Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   hijack logfile (https://www.trojaner-board.de/15926-hijack-logfile.html)

Rockplattenliebhaber 27.03.2005 10:14
Problem "MS-Search.com" ads remover
 
Habe gleichmal die Empfehlung befolgt alles zusammen aufzulisten:

1.

Ich habe ein Programm „MS-Search.com ads remover“ auf meinem Rechner gefunden, habe mittels hijack eine logdatei erstellt und mir merkwürdig erscheinende Pfade gelöscht. Jedoch weiß ich nicht, ob ich jetzt alles erwischt habe. Hier mal die Logdatei von hijack:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:23, on 27.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SOINTGR.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\CARPSERV.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\WINDOWS.000\RunDLL.exe
C:\WINDOWS.000\SYSTEM\TCZUXE.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
D:\MARKUS\PROGRAMME UND ANWENDUNGEN\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.de/search/msie40.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [srov] C:\WINNT\srov.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS.000\SOINTGR.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\SYSTEM\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE System\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SFPDLL] C:\WINDOWS.000\SYSTEM\SFPDLL.EXE
O4 - HKCU\..\Run: [Pica] C:\WINDOWS.000\Anwendungsdaten\aoat.exe
O4 - HKCU\..\Run: [Dndmps] C:\WINDOWS.000\SYSTEM\tczuxe.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.lycos.de/
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)


2. Der Scan mit eScan

die Suche mit dem eScan war “erfolgreich”. Ist ne ganze Menge und ich bin mir nicht sicher, ob ich nicht vielleicht die gesamte Software neu installieren sollte. Was meinst du? Mein Windows ME habe ich seit dem Kauf des Rechners vor einem dreiviertel Jahr nie neu installiert.

Hier die logdatei:

Sun Mar 27 13:53:55 2005 => File C:\WINDOWS.000\SYSTEM\SEQSB.DLL infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:53:57 2005 => File C:\WINDOWS.000\SYSTEM\TCZUXE.EXE infected by "not-a-virus:AdWare.PurityScan.aa" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:53:57 2005 => File C:\WINDOWS.000\SYSTEM\TCZUXE.EXE infected by "not-a-virus:AdWare.PurityScan.aa" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:02 2005 => File C:\WINDOWS.000\SYSTEM\seqsb.dll infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File C:\WINDOWS.000\SYSTEM\tczuxe.exe infected by "not-a-virus:AdWare.PurityScan.aa" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => System found infected with sidefind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "sidefind Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with istsvc Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "istsvc Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with DyFuCA Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with ist Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "ist Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with Internet Optimizer Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "Internet Optimizer Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with avenue media Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with IstBAR Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => System found infected with IstBAR Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with SideFind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with SideFind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:54:06 2005 => System found infected with SideFind Spyware/Adware! Action taken: No Action Taken.
Sun Mar 27 13:54:06 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:55:19 2005 => File C:\WINDOWS.000\SYSTEM\translate.exe infected by "Trojan-Dropper.Win32.Small.no" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:55:19 2005 => File C:\WINDOWS.000\SYSTEM\uninistneo.exe infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:57:46 2005 => File C:\_RESTORE\TEMP\A0054284.CPY infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:56 2005 => File C:\_RESTORE\TEMP\A0054342.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:56 2005 => File C:\_RESTORE\TEMP\SYSTEM~1.0 infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054460.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054462.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054466.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054470.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 13:57:57 2005 => File C:\_RESTORE\TEMP\A0054471.CPY infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 13:58:34 2005 => File C:\_RESTORE\ARCHIVE\FS307.CAB infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:20 2005 => File C:\_RESTORE\ARCHIVE\FS202.CAB infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:20 2005 => File C:\_RESTORE\ARCHIVE\FS129.CAB infected by "Trojan-Dropper.Win32.Small.ls" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:59 2005 => File C:\_RESTORE\ARCHIVE\FS206.CAB infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:59 2005 => File C:\_RESTORE\ARCHIVE\FS205.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.b" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:00:59 2005 => File C:\_RESTORE\ARCHIVE\FS196.CAB infected by "Trojan-Downloader.Win32.Lookme.i" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:01 2005 => File C:\_RESTORE\ARCHIVE\FS191.CAB infected by "Trojan-Downloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:03 2005 => File C:\_RESTORE\ARCHIVE\FS194.CAB infected by "Trojan-Downloader.Win32.WinShow.am" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:05 2005 => File C:\_RESTORE\ARCHIVE\FS198.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 14:01:05 2005 => File C:\_RESTORE\ARCHIVE\FS200.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken. Sun Mar 27 14:01:05 2005 => File C:\_RESTORE\ARCHIVE\FS201.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.

Sun Mar 27 14:01:09 2005 => File C:\_RESTORE\ARCHIVE\FS204.CAB infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:10 2005 => File C:\_RESTORE\ARCHIVE\FS210.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:10 2005 => File C:\_RESTORE\ARCHIVE\FS207.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:10 2005 => File C:\_RESTORE\ARCHIVE\FS209.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:13 2005 => File C:\_RESTORE\ARCHIVE\FS215.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:13 2005 => File C:\_RESTORE\ARCHIVE\FS214.CAB infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:17 2005 => File C:\_RESTORE\ARCHIVE\FS260.CAB infected by "Trojan-Downloader.Win32.Agent.dy" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:18 2005 => File C:\_RESTORE\ARCHIVE\FS266.CAB infected by "Trojan.Win32.Scapur.h" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:18 2005 => File C:\_RESTORE\ARCHIVE\FS267.CAB infected by "not-a-virus:AdWare.PurityScan.z" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:18 2005 => File C:\_RESTORE\ARCHIVE\FS316.CAB infected by "not-a-virus:AdWare.PurityScan.af" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:21 2005 => File C:\_RESTORE\ARCHIVE\FS221.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:30 2005 => File C:\_RESTORE\ARCHIVE\FS222.CAB infected by "not-a-virus:AdWare.ToolBar.Neon.c" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:37 2005 => File C:\_RESTORE\ARCHIVE\FS315.CAB infected by "not-a-virus:AdWare.PurityScan.ai" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:01:38 2005 => File C:\_RESTORE\ARCHIVE\FS357.CAB infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:02:03 2005 => File C:\_RESTORE\ARCHIVE\FS369.CAB infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:02:09 2005 => File C:\_RESTORE\ARCHIVE\FS378.CAB infected by "not-a-virus:AdWare.ToolBar.Tubby.b" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:04:30 2005 => File C:\WINDOWS.000\SYSTEM\translate.exe infected by "Trojan-Dropper.Win32.Small.no" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:04:30 2005 => File C:\WINDOWS.000\SYSTEM\translate.exe infected by "Trojan-Dropper.Win32.Small.no" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:10:08 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Mar 27 14:17:17 2005 => File D:\Markus\Programme und Anwendungen\hijackthis\backups\backup-20050326-124320-175.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
Sun Mar 27 14:17:18 2005 => File D:\Markus\Programme und Anwendungen\hijackthis\backups\backup-20050326-124550-492.dll infected by "not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.

Sun Mar 27 14:17:21 2005 => ***** Scanning complete. *****

Sun Mar 27 14:17:21 2005 => Total Files Scanned: 21554
Sun Mar 27 14:17:21 2005 => Total Virus(es) Found: 59
Sun Mar 27 14:17:21 2005 => Total Disinfected Files: 0
Sun Mar 27 14:17:21 2005 => Total Files Renamed: 0
Sun Mar 27 14:17:21 2005 => Total Deleted Files: 0
Sun Mar 27 14:17:21 2005 => Total Errors: 6
Sun Mar 27 14:17:21 2005 => Time Elapsed: 00:22:48
Sun Mar 27 14:17:21 2005 => Virus Database Date: 2005/03/24
Sun Mar 27 14:17:21 2005 => Virus Database Count: 123152

Sun Mar 27 14:17:21 2005 => Scan Completed.

Ich hoffe, dass man damit etwas anfangen kann.

chaosman 27.03.2005 11:50
@Rockplattenliebhaber
update als erstes den IE

lade escan
download
anleitung
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

hast du dein ME mal neuinstallieren müssen?

chaosman


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131