Trojaner Tr/Dldr.Agent.uj1Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
26.01.2006, 12:30
Ehrenmitglied
Themenstarter Beiträge: 29434 |
||
|
||
26.01.2006, 19:50
...neu hier
Beiträge: 9 |
#17
Hallo,
ich habe den online-sacan gemacht. Während des scans hat jedoch F-Secure auch einen automatischen scan durchgeführt und einen Virus gefunden. Danach hab ich C:/Windows nochmal von Kaspersky scannen lassen. Hier sind die 2 reports von Kaspersky, der von f-secure und der Hijackthis logfile: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, January 26, 2006 19:18:13 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 26/01/2006 Kaspersky Anti-Virus database records: 162725 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 60699 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 5830 sec No malware has been detected. The sections that have been scanned are CLEAN. Scan process completed. ________________________________________________________________ ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, January 26, 2006 19:40:00 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 26/01/2006 Kaspersky Anti-Virus database records: 162727 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\WINDOWS\ Scan Statistics: Total number of scanned objects: 16014 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 1019 sec No malware has been detected. The sections that have been scanned are CLEAN. Scan process completed. ________________________________________________________________ Scan-Bericht Donnerstag, 26. Januar 2006 19:05:22 - 19:05:34 Computername: FRANK Scan-Methode: Ziel nach Viren scannen Ziel: C:\SYSTEM VOLUME INFORMATION\_RESTORE{4C1370E4-2AC6-4847-8696-15CABFA85639}\RP13\A0003624.EXE -------------------------------------------------------------------------------- Ergebnis: 1 Malware gefunden Backdoor.Win32.Agent.rw (Virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{4C1370E4-2AC6-4847-8696-15CABFA85639}\RP13\A0003624.EXE Aktion: gelöscht -------------------------------------------------------------------------------- Statistiken Gescannt: Dateien: 1 Systemregistrierung: 0 Nicht gescannt: 0 Ergebnis: Viren: 1 Spyware: 0 Verdächtige Elemente: 0 Aktionen: Desinfiziert: 0 Umbenannt: 0 Gelöscht: 1 Unter Quarantäne gestellt: 0 Fehlgeschlagen: 0 Boot-Sektoren: Gescannt: 0 Infiziert: 0 Verdächtige Elemente: 0 Desinfiziert: 0 -------------------------------------------------------------------------------- Optionen Version der Definitionen: Viren: 2006-01-26_04 Spyware: 2006-01-24_01 Scan-Module: F-Secure AVP: 6.00.169, 2006-01-26 F-Secure Libra: 2.03.11, 2006-01-26 F-Secure Orion: 1.02.37, 2006-01-26 F-Secure Draco: 1.00.35, 2006-01-24 _________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 19:40:21, on 26.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE E:\Neuer Ordner\ewido anti-malware\ewidoctrl.exe C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE C:\Programme\F-Secure Internet Security\Common\FCH32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Programme\F-Secure Internet Security\FSPC\fspc.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Programme\F-Secure Internet Security\Common\FSM32.EXE C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Frank Ricco\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Acronis Schedule] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule\schedule.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [AWMON] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [cFosDNT] C:\Programme\1&1 Programme\cFos\cFosDNT.exe O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Programme\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKCU\..\Run: [cFos - Tip of the Day] C:\Programme\1&1 Programme\cFos\setup.exe -tipoftheday 0 -type5 O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: ewido security suite control - ewido networks - E:\Neuer Ordner\ewido anti-malware\ewidoctrl.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe _______________________ Grüße Frank31 |
|
|
||
27.01.2006, 00:56
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#18
frank31
das sicherste ist, die Systemwiederherstellung http://virus-protect.org/systemwiederherstellung.html zu deaktivieren. (dann booten und wieder aktivieren) dann sollte alles wieder in Ordnung sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.01.2006, 13:01
...neu hier
Beiträge: 9 |
||
|
||
http://virus-protect.org/onlinescan.html
__________
MfG Sabina
rund um die PC-Sicherheit