Trojaner?!?

Pomes · 03.01.2005, 18:18

Mein Kumpel hat ein Problem mit seinen Pc.Es installieren sich immer Searchbars etc. Hier nun das HiJackLog und eScanLog:

Hijack:
Logfile of HijackThis v1.99.0
Scan saved at 17:19:58, on 03.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\Panda Software\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Panda Software\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mcafeee.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Panda Software\SRVLOAD.EXE
C:\Programme\Panda Software\PaSSrv.exe
C:\Programme\Panda Software\Firewall\PavFires.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Panda Software\PavFnSvr.exe
C:\Programme\Panda Software\Pavkre.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\pavsrv51.exe
C:\Programme\Panda Software\AVENGINE.EXE
C:\Programme\Panda Software\prevsrv.exe
C:\Programme\Panda Software\PsImSvc.exe
C:\Programme\Panda Software\WebProxy.exe
C:\WINDOWS\ISW\ewetel.dsl\signup\Tray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ewetel.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.ewetel.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ewetel.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.ewetel.de:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [Windows Media Player] mcafeee.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvfyz32.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Windows Media Player] mcafeee.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programme\Panda Software\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Media Player] mcafeee.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104751846254
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29828165-B50B-493B-9901-B3F9418F734C}: NameServer = 212.6.108.140 212.6.108.141
O23 - Service: Panda Antispam Server Service - Unknown - C:\Programme\Panda Software\PaSSrv.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programme\Panda Software\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Programme\Panda Software\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Programme\Panda Software\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Programme\Panda Software\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programme\Panda Software\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Programme\Panda Software\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programme\Panda Software\PsImSvc.exe

Hoffe um Hilfe, damit mein Kumpel den Pc wieder nutzen kann...

Pomes · 03.01.2005, 18:19

Hier die eScanlogfile:
eScan (infected):
File C:\WINDOWS\ELITES~1\ELITES~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dalins.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolj.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolk.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\configure.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken
File C:\WINDOWS\System32\msconfig23.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01234567\powerscan[1].exe infected by "Trojan-Downloader.Win32.IstBar.gt" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O7G3IR8D\istbar_mainstream[1].dll infected by "Trojan-Downloader.Win32.IstBar.gj" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O7G3IR8D\istrecover[1].exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0000129.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0000130.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0000131.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001114.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001115.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001116.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001120.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001126.dll infected by "Trojan-Downloader.Win32.IstBar.gj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001131.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001132.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001133.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001135.bat infected by "Trojan-Downloader.BAT.Ftp.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002147.exe infected by "Trojan-Downloader.Win32.IstBar.gt" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002151.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002152.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002153.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002154.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002156.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP4\A0002177.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP4\A0002178.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP5\A0002185.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP5\A0002186.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP5\A0002206.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dalins.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken
File C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5M74XQN\gamas[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QBI7UDSN\loud[1].exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\configure.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msconfig23.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolj.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolk.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.

Muss ich alle Dateien löschen?Oder welche?

Haui45 · 03.01.2005, 18:21

Zitat:

File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.

Auch hier gilt folgendes (kann man auch in unzähligen Posts nachlesen):

Bei einer derartigen Verseuchung ist die einzige Möglichkeit, um wieder einen vertrauenswürdigen Zustand herzustellen die, dein System neu aufzusetzen -> http://www.trojaner-board.de/showpos...8&postcount=2]
Lutz über Datensicherung (auf ausführbare Dateien solltest du jedoch ganz verzichten)
Pflichtlektüre
Über die Entfernung von Schädlingen
Bitte beim formatieren an die verlinkte Anleitung halten.

Trojaner?!?

Plagegeister aller Art und deren Bekämpfung: Trojaner?!?

Trojaner?!?

Trojaner?!?

Trojaner?!?