Home » Viren, Trojaner & Malware Forum » Trojaner TR/Dldr.WinSho.af.5 und TR/StartPa.Du.dll.1 » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Trojaner TR/Dldr.WinSho.af.5 und TR/StartPa.Du.dll.1

13.08.2005, 00:00

Danielo

...neu hier

Beiträge: 5

#1 Hallo leute ich bräuchte dringend hilfe bei folgendem problem:

mein antivirusprogramm (Antivir) hat bei mir die folgenden trojaner erkannt
:Trojaner TR/Dldr.WinSho.af.5 und TR/StartPa.Du.dll.1
ich hab schon probiert sie mit diesem programm zu löschen doch bei jedem systemstart werden genau die selben Trojaner wieder angezeigt.
ich kann sie also nicht löschen

bräuchte dringend tipps wie ich die von meinem system entfernen kann.

schonmal im voraus vielen dank für eure hilfe

Gruß Danielo

13.08.2005, 00:14

Sabina

Ehrenmitglied

Beiträge: 29434

#2 Hallo@Danielo

Willkommen an Bord

HijackThis
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
-->None of the above,
just start the program --> Save--> Savelog -->es öffnet sich der
Editor -->
oder:
Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der
Editor -->
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins
Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

14.08.2005, 17:31

Danielo

...neu hier

Themenstarter

Beiträge: 5

#3 Hier ist das log von hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:30:44, on 14.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programme\DT\T-Sinus 130data 11Mbps WLAN USB Adapter\monitordt.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/de/
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (file missing)
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\winkq.dll (file missing)
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\systn\systn.dll (file missing)
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\systn\mssearch.dll (file missing)
O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: T-Sinus 130data WLAN USB Monitor.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-113304196238} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-115661781405} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-116644157653} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-119094889291} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

14.08.2005, 20:59

Sabina

Ehrenmitglied

Beiträge: 29434

#4 Hallo@Danielo

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (file missing)
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\winkq.dll (file missing)
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\systn\systn.dll (file missing)
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\systn\mssearch.dll (file missing)
O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.new,Install

O16 - DPF: {11111111-1111-1111-1111-113304196238} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-115661781405} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-116644157653} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-119094889291} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe

PC neustarten

----------------------------------------------------------------------------------------------------------------------
•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\image.new
C:\Program Files\Submit\submithook.dll
C:\Program Files\Submit
C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll
C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\winkq.dll
C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq
C:\WINDOWS\systn\systn.dll
C:\WINDOWS\systn
C:\WINDOWS\systn\mssearch.dll
C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL

PC neustarten

deinstalliere:
MyWay\myBar
BearShare

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

Deaktivieren Wiederherstellung (dann aktiviere sie wieder)
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

scanne mit escan + poste alles--> wir loeschen dann manuell, was angezeigt wird

http://virus-protect.org/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit

18.08.2005, 17:11

Danielo

...neu hier

Themenstarter

Beiträge: 5

#5 Ich hab hier jetzt das ergebniss des escan gepostet wie du gesagt hast schaus dir an

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Fri Aug 19 20:15:59 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
2: Fri Aug 19 20:16:02 2005 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: No Action Taken.
3: Fri Aug 19 20:16:03 2005 => System found infected with istbar Spyware/Adware ({7b9a715e-9d87-4c21-bf9e-f914f2fa953f})! Action taken: No Action Taken.
4: Fri Aug 19 20:16:03 2005 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken.
5: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
6: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
7: Fri Aug 19 20:16:08 2005 => System found infected with MyWay Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
8: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\smdat32a.sys
9: Fri Aug 19 20:16:42 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
10: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
11: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP
12: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
13: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP
14: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
15: Fri Aug 19 20:16:55 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll
16: Fri Aug 19 20:16:55 2005 => System found infected with Cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken.
17: Fri Aug 19 20:17:11 2005 => Offending file found: C:\WINDOWS\iun6002.exe
18: Fri Aug 19 20:17:11 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
19: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
20: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
21: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
22: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
23: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
24: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
25: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
26: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
27: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
28: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
29: Fri Aug 19 20:17:18 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\setup_wm.exe
30: Fri Aug 19 20:17:18 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
31: Fri Aug 19 20:17:19 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\war3_install.exe
32: Fri Aug 19 20:17:19 2005 => System found infected with WhenU.SaveNow Spyware/Adware (war3_install.exe)! Action taken: No Action Taken.
33: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken.
34: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken.
35: Fri Aug 19 20:32:06 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
36: Fri Aug 19 21:05:11 2005 => File C:\WINDOWS\Downloaded Program Files\f22776.exe infected by "Trojan-Downloader.Win32.Small.dq" Virus! Action Taken: No Action Taken.
37: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken.
38: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Fri Aug 19 20:20:42 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
2: Fri Aug 19 20:20:43 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
3: Fri Aug 19 20:20:53 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
4: Fri Aug 19 20:22:02 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll.new tagged as "not-a-virus:AdWare.WinShow.a". Action Taken: No Action Taken.
5: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
6: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
7: Fri Aug 19 20:23:25 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
8: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWay.b". Action Taken: No Action Taken.
9: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.f". Action Taken: No Action Taken.
10: Fri Aug 19 20:56:00 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4\v2.0.4.cab tagged as "not-a-virus:AdWare.NavExcel". Action Taken: No Action Taken.
11: Fri Aug 19 21:01:13 2005 => File C:\System Volume Information\_restore{6AD531DD-137A-4500-913B-FEAADCF5BE2C}\RP2\A0000004.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.m". Action Taken: No Action Taken.
12: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
13: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
14: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
15: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
16: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
17: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
18: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
19: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWay.g". Action Taken: No Action Taken.
20: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
21: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
22: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken.
2: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken.
3: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll". Action Taken: No Action Taken.
4: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\Setup.dll". Action Taken: No Action Taken.
5: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll". Action Taken: No Action Taken.
6: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll". Action Taken: No Action Taken.
7: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll". Action Taken: No Action Taken.
8: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\IGDI.dll". Action Taken: No Action Taken.
9: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken.
10: Fri Aug 19 20:17:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
11: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
12: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
13: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
14: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
15: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
16: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
17: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
18: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
19: Fri Aug 19 20:17:45 2005 => Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken.
20: Fri Aug 19 20:17:46 2005 => Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken.
21: Fri Aug 19 20:17:48 2005 => Entry "HKCR\CLSID\{54B52E52-8000-4413-BD67-FC7FE24B59F2}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken.
22: Fri Aug 19 20:17:52 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
23: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
24: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken.
25: Fri Aug 19 20:17:55 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
26: Fri Aug 19 20:17:56 2005 => Entry "HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}" refers to invalid object "C:\Programme\Kazaa\Topsearch.dll". Action Taken: No Action Taken.
27: Fri Aug 19 20:17:57 2005 => Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken.
28: Fri Aug 19 20:17:58 2005 => Entry "HKCR\CLSID\{D037F883-92C3-4F89-A302-C01127CF3C72}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken.
29: Fri Aug 19 20:17:59 2005 => Entry "HKCR\CLSID\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken.
30: Fri Aug 19 20:18:00 2005 => Entry "HKCR\CLSID\{E855A2D4-987E-4F3B-A51C-64D10A7E2479}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken.
31: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM25.ADM25.1" refers to invalid object "{1D3BCE37-7834-4579-8169-E67681420A98}". Action Taken: No Action Taken.
32: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM4.ADM4.1" refers to invalid object "{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}". Action Taken: No Action Taken.
33: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken.
34: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj.1" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken.
35: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
36: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
37: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
38: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
39: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
40: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken.
41: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO.1" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken.
42: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
43: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
44: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken.
45: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource.1" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken.
46: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
47: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
48: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
49: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
50: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken.
51: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject.1" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken.
52: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken.
53: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource.1" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken.
54: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
55: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\image.new => Trojan-Downloader.Win32.WinShow.ai
2: C:\WINDOWS\image.new.new => Trojan-Downloader.Win32.WinShow.ag
3: C:\WINDOWS\Downloaded Program Files\f22776.exe => Trojan-Downloader.Win32.Small.dq

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Fri Aug 19 21:19:43 2005 => Total Objects Scanned: 193635
Fri Aug 19 21:19:43 2005 => Total Virus(es) Found: 62
Fri Aug 19 21:19:43 2005 => Total Errors: 55
Fri Aug 19 21:19:43 2005 => Virus Database Date: 2005/08/19
Fri Aug 19 21:19:43 2005 => Virus Database Count: 144510

Dieser Beitrag wurde am 19.08.2005 um 21:33 Uhr von Danielo editiert.

18.08.2005, 17:31

Sabina

Ehrenmitglied

Beiträge: 29434

#6 Hallo@Danielo

nach dem Fixen mit dem HijackTHis, sollst du die Dateien, die ich angegeben habe in die killbox kopieren( laut Erklaerung auf meiner seite von killbox)
, dann neustarten
(denn das Fixen mit dem HijackTHis loescht nicht die Malware...)
Du kannst auch alles manuell loeschen, wenn du mit der KIllbox nicht zurechtkommst)

und dann alles andere abarbeiten
__________
MfG Sabina

rund um die PC-Sicherheit

19.08.2005, 21:45

Danielo

...neu hier

Themenstarter

Beiträge: 5

#7 Halllo sabina Ich konnte im normalen thema irgendwie nicht mehr posten also hab ich ein neues eröffnet
ich hab erst darüber nachgedacht einfach meine festplatte zu formatieren hab mich aber umentschieden hab das ergebniss von escan schaus dir an und antworte unter meinem thema
http://board.protecus.de/t18826.htm

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Fri Aug 19 20:15:59 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
2: Fri Aug 19 20:16:02 2005 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: No Action Taken.
3: Fri Aug 19 20:16:03 2005 => System found infected with istbar Spyware/Adware ({7b9a715e-9d87-4c21-bf9e-f914f2fa953f})! Action taken: No Action Taken.
4: Fri Aug 19 20:16:03 2005 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken.
5: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
6: Fri Aug 19 20:16:03 2005 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
7: Fri Aug 19 20:16:08 2005 => System found infected with MyWay Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
8: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\smdat32a.sys
9: Fri Aug 19 20:16:42 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
10: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
11: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP
12: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
13: Fri Aug 19 20:16:42 2005 => Offending file found: C:\WINDOWS\TEMP
14: Fri Aug 19 20:16:42 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
15: Fri Aug 19 20:16:55 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll
16: Fri Aug 19 20:16:55 2005 => System found infected with Cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken.
17: Fri Aug 19 20:17:11 2005 => Offending file found: C:\WINDOWS\iun6002.exe
18: Fri Aug 19 20:17:11 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
19: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
20: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
21: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
22: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
23: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
24: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
25: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
26: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
27: Fri Aug 19 20:17:15 2005 => Offending file found: C:\WINDOWS\TEMP
28: Fri Aug 19 20:17:15 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
29: Fri Aug 19 20:17:18 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\setup_wm.exe
30: Fri Aug 19 20:17:18 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
31: Fri Aug 19 20:17:19 2005 => Offending file found: C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\war3_install.exe
32: Fri Aug 19 20:17:19 2005 => System found infected with WhenU.SaveNow Spyware/Adware (war3_install.exe)! Action taken: No Action Taken.
33: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken.
34: Fri Aug 19 20:18:43 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken.
35: Fri Aug 19 20:32:06 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
36: Fri Aug 19 21:05:11 2005 => File C:\WINDOWS\Downloaded Program Files\f22776.exe infected by "Trojan-Downloader.Win32.Small.dq" Virus! Action Taken: No Action Taken.
37: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new infected by "Trojan-Downloader.Win32.WinShow.ai" Virus! Action Taken: No Action Taken.
38: Fri Aug 19 21:07:38 2005 => File C:\WINDOWS\image.new.new infected by "Trojan-Downloader.Win32.WinShow.ag" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Fri Aug 19 20:20:42 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
2: Fri Aug 19 20:20:43 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
3: Fri Aug 19 20:20:53 2005 => File C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
4: Fri Aug 19 20:22:02 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll.new tagged as "not-a-virus:AdWare.WinShow.a". Action Taken: No Action Taken.
5: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
6: Fri Aug 19 20:23:17 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\cd_clint.dll tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
7: Fri Aug 19 20:23:25 2005 => File C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
8: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWay.b". Action Taken: No Action Taken.
9: Fri Aug 19 20:55:59 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.f". Action Taken: No Action Taken.
10: Fri Aug 19 20:56:00 2005 => File C:\Programme\NavExcel\NavHelper\v2.0.4\v2.0.4.cab tagged as "not-a-virus:AdWare.NavExcel". Action Taken: No Action Taken.
11: Fri Aug 19 21:01:13 2005 => File C:\System Volume Information\_restore{6AD531DD-137A-4500-913B-FEAADCF5BE2C}\RP2\A0000004.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.m". Action Taken: No Action Taken.
12: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
13: Fri Aug 19 21:17:18 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
14: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
15: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
16: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
17: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
18: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
19: Fri Aug 19 21:17:19 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWay.g". Action Taken: No Action Taken.
20: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
21: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
22: Fri Aug 19 21:17:20 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken.
2: Fri Aug 19 20:17:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken.
3: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll". Action Taken: No Action Taken.
4: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\Setup.dll". Action Taken: No Action Taken.
5: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll". Action Taken: No Action Taken.
6: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll". Action Taken: No Action Taken.
7: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll". Action Taken: No Action Taken.
8: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\09\01\Intel32\IGDI.dll". Action Taken: No Action Taken.
9: Fri Aug 19 20:17:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken.
10: Fri Aug 19 20:17:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
11: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
12: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
13: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
14: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
15: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
16: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
17: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
18: Fri Aug 19 20:17:43 2005 => Entry "HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
19: Fri Aug 19 20:17:45 2005 => Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken.
20: Fri Aug 19 20:17:46 2005 => Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken.
21: Fri Aug 19 20:17:48 2005 => Entry "HKCR\CLSID\{54B52E52-8000-4413-BD67-FC7FE24B59F2}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EARTPX.dll". Action Taken: No Action Taken.
22: Fri Aug 19 20:17:52 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
23: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
24: Fri Aug 19 20:17:53 2005 => Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken.
25: Fri Aug 19 20:17:55 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
26: Fri Aug 19 20:17:56 2005 => Entry "HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}" refers to invalid object "C:\Programme\Kazaa\Topsearch.dll". Action Taken: No Action Taken.
27: Fri Aug 19 20:17:57 2005 => Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "C:\Programme\Empire Interactive\Mashed Demo\MCI32.OCX". Action Taken: No Action Taken.
28: Fri Aug 19 20:17:58 2005 => Entry "HKCR\CLSID\{D037F883-92C3-4F89-A302-C01127CF3C72}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken.
29: Fri Aug 19 20:17:59 2005 => Entry "HKCR\CLSID\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}" refers to invalid object "C:\WINDOWS\DOWNLO~1\STARIN~1.OCX". Action Taken: No Action Taken.
30: Fri Aug 19 20:18:00 2005 => Entry "HKCR\CLSID\{E855A2D4-987E-4F3B-A51C-64D10A7E2479}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\EPScontrol.dll". Action Taken: No Action Taken.
31: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM25.ADM25.1" refers to invalid object "{1D3BCE37-7834-4579-8169-E67681420A98}". Action Taken: No Action Taken.
32: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ADM4.ADM4.1" refers to invalid object "{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}". Action Taken: No Action Taken.
33: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken.
34: Fri Aug 19 20:18:05 2005 => Entry "HKCR\ae23.ae23Obj.1" refers to invalid object "{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}". Action Taken: No Action Taken.
35: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
36: Fri Aug 19 20:18:05 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
37: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
38: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
39: Fri Aug 19 20:18:06 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
40: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken.
41: Fri Aug 19 20:18:06 2005 => Entry "HKCR\BHO.PerfectNavBHO.1" refers to invalid object "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}". Action Taken: No Action Taken.
42: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
43: Fri Aug 19 20:18:09 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
44: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken.
45: Fri Aug 19 20:18:14 2005 => Entry "HKCR\iefeatsl.ViewSource.1" refers to invalid object "{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}". Action Taken: No Action Taken.
46: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
47: Fri Aug 19 20:18:21 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
48: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
49: Fri Aug 19 20:18:22 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
50: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken.
51: Fri Aug 19 20:18:23 2005 => Entry "HKCR\SearchHook.SearchHookObject.1" refers to invalid object "{FD9BC004-8331-4457-B830-4759FF704C22}". Action Taken: No Action Taken.
52: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken.
53: Fri Aug 19 20:18:23 2005 => Entry "HKCR\ShowSearch.ViewSource.1" refers to invalid object "{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}". Action Taken: No Action Taken.
54: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
55: Fri Aug 19 20:18:26 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\image.new => Trojan-Downloader.Win32.WinShow.ai
2: C:\WINDOWS\image.new.new => Trojan-Downloader.Win32.WinShow.ag
3: C:\WINDOWS\Downloaded Program Files\f22776.exe => Trojan-Downloader.Win32.Small.dq

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Fri Aug 19 21:19:43 2005 => Total Objects Scanned: 193635
Fri Aug 19 21:19:43 2005 => Total Virus(es) Found: 62
Fri Aug 19 21:19:43 2005 => Total Errors: 55
Fri Aug 19 21:19:43 2005 => Virus Database Date: 2005/08/19
Fri Aug 19 21:19:43 2005 => Virus Database Count: 144510

19.08.2005, 22:47

Sabina

Ehrenmitglied

Beiträge: 29434

#8 Hallo@Danielo

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq\msiesh.dll.new
C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq
C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\asmfiles.cab
C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\cd_clint.dll
C:\Dokumente und Einstellungen\Daniel Preuss\Lokale Einstellungen\Temp\__unin__.exe

C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE
C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL
C:\Programme\NavExcel\NavHelper\v2.0.4\v2.0.4.cab

C:\System Volume Information\_restore{6AD531DD-137A-4500-913B-FEAADCF5BE2C}\RP2\A0000004.DLL

C:\WINDOWS\image.new.new
C:\WINDOWS\image.new
C:\WINDOWS\Downloaded Program Files\f22776.exe

C:\WINDOWS\Temp\Altnet\adm.exe
C:\WINDOWS\Temp\Altnet\adm25.dll
C:\WINDOWS\Temp\Altnet\adm4.dll
C:\WINDOWS\Temp\Altnet\admdloader.dll
C:\WINDOWS\Temp\Altnet\admfdi.dll
C:\WINDOWS\Temp\Altnet\admprog.dll
C:\WINDOWS\Temp\Altnet\dmfiles.cab
C:\WINDOWS\Temp\Altnet\mysearch.cab
C:\WINDOWS\Temp\Altnet\pmexe.cab
C:\WINDOWS\Temp\Altnet\pmfiles.cab
C:\WINDOWS\Temp\Altnet\Setup.exe

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

PC neustarten

loesche:
C:\WINDOWS\Temp\Altnet
C:\Dokumente und Einstellungen\Daniel Preuss\Anwendungsdaten\winkq

•Ad-aware SE Personal
http://virus-protect.org/antispywaretools.html
Laden--> Updaten-->Konfigurieren
http://virus-protect.org/adaware.html
#VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!
scannen-->PC neustarten--> noch mal scannen
__________
MfG Sabina

rund um die PC-Sicherheit

20.08.2005, 18:46

Danielo

...neu hier

Themenstarter

Beiträge: 5

#9 Hallo Sabina

Vielen Dank für deine Hilfe,nach dem scan mit Ad-aware SE Personal hat sich mein trojaner Problem erledigt.Bin sie jetzt endlich los.
Ist echt ein super forum hier hat mir sehr geholfen und ich werde es aufjedenfall weiterempfehlen.

Nochmals danke für deine Hilfe

Gruß Danielo

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1