Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Log-file Trojaner?

Log-file Trojaner?


Log-Analyse und Auswertung: Log-file Trojaner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 18.05.2008, 14:41   #1
AdrBB
 
Log-file Trojaner? - Standard

Log-file Trojaner?


HI

kann mir jemand bei der Analyse des angefügten HijackThis log-files helfen. Mein Virenscanner hatte heute einen Trojaner in "System Volume Information" gefunden woraufhin ich HJT laufen ließ.

Danke

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:13, on 18.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\MATLAB\webserver\bin\win32\matlabserver.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Samsung\DisplayManager\DisplayManager.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\Programme\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
E:\Download\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.uni-mannheim.de:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Starter] C:\WINDOWS\System32\Starter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Programme\Hewlett-Packard\HP UT\bin\hppusg.exe "C:\Programme\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {363BB47F-AABC-11D4-B337-0000B498A156} (NetLecture.Notes) - file:///D:/installation/lerndesign/netlecture/version-1-0/de/NetLecture.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187767487703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.712.12266 (GoogleDesktopManager-121207-085209) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programme\MATLAB\webserver\bin\win32\matlabserver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 12897 bytes

Alt 18.05.2008, 15:03   #2
Sunny
Administrator
> Competence Manager
 
Log-file Trojaner? - Standard

Log-file Trojaner?


Hallo AdrBB und






Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:
ATTFilter
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\hporclnr.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • (Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)
__________________

__________________
Alt 18.05.2008, 17:43   #3
AdrBB
 
Log-file Trojaner? - Standard

Log-file Trojaner?


Hi

erstmal vielen Dank.

Hier sind meine Ergebnisse.

C:\WINDOWS\hporclnr.exe:

File hporclnr.exe received on 05.18.2008 18:36:18 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/32 (3.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.5.16.0 2008.05.18 -
AntiVir 7.8.0.19 2008.05.17 -
Authentium 5.1.0.4 2008.05.17 -
Avast 4.8.1195.0 2008.05.18 -
AVG 7.5.0.516 2008.05.18 -
BitDefender 7.2 2008.05.18 -
CAT-QuickHeal 9.50 2008.05.17 -
ClamAV 0.92.1 2008.05.18 -
DrWeb 4.44.0.09170 2008.05.17 -
eSafe 7.0.15.0 2008.05.18 -
eTrust-Vet 31.4.5796 2008.05.16 -
Ewido 4.0 2008.05.18 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.18 -
Fortinet 3.14.0.0 2008.05.18 -
GData 2.0.7306.1023 2008.05.18 -
Ikarus T3.1.1.26.0 2008.05.18 -
Kaspersky 7.0.0.125 2008.05.18 -
McAfee 5297 2008.05.17 -
Microsoft 1.3408 2008.05.13 -
NOD32v2 3106 2008.05.16 -
Norman 5.80.02 2008.05.16 -
Panda 9.0.0.4 2008.05.18 -
Prevx1 V2 2008.05.18 Malicious Software
Rising 20.44.60.00 2008.05.18 -
Sophos 4.29.0 2008.05.18 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.18 -
TheHacker 6.2.92.312 2008.05.18 -
VBA32 3.12.6.6 2008.05.17 -
VirusBuster 4.3.26:9 2008.05.17 -
Webwasher-Gateway 6.6.2 2008.05.18 -
Additional information
File size: 104960 bytes
MD5...: 0e71133930f101809794f4deaef2c589
SHA1..: 7486cb96bd1124c405e227e8505a4a29c363dca2
SHA256: 9b50560fbff3f69ac8f18666f9e980372a1aa114c09a048760d5ef59b6f24112
SHA512: d674a1eab9cbf8a1b79e24ed121ec7bd2d23f8b68df1a640a37e77c5b74e31a8
c2ee055332b05fd9ebab04e1d8b0eb08560f2499b29c5a49cb376bb1e47201b5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x408592
timedatestamp.....: 0x44dcf049 (Fri Aug 11 21:02:01 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1382b 0x13a00 6.67 62cec90615e341355560c7e99c355fbf
.rdata 0x15000 0x4094 0x4200 4.93 746b7028101889f2833642f400aab970
.data 0x1a000 0x3740 0x1800 3.44 bdaaf54f6d97ab5b5ad960986c44b2ed
.rsrc 0x1e000 0xb0 0x200 4.10 ddb76861d20f8681e6dd99d4917b2b38

( 2 imports )
> KERNEL32.dll: DeleteFileW, SetFileAttributesW, GetVersionExW, GetLastError, CreateProcessW, HeapAlloc, HeapFree, GetEnvironmentStringsW, WaitForSingleObject, GetProcessHeap, GetExitCodeProcess, FreeEnvironmentStringsW, FreeLibrary, LoadLibraryW, GetProcAddress, GetModuleHandleW, OpenProcess, TerminateProcess, WideCharToMultiByte, MultiByteToWideChar, GetCommandLineW, Sleep, FindNextFileW, RemoveDirectoryW, SetCurrentDirectoryW, FindClose, GetFileAttributesW, FindFirstFileW, CloseHandle, GetEnvironmentVariableW, CreateFileA, InterlockedIncrement, InterlockedDecrement, InterlockedExchange, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleA, ExitProcess, GetVersionExA, GetStartupInfoW, RaiseException, RtlUnwind, GetCPInfo, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, WriteFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, GetACP, GetOEMCP, HeapSize, GetModuleFileNameA, LoadLibraryA, GetModuleFileNameW, FreeEnvironmentStringsA, GetEnvironmentStrings, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle
> ADVAPI32.dll: RegCloseKey, RegEnumKeyExW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegQueryValueExW, RegSetValueExW

( 0 exports )


C:\WINDOWS\system32\ufdsvc.exe:

File ufdsvc.exe received on 05.18.2008 18:42:25 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 -
Authentium 5.1.0.4 2008.05.14 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -
DrWeb 4.44.0.09170 2008.05.13 -
eSafe 7.0.15.0 2008.05.12 -
eTrust-Vet 31.4.5784 2008.05.13 -
Ewido 4.0 2008.05.13 -
F-Prot 4.4.2.54 2008.05.13 -
F-Secure 6.70.13260.0 2008.05.13 -
Fortinet 3.14.0.0 2008.05.13 -
GData 2.0.7306.1023 2008.05.14 -
Ikarus T3.1.1.26.0 2008.05.13 -
Kaspersky 7.0.0.125 2008.05.13 -
McAfee 5293 2008.05.12 -
Microsoft 1.3408 2008.05.13 -
NOD32v2 3095 2008.05.13 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.12 -
Prevx1 V2 2008.05.18 -
Rising 20.44.12.00 2008.05.13 -
Sophos 4.29.0 2008.05.13 -
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.13 -
TheHacker 6.2.92.309 2008.05.13 -
VBA32 3.12.6.6 2008.05.13 -
VirusBuster 4.3.26:9 2008.05.12 -
Webwasher-Gateway 6.6.2 2008.05.13 -
Additional information
File size: 69632 bytes
MD5...: 99184adc5b7fab997146971f20afff18
SHA1..: c4b46ddeff76257a21afcfa53a8a9811ef5eef6e
SHA256: f00dc75a9344c938f222415986bef99cdd8f421681d863512d08e2d01cca22ac
SHA512: 9f99a4c1131bd9c18382f58a9b7750217e5b872ad75c822bfff8d98eacfaee10
bdcdb673325195f9456d7f1d57f98c1b7b5c484eddb5aef44d2e064bdc021dd6
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4058df
timedatestamp.....: 0x43f2cc17 (Wed Feb 15 06:37:11 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaea4 0xb000 6.45 3dacee5474d57cc176f4524faa06e8cf
.rdata 0xc000 0xc56 0x1000 4.60 7024d8295514a5f3491d461d641947b3
.data 0xd000 0x4b08 0x3000 1.38 95dfc18888e5bf0c4cdad203b2f5f14b
.rsrc 0x12000 0x3a8 0x1000 0.96 8fb486035fc1c05b0c7107397ca40b69

( 3 imports )
> KERNEL32.dll: WaitForSingleObject, CreateEventA, GetWindowsDirectoryA, CreateThread, Sleep, SetEvent, ResetEvent, CreateFileA, HeapFree, HeapAlloc, CancelWaitableTimer, SetWaitableTimer, CreateWaitableTimerA, CloseHandle, GetModuleFileNameA, GetModuleHandleA, DeviceIoControl, GetProcAddress, LoadLibraryA, GetCurrentProcess, GetLastError, VirtualFree, RtlUnwind, WriteFile, VirtualAlloc, HeapReAlloc, SetEnvironmentVariableA, SetStdHandle, FlushFileBuffers, SetFilePointer, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetEndOfFile, ReadFile, CompareStringA, CompareStringW, ExitProcess, HeapCreate, HeapDestroy, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, GetVersion, TerminateProcess, GetCPInfo, GetACP, GetOEMCP, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetEnvironmentVariableA, GetVersionExA
> ADVAPI32.dll: RegOpenKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, RegDeleteValueA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA
> SHELL32.dll: SHChangeNotify
__________________
Alt 18.05.2008, 18:02   #4
Sunny
Administrator
> Competence Manager
 
Log-file Trojaner? - Standard

Log-file Trojaner?


Malwarebytes' Anti-Malware
  • Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Stulti est se ipsum sapientem putare.

Alt 18.05.2008, 19:01   #5
AdrBB
 
Log-file Trojaner? - Standard

Log-file Trojaner?


hi

danke für die schnelle antwort. Heißt das jetzt dass ich einen Trojaner habe oder dass ich keinen habe?

Danke


Alt 18.05.2008, 19:06   #6
Sunny
Administrator
> Competence Manager
 
Log-file Trojaner? - Standard

Log-file Trojaner?


Zitat:
Zitat von AdrBB Beitrag anzeigen
hi

danke für die schnelle antwort. Heißt das jetzt dass ich einen Trojaner habe oder dass ich keinen habe?

Danke
Das wird sich erst noch rausstellen..
__________________
--> Log-file Trojaner?

Antwort

Themen zu Log-file Trojaner?
adobe, antivir, appinit_dlls, avira, bho, cdburnerxp, desktop, drivers, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, log-files, mozilla, mozilla firefox, mozilla thunderbird, object, registry, rundll, scan, senden, skype.exe, software, system, trojaner, trojaner?, usb, windows, windows xp, windows xp sp3, xp sp3


« Fehlermeldung beim Hochfahren | Laptop nach dem Start extrem langsam... »


Ähnliche Themen: Log-file Trojaner?


  1. DHL Paketankündigung Trojaner als exe in rar File
    Alles rund um Windows - 03.11.2015 (4)
  2. GVU Trojaner LOG-File
    Log-Analyse und Auswertung - 08.07.2013 (4)
  3. File Restore / File Recovery - bin ich wieder clean?
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (1)
  4. AKM - Trojaner - Fix-File benoetigt
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (7)
  5. AKM Trojaner LOG File
    Log-Analyse und Auswertung - 13.05.2012 (1)
  6. failed to save all components to file system 32 0000198f this file is corrupted unreadable
    Log-Analyse und Auswertung - 30.03.2012 (13)
  7. failed to save all components to file system 32 0000198f this file is corrupted unreadable
    Log-Analyse und Auswertung - 11.11.2011 (24)
  8. Bundespolizei trojaner olp file
    Log-Analyse und Auswertung - 09.08.2011 (14)
  9. BKA Trojaner / OTLPENet.exe Log-File
    Log-Analyse und Auswertung - 18.04.2011 (6)
  10. Hijack this file...Trojaner?
    Log-Analyse und Auswertung - 16.11.2009 (0)
  11. Trojaner? Hab Log-file gepostet
    Antiviren-, Firewall- und andere Schutzprogramme - 04.03.2009 (2)
  12. HiJackThis Log File und Gmer file Für Rootkit Problem
    Log-Analyse und Auswertung - 28.02.2009 (12)
  13. Trojaner in rar-file
    Diskussionsforum - 23.10.2008 (2)
  14. Log File - Trojaner?
    Mülltonne - 02.06.2008 (1)
  15. Log File - archive.exe - Trojaner?
    Netzwerk und Hardware - 17.05.2007 (14)
  16. HiJackThis Log-File Trojaner usw.
    Log-Analyse und Auswertung - 15.03.2006 (1)
  17. trojaner ? hijackThis log file
    Plagegeister aller Art und deren Bekämpfung - 21.05.2004 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Log-file Trojaner? - HI kann mir jemand bei der Analyse des angefügten HijackThis log-files helfen. Mein Virenscanner hatte heute einen Trojaner in "System Volume Information" gefunden woraufhin ich HJT laufen ließ. Danke Logfile - Log-file Trojaner?...
Archiv
Du betrachtest: Log-file Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129