Bitte um eScan- und HJT-Log-Auswertung
 

Bitte um eScan- und HJT-Log-Auswertung

Hallo,
ich habe trotz Antiviren-SW (AntiVir) und Firewall (ZoneAlarm) folgende Viren auf meinem PC (siehe eScan- und HJT-Log).
Was kann ich tun, um diese zu entfernen ?

Vorab vielen Dank für die Mühe !

Gruss

jb_1

P.S.: Was ist der Unterschied zwischen "fixen" und "entfernen" ?

eScan-Log:

Sun Feb 27 13:31:31 2005 => **********************************************************
Sun Feb 27 13:31:31 2005 => MicroWorld AntiVirus Toolkit Utility.
Sun Feb 27 13:31:31 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Feb 27 13:31:31 2005 =>
Sun Feb 27 13:31:31 2005 => Support: support@mwti.net
Sun Feb 27 13:31:31 2005 => Web: http://www.mwti.net
Sun Feb 27 13:31:31 2005 => **********************************************************
Sun Feb 27 13:31:31 2005 => Version 5.1.1 (C:\bases\mwavscan.com)
Sun Feb 27 13:31:31 2005 => Log File: C:\bases\MWAV.LOG
Sun Feb 27 13:31:31 2005 => User Account: Administrator
Sun Feb 27 13:31:31 2005 => Windows Root Folder: C:\WINNT
Sun Feb 27 13:31:31 2005 => Windows Sys32 Folder: C:\WINNT\system32
Sun Feb 27 13:31:31 2005 => OS: Windows NT
Sun Feb 27 13:31:31 2005 => Latest Date of files inside MWAV: 25 Feb 2005 06:48:40.

Sun Feb 27 13:31:31 2005 => Options Selected by User:
Sun Feb 27 13:31:31 2005 => Memory Check: Enabled
Sun Feb 27 13:31:31 2005 => Registry Check: Enabled
Sun Feb 27 13:31:31 2005 => StartUp Folder Check: Enabled
Sun Feb 27 13:31:31 2005 => System Folder Check: Enabled
Sun Feb 27 13:31:31 2005 => System Area Check: Disabled
Sun Feb 27 13:31:31 2005 => Services Check: Enabled
Sun Feb 27 13:31:31 2005 => Drive Check: Disabled
Sun Feb 27 13:31:31 2005 => All Drive Check :Enabled
Sun Feb 27 13:31:31 2005 => Folder Check: Disabled
Sun Feb 27 13:58:49 2005 => ***** Scanning complete. *****

Sun Feb 27 13:58:49 2005 => Total Files Scanned: 42232
Sun Feb 27 13:58:49 2005 => Total Virus(es) Found: 64
Sun Feb 27 13:58:49 2005 => Total Disinfected Files: 0
Sun Feb 27 13:58:49 2005 => Total Files Renamed: 0
Sun Feb 27 13:58:49 2005 => Total Deleted Files: 0
Sun Feb 27 13:58:49 2005 => Total Errors: 1
Sun Feb 27 13:58:49 2005 => Time Elapsed: 00:27:15
Sun Feb 27 13:58:49 2005 => Virus Database Date: 2005/02/25
Sun Feb 27 13:58:49 2005 => Virus Database Count: 119374

File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\programs\whiehlpr.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\programs\whiehlpr.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\Programs\whSurvey.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\Programs\whAgent.exe infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\ezula\mmod.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\WINNT\webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_48-1.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall6_10.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_40.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall6_22.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall4_88.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall4_94.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_20.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\eZulains.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\bdeinsta.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\bdeinsta2.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\BDESac10.dll infected by "not-a-virus:AdWare.BrilliantDigital.3120" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\cd_load.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kmd133_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\bdeinsta.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\bdeinsta2.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\BDESac10.dll infected by "not-a-virus:AdWare.BrilliantDigital.3120" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\cd_load.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINNT\Temp\newnet\kazaa-298.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\Temp\webhancer\whCC-KaZaa.exe infected by "not-a-virus:AdWare.WebHancer.214" Virus. Action Taken: No Action Taken.
File C:\WINNT\Temp\Brilliant\bdeinsta.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINNT\Temp\cd_install_253.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINNT\webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_48-1.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall6_10.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_40.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall6_22.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall4_88.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall4_94.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\NDNuninstall5_20.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINNT\eZulains.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\kmd133_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\Programme\KaZaA\My Shared Folder\kmd133_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\Programme\eZula\seng.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken.
File C:\Programme\eZula\CHCON.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken.
File C:\Programme\eZula\eabh.dll infected by "not-a-virus:AdWare.EZula.x" Virus. Action Taken: No Action Taken.
File C:\Programme\eZula\mmod.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet\uninstall5_48-1.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whAgent.exe infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whSurvey.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whiehlpr.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\webHancer\Programs\wbhshare.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\webHancer\Programs\whieshm.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\BDE\Cache\bdedetect1.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
File C:\Downloads\napv2b10.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Downloads\napv2b10-4.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Downloads\Programme\vnc_x86_win32\vncviewer\vncviewer.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\Downloads\Programme 2\zapper.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Eigene Dateien\kmd_de.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.




HJT-LOG:

Logfile of HijackThis v1.99.1
Scan saved at 14:12:42, on 27.02.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\bases\mwavscan.com
C:\bases\kavss.exe
C:\WINNT\system32\notepad.exe
C:\Programme\Windows NT\Zubehör\wordpad.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e55/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e55/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von AOL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programme\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programme\GetRight\getright.exe
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet4_88.dll' missing
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e55/
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINNT\System32\PackethSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Du hast eine uralt-Version des Internet Explorers, eine ganze Armada an Spyware auf deinem Rechner und außerdem ein Fernwartungstool. Das hat nichts auf deinem Rechner zu suchen, falls du nichts davon weißt.

Die ganze Spyware solltest du zunächst mal entfernen. Adaware und Spybot helfen dir dabei.

http://www.trojaner-info.de/hijacker/entfernung.shtml

IE updaten oder besser noch einen anderen Browser nutzen.


Nach der Breinigungsaktion nochmal neu scannen und dann die Reporte wieder posten.

FULL ACK.
@jb_1
Übrigens. Kazaa kannst du auch ohne Spybot und AdAware deinstallieren