Trojaner-Board - Bitte mal Logfile auswerten

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Bitte mal Logfile auswerten - Danke (https://www.trojaner-board.de/15640-bitte-mal-logfile-auswerten-danke.html)

Bitte mal Logfile auswerten - Danke

Logfile of HijackThis v1.99.1
Scan saved at 00:01:57, on 21.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\TOSHIBA\Power Management\CePMTray.exe
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\sgrunt\IE4321.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\VeriSign\NAVI\naviagent.exe
C:\Programme\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\T-DSLS~1\tsmsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\FRITZ!\FriWeb32.exe
C:\Programme\Mozilla\firefox.exe
C:\Programme\ICQ\Icq.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Benni\LOKALE~1\Temp\Rar$EX00.906\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.master69.biz?29
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts: 194.25.134.153 www.t-online.de #WTXP|22.06.2004|22.06.2004|1|auto.Eintrag WT_XP
O2 - BHO: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
O3 - Toolbar: UCmore - The Search Accelerator Toolbar - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programme\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programme\DATA BECKER\Download Turbo\iebar.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programme\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\system32\mcc.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Olympic] C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~1\MICROS~4\Office\1031\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: Optionen für i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.xbeta69.com
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {BBCACFA8-B901-451E-A606-0FE678814967} (control to view directory & upload images) - http://www.uboot.com/h/int/applet/ph...toUploader.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F31CC4E2-725B-451D-BCD1-97D331F47781}: NameServer = 192.168.120.252,192.168.120.253
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programme\VeriSign\NAVI\naviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Programme\Dantz\Retrospect\retrorun.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\PROGRA~1\T-DSLS~1\tsmsvc.exe

Hallo coke17,

führe bitte dies mal aus:
1. Downloade Dir escan und befolge genau diese Anleitung (Scan im ABGESICHERTEN MODUS dauert etwa eine Stunde),http://www.systemwiederherstellung-d...indows-xp.html
2. starte nach dem Scan wieder in den normalen Modus,
3. öffne die Datei "mwav.log", klicke auf "bearbeiten" danach auf "suchen"
4. gebe dann "infected" ein,
5. suche weiter bei Treffern, markiere diese und kopiere sie ins Forum,
6. neben den Treffern auch das Gesamtergebnis (befindet sich ganz unter im Logfile) posten.

Beispiel:
Wed Feb 02 19:48:56 2005 => Total Files Scanned:
Wed Feb 02 19:48:56 2005 => Total Virus(es) Found:
.
.
.
.

dartus

Also, here we go. Sieht ja übel aus in meinen Augen...

Mon Mar 21 08:49:07 2005 => File C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 08:49:07 2005 => File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.

Mon Mar 21 08:49:17 2005 => File C:\DOKUME~1\Benni\ANWEND~1\sgrunt\IE4321.exe infected by "Trojan.Win32.Dialer.hc" Virus. Action Taken: No Action Taken.

Mon Mar 21 08:49:52 2005 => File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Mon Mar 21 08:49:52 2005 => File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:05:30 2005 => File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:35 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:35 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:14:36 2005 => File C:\WINDOWS\Temp\Adware\Setup_PerfectNav.exe infected by "Trojan-Downloader.Win32.Small.alx" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:18:44 2005 => File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:47:32 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1803745e-4dd5674a.zip infected by "Trojan.Java.StartPage.m" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:47:42 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-748d56ad-51985067.class infected by "Trojan.Java.ClassLoader.b" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:47:50 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-298c2e55-333388e7.class infected by "Exploit.JS.ScriptSrc.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 09:48:49 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Mozilla\Firefox\Profiles\default.0gn\Cache\B013070Ed01 infected by "Trojan-Clicker.JS.Linker.h" Virus. Action Taken: No Action Taken

Mon Mar 21 10:26:11 2005 => File C:\Programme\TheSearchAccelerator\IUCmore.dll infected by "not-a-virus:AdWare.Toolbar.Ucmore" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:32:21 2005 => File C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.e" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:32:22 2005 => File C:\Programme\PerfectNav\BHO\PerfectNav150c.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:32:22 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:32:22 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:32 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045564.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045569.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045573.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken

Mon Mar 21 10:38:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045574.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:34 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045575.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:34 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045576.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:46:03 2005 => ***** Scanning complete. *****

Mon Mar 21 10:46:03 2005 => Total Files Scanned: 87314
Mon Mar 21 10:46:03 2005 => Total Virus(es) Found: 30
Mon Mar 21 10:46:03 2005 => Total Disinfected Files: 0
Mon Mar 21 10:46:03 2005 => Total Files Renamed: 0
Mon Mar 21 10:46:03 2005 => Total Deleted Files: 0
Mon Mar 21 10:46:03 2005 => Total Errors: 5
Mon Mar 21 10:46:03 2005 => Time Elapsed: 01:57:06
Mon Mar 21 10:46:03 2005 => Virus Database Date: 2005/03/17
Mon Mar 21 10:46:03 2005 => Virus Database Count: 122324

Mon Mar 21 10:46:03 2005 => Scan Completed.

Mon Mar 21 12:08:26 2005 => Virus Database Date: 2005/03/17
Mon Mar 21 12:08:26 2005 => Virus Database Count: 122324
Mon Mar 21 12:08:32 2005 => AV Library Unloaded (3)...

@coke17
diese datei als beweismittel gegen hohe telefonrechnungen auf diskette sichern.
Mon Mar 21 08:49:17 2005 => File C:\DOKUME~1\Benni\ANWEND~1\sgrunt\IE4321.exe infected by "Trojan.Win32.Dialer.hc" Virus. Action Taken: No Action Taken.

dann systemwiederherstellung deaktivieren, alle gefundene dateien (bis auf die system restore)manuell löschen, neu booten, systemwiederherstellung aktivieren.
chaosman

Ich würde auch keine filesharing tools wie grokster und kazaa verwenden!

Jetzt hab ich als Amateur noch 3 Fragen:

1. Auch die "Not-a-Virus"-Dateien löschen??
2. Die System restore is die, die als letztes im Log steht, oder?
3. Müssten die Rechnungen "astronomisch" hoch sein, oder könnten die auch nur höher als sonst sein??
:headbang:

Ich hab Kazaa eigentlich noch nie genutzt. Weiß auch nicht, warum ich mir das runtergeladen hab. Werd ich gleich mit löschen...

Zitat:

1. Auch die "Not-a-Virus"-Dateien löschen??

Diese Hier!

Code:

Mon Mar 21 08:49:07 2005 => File C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 08:49:07 2005 => File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 08:49:17 2005 => File C:\DOKUME~1\Benni\ANWEND~1\sgrunt\IE4321.exe infected by "Trojan.Win32.Dialer.hc" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 08:49:52 2005 => File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 08:49:52 2005 => File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:05:30 2005 => File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:34 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:35 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:35 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:14:36 2005 => File C:\WINDOWS\Temp\Adware\Setup_PerfectNav.exe infected by "Trojan-Downloader.Win32.Small.alx" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:18:44 2005 => File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:47:32 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Sun\Java\Deplo yment\cache\javapi\v1.0\jar\archive.jar-1803745e-4dd5674a.zip infected by "Trojan.Java.StartPage.m" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:47:42 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Sun\Java\Deplo yment\cache\javapi\v1.0\file\BlackBox.class-748d56ad-51985067.class infected by "Trojan.Java.ClassLoader.b" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:47:50 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Sun\Java\Deplo yment\cache\javapi\v1.0\file\BlackBox.class-298c2e55-333388e7.class infected by "Exploit.JS.ScriptSrc.a" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 09:48:49 2005 => File C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Mozilla\Firefo x\Profiles\default.0gn\Cache\B013070Ed01 infected by "Trojan-Clicker.JS.Linker.h" Virus. Action Taken: No Action Taken
 

Mon Mar 21 10:26:11 2005 => File C:\Programme\TheSearchAccelerator\IUCmore.dll infected by "not-a-virus:AdWare.Toolbar.Ucmore" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 10:32:21 2005 => File C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.e" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 10:32:22 2005 => File C:\Programme\PerfectNav\BHO\PerfectNav150c.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 10:32:22 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
 

Mon Mar 21 10:32:22 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.

Hallo coke17,

klicke auf Start --> ausführen dann cleanmgr eingeben "Häckchen" bei min. Tempöräre Dateien dann auf ok klicken
C:\WINDOWS\Temp <-- sind dann alle entfernt

Start-->Systemsteuerung-->Java-->Cache leeren
C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Sun\Java\Deplo yment\cache <- sind dann alle entfernt

Cache des Firefox leeren
C:\Dokumente und Einstellungen\Benni\Anwendungsdaten\Mozilla\Firefo x\Profiles\default.0gn\Cache

Myway über Systemsteuerung --> Software deinstallieren (falls vorhanden)

Folgende Ordner Manuell löschen:
C:\PROGRA~1\PERFEC~1
C:\Myway
C:\Programme\TheSearchAccelerator
C:\Programme\PerfectNav
C:\Programme\Gemeinsame Dateien\CMEII
C:\Programme\Common files\SearchUpgrader

alle andere einzelnd
wenn die noch da ist ebenfalls -->
C:\WINDOWS\system32\mcc.exe

Bitte noch ein neues HJT-Logfile

dartus

Noch ne Frage: Diese Dateien auch löschen ?? Oder ist das die System restore?

Mon Mar 21 10:38:32 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045564.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045569.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045573.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken

Mon Mar 21 10:38:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045574.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:34 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045575.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Mon Mar 21 10:38:34 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP492\A0045576.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Hallo,

ja, und zwar so:

Systemwiederherstellung deaktivieren --> Neustart -->Systemwiederherstellung aktivieren

Zitat:

C:\System Volume Information\_restore

bei diesen vorgehen wie dartus schon beschrieben hat Systemwiedrherstellung deaktivieren neu booten Systemwiederherstellung wieder aktivieren dann sollten die weg sein (Anmerkung: damit sind auch Deine Systemwiederherstellungspunkte weg)

Dann mach ich das mal. Ihr bekommt dann wieder nen Log von mir

Hier der nächste Log-File:

Tue Mar 22 11:10:24 2005 => File C:\DOKUME~1\Benni\LOKALE~1\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Tue Mar 22 11:57:25 2005 => File C:\Dokumente und Einstellungen\Benni\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:24 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000017.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:24 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000018.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:24 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000019.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:24 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000020.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:25 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000021.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:25 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000027.dll infected by "not-a-virus:AdWare.Toolbar.Ucmore" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000214.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:33 2005 => File C:\System Volume Information\_restore{2D2ACF3B-09A4-43A9-B620-F9ADB2F79403}\RP1\A0000215.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:50:33 2005 => File C:\Recycled\Dc1354.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Tue Mar 22 12:52:06 2005 => Total Files Scanned: 76679
Tue Mar 22 12:52:06 2005 => Total Virus(es) Found: 11
Tue Mar 22 12:52:06 2005 => Total Disinfected Files: 0
Tue Mar 22 12:52:06 2005 => Total Files Renamed: 0
Tue Mar 22 12:52:06 2005 => Total Deleted Files: 0
Tue Mar 22 12:52:06 2005 => Total Errors: 2
Tue Mar 22 12:52:06 2005 => Time Elapsed: 01:45:21
Tue Mar 22 12:52:06 2005 => Virus Database Date: 2005/03/17
Tue Mar 22 12:52:06 2005 => Virus Database Count: 122324

Tue Mar 22 12:52:06 2005 => Scan Completed.

Tue Mar 22 13:09:34 2005 => Virus Database Date: 2005/03/17
Tue Mar 22 13:09:34 2005 => Virus Database Count: 122324
Tue Mar 22 13:09:49 2005 => AV Library Unloaded (3)...

Prost :party:
coke17

windowstaste+R -->%temp% -->enter
Dateien löschen
Papierkorb leeren
Systemwiederherstellung deaktivieren --> Rechner ausschalten --> Neustart -->Systemwiederherstellung aktivieren