Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
hijack logfile

hijack logfile


Log-Analyse und Auswertung: hijack logfile

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.03.2005, 10:14   #1
Rockplattenliebhaber
 
hijack logfile - Standard

Problem "MS-Search.com" ads remover


Habe gleichmal die Empfehlung befolgt alles zusammen aufzulisten:

1.

Ich habe ein Programm „MS-Search.com ads remover“ auf meinem Rechner gefunden, habe mittels hijack eine logdatei erstellt und mir merkwürdig erscheinende Pfade gelöscht. Jedoch weiß ich nicht, ob ich jetzt alles erwischt habe. Hier mal die Logdatei von hijack:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:23, on 27.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SOINTGR.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\CARPSERV.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\WINDOWS.000\RunDLL.exe
C:\WINDOWS.000\SYSTEM\TCZUXE.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
D:\MARKUS\PROGRAMME UND ANWENDUNGEN\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.de/search/msie40.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [srov] C:\WINNT\srov.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS.000\SOINTGR.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\SYSTEM\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE System\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SFPDLL] C:\WINDOWS.000\SYSTEM\SFPDLL.EXE
O4 - HKCU\..\Run: [Pica] C:\WINDOWS.000\Anwendungsdaten\aoat.exe
O4 - HKCU\..\Run: [Dndmps] C:\WINDOWS.000\SYSTEM\tczuxe.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.lycos.de/
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)


2. Der Scan mit eScan

die Suche mit dem eScan war “erfolgreich”. Ist ne ganze Menge und ich bin mir nicht sicher, ob ich nicht vielleicht die gesamte Software neu installieren sollte. Was meinst du? Mein Windows ME habe ich seit dem Kauf des Rechners vor einem dreiviertel Jahr nie neu installiert.

Hier die logdatei:

Sun Mar 27 13:53:55 2005 => File C:\WINDOWS.000\SYSTEM\SEQSB.DLL infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:53:57 2005 => File C:\WINDOWS.000\SYSTEM\TCZUXE.EXE infected by "not-a-virus:AdWare.PurityScan.aa" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:53:57 2005 => File C:\WINDOWS.000\SYSTEM\TCZUXE.EXE infected by "not-a-virus:AdWare.PurityScan.aa" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:02 2005 => File C:\WINDOWS.000\SYSTEM\seqsb.dll infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File C:\WINDOWS.000\SYSTEM\tczuxe.exe infected by "not-a-virus:AdWare.PurityScan.aa" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => System found infected with sidefind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "sidefind Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with istsvc Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "istsvc Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with DyFuCA Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with ist Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "ist Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with Internet Optimizer Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "Internet Optimizer Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with avenue media Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with IstBAR Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => System found infected with IstBAR Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with SideFind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with SideFind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with SideFind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:55:19 2005 => File C:\WINDOWS.000\SYSTEM\translate.exe infected by "Trojan-Dropper.Win32.Small.no" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:55:19 2005 => File C:\WINDOWS.000\SYSTEM\uninistneo.exe infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:57:46 2005 => File C:\_RESTORE\TEMP\A0054284.CPY infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:56 2005 => File C:\_RESTORE\TEMP\A0054342.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:56 2005 => File C:\_RESTORE\TEMP\SYSTEM~1.0 infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054460.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054462.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054466.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054470.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054471.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:58:34 2005 => File C:\_RESTORE\ARCHIVE\FS307.CAB infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:20 2005 => File C:\_RESTORE\ARCHIVE\FS202.CAB infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:20 2005 => File C:\_RESTORE\ARCHIVE\FS129.CAB infected by "Trojan-Dropper.Win32.Small.ls" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:59 2005 => File C:\_RESTORE\ARCHIVE\FS206.CAB infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:59 2005 => File C:\_RESTORE\ARCHIVE\FS205.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.b" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:59 2005 => File C:\_RESTORE\ARCHIVE\FS196.CAB infected by "Trojan-Downloader.Win32.Lookme.i" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:01 2005 => File C:\_RESTORE\ARCHIVE\FS191.CAB infected by "Trojan-Downloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:03 2005 => File C:\_RESTORE\ARCHIVE\FS194.CAB infected by "Trojan-Downloader.Win32.WinShow.am" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:05 2005 => File C:\_RESTORE\ARCHIVE\FS198.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 14:01:05 2005 => File C:\_RESTORE\ARCHIVE\FS200.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken. Sun Mar 27 14:01:05 2005 => File C:\_RESTORE\ARCHIVE\FS201.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 14:01:09 2005 => File C:\_RESTORE\ARCHIVE\FS204.CAB infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:10 2005 => File C:\_RESTORE\ARCHIVE\FS210.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:10 2005 => File C:\_RESTORE\ARCHIVE\FS207.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:10 2005 => File C:\_RESTORE\ARCHIVE\FS209.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:13 2005 => File C:\_RESTORE\ARCHIVE\FS215.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:13 2005 => File C:\_RESTORE\ARCHIVE\FS214.CAB infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:17 2005 => File C:\_RESTORE\ARCHIVE\FS260.CAB infected by "Trojan-Downloader.Win32.Agent.dy" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:18 2005 => File C:\_RESTORE\ARCHIVE\FS266.CAB infected by "Trojan.Win32.Scapur.h" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:18 2005 => File C:\_RESTORE\ARCHIVE\FS267.CAB infected by "not-a-virus:AdWare.PurityScan.z" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:18 2005 => File C:\_RESTORE\ARCHIVE\FS316.CAB infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:21 2005 => File C:\_RESTORE\ARCHIVE\FS221.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:30 2005 => File C:\_RESTORE\ARCHIVE\FS222.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:37 2005 => File C:\_RESTORE\ARCHIVE\FS315.CAB infected by "not-a-virus:AdWare.PurityScan.ai" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:38 2005 => File C:\_RESTORE\ARCHIVE\FS357.CAB infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:02:03 2005 => File C:\_RESTORE\ARCHIVE\FS369.CAB infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:02:09 2005 => File C:\_RESTORE\ARCHIVE\FS378.CAB infected by "not-a-virus:AdWare.ToolBar.Tubby.b" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:04:30 2005 => File C:\WINDOWS.000\SYSTEM\translate.exe infected by "Trojan-Dropper.Win32.Small.no" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:04:30 2005 => File C:\WINDOWS.000\SYSTEM\translate.exe infected by "Trojan-Dropper.Win32.Small.no" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:10:08 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Mar 27 14:17:17 2005 => File D:\Markus\Programme und Anwendungen\hijackthis\backups\backup-20050326-124320-175.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:17:18 2005 => File D:\Markus\Programme und Anwendungen\hijackthis\backups\backup-20050326-124550-492.dll infected by "not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.

Sun Mar 27 14:17:21 2005 => ***** Scanning complete. *****

Sun Mar 27 14:17:21 2005 => Total Files Scanned: 21554
Sun Mar 27 14:17:21 2005 => Total Virus(es) Found: 59
Sun Mar 27 14:17:21 2005 => Total Disinfected Files: 0
Sun Mar 27 14:17:21 2005 => Total Files Renamed: 0
Sun Mar 27 14:17:21 2005 => Total Deleted Files: 0
Sun Mar 27 14:17:21 2005 => Total Errors: 6
Sun Mar 27 14:17:21 2005 => Time Elapsed: 00:22:48
Sun Mar 27 14:17:21 2005 => Virus Database Date: 2005/03/24
Sun Mar 27 14:17:21 2005 => Virus Database Count: 123152

Sun Mar 27 14:17:21 2005 => Scan Completed.

Ich hoffe, dass man damit etwas anfangen kann.
Geändert von Rockplattenliebhaber (28.03.2005 um 09:36 Uhr)

Alt 27.03.2005, 11:50   #2
chaosman
 
hijack logfile - Standard

hijack logfile


@Rockplattenliebhaber
update als erstes den IE

lade escan
download
anleitung
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

hast du dein ME mal neuinstallieren müssen?

chaosman
__________________

__________________
Antwort

Themen zu hijack logfile
acrobat, adobe, adware.180solutions, anwendungen, bho, explorer, hijack, hijackthis, infected, internet, internet explorer, microsoft, neu, neu installieren, nicht sicher, not-a-virus, office, problem, programm, programme, remover, rundll, software, start, suche, system, temp, windows


« Problem - Irgendwas eingefangen | Exploit.Win32.IMG-ANI.c »


Ähnliche Themen: hijack logfile


  1. Hijack logfile
    Log-Analyse und Auswertung - 13.12.2010 (6)
  2. Hijack This Logfile
    Log-Analyse und Auswertung - 22.07.2010 (1)
  3. Hijack Logfile
    Log-Analyse und Auswertung - 22.07.2010 (2)
  4. Hijack Logfile
    Mülltonne - 15.04.2008 (2)
  5. Hijack Logfile
    Log-Analyse und Auswertung - 24.02.2007 (1)
  6. Hijack This Logfile
    Log-Analyse und Auswertung - 06.06.2006 (12)
  7. hijack logfile
    Log-Analyse und Auswertung - 13.10.2005 (1)
  8. Hijack Logfile
    Log-Analyse und Auswertung - 03.09.2005 (1)
  9. hijack this logfile
    Log-Analyse und Auswertung - 17.07.2005 (3)
  10. Logfile Hijack v1.99.1
    Log-Analyse und Auswertung - 02.05.2005 (9)
  11. HIjack logfile
    Log-Analyse und Auswertung - 28.04.2005 (3)
  12. HiJack-Logfile
    Log-Analyse und Auswertung - 18.01.2005 (3)
  13. Hijack Logfile
    Log-Analyse und Auswertung - 17.01.2005 (1)
  14. Hijack This Logfile
    Log-Analyse und Auswertung - 11.12.2004 (18)
  15. hijack logfile
    Plagegeister aller Art und deren Bekämpfung - 22.08.2004 (6)
  16. hijack-Logfile ist das O.K
    Plagegeister aller Art und deren Bekämpfung - 03.06.2004 (1)
  17. Hijack Logfile
    Plagegeister aller Art und deren Bekämpfung - 23.05.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema hijack logfile - Habe gleichmal die Empfehlung befolgt alles zusammen aufzulisten: 1. Ich habe ein Programm „MS-Search.com ads remover“ auf meinem Rechner gefunden, habe mittels hijack eine logdatei erstellt und mir merkwürdig erscheinende - hijack logfile...
Archiv
Du betrachtest: hijack logfile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55