Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Meine Logfile (https://www.trojaner-board.de/11209-logfile.html)

Machmaganz 25.12.2004 17:17
Meine Logfile
 
Hallo bin das erste mal hier im Forum und brauche Hilfe :confused:
Kann sich bitte mal jemand die Logfile anschauen und mir Tips geben!?

Logfile of HijackThis v1.99.0
Scan saved at 17:10:55, on 25.12.04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMME\ROXIO\GOBACK\GBPOLL.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMME\EZAUDIO\EZAUDIO.EXE
C:\WINDOWS\SYSTEM\FMCTRL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\GNUTELLA LITE\SAAP.EXE
C:\WINDOWS\SPMSMON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\ROXIO\GOBACK\GBTRAY.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\Programme\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\T-Online\BSW3\ONLINE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\T-ONLINE\BSW3\TODUCALC.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\GNUTELLA LITE\MAIN.EXE
C:\PROGRAMME\GNUTELLA LITE\MAIN.EXE
C:\EIGENE DATEIEN\PROGRAMMDOWNLOADS\HIJACKUNZIPPED\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/software/ie401/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [EzAudioTray] C:\PROGRAMME\EZAUDIO\EZAUDIO.EXE TRAYAPP
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [saap] c:\programme\gnutella lite\saap.exe
O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Programme\Roxio\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programme\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: GoBack.lnk = C:\Programme\Roxio\GoBack\GBTray.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programme\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .vem: C:\Programme\Internet Explorer\Plugins\npkit32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de

*Christian* 26.12.2004 01:59
Scanne hiermit im abg. Modus: http://www.trojaner-board.de/42731-escan-anleitung.html

Wo wird was gefunden?

Machmaganz 26.12.2004 21:22
Also hier jetzt mein escan auswertung:
Sun Dec 26 18:56:08 2004 => File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
Sun Dec 26 18:56:10 2004 => File c:\PROGRA~1\GNUTEL~1\SAAP.EXE infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Dec 26 19:07:42 2004 => File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken
Sun Dec 26 19:14:00 2004 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\2FF719B3.728 infected by "Win95.CIH.dam" Virus. Action Taken: No Action
Sun Dec 26 20:15:00 2004 => File C:\Programme\Gnutella Lite\saap.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Dec 26 20:15:01 2004 => File C:\Programme\Gnutella Lite\TBGLZ127Q.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken
Sun Dec 26 20:15:01 2004 => File C:\Programme\Gnutella Lite\saaphook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Dec 26 20:15:31 2004 => File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
Sun Dec 26 20:15:31 2004 => File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken
Sun Dec 26 20:18:46 2004 => File C:\Eigene Dateien\programmdownloads\HIJACKUNZIPPED\backups\backup-20041224-135736-643.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.

*Christian* 27.12.2004 00:32
Lösche die gefundene Malware manuell im abg. Modus.

Scanne anschließend einmal mit Spybot: www.safer-networking.de
Updatete vor einem Scan. Das Tool ist kostenlos.

Wenn du dies gemacht hast, dann poste bitte ein neues Log von HijackThis.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:22 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129