Trojaner-Board - mein escan log

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - mein escan log - und jetzt? (https://www.trojaner-board.de/16153-escan-log.html)

mein escan log - und jetzt?

Habe einen escan im abgesicherten Modus gemacht. Das ist das Ergebnis:

Sat Apr 02 14:29:49 2005 => ***** Scanning complete. *****

Sat Apr 02 14:29:49 2005 => Total Objects Scanned: 44666
Sat Apr 02 14:29:49 2005 => Total Virus(es) Found: 12
Sat Apr 02 14:29:49 2005 => Total Disinfected Files: 0
Sat Apr 02 14:29:49 2005 => Total Files Renamed: 0
Sat Apr 02 14:29:49 2005 => Total Deleted Objects: 0
Sat Apr 02 14:29:49 2005 => Total Errors: 6
Sat Apr 02 14:29:49 2005 => Time Elapsed: 01:07:14
Sat Apr 02 14:29:49 2005 => Virus Database Date: 2005/04/01
Sat Apr 02 14:29:49 2005 => Virus Database Count: 124236

Sat Apr 02 13:19:49 2005 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.VXD
Sat Apr 02 13:33:05 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Apr 02 13:19:49 2005 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.VXD
Sat Apr 02 13:33:05 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Apr 02 13:19:49 2005 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.VXD
Sat Apr 02 13:33:05 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Apr 02 13:33:05 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 02 13:33:05 2005 => System found infected with 180Solutions Spyware/Adware ({30d02401-6a81-11d0-8274-00c04fd5ae38})! Action taken: No Action Taken.
Sat Apr 02 13:33:05 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 02 13:33:05 2005 => System found infected with VX2 Spyware/Adware ({0E5CBF21-D15F-11D0-8301-00AA005B4383})! Action taken: No Action Taken.
Sat Apr 02 13:33:05 2005 => File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 02 13:33:05 2005 => Offending value found in HKCU\Software\cydoor !!!
Sat Apr 02 13:33:05 2005 => System found infected with cydoor Spyware/Adware! Action taken: No Action Taken.
Sat Apr 02 13:33:05 2005 => File System Found infected by "cydoor Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 02 13:33:06 2005 => Offending value found in HKCU\Software\VB and VBA Program Settings !!!
Sat Apr 02 13:33:06 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken.
Sat Apr 02 13:33:06 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat Apr 02 13:33:36 2005 => Scanning File C:\WINDOWS\newdotnet3_36.dll
Sat Apr 02 13:33:36 2005 => File C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Sat Apr 02 13:56:25 2005 => Scanning File C:\WINDOWS\newdotnet3_36.dll
Sat Apr 02 13:56:25 2005 => File C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Sat Apr 02 13:58:22 2005 => Scanning File C:\Eigene Dateien\Claudia\downloads\9
Sat Apr 02 13:58:22 2005 => File C:\Eigene Dateien\Claudia\downloads\9 infected by "Trojan-Downloader.Win32.Agent.dw" Virus. Action Taken: No Action Taken.
Sat Apr 02 14:22:08 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\03B57F24.EXE
Sat Apr 02 14:22:08 2005 => File C:\Programme\Norton AntiVirus\Quarantine\03B57F24.EXE infected by "Virus.Win32.Parite.b" Virus. Action Taken: No Action Taken.
Sat Apr 02 14:22:08 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\6F5B0EAE.dll
Sat Apr 02 14:22:08 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6F5B0EAE.dll infected by "not-a-virus:AdWare.TimeSink.c" Virus. Action Taken: No Action Taken.
Sat Apr 02 14:27:44 2005 => Scanning File C:\Program Files\Altnet\Download Manager\asm.exe
Sat Apr 02 14:27:45 2005 => File C:\Program Files\Altnet\Download Manager\asm.exe infected by "not-a-virus:AdWare.Altnet.l" Virus. Action Taken: No Action Taken.
Sat Apr 02 14:27:45 2005 => Scanning File C:\Program Files\Altnet\Download Manager\asmps.dll
Sat Apr 02 14:27:46 2005 => File C:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.

Kann ich die Dateien alle löschen? Wie und was muss ich noch tun?

Hi,

lade dir LspFix lade auch Spybot und Ad-aware beide updaten.
Schau in der Systemsteuerung --> Software nach NewDotNet oder NewNet (wenn vorhanden deinstallieren)
das gleiche mit Altnet, wenn vorhanden deinstallieren.
deaktiviere die systemwiederherstellung boote in den abgesicherten Modus und scanne nacheinander mit Spybot und Ad aware und lösche alles was gefunden wird.
Leere den Quarantäneordner von Norton Antivirus
Lösche von Hand wenn noch vorhanden bei folgender Einstellung

C:\WINDOWS\newdotnet3_36.dll
C:\Eigene Dateien\Claudia\downloads\9
C:\Program Files\Altnet\Download Manager\asm.exe <-- kompletten Ordner

Neu booten Systemwiederherstellung wieder aktivieren. Solltest Du Probleme haben ins Netz zu kommen repariere mit LspFix

Erstelle ein Hijack This Logfile und poste es mittels copy&paste:Direktdownload hier Denk bitte daran, dass das Programm Hijack This in einem neuen Ordner unter C: laufen sollte, siehe dazu auch Hijack This

Hallo!

Ich habe alles gemacht, was du geschrieben hast.
Den HiJackThis habe ich im normalen (nicht im abgesicherten Modus) gemacht. Hier die Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:40:00, on 03.04.2005
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMME\MUILTMEDIA KEYBOARD UTILITY\1.3\KBDAP32A.EXE
C:\T-ONLINE\BSW4\ISDN SPEEDMANAGER\TOMCAT.EXE
C:\PROGRAMME\BROWSER MOUSE\MOUSE32A.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\PROGRAMME\NOKIA\NOKIA PC SUITE 5\DATALAYER.EXE
C:\EIGENE DATEIEN\CLAUDIA\DOWNLOADS\EBAY\TOOLBAR\INSTALLIERT\EBAYTBDAEMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\NOKIA\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\1_99_1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.t-online.de/software/ie50/setpxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.btx.dtag.de:80
O2 - BHO: SecuritySurf Class - {1BA1F1FE-B5D8-4C20-BB20-95EE87D7C803} - C:\PROGRAMME\MEDIABEAM\CLOCKX\MBIEEXT.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\EIGENE DATEIEN\CLAUDIA\DOWNLOADS\EBAY\TOOLBAR\INSTALLIERT\EBAYTB.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\EIGENE DATEIEN\CLAUDIA\DOWNLOADS\EBAY\TOOLBAR\INSTALLIERT\EBAYTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpppta] C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Programme\PowerQuest\PartitionMagic5\UTILITY\MMOVER32\PQINIT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\T-ONLINE\BSW4\ISDN SPEEDMANAGER\TOMCAT.EXE"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Eigene Dateien\Claudia\downloads\ebay\toolbar\installiert\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\PROGRAMME\TROJANCHECK 6\TCGUARD.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: bei &ClockX suchen... - file:\\C:\Programme\mediaBEAM\ClockX\clockxseek.html
O8 - Extra context menu item: &eBay Search - res://C:\EIGENE DATEIEN\CLAUDIA\DOWNLOADS\EBAY\TOOLBAR\INSTALLIERT\eBayTb.dll/RCSearch.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAMME\AIM95\AIM.EXE
O9 - Extra button: Telefonbieten - {5A5C15BE-B8AA-4104-B5A1-83882EFFFB91} - C:\PROGRAMME\MEDIABEAM\CLOCKX\MBIEEXT.DLL
O9 - Extra 'Tools' menuitem: per Telefon bieten... - {5A5C15BE-B8AA-4104-B5A1-83882EFFFB91} - C:\PROGRAMME\MEDIABEAM\CLOCKX\MBIEEXT.DLL
O9 - Extra button: SMS Erinnerung - {B07C6052-5B94-4717-BEBF-CC157E416D18} - C:\PROGRAMME\MEDIABEAM\CLOCKX\MBIEEXT.DLL
O9 - Extra 'Tools' menuitem: per SMS erinnern... - {B07C6052-5B94-4717-BEBF-CC157E416D18} - C:\PROGRAMME\MEDIABEAM\CLOCKX\MBIEEXT.DLL
O9 - Extra button: eBay Deutschland - {AA52BF9B-A031-45a7-858E-574C4105629B} - C:\PROGRAMME\MEDIABEAM\CLOCKX\MBIEEXT.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\EIGENE DATEIEN\CLAUDIA\DOWNLOADS\YAHOOMESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\EIGENE DATEIEN\CLAUDIA\DOWNLOADS\YAHOOMESSENGER\YPAGER.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/233d7cdc...dxIE601_de.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.120.252,192.168.120.253

Hakito

ich kann eigentlich nicht's schlechtes in Deinem Logfile erkennen ausser damit Dein IE veraltet ist, Du solltest mal updaten und in Zukunft auf alternative Browser umsteigen.
http://filepony.de/download-opera/
http://www.mozilla.org/
Du kannst zur Sicherheit eScan nochmal im abgesicherten Modus durchlaufen lassen