Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Meine Logfile (https://www.trojaner-board.de/11209-logfile.html)

Machmaganz 25.12.2004 17:17
Meine Logfile
 
Hallo bin das erste mal hier im Forum und brauche Hilfe :confused:
Kann sich bitte mal jemand die Logfile anschauen und mir Tips geben!?

Logfile of HijackThis v1.99.0
Scan saved at 17:10:55, on 25.12.04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMME\ROXIO\GOBACK\GBPOLL.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMME\EZAUDIO\EZAUDIO.EXE
C:\WINDOWS\SYSTEM\FMCTRL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\GNUTELLA LITE\SAAP.EXE
C:\WINDOWS\SPMSMON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\ROXIO\GOBACK\GBTRAY.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\Programme\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\T-Online\BSW3\ONLINE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\T-ONLINE\BSW3\TODUCALC.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\GNUTELLA LITE\MAIN.EXE
C:\PROGRAMME\GNUTELLA LITE\MAIN.EXE
C:\EIGENE DATEIEN\PROGRAMMDOWNLOADS\HIJACKUNZIPPED\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/software/ie401/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [EzAudioTray] C:\PROGRAMME\EZAUDIO\EZAUDIO.EXE TRAYAPP
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [saap] c:\programme\gnutella lite\saap.exe
O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Programme\Roxio\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programme\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: GoBack.lnk = C:\Programme\Roxio\GoBack\GBTray.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programme\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .vem: C:\Programme\Internet Explorer\Plugins\npkit32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de

*Christian* 26.12.2004 01:59
Scanne hiermit im abg. Modus: http://www.trojaner-board.de/42731-escan-anleitung.html

Wo wird was gefunden?

Machmaganz 26.12.2004 21:22
Also hier jetzt mein escan auswertung:
Sun Dec 26 18:56:08 2004 => File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
Sun Dec 26 18:56:10 2004 => File c:\PROGRA~1\GNUTEL~1\SAAP.EXE infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Dec 26 19:07:42 2004 => File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken
Sun Dec 26 19:14:00 2004 => File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\2FF719B3.728 infected by "Win95.CIH.dam" Virus. Action Taken: No Action
Sun Dec 26 20:15:00 2004 => File C:\Programme\Gnutella Lite\saap.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Dec 26 20:15:01 2004 => File C:\Programme\Gnutella Lite\TBGLZ127Q.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken
Sun Dec 26 20:15:01 2004 => File C:\Programme\Gnutella Lite\saaphook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Dec 26 20:15:31 2004 => File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
Sun Dec 26 20:15:31 2004 => File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken
Sun Dec 26 20:18:46 2004 => File C:\Eigene Dateien\programmdownloads\HIJACKUNZIPPED\backups\backup-20041224-135736-643.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.

*Christian* 27.12.2004 00:32
Lösche die gefundene Malware manuell im abg. Modus.

Scanne anschließend einmal mit Spybot: www.safer-networking.de
Updatete vor einem Scan. Das Tool ist kostenlos.

Wenn du dies gemacht hast, dann poste bitte ein neues Log von HijackThis.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131