Trojaner TR/Dldr.WinSho.af.5 und TR/StartPa.Du.dll.1 |
||
---|---|---|
#0
| ||
13.08.2005, 00:00
...neu hier
Beiträge: 5 |
||
|
||
13.08.2005, 00:14
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@Danielo
Willkommen an Bord HijackThis http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner -->None of the above, just start the program --> Save--> Savelog -->es öffnet sich der Editor --> oder: Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.08.2005, 17:31
...neu hier
Themenstarter Beiträge: 5 |
#3
Hier ist das log von hijackthis:
Logfile of HijackThis v1.99.1 Scan saved at 17:30:44, on 14.08.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\ATI-CPanel\atiptaxx.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Programme\DT\T-Sinus 130data 11Mbps WLAN USB Adapter\monitordt.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/de/ O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (file missing) O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\winkq.dll (file missing) O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\systn\systn.dll (file missing) O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\systn\mssearch.dll (file missing) O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll (file missing) O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.new,Install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.new,Install O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: T-Sinus 130data WLAN USB Monitor.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {11111111-1111-1111-1111-113304196238} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe O16 - DPF: {11111111-1111-1111-1111-115661781405} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe O16 - DPF: {11111111-1111-1111-1111-116644157653} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe O16 - DPF: {11111111-1111-1111-1111-119094889291} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe |
|
|
||
14.08.2005, 20:59
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@Danielo
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (file missing) O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\winkq.dll (file missing) O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\systn\systn.dll (file missing) O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\systn\mssearch.dll (file missing) O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll (file missing) O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.new,Install O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.new,Install O16 - DPF: {11111111-1111-1111-1111-113304196238} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe O16 - DPF: {11111111-1111-1111-1111-115661781405} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe O16 - DPF: {11111111-1111-1111-1111-116644157653} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe O16 - DPF: {11111111-1111-1111-1111-119094889291} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe PC neustarten ---------------------------------------------------------------------------------------------------------------------- •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\image.new C:\Program Files\Submit\submithook.dll C:\Program Files\Submit C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\winkq.dll C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq C:\WINDOWS\systn\systn.dll C:\WINDOWS\systn C:\WINDOWS\systn\mssearch.dll C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL PC neustarten deinstalliere: MyWay\myBar BearShare CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html Deaktivieren Wiederherstellung (dann aktiviere sie wieder) «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. scanne mit escan + poste alles--> wir loeschen dann manuell, was angezeigt wird http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.08.2005, 17:11
...neu hier
Themenstarter Beiträge: 5 |
#5
Ich hab hier jetzt das ergebniss des escan gepostet wie du gesagt hast schaus dir an
-------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Fri Aug 19 20:15:59 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken. 2: Fri Aug 19 20:16:02 2005 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: No Action Taken. 3: Fri Aug 19 20:16:03 2005 => System found infected with istbar Spyware/Adware ({7b9a715e-9d87-4c21-bf9e-f914f2fa953f})! Action taken: No Action Taken. 4: Fri Aug 19 20:16:03 2005 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. 5: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken. 6: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken. 7: Fri Aug 19 20:16:08 2005 => System found infected with MyWay Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken. 8: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\smdat32a.sys 9: Fri Aug 19 20:16:42 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken. 10: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken. 11: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP 12: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken. 13: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP 14: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken. 15: Fri Aug 19 20:16:55 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll 16: Fri Aug 19 20:16:55 2005 => System found infected with Cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken. 17: Fri Aug 19 20:17:11 2005 => Offending file found: C:\WINDOWS\iun6002.exe 18: Fri Aug 19 20:17:11 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken. 19: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 20: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken. 21: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 22: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken. 23: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 24: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken. 25: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 26: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken. 27: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 28: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken. 29: Fri Aug 19 20:17:18 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\setup_wm.exe 30: Fri Aug 19 20:17:18 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken. 31: Fri Aug 19 20:17:19 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\war3_install.exe 32: Fri Aug 19 20:17:19 2005 => System found infected with WhenU.SaveNow Spyware/Adware (war3_install.exe)! Action taken: No Action Taken. 33: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken. 34: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken. 35: Fri Aug 19 20:32:06 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 36: Fri Aug 19 21:05:11 2005 => File C:\WINDOWS\Downloaded Program Files\f22776.exe infected by "Trojan-Downloader.Win32.Small.dq" Virus! Action Taken: No Action Taken. 37: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken. 38: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Fri Aug 19 20:20:42 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken. 2: Fri Aug 19 20:20:43 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. 3: Fri Aug 19 20:20:53 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken. 4: Fri Aug 19 20:22:02 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll.new tagged as "not-a-virus:AdWare.WinShow.a". Action Taken: No Action Taken. 5: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken. 6: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. 7: Fri Aug 19 20:23:25 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken. 8: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWay.b". Action Taken: No Action Taken. 9: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.f". Action Taken: No Action Taken. 10: Fri Aug 19 20:56:00 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4\v2.0.4.cab tagged as "not-a-virus:AdWare.NavExcel". Action Taken: No Action Taken. 11: Fri Aug 19 21:01:13 2005 => File C:\System Volume Information\_restore{6AD531DD-137A-4500-913B-FEAADCF5BE2C}\RP2\A0000004.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.m". Action Taken: No Action Taken. 12: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 13: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 14: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 15: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken. 16: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken. 17: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 18: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken. 19: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWay.g". Action Taken: No Action Taken. 20: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken. 21: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken. 22: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken. 2: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken. 3: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll". Action Taken: No Action Taken. 4: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\Setup.dll". Action Taken: No Action Taken. 5: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll". Action Taken: No Action Taken. 6: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll". Action Taken: No Action Taken. 7: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll". Action Taken: No Action Taken. 8: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\IGDI.dll". Action Taken: No Action Taken. 9: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken. 10: Fri Aug 19 20:17:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken. 11: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 12: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 13: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 14: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 15: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 16: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 17: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 18: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 19: Fri Aug 19 20:17:45 2005 => Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken. 20: Fri Aug 19 20:17:46 2005 => Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken. 21: Fri Aug 19 20:17:48 2005 => Entry "HKCR\CLSID\{54B52E52-8000-4413-BD67-FC7FE24B59F2}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken. 22: Fri Aug 19 20:17:52 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. 23: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 24: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken. 25: Fri Aug 19 20:17:55 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. 26: Fri Aug 19 20:17:56 2005 => Entry "HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}" refers to invalid object "C:\Programme\Kazaa\Topsearch.dll". Action Taken: No Action Taken. 27: Fri Aug 19 20:17:57 2005 => Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken. 28: Fri Aug 19 20:17:58 2005 => Entry "HKCR\CLSID\{D037F883-92C3-4F89-A302-C01127CF3C72}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken. 29: Fri Aug 19 20:17:59 2005 => Entry "HKCR\CLSID\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken. 30: Fri Aug 19 20:18:00 2005 => Entry "HKCR\CLSID\{E855A2D4-987E-4F3B-A51C-64D10A7E2479}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken. 31: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM25.ADM25.1" refers to invalid object "{1D3BCE37-7834-4579-8169-E67681420A98}". Action Taken: No Action Taken. 32: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM4.ADM4.1" refers to invalid object "{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}". Action Taken: No Action Taken. 33: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken. 34: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj.1" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken. 35: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 36: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 37: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. 38: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. 39: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. 40: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken. 41: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO.1" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken. 42: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. 43: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. 44: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken. 45: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource.1" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken. 46: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 47: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 48: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 49: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 50: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken. 51: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject.1" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken. 52: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken. 53: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource.1" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken. 54: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 55: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\image.new => Trojan-Downloader.Win32.WinShow.ai 2: C:\WINDOWS\image.new.new => Trojan-Downloader.Win32.WinShow.ag 3: C:\WINDOWS\Downloaded Program Files\f22776.exe => Trojan-Downloader.Win32.Small.dq -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Fri Aug 19 21:19:43 2005 => Total Objects Scanned: 193635 Fri Aug 19 21:19:43 2005 => Total Virus(es) Found: 62 Fri Aug 19 21:19:43 2005 => Total Errors: 55 Fri Aug 19 21:19:43 2005 => Virus Database Date: 2005/08/19 Fri Aug 19 21:19:43 2005 => Virus Database Count: 144510 Dieser Beitrag wurde am 19.08.2005 um 21:33 Uhr von Danielo editiert.
|
|
|
||
18.08.2005, 17:31
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@Danielo
nach dem Fixen mit dem HijackTHis, sollst du die Dateien, die ich angegeben habe in die killbox kopieren( laut Erklaerung auf meiner seite von killbox) , dann neustarten (denn das Fixen mit dem HijackTHis loescht nicht die Malware...) Du kannst auch alles manuell loeschen, wenn du mit der KIllbox nicht zurechtkommst) und dann alles andere abarbeiten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.08.2005, 21:45
...neu hier
Themenstarter Beiträge: 5 |
#7
Halllo sabina Ich konnte im normalen thema irgendwie nicht mehr posten also hab ich ein neues eröffnet
ich hab erst darüber nachgedacht einfach meine festplatte zu formatieren hab mich aber umentschieden hab das ergebniss von escan schaus dir an und antworte unter meinem thema http://board.protecus.de/t18826.htm -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Fri Aug 19 20:15:59 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken. 2: Fri Aug 19 20:16:02 2005 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: No Action Taken. 3: Fri Aug 19 20:16:03 2005 => System found infected with istbar Spyware/Adware ({7b9a715e-9d87-4c21-bf9e-f914f2fa953f})! Action taken: No Action Taken. 4: Fri Aug 19 20:16:03 2005 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken. 5: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken. 6: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken. 7: Fri Aug 19 20:16:08 2005 => System found infected with MyWay Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken. 8: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\smdat32a.sys 9: Fri Aug 19 20:16:42 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken. 10: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken. 11: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP 12: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken. 13: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP 14: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken. 15: Fri Aug 19 20:16:55 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll 16: Fri Aug 19 20:16:55 2005 => System found infected with Cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken. 17: Fri Aug 19 20:17:11 2005 => Offending file found: C:\WINDOWS\iun6002.exe 18: Fri Aug 19 20:17:11 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken. 19: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 20: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken. 21: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 22: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken. 23: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 24: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken. 25: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 26: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken. 27: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP 28: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken. 29: Fri Aug 19 20:17:18 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\setup_wm.exe 30: Fri Aug 19 20:17:18 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken. 31: Fri Aug 19 20:17:19 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\war3_install.exe 32: Fri Aug 19 20:17:19 2005 => System found infected with WhenU.SaveNow Spyware/Adware (war3_install.exe)! Action taken: No Action Taken. 33: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken. 34: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken. 35: Fri Aug 19 20:32:06 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 36: Fri Aug 19 21:05:11 2005 => File C:\WINDOWS\Downloaded Program Files\f22776.exe infected by "Trojan-Downloader.Win32.Small.dq" Virus! Action Taken: No Action Taken. 37: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken. 38: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Fri Aug 19 20:20:42 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken. 2: Fri Aug 19 20:20:43 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. 3: Fri Aug 19 20:20:53 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken. 4: Fri Aug 19 20:22:02 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll.new tagged as "not-a-virus:AdWare.WinShow.a". Action Taken: No Action Taken. 5: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken. 6: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. 7: Fri Aug 19 20:23:25 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken. 8: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWay.b". Action Taken: No Action Taken. 9: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.f". Action Taken: No Action Taken. 10: Fri Aug 19 20:56:00 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4\v2.0.4.cab tagged as "not-a-virus:AdWare.NavExcel". Action Taken: No Action Taken. 11: Fri Aug 19 21:01:13 2005 => File C:\System Volume Information\_restore{6AD531DD-137A-4500-913B-FEAADCF5BE2C}\RP2\A0000004.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.m". Action Taken: No Action Taken. 12: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 13: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 14: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 15: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken. 16: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken. 17: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken. 18: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken. 19: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWay.g". Action Taken: No Action Taken. 20: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken. 21: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken. 22: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken. 2: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken. 3: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll". Action Taken: No Action Taken. 4: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\Setup.dll". Action Taken: No Action Taken. 5: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll". Action Taken: No Action Taken. 6: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll". Action Taken: No Action Taken. 7: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll". Action Taken: No Action Taken. 8: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\IGDI.dll". Action Taken: No Action Taken. 9: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken. 10: Fri Aug 19 20:17:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken. 11: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 12: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 13: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 14: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 15: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 16: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 17: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 18: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken. 19: Fri Aug 19 20:17:45 2005 => Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken. 20: Fri Aug 19 20:17:46 2005 => Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken. 21: Fri Aug 19 20:17:48 2005 => Entry "HKCR\CLSID\{54B52E52-8000-4413-BD67-FC7FE24B59F2}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken. 22: Fri Aug 19 20:17:52 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. 23: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 24: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken. 25: Fri Aug 19 20:17:55 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. 26: Fri Aug 19 20:17:56 2005 => Entry "HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}" refers to invalid object "C:\Programme\Kazaa\Topsearch.dll". Action Taken: No Action Taken. 27: Fri Aug 19 20:17:57 2005 => Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken. 28: Fri Aug 19 20:17:58 2005 => Entry "HKCR\CLSID\{D037F883-92C3-4F89-A302-C01127CF3C72}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken. 29: Fri Aug 19 20:17:59 2005 => Entry "HKCR\CLSID\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken. 30: Fri Aug 19 20:18:00 2005 => Entry "HKCR\CLSID\{E855A2D4-987E-4F3B-A51C-64D10A7E2479}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken. 31: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM25.ADM25.1" refers to invalid object "{1D3BCE37-7834-4579-8169-E67681420A98}". Action Taken: No Action Taken. 32: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM4.ADM4.1" refers to invalid object "{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}". Action Taken: No Action Taken. 33: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken. 34: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj.1" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken. 35: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 36: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. 37: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. 38: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. 39: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken. 40: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken. 41: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO.1" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken. 42: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. 43: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. 44: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken. 45: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource.1" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken. 46: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 47: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 48: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 49: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. 50: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken. 51: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject.1" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken. 52: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken. 53: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource.1" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken. 54: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 55: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\image.new => Trojan-Downloader.Win32.WinShow.ai 2: C:\WINDOWS\image.new.new => Trojan-Downloader.Win32.WinShow.ag 3: C:\WINDOWS\Downloaded Program Files\f22776.exe => Trojan-Downloader.Win32.Small.dq -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Fri Aug 19 21:19:43 2005 => Total Objects Scanned: 193635 Fri Aug 19 21:19:43 2005 => Total Virus(es) Found: 62 Fri Aug 19 21:19:43 2005 => Total Errors: 55 Fri Aug 19 21:19:43 2005 => Virus Database Date: 2005/08/19 Fri Aug 19 21:19:43 2005 => Virus Database Count: 144510 |
|
|
||
19.08.2005, 22:47
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo@Danielo
•KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll.new C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\asmfiles.cab C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\cd_clint.dll C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\__unin__.exe C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL C:\Programme\NavExcel\NavHelper\v2.0.4\v2.0.4.cab C:\System Volume Information\_restore{6AD531DD-137A-4500-913B-FEAADCF5BE2C}\RP2\A0000004.DLL C:\WINDOWS\image.new.new C:\WINDOWS\image.new C:\WINDOWS\Downloaded Program Files\f22776.exe C:\WINDOWS\Temp\Altnet\adm.exe C:\WINDOWS\Temp\Altnet\adm25.dll C:\WINDOWS\Temp\Altnet\adm4.dll C:\WINDOWS\Temp\Altnet\admdloader.dll C:\WINDOWS\Temp\Altnet\admfdi.dll C:\WINDOWS\Temp\Altnet\admprog.dll C:\WINDOWS\Temp\Altnet\dmfiles.cab C:\WINDOWS\Temp\Altnet\mysearch.cab C:\WINDOWS\Temp\Altnet\pmexe.cab C:\WINDOWS\Temp\Altnet\pmfiles.cab C:\WINDOWS\Temp\Altnet\Setup.exe ------------------------------------------------------------------------------------------------------------------------------------------------------------------- PC neustarten loesche: C:\WINDOWS\Temp\Altnet C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq •Ad-aware SE Personal http://virus-protect.org/antispywaretools.html Laden--> Updaten-->Konfigurieren http://virus-protect.org/adaware.html #VOR jedem Scanvorgang das Programm Updaten! waehrend des Scanvorganges müssen ALLE sonstige Anwendungen beendet werden und alle Browserfenster müssen geschlossen sein! scannen-->PC neustarten--> noch mal scannen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.08.2005, 18:46
...neu hier
Themenstarter Beiträge: 5 |
#9
Hallo Sabina
Vielen Dank für deine Hilfe,nach dem scan mit Ad-aware SE Personal hat sich mein trojaner Problem erledigt.Bin sie jetzt endlich los. Ist echt ein super forum hier hat mir sehr geholfen und ich werde es aufjedenfall weiterempfehlen. Nochmals danke für deine Hilfe Gruß Danielo |
|
|
||
mein antivirusprogramm (Antivir) hat bei mir die folgenden trojaner erkannt
:Trojaner TR/Dldr.WinSho.af.5 und TR/StartPa.Du.dll.1
ich hab schon probiert sie mit diesem programm zu löschen doch bei jedem systemstart werden genau die selben Trojaner wieder angezeigt.
ich kann sie also nicht löschen
bräuchte dringend tipps wie ich die von meinem system entfernen kann.
schonmal im voraus vielen dank für eure hilfe
Gruß Danielo