|
 Thema: bitte logfile auswerten,danke :> |
Snoke
| Antworten: |
13 |
| Hits: |
18.568 |
|
|
hab eigentlich nur die meiner meinung nach am wichtigsten gepostet,aber was solls :) hier sind sie alle :
File System Found infected by "MyBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "CoolWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "PerfectNav Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "altnet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.d" Virus. Action Taken: No Action Taken.
File C:\Programme\INSTAFINK\InstaFinderK_inst.exe infected by "not-a-virus:AdWare.ToolBar.404Search.h" Virus. Action Taken: No Action Taken.
File C:\Programme\INSTAFINK\instafink.dll infected by "not-a-virus:AdWare.ToolBar.404Search.h" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\AOL Downloads\DivXPro511Adware.exe infected by "not-a-virus:AdWare.Gator.3202" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet27.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\Steam\SteamApps\emailadresse\counter-strike\cstrike\ProblemFix
er.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\Steam\SteamApps\emailadresse\counter-strike\cstrike\SayscriptK
onfiguration.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\Steam\SteamApps\emailadresse\counter-strike\cstrike\UninstallE
sseX.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
FileC:\Eigene Dateien\ICQLite\icqnummer\icqnummer\EsseXScriptpack2.2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Eigene Dateien\aida32ee_393.exe tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Downloads\xme220t.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\SIERRA\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File C:\unzipped\Turmbau\DivXPro502GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\benaliasesger5.5\benaliasesger5.5.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\mIRC\backup\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
greetz,Snoke
|
|
| Thema: bitte logfile auswerten,danke :> |
Snoke
| Antworten: |
13 |
| Hits: |
18.568 |
|
|
Hier ist das Ergebnis vom Jotti-Scan:
Datei: mfcct.exe
Status: INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme: -
AntiVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Trojan.Click.395 gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Trojan-Downloader.Win32.Agent.bq gefunden
mks_vir Keine Viren gefunden
NOD32 Win32/TrojanDownloader.Agent.BQ gefunden
Norman Virus Control Keine Viren gefunden
VBA32 Keine Viren gefunden
habs darauf hingelöscht und hab dann escan gemacht,da das mit der find.bat nich geklappt hat,hab ich alles kopiert:
Sat May 14 01:40:31 2005 => System found infected with MyBar Spyware/Adware ({3646C2BD-3554-49CA-8125-44DEEFB881DE})! Action taken: No Action Taken.
Sat May 14 01:40:31 2005 => File System Found infected by "MyBar Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:40:39 2005 => System found infected with myway Spyware/Adware! Action taken: No Action Taken.
Sat May 14 01:40:39 2005 => File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:40:42 2005 => System found infected with sw Spyware/Adware! Action taken: No Action Taken.
Sat May 14 01:40:42 2005 => File System Found infected by "sw Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:40:42 2005 => System found infected with CoolWebSearch Spyware/Adware! Action taken: No Action Taken.
Sat May 14 01:40:42 2005 => File System Found infected by "CoolWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:40:42 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Sat May 14 01:40:42 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:40:47 2005 => System found infected with PerfectNav Spyware/Adware! Action taken: No Action Taken.
Sat May 14 01:40:47 2005 => File System Found infected by "PerfectNav Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:40:50 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Sat May 14 01:40:50 2005 => File System Found infected by "altnet Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:40:53 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat May 14 01:40:53 2005 => File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
Sat May 14 01:49:28 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat May 14 02:03:27 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat May 14 02:17:02 2005 => File C:\Programme\AOL 8.0b\aol90\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
danke nochmal für die schnellen antworten :)
peace and greetz,Snoke
|
|
| Thema: bitte logfile auswerten,danke :> |
Snoke
| Antworten: |
13 |
| Hits: |
18.568 |
|
|
servus leutz,hab gehört das hier is n gutes board zum auswerten von hjt logfiles.da ich von sowas keine ahnung hab,wende ich mich also mal an euch.hier des logfile:
Logfile of HijackThis v1.99.1
Scan saved at 21:47:54, on 13.05.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\MFCCT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\AOL 9.0G\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\AOL 9.0G\SHELLMON.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\obxey.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\obxey.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\obxey.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\obxey.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\obxey.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\obxey.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\obxey.dll/sp.html#83556
R3 - Default URLSearchHook is missing
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: Class - {7CDDB620-5ABD-0600-A30E-EA965954291F} - C:\WINDOWS\MSCQ.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMME\MSN APPS\MSN TOOLBAR\01.02.4000.1001\DE\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WAOL.EXE] C:\PROGRAMME\AOL 9.0G\WAOL.EXE
O4 - HKLM\..\Run: [MFCCT.EXE] C:\WINDOWS\MFCCT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - h**p://www.emusic.com?fref=149133 (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - h**p://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
danke :p
peace and greetz,Snoke
|
|
|
| |
