Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Büdde; Würde jemand mein HijackThis Log auswerten (https://www.trojaner-board.de/19893-buedde-wuerde-jemand-hijackthis-log-auswerten.html)

Phytagoras 16.07.2005 12:14

Büdde; Würde jemand mein HijackThis Log auswerten
 
Hi^^
Da ich mir wieder sehr sicher bin, dass ich tausende trojaner und sonstiges zeuchs aufm pc hab, würde ich mich freuen, wenn einer mein HijackThis Log auswerten würde. Schonmal Danke :P

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:10:47, on 16.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Games\Steam\Steam.exe
c:\windows\system32\dwrszo.exe
C:\Programme\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\Kevin\LOKALE~1\Temp\_tc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [yzadfih] c:\windows\system32\dwrszo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Games\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOKUME~1\Kevin\LOKALE~1\Temp\nsxAF9.tmp"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4ABE30D-8167-401D-A790-BB80B31587F2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4ABE30D-8167-401D-A790-BB80B31587F2}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
_____________
Anm.
Aktive Links editiert!
Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis.


LG Cidre
S-Mod TB

cronos 16.07.2005 16:38

Ich würde dir raten, dein System zunächst mit Escan zu prüfen und uns dann die Ergebnisse mitzuteilen.

Phytagoras 16.07.2005 19:43

Das stand in der eScan_neu.txt:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 18:55:04 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:19 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:38 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:03:41 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01234567\DrPMon[1].dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:04:30 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0VQFGHUD\svcproc[1].exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:05:06 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTAJ8TYJ\Poller[1].exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:12 2005 => Scanning File C:\Quarantäne\infected.log [**]
Sat Jul 16 19:45:13 2005 => File C:\Quarantäne\svcproc.exe.Vir infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.0 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.1 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.2 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.3 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.4 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:02:48 2005 => File

Cidre 17.07.2005 00:34

Die Virus Log Information ist unvollständig.
Poste nochmal die komplette Info.

Phytagoras 17.07.2005 09:16

Ups. Sorry^^ Nu ist hier das hoffentlich komplette:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 18:55:04 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:19 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:38 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:03:41 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01234567\DrPMon[1].dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:04:30 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0VQFGHUD\svcproc[1].exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:05:06 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTAJ8TYJ\Poller[1].exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:12 2005 => Scanning File C:\Quarantäne\infected.log [**]
Sat Jul 16 19:45:13 2005 => File C:\Quarantäne\svcproc.exe.Vir infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.0 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.1 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.2 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.3 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.4 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:02:48 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:10:45 2005 => File D:\Polaris\Download\Xray.exe infected by "HackTool.Win32.Xray.a" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:33:29 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 18:55:21 2005 => File D:\Polaris\polaris.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.601. No Action Taken.
Sat Jul 16 19:03:00 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temp\nsvAE6.tmp tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
Sat Jul 16 19:03:22 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temp\VRV\aurareco.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
Sat Jul 16 19:04:09 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0VQFGHUD\aurora[1].exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
Sat Jul 16 19:05:04 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTAJ8TYJ\Nail[1].exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Sat Jul 16 19:07:37 2005 => File C:\Games\Drug Wars\DWTrainer.exe tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken.
Sat Jul 16 19:53:43 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Sat Jul 16 20:07:28 2005 => File D:\downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Jul 16 20:09:28 2005 => File D:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Jul 16 20:10:25 2005 => File D:\Polaris\Addons\trsc-winamp_plugin__103.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Jul 16 20:10:49 2005 => File D:\Polaris\polaris.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.601. No Action Taken.
Sat Jul 16 20:22:37 2005 => File E:\Drugwars 1.3.1080.rar tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 20:33:29 2005 => Total Virus(es) Found: 26
Sat Jul 16 20:33:29 2005 => Total Errors: 84
Sat Jul 16 20:33:29 2005 => Time Elapsed: 01:38:39
Sat Jul 16 20:33:29 2005 => Total Objects Scanned: 87710
Sat Jul 16 18:54:20 2005 => Virus Database Date: 2005/07/16
Sat Jul 16 20:33:29 2005 => Virus Database Date: 2005/07/16
Sat Jul 16 20:43:55 2005 => Virus Database Date: 2005/07/16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

chaosman 17.07.2005 10:08

@Phytagoras
Agent.db
hier ein paar infos
http://www.sophos.de/virusinfo/analy...ojagentdb.html
ich kann dir nur raten dein system neu aufzusetzen, da es sich um ein backdoor handelt.
hier eine anleitung http://www.trojaner-board.de/showpos...28&postcount=2


sry
chaosman

Phytagoras 17.07.2005 17:54

Gibts denn keine andere möglichkeit, dass ding wegzubekommen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131