Trojaner-Board - benötige hilfe

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - benötige hilfe (https://www.trojaner-board.de/13979-benoetige-hilfe.html)

seit letzter zeit spinnt mein computer! ein freund von mir sagte ich sollte mir hijack this runterladen und für die auswertung bekäme ich hier hilfe, da ich mich nicht wirklich gut auskenne!
hier nun das was hijack this ausspuckte:

danke für eure hilfe!

Logfile of HijackThis v1.99.1
Scan saved at 09:43:18, on 17.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Corinna Hirzinger\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Programme\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT(c) SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Welches Prob hast Du genau?
Dein Logfile ist auf den ersten Blick sauber, außer einem Relikt von Zesoft.
Lade Dir mal eScan und folge genau der Anleitung. Clicke beim Start auf "scan all local drives" und "scan all files". Der scan dauert ca. 1 Std. Poste dann das Ergebnis: Öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.
cacatoa

hy!

alles laut vorgabe gemacht
das wurde nun gefunden!

mein comp. hängt sich öfters beim hochfahren auf; außerdem wird ständig sobald ich word, exel ... aufmachen möchte nach einem norton uptade gefragt, der aber dann einen fehler hat!

danke

Fri Feb 18 08:48:41 2005 => File C:\Programme\Norton AntiVirus\Quarantine\02FD245D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:41 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\046D7239
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\046D7239 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0BB108CC.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0BB108CC.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0BB432C9.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0BB432C9.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0BC404B7.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0BC404B7.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0BC72EB3.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0BC72EB3.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0BF57A81.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0BF57A81.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0BF8247D.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0BF8247D.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0C022272.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0C022272.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\0C194859.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0C194859.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\26DD6C22.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\26DD6C22.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\27AA5831.exe
Fri Feb 18 08:48:42 2005 => File C:\Programme\Norton AntiVirus\Quarantine\27AA5831.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:42 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\292146F3.exe
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\292146F3.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:43 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\2E14563E
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2E14563E infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:43 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\3B99757C.exe
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3B99757C.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:43 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\591B6C17
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\591B6C17 infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:43 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\5CA84C8B.exe
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5CA84C8B.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:43 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\620D5293.exe
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\620D5293.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:43 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\6D293DB6.exe
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6D293DB6.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:48:43 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\7BF2054A.exe
Fri Feb 18 08:48:43 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7BF2054A.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:50:44 2005 => File C:\System Volume Information\_restore{8B19CF65-C414-4DD4-A784-9406F5CC95DE}\RP2\A0001267.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:50:45 2005 => File C:\System Volume Information\_restore{8B19CF65-C414-4DD4-A784-9406F5CC95DE}\RP2\A0001279.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:50:47 2005 => File C:\System Volume Information\_restore{8B19CF65-C414-4DD4-A784-9406F5CC95DE}\RP2\A0001289.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:50:47 2005 => File C:\System Volume Information\_restore{8B19CF65-C414-4DD4-A784-9406F5CC95DE}\RP2\A0001292.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:50:48 2005 => File C:\System Volume Information\_restore{8B19CF65-C414-4DD4-A784-9406F5CC95DE}\RP2\A0001306.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken.

Fri Feb 18 08:52:19 2005 => File C:\System Volume Information\_restore{8B19CF65-C414-4DD4-A784-9406F5CC95DE}\RP8\A0006435.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.

Leere den Quarantäne-Ordner von Norton.
Dann Systemwiederherstellung aus, Rechner aus. Rechner an, Systemwiederherstellung wieder an. Dann sind die unteren sechs auch weg.
Mehr ist erstmal nicht zu sehen.
cacatoa

danke vielmals für deine hilfe!