Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte um Hilfe (https://www.trojaner-board.de/18121-bitte-um-hilfe.html)

Meerjungfraumann 22.05.2005 15:50
Bitte um Hilfe
 
Hallo,
habe mal eine Hijack Log gepostet und dazu gleich eine EScan.
EScan hat was gefunden weis aber nicht wie ich in die System Volume Information komme.Danke schon mal.

MEERJUNGFRAUMANN

ESCAN:
Sun May 22 14:09:53 2005 => Total Objects Scanned: 83559
Sun May 22 14:09:53 2005 => Total Virus(es) Found: 35
Sun May 22 14:09:53 2005 => Total Disinfected Files: 0
Sun May 22 14:09:53 2005 => Total Files Renamed: 0
Sun May 22 14:09:53 2005 => Total Deleted Objects: 0
Sun May 22 14:09:53 2005 => Total Errors: 10
Sun May 22 14:09:53 2005 => Time Elapsed: 03:02:38
Sun May 22 14:09:53 2005 => Virus Database Date: 2005/05/21
Sun May 22 14:09:53 2005 => Virus Database Count: 131166

Sun May 22 14:09:54 2005 => Scan Completed.

Sun May 22 14:34:03 2005 => Virus Database Date: 2005/05/21
Sun May 22 14:34:03 2005 => Virus Database Count: 131166
Sun May 22 14:34:06 2005 => AV Library Unloaded (3)...
[msvLclnt.dll] [0x00000424] 22/05/2005 11:05:16:833 :ModuleName = C:\Bases_X\mwavscan.com
[msvLclnt.dll] [0x00000424] 22/05/2005 11:05:16:833 :Registry Key Deleted Properly!!!
[msvLclnt.dll] [0x00000424] 22/05/2005 11:05:19:957 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x00000424] 22/05/2005 11:05:19:957 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x00000424] 22/05/2005 11:05:19:957 :TimeOut : ffffffff
[msvLclnt.dll] [0x00000424] 22/05/2005 11:05:19:957 :Priority : NORMAL
[msvLclnt.dll] [0x00000424] 22/05/2005 11:05:30:653 :VirusCount = 131166 Latest Date = 2005/05/21
[msvLclnt.dll] [0x00000488] 22/05/2005 11:28:00:344 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\C64 Emulator With 10,000 Games.zip infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:28:29:686 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\a\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:28:30:337 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\a\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:30:00:536 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\c\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:30:00:927 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\c\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:11:024 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\e\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:11:405 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\e\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:23:852 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\f\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:24:033 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\f\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:49:579 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\h\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:49:990 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\h\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:55:218 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\i\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:32:58:943 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\i\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:33:30:689 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\m\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:33:53:912 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\m\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:34:04:187 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\o\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:34:10:055 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\o\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:34:28:372 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\p\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:34:48:751 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\p\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:34:53:167 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\r\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:35:08:339 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\r\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:35:19:325 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\s\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:02:166 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\s\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:03:739 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\t\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:22:606 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\t\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:22:816 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\u\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:27:803 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\u\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:28:314 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\v\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:30:928 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\v\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:49:474 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\w\INIX.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:36:51:167 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\C64\Games\w\WAD64.COM infected by not-a-virus:Effect.DOS.TheDrawCold
[msvLclnt.dll] [0x00000488] 22/05/2005 11:56:40:817 :[00000001] File C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\Programme\ezdj_plus_trial.exe infected by not-a-virus:Tool.WinCap.Reboot
[msvLclnt.dll] [0x00000488] 22/05/2005 13:39:19:313 :[00000001] File C:\System Volume Information\_restore{7EE1B3E2-8F68-49E3-8713-467BE5DAD8DF}\RP21\A0003695.exe infected by not-a-virus:AdWare.NewDotNet
[msvLclnt.dll] [0x00000488] 22/05/2005 13:42:57:216 :[00000001] File C:\System Volume Information\_restore{7EE1B3E2-8F68-49E3-8713-467BE5DAD8DF}\RP9\A0001154.exe infected by Worm.Win32.Lovesan.a
[msvLclnt.dll] [0x00000488] 22/05/2005 13:42:57:276 :[00000001] File C:\System Volume Information\_restore{7EE1B3E2-8F68-49E3-8713-467BE5DAD8DF}\RP9\A0001155.exe infected by Worm.Win32.Lovesan.a
[msvLclnt.dll] [0x00000488] 22/05/2005 14:09:53:831 :VirusCount = 131166 Latest Date = 2005/05/21
[msvLclnt.dll] [0x00000424] 22/05/2005 14:34:03:065 :VirusCount = 131166 Latest Date = 2005/05/21


Logfile of HijackThis v1.99.1
Scan saved at 16:31:59, on 22.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Mouse Driver\MouseDrv.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programme\Lexmark 2200 Series\lxbvbmon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE
C:\PROGRA~1\INTERN~2\KCodeMsg.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Patrick\Desktop\Dateien\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programme\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - h**ps://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - h**p://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094055952913
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - h**ps://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6316316-5F87-4A34-9F2A-039EB118F785}: NameServer = 192.168.121.252,192.168.121.253
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

felix1 22.05.2005 18:33
Lösche mal den Papierkorb, deaktiviere die Systemwiederherstellung und boote den PC neu. Damm führe den eScan nochmal im abgesicherten Modus aus.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131