|
Gruenschnabel braucht hilfe Hallo Leute, habe hier nen Rechner mit jeder menge Ungeziefer: Escan Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mon May 23 21:53:11 2005 => System found infected with SexList Spyware/Adware (_{CFBFAE00-17A6-11D0-99CB-00C04FD64497})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with SideFind Spyware/Adware ({58634367-d62b-4c2c-86be-5aac45cdb671})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with SideFind Spyware/Adware ({d0288a41-9855-4a9b-8316-babe243648da})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with SideFind Spyware/Adware ({339d8aff-0b42-4260-ad82-78ce605a9543})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with SideFind Spyware/Adware ({a36a5936-cfd9-4b41-86bd-319a1931887f})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with SideFind Spyware/Adware ({a3fdd654-a057-4971-9844-4ed8e67dbbb8})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with MyBar Spyware/Adware ({3646C2BD-3554-49CA-8125-44DEEFB881DE})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with WebP2P Spyware/Adware ({1D6711C8-7154-40BB-8380-3DEA45B69CBF})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with AltnetBDE Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with AltnetBDE Spyware/Adware ({9bbcf06c-dcd7-495d-80df-cdd5399d0ff8})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with AltnetBDE Spyware/Adware ({e813099d-5529-47f4-9b37-4afafcb00a43})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with AltnetBDE Spyware/Adware ({ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb})! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with AltnetBDE Spyware/Adware (adm4.adm4)! Action taken: No Action Taken. Mon May 23 21:53:12 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.adm25)! Action taken: No Action Taken. Mon May 23 21:53:18 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken. Mon May 23 21:53:18 2005 => System found infected with eZula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken. Mon May 23 21:53:18 2005 => System found infected with eZula Spyware/Adware (mqexdlm.srg)! Action taken: No Action Taken. Mon May 23 21:53:50 2005 => System found infected with Browser Hijack Object Spyware/Adware (Free AOL & Unlimited Internet.url)! Action taken: No Action Taken. Mon May 23 21:53:50 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken. Mon May 23 21:53:50 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken. Mon May 23 21:53:50 2005 => System found infected with powerscan Spyware/Adware (powerscan.exe)! Action taken: No Action Taken. Mon May 23 21:53:50 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.dll)! Action taken: No Action Taken. Mon May 23 21:53:51 2005 => System found infected with ISTsvc Spyware/Adware (shortcuts.txt)! Action taken: No Action Taken. Mon May 23 21:54:06 2005 => File C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken. Mon May 23 21:54:13 2005 => File C:\WINDOWS\uxxfho.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken. Mon May 23 22:08:57 2005 => File C:\DOCUME~1\baeman\LOCALS~1\Temp\bb.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken. Mon May 23 22:09:13 2005 => File C:\DOCUME~1\baeman\LOCALS~1\Temp\fkFDddF.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken. Mon May 23 22:09:14 2005 => File C:\DOCUME~1\baeman\LOCALS~1\Temp\FNer0u.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. Mon May 23 22:09:41 2005 => File C:\DOCUME~1\baeman\LOCALS~1\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken. Mon May 23 22:15:22 2005 => File C:\DOCUME~1\baeman\LOCALS~1\TEMPOR~1\Content.IE5\CPE709UB\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken. Mon May 23 22:17:26 2005 => File C:\DOCUME~1\baeman\LOCALS~1\TEMPOR~1\Content.IE5\H8IFY5S7\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. Mon May 23 22:34:20 2005 => File C:\Documents and Settings\baeman\.jpi_cache\jar\1.0\loaderadv622.jar-7ff5838e-5e544ece.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken. Mon May 23 23:02:08 2005 => File C:\Documents and Settings\baeman\Local Settings\Temp\bb.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken. Mon May 23 23:02:24 2005 => File C:\Documents and Settings\baeman\Local Settings\Temp\fkFDddF.exe infected by "Trojan-Downloader.Win32.IstBar.ir" Virus! Action Taken: No Action Taken. Mon May 23 23:02:25 2005 => File C:\Documents and Settings\baeman\Local Settings\Temp\FNer0u.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. Mon May 23 23:02:52 2005 => File C:\Documents and Settings\baeman\Local Settings\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus! Action Taken: No Action Taken. Mon May 23 23:08:17 2005 => File C:\Documents and Settings\baeman\Local Settings\Temporary Internet Files\Content.IE5\CPE709UB\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken. Mon May 23 23:10:30 2005 => File C:\Documents and Settings\baeman\Local Settings\Temporary Internet Files\Content.IE5\H8IFY5S7\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. Tue May 24 09:49:57 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mon May 23 21:51:53 2005 => File C:\PROGRA~1\SideFind\sfbho.dll tagged as "not-a-virus:AdWare.ToolBar.SideFind". Action Taken: No Action Taken. Mon May 23 21:51:53 2005 => File c:\PROGRA~1\180SOL~1\saishook.dll tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. Mon May 23 21:52:02 2005 => File C:\PROGRA~1\180SOL~1\sais.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. Mon May 23 21:52:37 2005 => File C:\PROGRA~1\SideFind\sfbho.dll tagged as "not-a-virus:AdWare.ToolBar.SideFind". Action Taken: No Action Taken. Mon May 23 21:52:49 2005 => File c:\PROGRA~1\180SOL~1\sais.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. Mon May 23 21:52:49 2005 => File C:\WINDOWS\jqp.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. Mon May 23 21:52:51 2005 => File c:\PROGRA~1\altnet\POINTS~1\POINTS~1.EXE tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken. Mon May 23 21:55:50 2005 => File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken. Mon May 23 21:56:28 2005 => File C:\WINDOWS\system32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. Mon May 23 21:59:29 2005 => File C:\DOCUME~1\baeman\LOCALS~1\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken. Mon May 23 22:09:42 2005 => File C:\DOCUME~1\baeman\LOCALS~1\Temp\powerscan.exe tagged as "not-a-virus:AdWare.PowerScan.d". Action Taken: No Action Taken. Mon May 23 22:09:49 2005 => File C:\DOCUME~1\baeman\LOCALS~1\Temp\sidefind.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken. Mon May 23 22:52:40 2005 => File C:\Documents and Settings\baeman\Local Settings\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken. Mon May 23 23:02:53 2005 => File C:\Documents and Settings\baeman\Local Settings\Temp\powerscan.exe tagged as "not-a-virus:AdWare.PowerScan.d". Action Taken: No Action Taken. Mon May 23 23:03:00 2005 => File C:\Documents and Settings\baeman\Local Settings\Temp\sidefind.exe tagged as "not-a-virus:AdWare.ToolBar.SideFind.a". Action Taken: No Action Taken. Mon May 23 23:56:22 2005 => File C:\Documents and Settings\baeman\My Documents\clonecd.v5.2.1.1.patch.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. Tue May 24 00:09:19 2005 => File C:\Documents and Settings\baeman\My Documents\downloads\DivXPro502GAINBundle.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. Tue May 24 09:40:00 2005 => File C:\Documents and Settings\baeman\My Documents\downloads\MovieJack2[1].07.002german.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue May 24 09:49:57 2005 => Total Virus(es) Found: 73 Tue May 24 09:49:57 2005 => Total Errors: 162 Tue May 24 09:49:57 2005 => Time Elapsed: 11:57:35 Tue May 24 09:49:57 2005 => Total Objects Scanned: 40126 Mon May 23 21:50:31 2005 => Virus Database Date: 2005/05/23 Tue May 24 09:49:57 2005 => Virus Database Date: 2005/05/23 Tue May 24 09:50:06 2005 => Virus Database Date: 2005/05/23 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hijack Log: Logfile of HijackThis v1.99.1 Scan saved at 09:57:16, on 24.05.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\McAfee\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\program files\180solutions\sais.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\QUT VPN Client\cvpnd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Windows Media Player\wmplayer.exe D:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe C:\Bases_X\mwavscan.com C:\Bases_X\kavss.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\baeman\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.qut.edu.au:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = qutaccess.qut.edu.au R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [jqp] C:\WINDOWS\jqp.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108346735572 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\QUT VPN Client\cvpnd.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\McAfee\VirusScan\VsTskMgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Bin ueber jede Hilfe dankbar. Dank |
Hallo baeman, downloade Dir lade Dir clearprog 1.4.1 final, Adaware und spybot S&D. Installiere und update adaware und spybot. Wechsel in den abgesicherten Modus bei deaktivierter Systemwiederherstellung http://www.systemwiederherstellung-d...indows-xp.html Starte "clearprog" Häckchen bei "Alles Löschen" und auf löschen klicken. Scanne mit Adaware sowie Spybot und lösche alle Funde. dartus |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 01:56 Uhr. |
Copyright ©2000-2025, Trojaner-Board