Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Drop.180Soluti.A. HILFE!!!! (https://www.trojaner-board.de/15498-tr-drop-180soluti-a-hilfe.html)

Micha.79 17.03.2005 16:03
TR/Drop.180Soluti.A. HILFE!!!!
 
hallo habe den trojaner TR/Drop.180Soluti.A.
habe schon fast alles probiert, was in foren zu finden war.
vielleicht kann mir doch jemand helfen.

hier die logfile von eScan:

Code:
code
File C:\WINDOWS\system32\ap9h4qmo.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\nxstinst.exe tagged as not-a-virus:AdWare.NavExcel.i. No Action Taken.
File C:\WINDOWS\remover.dll tagged as not-a-virus:AdWare.NavExcel.i. No Action Taken.
File C:\WINDOWS\system32\ap9h4qmo.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\system32\q17i9a4j.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\system32\qh4mkbv9.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\WINDOWS\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\nxstinst.exe tagged as not-a-virus:AdWare.NavExcel.i. No Action Taken.
File C:\WINDOWS\remover.dll tagged as not-a-virus:AdWare.NavExcel.i. No Action Taken.
File C:\WINDOWS\system32\ap9h4qmo.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\system32\q17i9a4j.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\system32\qh4mkbv9.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

Thu Mar 17 13:39:50 2005 => ***** Scanning complete. *****
Thu Mar 17 13:39:50 2005 => Total Number of Files Scanned: 12582
Thu Mar 17 13:39:50 2005 => Total Number of Virus(es) Found: 13
Thu Mar 17 13:39:50 2005 => Total Number of Disinfected Files: 0
Thu Mar 17 13:39:50 2005 => Total Number of Files Renamed: 0
Thu Mar 17 13:39:50 2005 => Total Number of Deleted Files: 0
Thu Mar 17 13:39:50 2005 => Total Number of Errors: 1
Thu Mar 17 13:39:50 2005 => Time Elapsed: 00:18:09
Thu Mar 17 13:39:50 2005 => Virus Database Date: 2005/03/17
Thu Mar 17 13:39:50 2005 => Virus Database Count: 122275
 
Thu Mar 17 13:39:50 2005 => Scan Completed.
was soll ich machen, das teil kommt immer wieder!

gruß
micha

cronos 17.03.2005 20:15
Erstelle noch zusätzlich einen Log mittels Hijackthis und poste ihn hier im Forum:


www.hjt.klaffke.de

Micha.79 17.03.2005 22:15
Code:
code
Logfile of HijackThis v1.99.1
Scan saved at 22:09:21, on 17.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
C:\PROGRAMME\ANTIVIR\AVWUPSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRAMME\ANTIVIR\AVGNT.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\ShutDownPro\ShutDownPro.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.freenet.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.freenet.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.freenet.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.freenet.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.freenet.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.freenet.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoriten
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\ANTIVIR\AVGNT.EXE /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Programme\Purgatio Pro\checker.exe /check
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - Startup: ShutDownPro.lnk = C:\Programme\ShutDownPro\ShutDownPro.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Programme\TraXEx\Integration\TraXEx 3.0 Internet Explorer.lnk
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O14 - IERESET.INF: START_PAGE_URL=www.google.de
O16 - DPF: baseapplet - https://online-banking.vwbank.de/pkk...baseapplet.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\PROGRAMME\ANTIVIR\AVWUPSRV.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
kann nichts entdecken.

chaosman 17.03.2005 22:31
@Micha.79
poste doch mal folgendes
Öffne C:\bases\mwav.log
Am Ende folgendes suchen und hier rein kopieren:
Zitat:
Total Files Scanned:
Total Virus(es) Found:
Total Disinfected Files:
Total Files Renamed:
Total Deleted Files:
Total Errors:
Time Elapsed:
Virus Database Date:
Virus Database Count:

und
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

poste es per paste and copy methode.
wäre einfacher zum auswerten

chaosman


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19