Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC langsam, Downloads brechen ab (https://www.trojaner-board.de/40444-pc-langsam-downloads-brechen-ab.html)

dA_Fuzzi 29.06.2007 23:46
PC langsam, Downloads brechen ab
 
Hi,

habe ein Problem mit meinem PC.
Es handelt sich um ein älteres Teil aber es ging bis jetzt immer ganz okay.
Jetzt is der PC super langsam, und wenn ich über den IE was runterladen will, dann bricht der Download nach einer kurzen Zeit ab.
HiJackthis hab ich schon durch also hier ein Escan log:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
find.bat Version 2007.06.16.01

Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NORMAL
   
eScan Version: 9.2.8
Sprache: English
 Virus Database Date: 6/28/2007
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
 System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
 System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
 System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
 System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
 System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
 System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
 System found infected with hotbar Spyware/Adware ({74cc49f7-eb32-4a08-b204-948962a6e3db})! Action taken: No Action Taken.
 System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
 System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "hotbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
 File C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\ALW9UZC9\hbtools[1].exe//data0018//data0002 tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
 File C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\ALW9UZC9\hbtools[1].exe//data0018//data0002 tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101572.exe tagged as "not-a-virus:AdWare.Win32.HotBar.bt". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101573.dll tagged as "not-a-virus:AdWare.Win32.HotBar.be". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101575.exe tagged as "not-a-virus:AdWare.Win32.HotBar.by". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101576.dll tagged as "not-a-virus:AdWare.Win32.HotBar.bz". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101578.exe tagged as "not-a-virus:AdWare.Win32.HotBar.by". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101579.exe tagged as "not-a-virus:AdWare.Win32.HotBar.bw". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101580.dll tagged as "not-a-virus:AdWare.Win32.HotBar.bj". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101582.exe tagged as "not-a-virus:AdWare.Win32.Hotbar.an". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101584.dll tagged as "not-a-virus:AdWare.Win32.Hotbar.ar". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0101585.exe//data0002 tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0102443.dll tagged as "not-a-virus:AdWare.Win32.HotBar.bx". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0102444.exe//UPX tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP258\A0102445.dll tagged as "not-a-virus:AdWare.Win32.180Solutions.ay". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102455.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102456.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102457.scr tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102458.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.at". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102459.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102460.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102461.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102462.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102463.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102464.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.at". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102466.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bc". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102467.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102468.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.l". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102469.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.af". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102470.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102471.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102472.SCR tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102473.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102474.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102475.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.an". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102476.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.aq". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102477.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102479.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bc". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102480.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ax". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102482.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.at". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102484.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102485.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.as". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102486.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ad". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102488.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102489.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102490.EXE tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102491.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102492.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102493.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.i". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102500.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102501.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102502.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.au". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102503.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102507.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.as". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102508.DLL tagged as "not-a-virus:AdTool.Win32.MyWebSearch.as". Action Taken: No Action Taken.
 File C:\System Volume Information\_restore{65421CB6-CA6F-485D-97F5-131BA2DEC3F4}\RP259\A0102696.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
 Offending file found: C:\Documents and Settings\Victoria\Desktop\internet.lnk
 Offending file found: C:\Documents and Settings\Victoria\Desktop\internet.lnk
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
 Offending Folder found: C:\Program Files\hotbar
 Offending Folder found: C:\Program Files\mywebsearch
 Offending Folder found: C:\Documents and Settings\Victoria\Application Data\funwebproducts
 Offending Folder found: C:\Documents and Settings\Victoria\Application Data\funwebproducts
~~~~~~~~~~~
Registry
~~~~~~~~~~~
 Offending Key found: HKLM\Software\focusinteractive !!!
 Offending Key found: HKLM\Software\fun web products !!!
 Offending Key found: HKLM\Software\funwebproducts !!!
 Offending Key found: HKLM\Software\magnet !!!
 Offending Key found: HKLM\Software\mywebsearch !!!
 Offending Key found: HKCU\Software\fun web products !!!
 Offending Key found: HKCU\Software\funwebproducts !!!
 Offending Key found: HKCU\Software\mywebsearch !!!
 Offending Key found: HKCU\\magnet !!!
 Offending Key found: HKLM\Software\focusinteractive !!!
 Offending Key found: HKLM\Software\fun web products !!!
 Offending Key found: HKLM\Software\funwebproducts !!!
 Offending Key found: HKLM\Software\magnet !!!
 Offending Key found: HKLM\Software\mywebsearch !!!
 Offending Key found: HKCU\Software\fun web products !!!
 Offending Key found: HKCU\Software\funwebproducts !!!
 Offending Key found: HKCU\Software\mywebsearch !!!
 Offending Key found: HKCU\\magnet !!!
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
 C:\DOCUME~1\Victoria\LOCALS~1\TEMPOR~1\Content.IE5\W7M72UV0\iTunesSetup[1].exe not Scanned. Possibly password protected...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
C:\WINDOWS\System32\drivers\etc\hosts :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 Total Critical Objects: 18
 Total Critical Objects: 70
 Total Disinfected Objects: 0
 Total Disinfected Objects: 0
 Total Objects Renamed: 0
 Total Objects Renamed: 0
 Total Deleted Objects: 0
 Total Deleted Objects: 0
 Total Errors: 21
 Total Errors: 11
 Time Elapsed: 00:49:39
 Time Elapsed: 02:13:05
 Total Objects Scanned: 55309
 Total Objects Scanned: 97365
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 Memory Check: Enabled
 Memory Check: Enabled
 Registry Check: Enabled
 Registry Check: Enabled
 System Folder Check: Enabled
 System Folder Check: Enabled
 System Area Check: Disabled
 System Area Check: Disabled
 Services Check: Enabled
 Services Check: Enabled
 Drive Check: Disabled
 All Drive Check :Enabled
 Drive Check: Disabled
 All Drive Check :Enabled
 All Drive Check :Enabled
 All Drive Check :Enabled
 
Batchstart: 15:39:05.86
Batchende: 15:39:28.43
Danke schonmal für die Hilfe

Sunny 30.06.2007 17:40
Hallo und http://www.world-of-smilies.com/wos_...hilder1020.gif im Trojaner Board!

Arbeite zunächst diese Punkte ab, damit wir einen besseren Überblick und mehr Informationen zu deinem System bekommen:



Datenträgerbereinigung

Zum Starten des Dienstprogramms Datenträgerbereinigung klicke auf Start -> Programme -> Zubehör -> Systemprogramme und klicken anschließend auf Datenträgerbereinigung.
Lass die Partition bereinigen, auf dem dein Betriebssystem installiert ist!
(wird normalerweise automatisch erkannt!)


Schädlinge im Ordner der Systemwiederherstellung:

* Deaktiviere die Systemwiederherstellung -> So wird es gemacht.
* Danach das System neu starten, und mit deinem AV-Scanner nach dem Neustart
alles überprüfen.
(Systemwiederherstellung kann nun wieder aktiviert werden.)


ComboFix

-Lade dir das Tool hier herunter -> KLICK
-Starte nun die combofix.exe, bestätige mit (Y)es, lass die Bereinigung durchlaufen
und kopiere nun den Text ab, und füge ihn in deinen Beitrag im Board ein!

Erstellung eines Hijacklog

-Hier gibt es das Tool -> HijackThis
(nur diese Version benutzen, nicht die BETA-Version!)
-Suche die Datei HiJackThis.exe und benenne sie um in 'This.exe'
(Klick rechte Maustaste -> umbenennen)
-Starte nun mit Doppelklick auf This.exe
-Klicke auf den rot markierten Button Do a system scan and save a log file
-Nach dem Scan öffnet sich ein Editor Fenster, kopiere nun dieses Logfile ab und füge es in deinen Beitrag im Forum mit ein)



Gruß :daumenhoc
Sunny

dA_Fuzzi 30.06.2007 18:20
Combo Fix:

Code:
2004-08-04 05:00      135680    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\TASKMGR.COM.vir
2004-08-04 05:00      146432    --a------    C:\Qoobox\Quarantine\C\WINDOWS\REGEDIT.COM.vir
2006-09-08 18:22      104    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Victoria\Desktop\Internet.lnk.vir


Folder PATH listing
Volume serial number is 3492-F15E
C:\QOOBOX
\---Quarantine
    +---C
    |  +---DOCUME~1
    |  |  \---Victoria
    |  |      \---Desktop
    |  |              Internet.lnk.vir
    |  |             
    |  \---WINDOWS
    |      |  REGEDIT.COM.vir
    |      | 
    |      \---system32
    |              TASKMGR.COM.vir
    |             
    \---Registry_backups
Rest hab ich schon gemacht
HJT hatte ein paar eintragungen, die hab ich gefixed.
Soll ich die quarantäne von Combo Fix jetzt löschen?

Sunny 30.06.2007 19:08
1.) Poste bitte das gesamte Logfile von ComboFix!

2.) Hast du die anderen Schritte abgearbeitet?

3.) Wenn ja, wo ist dann das Hijacklog?

Und warum suchst du Hilfe und löschst dann alle Einträge selbst? :rolleyes:

Sunny

dA_Fuzzi 30.06.2007 21:57
Code:
ComboFix 07-06-18.2 - C:\Documents and Settings\Victoria\Desktop\ComboFix.exe
"Victoria" - 2007-06-30 10:02:58 - Service Pack 2  NTFS 


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Victoria\Desktop\internet.lnk
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com


(((((((((((((((((((((((((  Files Created from 2007-05-28 to 2007-06-30  )))))))))))))))))))))))))))))))


2007-06-30 10:02        49,152        --a------        C:\WINDOWS\nircmd.exe
2007-06-29 18:03        <DIR>        d--------        C:\Program Files\iTunes
2007-06-29 15:39        <DIR>        d--------        C:\bases_x
2007-06-28 10:56        <DIR>        d-a------        C:\WINDOWS\zts2.exe
2007-06-28 10:56        <DIR>        d-a------        C:\WINDOWS\system32\vcmgcd32.dll
2007-06-28 10:56        <DIR>        d-a------        C:\WINDOWS\system32\iifgfgf.dll
2007-06-28 10:56        <DIR>        d-a------        C:\WINDOWS\rundll16.exe
2007-06-28 10:56        <DIR>        d-a------        C:\WINDOWS\rundl132.dll
2007-06-28 10:56        <DIR>        d-a------        C:\WINDOWS\logo1_.exe
2007-06-28 10:50        <DIR>        d--hs----        C:\WINDOWS\CSC
2007-06-28 10:46        146,432        --a------        C:\WINDOWS\R.COM
2007-06-28 10:46        135,680        --a------        C:\WINDOWS\system32\T.COM
2007-06-28 10:38        <DIR>        d--------        C:\VundoFix Backups
2007-06-28 09:18        <DIR>        d--------        C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-06-27 11:50        <DIR>        d--------        C:\DOCUME~1\Victoria\APPLIC~1\ICQLite
2007-06-27 09:54        <DIR>        d--------        C:\Program Files\CCleaner
2007-05-30 22:59        <DIR>        d--------        C:\5df3ec659a6ea6f06db78fac6e51


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 01:03:52        --------        d-----w        C:\Program Files\iPod
2007-06-30 01:00:34        --------        d-----w        C:\Program Files\QuickTime
2007-06-28 17:49:58        --------        d-----w        C:\Program Files\Google
2007-06-27 18:50:16        --------        d-----w        C:\Program Files\ICQLite
2007-06-27 18:47:10        --------        d-----w        C:\Program Files\MSN Messenger
2007-05-30 02:30:54        --------        d-----w        C:\DOCUME~1\Victoria\APPLIC~1\Apple Computer
2007-05-16 15:12:02        683,520        ----a-w        C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15        144,896        ----a-w        C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23        2,854,400        ----a-w        C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36        33,624        ----a-w        C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54        1,710,936        ----a-w        C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48        549,720        ----a-w        C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42        325,976        ----a-w        C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36        203,096        ----a-w        C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28        92,504        ----a-w        C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20        53,080        ----a-w        C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20        43,352        ----a-w        C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 10:34]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 03:15]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-07-26 13:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-10-31 17:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-17 21:18]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 03:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc        usnsvc


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 10:11:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-30 10:14:02
C:\ComboFix-quarantined-files.txt ... 2007-06-30 10:13

        --- E O F ---
Sorry war das falsche log.

Jo die anderen Schritte hab ich alle gemacht.

hier nochmal HJT log:

Code:
Logfile of HijackThis v1.99.1
Scan saved at 1:55:43 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Victoria\LOCALS~1\Temp\Temporary Directory 3 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webkinz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Beth\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
Joa laut logfileauswertung scheint das okay.
Aber naja ich wollte halt schon ein bisschen vorarbeiten mit dem Kram, den ich schon kannte.
Naja trotzdem danke für Hilfe ;)

Sunny 01.07.2007 08:14
Aus beiden Logfiles kann ich keinerlei Infizierungen entnehmen, das war dann wohl alles in der Systemwiederherstellung. ;)

Solltest du immer noch Probleme haben, führe nochmal einen eScan durch und zeig uns die Funde, ansonsten würde ich sagen das System ist wieder (halbwegs) keimfrei... :daumenhoc

Gruß
Sunny


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:57 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129