Brauche dringen Unterstüzung! Spyware verdacht!

#0
12.11.2005, 18:13
...neu hier

Beiträge: 8
#1 Ich beschreibe mal mein Problem!
Ich hatte schon einmal einen Spyware befall. Und derartige Dinge, wie, das sich der Explorer öffnet, sind auhc nicht mehr passiert, allerdings. Meine Internetverbindung ist sowas von langsam geworden. Ich komme mir vor, als hätte ich ein Modem. (Hab DSL)...versteht ihr`? Hilft da die HiJackthis Log überhaupt?
Hier ist sie einfach mal!

Logfile of HijackThis v1.99.1
Scan saved at 17:21:53, on 12.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
E:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
E:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
E:\Programme\Java\jre1.5.0_02\bin\jusched.exe
E:\Programme\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\Norton AntiVirus\navapsvc.exe
E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\UAService7.exe
E:\PROGRA~1\NORTON~1\navw32.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Programme\Winamp\Winamp.exe
E:\Dokumente und Einstellungen\Kili\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.edonkey2000.com/register.html
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] E:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ccApp] "E:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [NBJ] "E:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\S2lsaQAA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - E:\WINDOWS\system32\UAService7.exe

MFG Chuckwallas
Dieser Beitrag wurde am 12.11.2005 um 18:23 Uhr von Chuckwallas editiert.
Seitenanfang Seitenende
12.11.2005, 19:22
Moderator

Beiträge: 7805
#2 Ein Kontrollscan mit Esan wuerde helfen:
http://cidres-security.de/escan.html

oder ein Onlinescan mit Kaspersky:
http://www.kaspersky.com/virusscanner
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
12.11.2005, 20:24
...neu hier

Themenstarter

Beiträge: 8
#3 Hier is mal die Log, die bei dem Esca Find.bat dings rauskam!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Nov 12 19:44:16 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken.
Sat Nov 12 19:44:16 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Sat Nov 12 19:44:16 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
Sat Nov 12 19:44:16 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Sat Nov 12 19:44:55 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Sat Nov 12 19:44:55 2005 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Sat Nov 12 19:44:56 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Sat Nov 12 19:44:57 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Sat Nov 12 19:44:58 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Sat Nov 12 19:44:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:58 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:58 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:59 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:59 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:59 2005 => System found infected with whenu.savenow Spyware/Adware (adspopup2[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:59 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:44:59 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:45:00 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Nov 12 19:45:00 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Sat Nov 12 19:45:00 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Sat Nov 12 19:45:00 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Nov 12 19:44:55 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKCU\appevents\eventlabels\bearsharechatnotifymsg !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKCU\appevents\schemes\apps\bearshare !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKLM\Software\bearshare !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKCU\Software\maxthon !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\powerstrip !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\whenu !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\powerstrip !!!
Sat Nov 12 19:44:56 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\whenu !!!
Sat Nov 12 19:44:56 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!!
Sat Nov 12 19:44:56 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!!
Sat Nov 12 19:44:56 2005 => Offending Folder found: E:\Programme\bearshare
Sat Nov 12 19:44:56 2005 => Offending file found: E:\DOKUME~1\Kili\LOKALE~1\Temp\insthelp.dll
Sat Nov 12 19:44:57 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Desktop\bearshare.lnk
Sat Nov 12 19:44:58 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temp\insthelp.dll
Sat Nov 12 19:44:58 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temp\temporary internet files\content.ie5\f5bje4gv\common[1].js
Sat Nov 12 19:44:58 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temp\temporary internet files\content.ie5\m3oen93k\common[1].js
Sat Nov 12 19:44:58 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temp\temporary internet files\content.ie5\xdcczg54\common[1].js
Sat Nov 12 19:44:58 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temporary internet files\content.ie5\blgr5zmg\adspopup2[1].js
Sat Nov 12 19:44:58 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temporary internet files\content.ie5\blgr5zmg\common[1].js
Sat Nov 12 19:44:59 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temporary internet files\content.ie5\hsike7tp\adsend[1].js
Sat Nov 12 19:44:59 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\temporary internet files\content.ie5\q3qa1cue\common[1].js
Sat Nov 12 19:44:59 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\Temporary Internet Files\content.ie5\blgr5zmg\adspopup2[1].js
Sat Nov 12 19:44:59 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\Temporary Internet Files\content.ie5\blgr5zmg\common[1].js
Sat Nov 12 19:44:59 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\Temporary Internet Files\content.ie5\hsike7tp\adsend[1].js
Sat Nov 12 19:45:00 2005 => Offending file found: E:\Dokumente und Einstellungen\Kili\Lokale Einstellungen\Temporary Internet Files\content.ie5\q3qa1cue\common[1].js
Sat Nov 12 19:45:00 2005 => Offending file found: E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sat Nov 12 19:45:00 2005 => Offending file found: E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
Sat Nov 12 19:45:00 2005 => Offending file found: E:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Nov 12 19:43:12 2005 => Virus Database Date: 2005/11/12
Sat Nov 12 20:22:57 2005 => Virus Database Date: 2005/11/12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Hilft die weiter?
Kaspersky hat nix gefunden! Aber Escan hat 36 Viren gefunden, weiß zwar nich wo, und ich wie ich die wegbekomme, aber hoffe, das könnte ihr mir noch erklären!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: