Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: LogFile

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.06.2005, 10:58   #1
Estel
 
LogFile - Standard

LogFile



Ich glaub, ich hab so allerhand Sachen auf dem Computer, die da nicht hingehören. Kann sich das bitte jemand angucken?

-------------
Logfile of HijackThis v1.99.1
Scan saved at 10:16:17, on 30.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Programme\CA\eTrust Antivirus\realmon.exe
C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Tbridge\Flatbed.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\WkDStore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wetterzentrale.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ebay.doubleclick.net/clk;NEW_15;8793645;k?http://cgi.ebay.de/ws/eBayISAPI.dll?ViewItem&item=6381288680&ssPageName=ADME:B:RECOE:2
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Programme\NavExcel\NavHelper\v2.0.4d\NHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\Programme\CA\eTrust Antivirus\realmon.exe
O4 - HKLM\..\Run: [navapp] C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Detector.lnk = ?
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119453248562
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--------------

Und dieses www.aldi.com habe ich nie irgendwo eingestellt...

Gruß
Estel
_____________
Anm.
Aktive Links editiert!
Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis.


LG Cidre
S-Mod TB

Geändert von Cidre (30.06.2005 um 22:32 Uhr)

Alt 30.06.2005, 11:21   #2
dartus
 
LogFile - Standard

LogFile



Hallo Estel,

deinstalliere über Systemsteuerung/Software "NavExel oder NavHelper" sowie alle Dir unbekannte und zweifelhaft Software.

Desweiteren downloade Dir clearprog, nimm eine Datenträgerbereinigung vor (Häckchen bei “alles Löschen” und auf “löschen” klicken) und leere den Quarantäne-Ordner Deines Antivir-Programms.
Führe dannEscan aus und halte Dich genau an die Anleitung (abgesicherter Modus, Häckchen korrekt setzen, "Find.bat" anwenden usw.)

dartus
__________________

__________________

Alt 30.06.2005, 22:09   #3
Estel
 
LogFile - Standard

LogFile



dartus: so, alles gemacht.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

System found infected with ElitebarBHO Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken.

System found infected with ElitebarBHO Spyware/Adware ({28caeff3-0f18-4036-b504-51d73bd81abc})! Action taken: No Action Taken.

System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with NetPal Spyware/Adware ({00000ef1-0786-4633-87c6-1aa7a44296da})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with NetPal Spyware/Adware ({ef100007-f409-426a-9e7c-cb211f2a9786})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken.

Thu Jun 30 10:41:52 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.

Thu Jun 30 10:42:19 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.

Thu Jun 30 10:44:13 2005 => File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:13 2005 => File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:43 2005 => File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Exidl.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:59 2005 => File C:\WINDOWS\system32\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:44:59 2005 => File C:\WINDOWS\system32\megaV2Wbr.dll infected by "Trojan-Dropper.Win32.Small.uv" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:45:44 2005 => File C:\WINDOWS\system32\setup_incred_10.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:45:47 2005 => File C:\WINDOWS\system32\Splpmt.dll infected by "Trojan-Dropper.Win32.Noname.a" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:45:55 2005 => File C:\WINDOWS\system32\tvmk1.dll infected by "Trojan-Dropper.Win32.Small.ly" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:46:01 2005 => File C:\WINDOWS\system32\vm_d.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 10:46:01 2005 => File C:\WINDOWS\system32\vm_d.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:31:40 2005 => File C:\Programme\Common Files\updater\delupdat.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:31:40 2005 => File C:\Programme\Common Files\updater\sui.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:31:40 2005 => File C:\Programme\Common Files\updater\wupdater.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:37:55 2005 => File C:\Programme\IncrediFind\BHO\IncFindBHO.dll infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 11:55:28 2005 => File C:\Programme\sf\sf.exe infected by "Trojan-Downloader.Win32.Small.hs" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:05:13 2005 => File C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with ElitebarBHO Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with ElitebarBHO Spyware/Adware ({28caeff3-0f18-4036-b504-51d73bd81abc})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with NetPal Spyware/Adware ({00000ef1-0786-4633-87c6-1aa7a44296da})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with NetPal Spyware/Adware ({ef100007-f409-426a-9e7c-cb211f2a9786})! Action taken: No Action Taken.

Thu Jun 30 12:06:02 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken.

Thu Jun 30 12:06:03 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.

Thu Jun 30 12:08:08 2005 => File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:08 2005 => File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:38 2005 => File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Exidl.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:55 2005 => File C:\WINDOWS\system32\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:08:55 2005 => File C:\WINDOWS\system32\megaV2Wbr.dll infected by "Trojan-Dropper.Win32.Small.uv" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:37 2005 => File C:\WINDOWS\system32\setup_incred_10.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:40 2005 => File C:\WINDOWS\system32\Splpmt.dll infected by "Trojan-Dropper.Win32.Noname.a" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:48 2005 => File C:\WINDOWS\system32\tvmk1.dll infected by "Trojan-Dropper.Win32.Small.ly" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:54 2005 => File C:\WINDOWS\system32\vm_d.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:09:54 2005 => File C:\WINDOWS\system32\vm_d.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:45:03 2005 => File C:\Programme\Common Files\updater\delupdat.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:45:03 2005 => File C:\Programme\Common Files\updater\sui.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:45:03 2005 => File C:\Programme\Common Files\updater\wupdater.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 12:51:27 2005 => File C:\Programme\IncrediFind\BHO\IncFindBHO.dll infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:09:17 2005 => File C:\Programme\sf\sf.exe infected by "Trojan-Downloader.Win32.Small.hs" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:17:18 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0063051.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:17:53 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0080438.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:18:02 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP109\A0080518.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:18:36 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP110\A0081394.EXE infected by "Backdoor.Win32.Agobot.hl" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:19:06 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP115\A0083909.exe infected by "Backdoor.Win32.Agobot.hl" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:20:38 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP55\A0025784.exe infected by "Backdoor.Win32.Rirc.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:15 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP79\A0039782.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:21 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP80\A0039863.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:23 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP80\A0039899.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:23:32 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP81\A0040103.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:25:21 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP93\A0043695.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:25:30 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP94\A0043856.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:25:31 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP94\A0043885.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:12 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP99\A0049567.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:13 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP99\A0050618.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:14 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP99\A0052619.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:26:53 2005 => File C:\updaterInstall_112.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:46:11 2005 => File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:46:11 2005 => File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:47:15 2005 => File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Exidl.b" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:47:28 2005 => File C:\WINDOWS\system32\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:47:28 2005 => File C:\WINDOWS\system32\megaV2Wbr.dll infected by "Trojan-Dropper.Win32.Small.uv" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:19 2005 => File C:\WINDOWS\system32\setup_incred_10.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:24 2005 => File C:\WINDOWS\system32\Splpmt.dll infected by "Trojan-Dropper.Win32.Noname.a" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:45 2005 => File C:\WINDOWS\system32\tvmk1.dll infected by "Trojan-Dropper.Win32.Small.ly" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:53 2005 => File C:\WINDOWS\system32\vm_d.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:48:53 2005 => File C:\WINDOWS\system32\vm_d.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.

Thu Jun 30 13:57:14 2005 => File D:\aaaaa\prog\mIRC\mirc.ini infected by "Net-Worm.Win32.Randon.u" Virus! Action Taken: No Action Taken.

Thu Jun 30 14:12:12 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jun 30 10:40:55 2005 => File C:\WINDOWS\System32\ATPART~1.DLL tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 10:40:55 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\NHelper.dll tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 10:41:01 2005 => File C:\WINDOWS\Dit.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 10:41:02 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 10:43:48 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 10:44:12 2005 => File C:\WINDOWS\system32\ATPartners.dll tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 10:45:44 2005 => File C:\WINDOWS\system32\SHAgentNew.dll tagged as "not-a-virus:AdWare.Sahat.g". Action Taken: No Action Taken.

Thu Jun 30 10:45:44 2005 => File C:\WINDOWS\system32\shawn_1.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.ac". Action Taken: No Action Taken.

Thu Jun 30 10:46:04 2005 => File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.

Thu Jun 30 11:31:52 2005 => File C:\Programme\DS9\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:32:10 2005 => File C:\Programme\EasyDivX\Install\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:32:11 2005 => File C:\Programme\EasyDivX\softs\ck.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

Thu Jun 30 11:32:15 2005 => File C:\Programme\EasyDivX2\cd1\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:34:00 2005 => File C:\Programme\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:34:17 2005 => File C:\Programme\GameSpy Arcade\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:53:35 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\NHUninstaller.exe tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 11:54:31 2005 => File C:\Programme\Opera\Plugins\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 11:54:33 2005 => File C:\Programme\OutpostInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:05:13 2005 => File C:\WINDOWS\System32\ATPART~1.DLL tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 12:05:17 2005 => File C:\WINDOWS\Dit.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 12:07:43 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 12:08:07 2005 => File C:\WINDOWS\system32\ATPartners.dll tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 12:09:37 2005 => File C:\WINDOWS\system32\SHAgentNew.dll tagged as "not-a-virus:AdWare.Sahat.g". Action Taken: No Action Taken.

Thu Jun 30 12:09:37 2005 => File C:\WINDOWS\system32\shawn_1.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.ac". Action Taken: No Action Taken.

Thu Jun 30 12:09:56 2005 => File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.

Thu Jun 30 12:45:15 2005 => File C:\Programme\DS9\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:45:31 2005 => File C:\Programme\EasyDivX\Install\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:45:32 2005 => File C:\Programme\EasyDivX\softs\ck.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

Thu Jun 30 12:45:36 2005 => File C:\Programme\EasyDivX2\cd1\Codec\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:47:23 2005 => File C:\Programme\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 12:47:41 2005 => File C:\Programme\GameSpy Arcade\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:07:25 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4d\NHUninstaller.exe tagged as "not-a-virus:AdWare.NavExcel.h". Action Taken: No Action Taken.

Thu Jun 30 13:08:16 2005 => File C:\Programme\Opera\Plugins\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:08:18 2005 => File C:\Programme\OutpostInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:14:35 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0061067.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:15:26 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP108\A0061343.exe tagged as "not-a-virus:Porn-Dialer.Win32.ALifeDialer". Action Taken: No Action Taken.

Thu Jun 30 13:25:57 2005 => File C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}(2)\RP97\A0047249.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:30:30 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Thu Jun 30 13:46:10 2005 => File C:\WINDOWS\system32\ATPartners.dll tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.

Thu Jun 30 13:47:26 2005 => File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:48:20 2005 => File C:\WINDOWS\system32\SHAgentNew.dll tagged as "not-a-virus:AdWare.Sahat.g". Action Taken: No Action Taken.
Thu Jun 30 13:48:20 2005 => File C:\WINDOWS\system32\shawn_1.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.ac". Action Taken: No Action Taken.

Thu Jun 30 13:49:04 2005 => File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.

Thu Jun 30 13:56:47 2005 => File D:\aaaaaaaaa\prog\DivX505Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:56:47 2005 => File D:\Aaaaaaaaa\prog\DivXLand_MediaSub_170.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:56:59 2005 => File D:\Aaaaaaaaaaa\prog\EasyDivX_0820_standard.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

Thu Jun 30 13:57:01 2005 => File D:\Aaaaa\prog\fgf165.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:57:14 2005 => File D:\aaaaa\prog\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.

Thu Jun 30 13:57:14 2005 => File D:\aaaaa\prog\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.

Thu Jun 30 13:57:18 2005 => File D:\aaaaaaaa\prog\npfg11.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 13:58:44 2005 => File D:\aaaaaaaaaa\prog\WinMPG_VideoConvert.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 14:06:07 2005 => File D:\Tools\DiVX Video\DivX505Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 14:06:51 2005 => File D:\Tools\ISDN\Classic Phonetools\driver\Setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thu Jun 30 14:06:52 2005 => File D:\Tools\ISDN\Classic Phonetools\Goodies\awebpro.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statisktiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jun 30 14:12:12 2005 => Total Virus(es) Found: 97
Thu Jun 30 14:12:12 2005 => Total Errors: 1648
Thu Jun 30 14:12:12 2005 => Time Elapsed: 02:06:35
Thu Jun 30 14:12:12 2005 => Total Objects Scanned: 145753
Thu Jun 30 10:39:56 2005 => Virus Database Date: 2005/06/24
Thu Jun 30 12:04:26 2005 => Virus Database Date: 2005/06/24
Thu Jun 30 14:12:12 2005 => Virus Database Date: 2005/06/24
Thu Jun 30 14:14:40 2005 => Virus Database Date: 2005/06/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Und was bedeutet das "tagged as" und "offending value" überhaupt?
Bringt das überhaupt noch was, das Ganze per Hand zu bereinigen??


Gruß
Estel
__________________

Geändert von Estel (30.06.2005 um 22:21 Uhr) Grund: FInd.bat funktionert doch...

Alt 30.06.2005, 22:21   #4
chaosman
 
LogFile - Standard

LogFile



@Estel
Bringt das überhaupt noch was, das Ganze per Hand zu bereinigen??

Ich würde an deiner Stelle das System neuaufsetzen(format).
Du hast soviel Malware und downloader im System, neuaufsetzen geht schneller.

hier eine Anleitung
http://www.trojaner-board.de/showpos...28&postcount=2
sry
chaosman
__________________
Bonus vir semper tiro

Alt 30.06.2005, 23:01   #5
Estel
 
LogFile - Standard

LogFile



Das habe ich befürchtet. Habe auch nichts gegen ein Neuaufsetzen. Bloß: wenn ich meine Daten jetzt sichere (CD, DVD oder externe Festplatte), wie kann ich dann sichergehen, dass ich nachher nicht wieder was drauf habe? Reicht es aus, nur die Dateien bei "infected" zu meiden (wäre ja dann nur mirc, und das benutze ich schon ewig nicht mehr, von daher kommt es zur Sicherung auch nicht in Frage)?


Alt 30.06.2005, 23:12   #6
Cidre
Administrator, a.D.
 
LogFile - Standard

LogFile



Wirklich sicher gehen kannst du nur, wenn du keine Daten/Dateien vom durchseuchten- in dein neues und sauberes System integrierst.
Falls doch, dann prüfe die CD/DVD mit eScan gegen, bevor du diese integrierst.
__________________
--> LogFile

Antwort

Themen zu LogFile
adobe, antivirus, bho, computer, dateien, dll, drivers, etrust antivirus, explorer, hijack, hijackthis, home, internet, internet explorer, logfile, messenger, microsoft, programme, rundll, scan, software, system, system32, windows, windows messenger, windows xp, windows\system32\drivers



Ähnliche Themen: LogFile


  1. Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten
    Log-Analyse und Auswertung - 04.09.2013 (17)
  2. Logfile ok?
    Log-Analyse und Auswertung - 10.07.2011 (31)
  3. Probleme trotz beseitigung von trojan.Zbot und Trojan.Downloader, OTL Logfile, MalwareByte Logfile!
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (10)
  4. Logfile auswerten bzw. Logfile posten
    Mülltonne - 30.12.2008 (0)
  5. Hjt Logfile
    Log-Analyse und Auswertung - 10.06.2008 (21)
  6. logfile
    Mülltonne - 18.04.2008 (0)
  7. Logfile
    Log-Analyse und Auswertung - 20.09.2006 (1)
  8. Logfile
    Log-Analyse und Auswertung - 26.03.2006 (8)
  9. logfile
    Log-Analyse und Auswertung - 24.11.2005 (6)
  10. Logfile
    Log-Analyse und Auswertung - 04.09.2005 (1)
  11. Logfile
    Log-Analyse und Auswertung - 02.09.2005 (4)
  12. Logfile
    Log-Analyse und Auswertung - 07.08.2005 (1)
  13. Logfile
    Log-Analyse und Auswertung - 01.05.2005 (3)
  14. Logfile ok?
    Log-Analyse und Auswertung - 26.04.2005 (4)
  15. logfile ok?
    Log-Analyse und Auswertung - 29.12.2004 (6)
  16. Logfile Ok ?
    Log-Analyse und Auswertung - 16.11.2004 (2)
  17. Logfile
    Log-Analyse und Auswertung - 09.09.2004 (2)

Zum Thema LogFile - Ich glaub, ich hab so allerhand Sachen auf dem Computer, die da nicht hingehören. Kann sich das bitte jemand angucken? ------------- Logfile of HijackThis v1.99.1 Scan saved at 10:16:17, on - LogFile...
Archiv
Du betrachtest: LogFile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.