ Shortcuts ~~~
 
 
 

 ~~~ Favorites ~~~
 
 
 

 ~~~ system32 folder ~~~
 
 
 

 ~~~ Icons in System32 ~~~
 
 
 

 ~~~ Windows directory ~~~
 
 
 

 ~~~ Drive root ~~~
 
 

 ~~~ Miscellaneous Files/folders ~~~
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 900 'explorer.exe'
 

Starting registry repairs
 

Deleting files
 
 

   Remaining Post-run Files
 
 

 ~~~ Program Files ~~~
 
 
 

 ~~~ Shortcuts ~~~
 
 
 

 ~~~ Favorites ~~~
 
 
 

 ~~~ system32 folder ~~~
 
 
 

 ~~~ Icons in System32 ~~~
 
 
 

 ~~~ Windows directory ~~~
 
 
 

 ~~~ Drive root ~~~
 
 
 

 ~~~ Miscellaneous Files/folders ~~~
 
 
 
 

 ~~~ Wininet.dll ~~~
 

 wininet.dll is missing!!

OK, doch kein Zwischenpost =)