backWeb-4476822.exe :( // Trojaner // Backdoor (suby)

suby
Gast

« am: 23.08.04, 23:58:12 »

Hier der log:

Logfile of HijackThis v1.98.2
Scan saved at 23:59:46, on 23.08.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Programme\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Programme\USB-Access\usb_engine.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Programme\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\WINDOWS\explorer.exe
C:\Programme\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4189115C-8E05-46DE-BDA7-2116B3995DCA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4382439F-3A88-421E-A73B-9EB18674E0C1}: NameServer = 192.168.0.1

Danke für eure Hilfe !

« Letzte Änderung: 23.08.04, 23:59:22 von suby »

Moderator informieren

Nighty
Gast

Re: backWeb-4476822.exe :( // Trojaner // Backdoor

« Antwort #1 am: 24.08.04, 20:33:34 »

Mit Escan(AlleLaufwerke + Services) und/oder sysclean im abgesicherten-Modus scannen:
http://www.computerhilfen.de/hilfen-17-30578-0.html

Gruß

Moderator informieren

Oliver
Gast

Re: backWeb-4476822.exe :( // Trojaner // Backdoor

« Antwort #2 am: 27.10.04, 09:23:38 »

Gehört zu F-Secure. Sucht nach updates im I-net.

Moderator informieren

[b
Gast

Re: backWeb-4476822.exe :( // Trojaner // Backdoor

« Antwort #3 am: 12.04.05, 00:43:18 »

Anwendungspfad: c:\Programme\F-Secure Anti-Virus\backweb\4476822\Program\backWeb-4476822.exe
Beschreibung: backweb-4476822
Dateiversion:
Produktname:
Produktversion:
Erstellt: 2005/4/11, 18:20:49
Geändert: 2005/4/11, 18:20:45
Zugegriffen: 2005/4/11, 22:40:37

Prozess gestartet von: c:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
Beschreibung: servic~1
Dateiversion:
Produktname:
Produktversion:
Erstellt: 2005/4/11, 18:20:49
Geändert: 2005/4/11, 18:20:45
Zugegriffen: 2005/4/11, 22:41:12

Moderator informieren

backWeb-4476822.exe :( // Trojaner // Backdoor

Antworten zu backWeb-4476822.exe :( // Trojaner // Backdoor:

Re: backWeb-4476822.exe :( // Trojaner // Backdoor

Mehr zu backWeb-4476822.exe :( // Trojaner // Backdoor

« Nicht genügend virtueller Speicher		automatisches Herunterfahren »