Trojan Horse Dialer.22.AQ ? kommt immer wieder ! Wie ändere ich das ? |
||
---|---|---|
#0
| ||
15.04.2005, 11:01
...neu hier
Beiträge: 7 |
||
|
||
15.04.2005, 14:45
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@Harald ehall
•eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. •Gehe wieder in den Normalmodus: •mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein •jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. •und ganz unten steht die zusammenfassung, diese auch hier posten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.04.2005, 20:16
...neu hier
Themenstarter Beiträge: 7 |
#3
Hallo @Sabina
hier die infested Zeilen plus das ergebnis von unten nach Escan Apr 15 18:26:53 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Fri Apr 15 18:26:53 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken. Fri Apr 15 18:29:28 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Fri Apr 15 18:29:28 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken. Fri Apr 15 18:30:41 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. fri Apr 15 18:30:41 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken. Fri Apr 15 18:33:14 2005 => File C:\DOKUME~1\Harald\LOKALE~1\Temp\sahagent.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken. Fri Apr 15 18:45:29 2005 => Scanning File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\AHDANIT0\infected6xz[1].gif Fri Apr 15 19:13:19 2005 => File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\RH4JT30S\a775a972[1].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: No Action Taken. Fri Apr 15 19:14:30 2005 => File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\RH4JT30S\ysb_prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken. Fri Apr 15 19:14:30 2005 => File C:\DOKUME~1\Harald\LOKALE~1\TEMPOR~1\Content.IE5\RH4JT30S\ysb_prompt[2].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken. Fri Apr 15 19:54:25 2005 => ***** Scanning complete. ***** Fri Apr 15 19:54:25 2005 => Total Objects Scanned: 64466 Fri Apr 15 19:54:26 2005 => Total Virus(es) Found: 5 Fri Apr 15 19:54:26 2005 => Total Disinfected Files: 0 |
|
|
||
16.04.2005, 00:08
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@Harald ehall
CCleaner--> loesche alle *temp-Datein http://www.ccleaner.com/ccdownload.asp ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ loesche: C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RH4JT30S\a775a972[1].js C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RH4JT30S\ysb_prompt[1].htm C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RH4JT30S\ysb_prompt[2].htm suche/loesche: sfbho.dll sidefind.dll srchfst.dll C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temp\\sidefind.exe c:\program files\sidefind\update\sidefind.exe c:\program files\sidefind\sidefind13.dll #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann •Online-Scann (Panda) http://www.pandasoftware.com/activescan/com/activescan_principal.htm (berichte bitte vom Scann) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.04.2005, 10:34
...neu hier
Themenstarter Beiträge: 7 |
#5
Ad-Aware SE Build 1.05
Logfile Created on:Samstag, 16. April 2005 10:17:00 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R39 15.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» None »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 16.04.2005 10:17:00 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 372 ThreadCreationTime : 16.04.2005 08:15:52 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 420 ThreadCreationTime : 16.04.2005 08:15:56 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 444 ThreadCreationTime : 16.04.2005 08:15:58 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 488 ThreadCreationTime : 16.04.2005 08:15:59 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 500 ThreadCreationTime : 16.04.2005 08:15:59 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 640 ThreadCreationTime : 16.04.2005 08:15:59 BasePriority : Normal #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 652 ThreadCreationTime : 16.04.2005 08:15:59 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 16.04.2005 08:16:00 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 768 ThreadCreationTime : 16.04.2005 08:16:00 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [incdsrv.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 788 ThreadCreationTime : 16.04.2005 08:16:00 BasePriority : Normal FileVersion : 4, 3, 11, 1 ProductVersion : 4, 3, 11, 1 ProductName : Nero AG incdsrv CompanyName : Nero AG FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Nero AG OriginalFilename : incdsrv.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 960 ThreadCreationTime : 16.04.2005 08:16:02 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1040 ThreadCreationTime : 16.04.2005 08:16:02 BasePriority : Normal #:13 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1112 ThreadCreationTime : 16.04.2005 08:16:02 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1120 ThreadCreationTime : 16.04.2005 08:16:02 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:15 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1240 ThreadCreationTime : 16.04.2005 08:16:03 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:16 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1356 ThreadCreationTime : 16.04.2005 08:16:03 BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:17 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1424 ThreadCreationTime : 16.04.2005 08:16:06 BasePriority : Normal FileVersion : 7,1,0,285 ProductVersion : 7.1.0.285 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:18 [dcfssvc.exe] FilePath : C:\WINDOWS\system32\drivers\ ProcessID : 1480 ThreadCreationTime : 16.04.2005 08:16:07 BasePriority : Normal FileVersion : 1.1.4100.0 ProductVersion : 3.2.0400.0 ProductName : Kodak DC File System Driver (Win32) CompanyName : Eastman Kodak Company FileDescription : Kodak DC Ring 3 Conduit (Win32) InternalName : DcFsSvc.exe LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-1 OriginalFilename : DcFsSvc.exe #:19 [kodakccs.exe] FilePath : C:\WINDOWS\system32\drivers\ ProcessID : 1560 ThreadCreationTime : 16.04.2005 08:16:07 BasePriority : Normal FileVersion : 1.1.5100.4 ProductVersion : 4.4.0.0 ProductName : Kodak DC File System Driver (Win32) CompanyName : Eastman Kodak Company FileDescription : Kodak DC Ring 3 Conduit (Win32) InternalName : KodakCCS.exe LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-2004 OriginalFilename : DcFsSvc.exe #:20 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1712 ThreadCreationTime : 16.04.2005 08:16:08 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:21 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1752 ThreadCreationTime : 16.04.2005 08:16:08 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:22 [realsched.exe] FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\ ProcessID : 1836 ThreadCreationTime : 16.04.2005 08:16:09 BasePriority : Normal FileVersion : 0.1.0.3208 ProductVersion : 0.1.0.3208 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:23 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_05\bin\ ProcessID : 1844 ThreadCreationTime : 16.04.2005 08:16:09 BasePriority : Normal #:24 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1860 ThreadCreationTime : 16.04.2005 08:16:09 BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:25 [incd.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 1880 ThreadCreationTime : 16.04.2005 08:16:10 BasePriority : Normal FileVersion : 4, 3, 11, 1 ProductVersion : 4, 3, 11, 1 ProductName : Nero AG InCD CompanyName : Nero AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Nero AG OriginalFilename : InCD.exe #:26 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 1896 ThreadCreationTime : 16.04.2005 08:16:10 BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:27 [wcescomm.exe] FilePath : C:\Programme\Microsoft ActiveSync\ ProcessID : 1904 ThreadCreationTime : 16.04.2005 08:16:10 BasePriority : Normal FileVersion : 3.7.1.3244 ProductVersion : 3.7.3244 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : Connection Manager InternalName : wcescomm LegalCopyright : Copyright © 1995-2003 Microsoft Corp. Alle Rechte vorbehalten. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. OriginalFilename : WCESCOMM.EXE #:28 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 1916 ThreadCreationTime : 16.04.2005 08:16:10 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:29 [pid.exe] FilePath : C:\PROGRA~1\COOLSPOT\PERSON~1\ ProcessID : 1928 ThreadCreationTime : 16.04.2005 08:16:10 BasePriority : Normal FileVersion : 1.3.2.93 ProductVersion : 1.1 ProductName : Personal ID CompanyName : Coolspot AG InternalName : PersonalID LegalCopyright : © 2003 Coolspot AG OriginalFilename : PID.EXE Comments : Powered by Oleg Chensky #:30 [mfindexer.exe] FilePath : C:\Corel\Graphics8\Programs\ ProcessID : 132 ThreadCreationTime : 16.04.2005 08:16:11 BasePriority : Normal FileVersion : 8.369 ProductVersion : 8.369 ProductName : CorelDRAW (TM) CompanyName : Corel Corporation FileDescription : Utility which indexes Corel Media Folders InternalName : Corel Media Indexer LegalCopyright : Copyright © 1988-1998 Corel Corporation. LegalTrademarks : CorelDRAW (TM) OriginalFilename : MFIndexer.exe #:31 [dslmon.exe] FilePath : C:\Programme\SAGEM\SAGEM F@st840\ ProcessID : 148 ThreadCreationTime : 16.04.2005 08:16:11 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DSLMON Application FileDescription : ADIMON MFC Application InternalName : DSLMON LegalCopyright : Copyright (C) 2000 OriginalFilename : ADIMON.EXE #:32 [hpobrt07.exe] FilePath : C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\ ProcessID : 140 ThreadCreationTime : 16.04.2005 08:16:11 BasePriority : Normal FileVersion : 2.00 ProductVersion : A.14.03.05 ProductName : hp psc 700 series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOBRT07 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2000 OriginalFilename : HPOBRT07.EXE Comments : HP OfficeJet PSC 7 Series COM Device Objects #:33 [easyshare.exe] FilePath : C:\Programme\KODAK\Kodak EasyShare software\bin\ ProcessID : 176 ThreadCreationTime : 16.04.2005 08:16:11 BasePriority : Normal FileVersion : 5, 0, 4, 128 ProductVersion : 4, 0, 2, 134 ProductName : Kodak EasyShare software CompanyName : Eastman Kodak Company FileDescription : Kodak EasyShare software InternalName : EasyShare LegalCopyright : Copyright © Eastman Kodak Company 2002 LegalTrademarks : EasyShare OriginalFilename : EasyShare.exe #:34 [kodak software updater.exe] FilePath : C:\Programme\KODAK\KODAK Software Updater\7288971\Program\ ProcessID : 184 ThreadCreationTime : 16.04.2005 08:16:12 BasePriority : Normal #:35 [wzqkpick.exe] FilePath : C:\Programme\WinZip\ ProcessID : 188 ThreadCreationTime : 16.04.2005 08:16:12 BasePriority : Normal FileVersion : 1.0 (32-bit) ProductVersion : 9.0 (6028g) ProductName : WinZip CompanyName : WinZip Computing, Inc. FileDescription : WinZip Executable InternalName : WZQKPICK.EXE LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc OriginalFilename : WZQKPICK.EXE Comments : StringFileInfo: German #:36 [hpoevm07.exe] FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\ ProcessID : 980 ThreadCreationTime : 16.04.2005 08:16:17 BasePriority : Normal FileVersion : 1.00 ProductVersion : A.14.03.05 ProductName : hp psc 700 series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM07 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2000 OriginalFilename : HPOEVM07.EXE Comments : HP OfficeJet COM Event Manager #:37 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2072 ThreadCreationTime : 16.04.2005 08:16:24 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:38 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2264 ThreadCreationTime : 16.04.2005 08:16:37 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:39 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2268 ThreadCreationTime : 16.04.2005 08:16:37 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:40 [hposts07.exe] FilePath : C:\Programme\Hewlett-Packard\AiO\Shared\bin\ ProcessID : 2352 ThreadCreationTime : 16.04.2005 08:16:47 BasePriority : Normal FileVersion : 1.00 ProductVersion : A.14.03.05 ProductName : hp psc 700 series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS07 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2000 OriginalFilename : HPOCPY07.EXE Comments : HP OfficeJet Status #:41 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2400 ThreadCreationTime : 16.04.2005 08:16:55 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:42 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 2492 ThreadCreationTime : 16.04.2005 08:16:57 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 0 10:31:00 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:14:00.593 Objects scanned:156560 Objects identified:0 Objects ignored:0 New critical objects:0 ----------------- Bericht vom Panda Scan : Incident Status Location Adware:Adware/SaveNow No disinfected Windows Registry Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\istactivex.??? Adware:Adware/PowerScan No disinfected Windows Registry Adware:Adware/SideSearch No disinfected C:\Programme\Lycos Adware:Adware/SideFind No disinfected Windows Registry Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ISTactivex.inf Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll [/b] Dieser Beitrag wurde am 16.04.2005 um 11:49 Uhr von Harald ehall editiert.
|
|
|
||
16.04.2005, 15:24
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@Harald ehall
•KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\Downloaded Program Files\istactivex.dll C:\WINDOWS\Downloaded Program Files\ISTactivex.inf C:\WINDOWS\system32\xmlparse.dll C:\WINDOWS\system32\xmltok.dll neustarten FxIstbar.exe--> scannen http://bilder.informationsarchiv.net/Nikitas_Tools/FxIstbar.exe C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temp\sahagent.exe<--loeschen C:\WINDOWS\Temp\ C:\Temp\ leere diese Ordner Onlinescanns (berichte) http://www.pcpitstop.com/freescan/ http://www.bitdefender.de/scan/licence.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.04.2005, 19:41
...neu hier
Themenstarter Beiträge: 7 |
#7
Hallo Sabina
erstmal vieln dank für die schnellen Antworten und deine Hilfe !! Diese zwei kann ich über die Killbox nicht finden •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\Downloaded Program Files\istactivex.dll C:\WINDOWS\Downloaded Program Files\ISTactivex.inf Sind die dann schon geloescht ? |
|
|
||
16.04.2005, 20:47
Ehrenmitglied
Beiträge: 29434 |
#8
scanne bitte noch mal mit panda (zur Ueberpruefung)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.04.2005, 21:35
...neu hier
Themenstarter Beiträge: 7 |
#9
Onlinescanns (berichte)
http://www.pcpitstop.com/freescan/ McAfee FreeScan detected NO viruses! With over 80,000 computer viruses identified and another 500 discovered each month, Why take chances? Get immediate virus protection with McAfee VirusScan Online. Buy Now! Learn More... |
|
|
||
16.04.2005, 21:46
Ehrenmitglied
Beiträge: 29434 |
#10
Harald ehall
•Onlinescann" eTrust Antivirus"(nur mit IE moeglich) http://www.my-etrust.com/products/pestscan/pestscan.cfm?WebRefferalAffiliate=pscanca%20 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.04.2005, 22:04
...neu hier
Themenstarter Beiträge: 7 |
#11
eTrust
Pest detecdet: 26 -- Kann aber nicht so gut englisch, was muß ich nach dem scannen bei eTrust machen ? ----------------- Zitat Sabina postete Incident Status Location Adware:Adware/SaveNow No disinfected Windows Registry Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\istactivex.??? Adware:Adware/SideSearch No disinfected C:\Programme\Lycos Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ISTactivex.inf Das komische ist das dieser Istactivex immer wieder auftaucht, aber in c: windows so oder mit der Kilbox nicht zu finden ist. Gibts da ne andere Lösung ? Dieser Beitrag wurde am 17.04.2005 um 01:05 Uhr von Harald ehall editiert.
|
|
|
||
17.04.2005, 22:43
Ehrenmitglied
Beiträge: 29434 |
#12
Hallo@Harald ehall
C:\WINDOWS\Downloaded Program Files\ einfach alles loeschen, was du findest und nicht zuordnen kannst (im abgesicherten Modus) ------------ kann man im etrust die verseuchten Dateien sehen und abkopieren? Oder wird nur angezeigt, dass es 26 verseuchte Dateien gibt? -------------- suche/loesche: # C:\Program Files\Save # rechts-->, doppelklick auf: SaveUninst.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.04.2005, 00:14
...neu hier
Themenstarter Beiträge: 7 |
#13
Zitat Sabina postete Also bei E-Trust wird angezeigt, kann man aber nicht kopieren. Morgen wenn ich Zeit habe nach der Arbeit tippe ich das mal ab |
|
|
||
Wie kriege ich den los ?
Achja, mein Logfile Aktuell:
Logfile of HijackThis v1.99.1
Scan saved at 10:57:36, on 15.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Programme\SAGEM\SAGEM F@st840\DSLMON.exe
C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Programme\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Coolspot\Dialer Control\dc.exe
C:\Programme\a2\a2guard.exe
C:\Programme\Avant Browser\avant.exe
C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dialer Control] C:\Programme\Coolspot\Dialer Control\dc.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Quicknote] C:\Programme\Quicknote\quicknote.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st840\DSLMON.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD9C3F0-CAB0-4D26-8FA7-8DBB38185A87}: NameServer = 62.27.27.62 62.27.53.66
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
Danke Gruß Harald