Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Log File (https://www.trojaner-board.de/16101-log-file.html)

poisi 31.03.2005 19:11

Log File
 
hab mir irgendwas eingehandelt :mad:



Hijack this

Zitat:

Logfile of HijackThis v1.99.1
Scan saved at 20:07:39, on 31.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
G:\Sicherheit\bitdefender\vsserv.exe
G:\Sicherheit\bitdefender\bdmcon.exe
G:\Sicherheit\bitdefender\bdswitch.exe
G:\BRENNE~1\ahead\NEROTO~1\DRIVES~1.EXE
G:\Browser\Mozilla\Mozilla.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
G:\Browser\firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
G:\Sonstige\WinRar\WinRAR.exe
C:\DOKUME~1\frodo\LOKALE~1\Temp\Rar$EX00.203\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\SICHER~1\sybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BDMCon] G:\Sicherheit\bitdefender\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] G:\Sicherheit\bitdefender\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] G:\Sicherheit\bitdefender\\bdswitch.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] G:\BRENNE~1\ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Mozilla Quick Launch] "g:\Browser\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Messenger\Icq\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Messenger\Icq\ICQLite\ICQLite.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O16 - DPF: {F49DA492-7B88-463F-B389-CA9A02F6DA76} (Seagate SeaTools German Online) - http://www.seagate.com/support/disc/...npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8002153C-60D5-4759-B34B-804A946D03D6}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\Sicherheit\Sandra\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\Sicherheit\Sandra\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - G:\Sonstige\Speed manager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\Sicherheit\TuneUpUtilitys\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - G:\Sicherheit\bitdefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)






Escan

Zitat:

Tue Jan 04 19:52:29 2005 => File H:\sets\SmileyCentralPFSetup2.0.3.8-2.exe infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
Tue Jan 04 20:05:31 2005 => Scanning File I:\kram\eigene dateien\infected files mittwoch.txt
Fri Jan 07 18:45:04 2005 => File H:\sets\SmileyCentralPFSetup2.0.3.8-2.exe infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
Sun Feb 13 09:36:23 2005 => Scanning Folder: G:\Sicherheit\bitdefender\Infected\*.*
Sun Feb 13 09:36:23 2005 => Scanning File G:\Sicherheit\bitdefender\Infected\F3POPSWT.DLL
Sun Feb 13 09:36:23 2005 => File G:\Sicherheit\bitdefender\Infected\F3POPSWT.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
Sun Feb 13 09:36:23 2005 => Scanning File G:\Sicherheit\bitdefender\Infected\f3PSSavr.scr
Sun Feb 13 09:36:23 2005 => File G:\Sicherheit\bitdefender\Infected\f3PSSavr.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
Sun Feb 13 09:36:23 2005 => Scanning File G:\Sicherheit\bitdefender\Infected\MWSOEMON.EXE
Sun Feb 13 09:36:23 2005 => File G:\Sicherheit\bitdefender\Infected\MWSOEMON.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
Thu Mar 31 18:06:57 2005 => File C:\WINDOWS\iLookup\ezStub22.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
Thu Mar 31 18:06:57 2005 => File C:\WINDOWS\iNetPal\~GLH0006.TMP infected by "Trojan-Downloader.Win32.Agent.er" Virus. Action Taken: No Action Taken.
Thu Mar 31 18:25:00 2005 => Scanning Folder: G:\Sicherheit\bitdefender\Infected\*.*
Thu Mar 31 19:20:46 2005 => File H:\sets\3dseaaquariumtrial.exe infected by "not-a-virus:AdWare.Gator.3103" Virus. Action Taken: No Action Taken.

chaosman 31.03.2005 20:00

@poisi

hab mir irgendwas eingehandelt
Yep.

wechsle in den abgesicherten modus
leere diesen ordner
G:\Sicherheit\bitdefender\Infected\*.*

lösche danach von hand die andere von escan gefundene dateien.
neu booten, neues HJT logfile posten
(dein logfile ist unauffällig)

chaosman

poisi 31.03.2005 20:31

ja hab ich gemacht, danke schonmal :o

was ich seitem noch habe das die taskleiste links waagerecht angezeigt wird, kann aber natürlich nur ein blöder zufall sein..
wo stelle ich das denn um das sie wieder unten horizontal angezeigt wird???

Zitat:

Logfile of HijackThis v1.99.1
Scan saved at 21:32:07, on 31.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
G:\Sicherheit\bitdefender\vsserv.exe
G:\Sicherheit\bitdefender\bdmcon.exe
G:\Sicherheit\bitdefender\bdswitch.exe
G:\BRENNE~1\ahead\NEROTO~1\DRIVES~1.EXE
G:\Browser\Mozilla\Mozilla.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\Explorer.EXE
G:\Browser\firefox\firefox.exe
G:\Sonstige\WinRar\WinRAR.exe
C:\DOKUME~1\frodo\LOKALE~1\Temp\Rar$EX00.063\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\SICHER~1\sybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BDMCon] G:\Sicherheit\bitdefender\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] G:\Sicherheit\bitdefender\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] G:\Sicherheit\bitdefender\\bdswitch.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] G:\BRENNE~1\ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Mozilla Quick Launch] "g:\Browser\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Messenger\Icq\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Messenger\Icq\ICQLite\ICQLite.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O16 - DPF: {F49DA492-7B88-463F-B389-CA9A02F6DA76} (Seagate SeaTools German Online) - http://www.seagate.com/support/disc/...npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8002153C-60D5-4759-B34B-804A946D03D6}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\Sicherheit\Sandra\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\Sicherheit\Sandra\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - G:\Sonstige\Speed manager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\Sicherheit\TuneUpUtilitys\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - G:\Sicherheit\bitdefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Haui45 31.03.2005 20:39

Log schaut sauber aus.

Zitat:

was ich seitem noch habe das die taskleiste links waagerecht angezeigt wird, kann aber natürlich nur ein blöder zufall sein..
wo stelle ich das denn um das sie wieder unten horizontal angezeigt wird???
Dir ist klar, dass horizontal und waagerecht das gleiche bedeuten? ;)
Aber gut:
Rechtklick auf die Taskleiste-> Haken weg bei "Taskleiste fixieren"-> Taskleiste mit gedrücker linker Maustaste an die gewünschte Stelle ziehen.

poisi 31.03.2005 20:42

Zitat:

Zitat von Haui45


Dir ist klar, dass horizontal und waagerecht das gleiche bedeuten? ;)

:headbang: :lach:

danke


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131