Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   bekomme den trojaner nicht weg (https://www.trojaner-board.de/17455-bekomme-trojaner-weg.html)

gulliver29 05.05.2005 17:35
bekomme den trojaner nicht weg
 
Logfile of HijackThis v1.99.1
Scan saved at 18:28:34, on 05/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\NVATray.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\McAfee\McAfee QuickClean\Plguni.exe
C:\Programme\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Marion\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ffw-klein-bennebek.de/wbb23/portal.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [MimBoot] C:\Programme\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Xezjp] C:\Program Files\Kcumtn\Yzmyxa.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegvj32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Programme\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Programme\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Registration.lnk = C:\Programme\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Programme\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Programme\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Programme\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .psd: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c112.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106408832452
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

gulliver29 05.05.2005 19:20
sorry wegen den doppel posting aber der trojaner lässt sich nicht löschen.

C:\windows\system32\elitegvj32.exe

das file sollte es sein aber in den ordner finde ich es nicht .Habe alles zum anzeigen gemacht und eingestellt aber das file diese exe ist nicht da:(

bitte hilft mir das ich das ding wieder loswerde

gruss gulliver29

Cidre 05.05.2005 20:53
Hallo,

eventuell wurde diese Datei von McAfee schon gekillt und es ist nur der Reg Key noch übrig geblieben.

Lade und scanne mit eScan AntiVirus im abgesicherten Modus und poste uns die Virus Log Information [1].
Beachte die Hinweise!

[1] Rechtsklick auf die Find.bat -> Ziel speichern unter… z.B. 'C:\Find.bat' -> Find.bat doppelklicken und den Scan abwarten -> den Inhalt der automatisch erstellten C:\eScan_neu.txt hier posten.

gulliver29 06.05.2005 22:52
Fri May 06 22:44:03 2005 => ***** Scanning complete. *****

Fri May 06 22:44:03 2005 => Total Objects Scanned: 113990
Fri May 06 22:44:03 2005 => Total Virus(es) Found: 23
Fri May 06 22:44:03 2005 => Total Disinfected Files: 0
Fri May 06 22:44:03 2005 => Total Files Renamed: 0
Fri May 06 22:44:03 2005 => Total Deleted Objects: 0
Fri May 06 22:44:03 2005 => Total Errors: 44
Fri May 06 22:44:03 2005 => Time Elapsed: 01:34:45
Fri May 06 22:44:03 2005 => Virus Database Date: 2005/05/05
Fri May 06 22:44:03 2005 => Virus Database Count: 128422

Fri May 06 22:44:03 2005 => Scan Completed.

das andere was du geschrieben hast mit der find.bat weiss leider nicht was ich da machen muss.

es wäre sehr nett wenn du mir das genauer erklären kannst

gruss gulliver

File System Found infected by "XXXToolbar Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\unregister.exe infected by "not-a-virus:AdWare.ToolBar.VB.f" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Marion\LOKALE~1\Temp\temp.frB2FF\EliteSideBar 08.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Marion\LOKALE~1\Temp\temp.frC79A\EliteToolBar version 60.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.af" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Marion\Lokale Einstellungen\Temp\temp.frB2FF\EliteSideBar 08.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Marion\Lokale Einstellungen\Temp\temp.frC79A\EliteToolBar version 60.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.af" Virus. Action Taken: No Action Taken.
File C:\Programme\Serv-U\ServUAdmin.exe tagged as not-a-virus:RiskWare.FTP.Serv-U.5201. No Action Taken.
File C:\Programme\Serv-U\ServUTray.exe tagged as not-a-virus:RiskWare.FTP.Serv-U.5201. No Action Taken.
File C:\System Volume Information\_restore{67715C8D-7987-4E29-8468-737D0F208987}\RP103\A0016723.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{67715C8D-7987-4E29-8468-737D0F208987}\RP104\A0019081.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{67715C8D-7987-4E29-8468-737D0F208987}\RP113\A0019463.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{67715C8D-7987-4E29-8468-737D0F208987}\RP113\A0019464.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\unregister.exe infected by "not-a-virus:AdWare.ToolBar.VB.f" Virus. Action Taken: No Action Taken.
File D:\System Volume Information\_restore{8358F82F-E08E-405D-AB4C-C2DB431EF997}\RP27\A0004394.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\SmileyCentralBetaSetup1.1.1.6.exe infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File D:\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File D:\Serv-U\ServUDaemon.exe tagged as not-a-virus:RiskWare.FTP.Serv-U.40. No Action Taken.
File G:\System Volume Information\_restore{17F4EF8A-9365-4D0E-874F-09FF5B2095D9}\RP182\A0029552.exe tagged as not-a-virus:Joke.Win32.Viagra. No Action Taken.
File H:\platte c\gulliver0072004\receive\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

Cidre 06.05.2005 22:53
Was genau verstehst du daran nicht?

gulliver29 06.05.2005 22:57
[1] Rechtsklick auf die Find.bat -> Ziel speichern unter… z.B. 'C:\Find.bat' -> Find.bat doppelklicken und den Scan abwarten -> den Inhalt der automatisch erstellten C:\eScan_neu.txt hier posten.


das hier habe nochmal eine log dazu gepostet unten weiter

gruss gulliver

Cidre 07.05.2005 00:50
Arbeite den Punkt 'Beseitigung der Malware' aus dieser Anleitung ab -> http://www.trojaner-board.de/showthread.php?t=17492


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131