Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.03.2008, 11:53   #1
WhiteSoul
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



Hallo,
habe meinen Laptop mit escan untersucht und haben mehrere Warnungen erhalten, jetz brauch ich hilfe um diese zu beseitigen =)

Hier mein Escan
Objekt "gain.gator Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "gain.gator Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "winfixer/errorsafe Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "mirar Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "savenow Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "Possible Fujacks-type Worm" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Eintrag "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verweist auf das ungültige Objekt ".xht". Maßnahme ergriffen: Keine Maßnahme ergriffen.

____________________________________________________________
und ein HJT

Logfile of RunAlyzer 0.7.3. Copyright © 2005-2007 Safer-Networking Limited. Alle Rechte vorbehalten.
Scan saved at 01.03.2008 11:42:09
Platform: Windows Vista (Build: 6000) (6.0.6000)

Running processes:
C:\Program Files\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - /owner unsupported/ - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: PPdus ASPI Shell (Afc) - /owner unsupported/ - sys
O23 - Service: Ancilliary Function Driver for Winsock (AFD) - /owner unsupported/ - \Sy
O23 - Service: Intel AGP Bus Filter (agp440) - /owner unsupported/ - \Sy
O23 - Service: ALaunch Service (ALaunchService) - /owner unsupported/ - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AMD AGP Bus Filter Driver (amdagp) - /owner unsupported/ - \Sy
O23 - Service: AMD K7 Processor Driver (AmdK7) - /owner unsupported/ - \Sy
O23 - Service: AMD K8 Processor Driver (AmdK8) - /owner unsupported/ - \Sy
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - /owner unsupported/ - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - /owner unsupported/ - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Alps Pointing-device Filter Driver (ApfiltrService) - /owner unsupported/ - sys
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: IDE-Kanal (atapi) - /owner unsupported/ - sys
O23 - Service: avgio (avgio) - /owner unsupported/ - \??
O23 - Service: avgntflt (avgntflt) - /owner unsupported/ - \??
O23 - Service: avipbb (avipbb) - /owner unsupported/ - sys
O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60x) - /owner unsupported/ - sys
O23 - Service: Treiber für Broadcom 802.11-Netzwerkadapter (BCM43XX) - /owner unsupported/ - sys
O23 - Service: Bonjour-Dienst (Bonjour Service) - /owner unsupported/ - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bowser (bowser) - /owner unsupported/ - sys
O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - /owner unsupported/ - \Sy
O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - /owner unsupported/ - \Sy
O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - /owner unsupported/ - \Sy
O23 - Service: Brother WDM Serial driver (BrSerWdm) - /owner unsupported/ - \Sy
O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - /owner unsupported/ - \Sy
O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - /owner unsupported/ - \Sy
O23 - Service: Bluetooth Serial Communications Driver (BTHMODEM) - /owner unsupported/ - \Sy
O23 - Service: CD/DVD File System Reader (cdfs) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: Consumer IR Devices (circlass) - /owner unsupported/ - \Sy
O23 - Service: Common Log (CLFS) (CLFS) - /owner unsupported/ - Sys
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - /owner unsupported/ - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Crcdisk Filter Driver (crcdisk) - /owner unsupported/ - sys
O23 - Service: Transmeta Crusoe Processor Driver (Crusoe) - /owner unsupported/ - \Sy
O23 - Service: Dfs Client Driver (DfsC) - /owner unsupported/ - Sys
O23 - Service: Dritek Keyboard Filter Driver (DKbFltr) - /owner unsupported/ - sys
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: Dritek General Port I/O (DritekPortIO) - /owner unsupported/ - \??
O23 - Service: LDDM Graphics Subsystem (DXGKrnl) - /owner unsupported/ - \Sy
O23 - Service: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - /owner unsupported/ - sys
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: ReadyBoost Caching Driver (Ecache) - /owner unsupported/ - Sys
O23 - Service: eDSService.exe (eDataSecurity Service) - /owner unsupported/ - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - /owner unsupported/ - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - /owner unsupported/ - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - /owner unsupported/ - %windir%\system32\svchost.exe
O23 - Service: eLock Service (eLockService) - /owner unsupported/ - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: eNet Service (eNet Service) - /owner unsupported/ - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - /owner unsupported/ - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - /owner unsupported/ - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: FAT12/16/32 File System Driver (fastfat) - /owner unsupported/ -
O23 - Service: File Information FS MiniFilter (FileInfo) - /owner unsupported/ - sys
O23 - Service: FileTrace (Filetrace) - /owner unsupported/ - sys
O23 - Service: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms (gagp30kx) - /owner unsupported/ - \Sy
O23 - Service: @gpapi.dll,-112 (gpsvc) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst (HdAudAddService) - /owner unsupported/ - sys
O23 - Service: Microsoft-UAA-Bustreiber für High Definition Audio (HDAudBus) - /owner unsupported/ - sys
O23 - Service: Microsoft Bluetooth HID Miniport (HidBth) - /owner unsupported/ - \Sy
O23 - Service: Microsoft Infrared HID Driver (HidIr) - /owner unsupported/ - \Sy
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - /owner unsupported/ - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel AHCI Controller (iaStor) - /owner unsupported/ - sys
O23 - Service: Intel RAID Controller Vista (iaStorV) - /owner unsupported/ - \Sy
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: int15 (int15) - /owner unsupported/ - \??
O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: IR Bus Enumerator (IRENUM) - /owner unsupported/ - sys
O23 - Service: PnP ISA/EISA Bus Driver (isapnp) - /owner unsupported/ - \Sy
O23 - Service: iScsiPort-Treiber (iScsiPrt) - /owner unsupported/ - sys
O23 - Service: ITEATAPI_Service_Install (iteatapi) - /owner unsupported/ - \Sy
O23 - Service: ITERAID_Service_Install (iteraid) - /owner unsupported/ - \Sy
O23 - Service: @keyiso.dll,-100 (KeyIso) - /owner unsupported/ - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - /owner unsupported/ - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Link-Layer Topology Discovery Mapper I/O Driver (lltdio) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: UAC File Virtualization (luafv) - /owner unsupported/ - \Sy
O23 - Service: lxbk_device (lxbk_device) - /owner unsupported/ - C:\Windows\system32\lxbkcoms.exe
O23 - Service: @%SystemRoot%\ehome\ehres.dll,-15501 (Mcx2Svc) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: MobilityService (MobilityService) - /owner unsupported/ - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Microsoft Monitor-Klassenfunktionstreiber-Dienst (monitor) - /owner unsupported/ - sys
O23 - Service: Mount Point Manager (MountMgr) - /owner unsupported/ - Sys
O23 - Service: Microsoft Multi-Path Bus Driver (mpio) - /owner unsupported/ - \Sy
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23092 (mpsdrv) - /owner unsupported/ - Sys
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: WebDav Client Redirector Driver (MRxDAV) - /owner unsupported/ - \Sy
O23 - Service: SMB MiniRedirector Wrapper and Engine (mrxsmb) - /owner unsupported/ - sys
O23 - Service: SMB 1.x MiniRedirector (mrxsmb10) - /owner unsupported/ - sys
O23 - Service: SMB 2.0 MiniRedirector (mrxsmb20) - /owner unsupported/ - sys
O23 - Service: Microsoft Multi-Path Device Specific Module (msdsm) - /owner unsupported/ - \Sy
O23 - Service: ISA/EISA-Klassentreiber (msisadrv) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: Mup (Mup) - /owner unsupported/ - Sys
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: NativeWiFi Filter (NativeWifiP) - /owner unsupported/ - sys
O23 - Service: NDIS System Driver (NDIS) - /owner unsupported/ - sys
O23 - Service: NDIS Usermode I/O Protocol (Ndisuio) - /owner unsupported/ - sys
O23 - Service: NETBT (netbt) - /owner unsupported/ - Sys
O23 - Service: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201 (NetTcpPortSharing) - /owner unsupported/ - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit (NETw3v32) - /owner unsupported/ - sys
O23 - Service: Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit (NETw4v32) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: NSI proxy service (nsiproxy) - /owner unsupported/ - sys
O23 - Service: Upper Class Filter Driver (NTIDrvr) - /owner unsupported/ - sys
O23 - Service: N-trig HID Tablet Driver (ntrigdigi) - /owner unsupported/ - \Sy
O23 - Service: NUID filter driver (NuidFltr) - /owner unsupported/ - sys
O23 - Service: NVIDIA nForce AGP Bus Filter (nv_agp) - /owner unsupported/ - \Sy
O23 - Service: NEC FireWarden OHCI Compliant IEEE 1394 Host Controller (ohci1394) - /owner unsupported/ - \Sy
O23 - Service: Parallel port driver (Parport) - /owner unsupported/ - \Sy
O23 - Service: Partition Manager (partmgr) - /owner unsupported/ - Sys
O23 - Service: PEAUTH (PEAUTH) - /owner unsupported/ - sys
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft IntelliPoint Filter Driver (Point32) - /owner unsupported/ - sys
O23 - Service: Processor Driver (Processor) - /owner unsupported/ - \Sy
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - /owner unsupported/ - sys
O23 - Service: PSDFilter (PSDFilter) - /owner unsupported/ - sys
O23 - Service: PSDNSERVER (PSDNServ) - /owner unsupported/ - sys
O23 - Service: psdvdisk (psdvdisk) - /owner unsupported/ - sys
O23 - Service: QLogic Fibre Channel Miniport Driver (ql2300) - /owner unsupported/ - \Sy
O23 - Service: QLogic iSCSI Miniport Driver (ql40xx) - /owner unsupported/ - \Sy
O23 - Service: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1 (QWAVEdrv) - /owner unsupported/ - \Sy
O23 - Service: Redirected Buffering Sub Sysytem (rdbss) - /owner unsupported/ - sys
O23 - Service: RDPCDD (RDPCDD) - /owner unsupported/ - Sys
O23 - Service: Terminal Server Device Redirector Driver (rdpdr) - /owner unsupported/ - \Sy
O23 - Service: RDP Encoder Mirror Driver (RDPENCDD) - /owner unsupported/ - sys
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - /owner unsupported/ - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Link-Layer Topology Discovery Responder (rspndr) - /owner unsupported/ - sys
O23 - Service: SBP-2 Transport/Protocol Bus Driver (sbp2port) - /owner unsupported/ - \Sy
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: Security Driver (secdrv) - /owner unsupported/ -
O23 - Service: Serenum Filter Driver (Serenum) - /owner unsupported/ - \Sy
O23 - Service: Serial Port Driver (Serial) - /owner unsupported/ - \Sy
O23 - Service: Serial Mouse Driver (sermouse) - /owner unsupported/ - \Sy
O23 - Service: SFF Storage Class Driver (sffdisk) - /owner unsupported/ - \Sy
O23 - Service: SFF Storage Protocol Driver for MMC (sffp_mmc) - /owner unsupported/ - \Sy
O23 - Service: SFF Storage Protocol Driver for SDBus (sffp_sd) - /owner unsupported/ - \Sy
O23 - Service: High-Capacity Floppy Disk Drive (sfloppy) - /owner unsupported/ - \Sy
O23 - Service: SIS AGP Bus Filter (sisagp) - /owner unsupported/ - \Sy
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - /owner unsupported/ - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - /owner unsupported/ - sys
O23 - Service: USB2.0 PC Camera (SNP2UVC) (SNP2UVC) - /owner unsupported/ - sys
O23 - Service: Security Processor Loader Driver (spldr) - /owner unsupported/ -
O23 - Service: srv2 (srv2) - /owner unsupported/ - Sys
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - /owner unsupported/ - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tcpipcfg.dll,-50003 (Tcpip) - /owner unsupported/ - Sys
O23 - Service: Microsoft IPv6 Protocol Driver (Tcpip6) - /owner unsupported/ - sys
O23 - Service: TCP/IP Registry Compatibility (tcpipreg) - /owner unsupported/ - Sys
O23 - Service: TDPIPE (TDPIPE) - /owner unsupported/ - sys
O23 - Service: TDTCP (TDTCP) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\system32\tcpipcfg.dll,-50004 (tdx) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - /owner unsupported/ - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: Terminal Services Security Filter Driver (tssecsrv) - /owner unsupported/ - Sys
O23 - Service: Microsoft-IPv6-Tunnelminiport-Adaptertreiber (tunnel) - /owner unsupported/ - sys
O23 - Service: Microsoft AGPv3.5 Filter (uagp35) - /owner unsupported/ - \Sy
O23 - Service: udfs (udfs) - /owner unsupported/ - sys
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - /owner unsupported/ - C:\Windows\system32\UI0Detect.exe
O23 - Service: Uli AGP Bus Filter (uliagpkx) - /owner unsupported/ - \Sy
O23 - Service: UMBus-Enumerator-Treiber (umbus) - /owner unsupported/ - sys
O23 - Service: eHome Infrared Receiver (USBCIR) (usbcir) - /owner unsupported/ - \Sy
O23 - Service: Microsoft USB Open Host Controller Miniport Driver (usbohci) - /owner unsupported/ - \Sy
O23 - Service: VIA AGP Bus Filter (viaagp) - /owner unsupported/ - \Sy
O23 - Service: VIA C7 Processor Driver (ViaC7) - /owner unsupported/ - \Sy
O23 - Service: Treiber für Volume-Manager (volmgr) - /owner unsupported/ - sys
O23 - Service: Dynamic Volume Manager (volmgrx) - /owner unsupported/ - Sys
O23 - Service: Zone Alarm Firewall Driver (Vsdatant) - /owner unsupported/ - sys
O23 - Service: TrueVector Internet Monitor (vsmon) - /owner unsupported/ - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Wacom Serial Pen HID Driver (WacomPen) - /owner unsupported/ - \Sy
O23 - Service: Remote Access IPv6 ARP Driver (Wanarpv6) - /owner unsupported/ - sys
O23 - Service: Microsoft Watchdog Timer Driver (Wd) - /owner unsupported/ - \Sy
O23 - Service: Kernel Mode Driver Frameworks service (Wdf01000) - /owner unsupported/ - sys
O23 - Service: Microsoft Windows Management Interface for ACPI (WmiAcpi) - /owner unsupported/ - sys
O23 - Service: ePower Service (WMIService) - /owner unsupported/ - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - /owner unsupported/ - C:\Windows\system32\svchost.exe
O23 - Service: Winsock IFS driver (ws2ifsl) - /owner unsupported/ - \Sy
O23 - Service: XAudioService (XAudioService) - /owner unsupported/ - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - /owner unsupported/ - \??
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

Alt 03.03.2008, 08:21   #2
undoreal
/// AVZ-Toolkit Guru
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



Hallo WhiteSoul.

Das sieht nach typischen FP von eScan aus.

In meiner Signatur findest du eine eScan Anleitung. Werte das log bitte wie dort beschrieben wird aus und poste es hier.

Dann findest du im FAQ-Bereich eine HJT Anleitung. Erstelle nach dieser bitte ein neues log.
__________________

__________________

Alt 03.03.2008, 10:14   #3
WhiteSoul
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



Danke für deine Antwort

als erstes das EScan Log, hoffe ich hab das richtig gemacht oO

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Header

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

find.bat Version 2007.06.16.01



Microsoft Windows [Version 6.0.6000]

Bootmodus: NETWORK



eScan Version: 9.2.6

Sprache: German



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Infektionsmeldungen

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





~~~~~~~~~~~

Dateien

~~~~~~~~~~~

~~~~ Infected files

~~~~~~~~~~~

~~~~~~~~~~~

~~~~ Tagged files

~~~~~~~~~~~

~~~~~~~~~~~

~~~~ Offending files

~~~~~~~~~~~

~~~~~~~~~~~

Ordner

~~~~~~~~~~~

~~~~~~~~~~~

Registry

~~~~~~~~~~~





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Diverses

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~

Prozesse und Module

~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~

Scanfehler

~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~

Hosts-Datei

~~~~~~~~~~~~~~~~~~~~~~

DataBasePath: %SystemRoot%\System32\drivers\etc

Zeilen die nicht dem Standard entsprechen:

C:\Windows\System32\drivers\etc\hosts :

C:\Windows\System32\drivers\etc\hosts :::1 localhost

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Statistiken:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan-Optionen

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Batchstart: 10:05:32,95

Batchende: 10:05:34,32



_______________________________________________

jetz das HJT

Logfile of HijackThis v1.99.1

Scan saved at 10:07:12, on 03.03.2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)



Running processes:

C:\Windows\Explorer.EXE

C:\Users\***\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [INTERNATIONAL] International*

O13 - Gopher Prefix:

O20 - AppInit_DLLs: eNetHook.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
__________________

Alt 03.03.2008, 10:42   #4
undoreal
/// AVZ-Toolkit Guru
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



Die find.bat fuktionert zur Zeit nicht richtig. Lade bitte das komplette log bei fileupload hoch und poste den Link.

Dem mds Responder misstraue ich übrigens immer noch. Ich würde den wenns geht abschalten.

Den Windows Defender ebenfalls. Der bringt überhaupt nichts und bremst enorm..
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 03.03.2008, 10:51   #5
WhiteSoul
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



oki mach ich bis morgen =)

was hatten der responder für ne aufgabe?


Alt 03.03.2008, 12:13   #6
undoreal
/// AVZ-Toolkit Guru
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



Warum sind 90% aller hier Hilfesuchenden nicht in der Lage ihre (höchstwahrscheinliche) Startseite zu benutzen.?.

*grummel..*

mDNSResponder.exe - Google-Suche
__________________
--> Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log

Alt 04.03.2008, 10:50   #7
WhiteSoul
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



gibts nur ein problem, die logfile ist sehr sehr sehr sehr lang, wenn ich z.b. den inhalt kopieren will und in ein schreibprogrammeinfügen will, um via suche /ersetzen persönliche daten rausnzunehmen, stürzt das ab, weils weit über 200 seiten is, gibs da keinen anderen weg?

Alt 04.03.2008, 10:56   #8
undoreal
/// AVZ-Toolkit Guru
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



das log ist doch schon in einem .txt Dokument gespeichert. Dieses musst du jetzt nurnoch hochladen..
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 04.03.2008, 13:59   #9
WhiteSoul
 
Escan melden Befall z.B. gain.gator, winfixer, fujacks worm,  HJT Log und Escan Log - Standard

Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log



ja aber...in dem txt sind ja viele private infos drinnne z.b. mein name... und icq sache halt sowas alles , und alles per hand rauszusuchen dauert glaub ich ganz schön lang..also wollte ich das in ein schreibprogramm reinsetzen um via suchen und ersetzen z.B. eingeben suche "name" ersetze durch "****"...aber das geht nich , verstehst du?

Antwort

Themen zu Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log
32 bit, ad-aware, adobe, antivir, avg, avira, bho, dateisystem, defender, drivers, dxgkrnl, explorer, firefox, generic, helper, internet, launch, log, maßnahme, mehrere, monitor, mozilla, mozilla firefox, nvidia, proxy, realtek, remote access, safer networking, server, software, symantec, tablet, tcp/ip, usb, userinit.exe, vista, vista 32, vista 32 bit, windows, windows defender, windows\system32\drivers, wrapper, zone alarm



Ähnliche Themen: Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log


  1. escan zeigt dauernd Befall, aber Antivir nicht
    Log-Analyse und Auswertung - 14.11.2011 (4)
  2. Gain.Gator und Probleme mit Firefox (fvd.kallout.com)
    Plagegeister aller Art und deren Bekämpfung - 08.06.2011 (15)
  3. Befall durch Gen:Trojan.Heur.8q0@sLpdovii (DB) (Entdeckt via eScan)
    Plagegeister aller Art und deren Bekämpfung - 17.03.2010 (1)
  4. Fehlalarme bei Escan - betreffend "gain.gator" und "SmitFraud Browser Hijacker"
    Log-Analyse und Auswertung - 16.12.2008 (2)
  5. Spyware (grokster, gator ua.) nach escan entfernen:
    Plagegeister aller Art und deren Bekämpfung - 15.06.2008 (2)
  6. eScan findet 4 Viren - Besonderes Augenmerk: Gator Adware
    Plagegeister aller Art und deren Bekämpfung - 13.02.2008 (2)
  7. "Worm/P2P.Kapucen.Gen"-Befall, escan+HJT-log
    Log-Analyse und Auswertung - 04.12.2007 (15)
  8. Kaspersky und eScan melden Trojaner!
    Log-Analyse und Auswertung - 16.11.2007 (16)
  9. e-scan meldet: gain.gator, trojan-downloader, NULLBYTE-spyware und 20 Viren. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (0)
  10. escan-virus log information Fujacks-type Worm
    Plagegeister aller Art und deren Bekämpfung - 09.09.2007 (3)
  11. Gain.gator und Possible Fujack-type Worm gefunden.
    Plagegeister aller Art und deren Bekämpfung - 30.08.2007 (2)
  12. Viren Befall - Bitte um Hilfe bei EScan/HiJack Auswertung!
    Log-Analyse und Auswertung - 27.07.2007 (3)
  13. F/Worm/Fujacks.L
    Plagegeister aller Art und deren Bekämpfung - 17.02.2007 (1)
  14. gain.gator und konsorten
    Plagegeister aller Art und deren Bekämpfung - 07.08.2006 (2)
  15. kriege gain gator nicht weg
    Plagegeister aller Art und deren Bekämpfung - 04.02.2006 (1)
  16. Nach Trojaner-Befall und Säuberung mit eScan, asquared, xoftspy,... mein Hijack Log
    Log-Analyse und Auswertung - 24.10.2005 (4)
  17. escan gibt 64 viren an, escan-checkb9 findet keine zu löschenden dateien
    Antiviren-, Firewall- und andere Schutzprogramme - 27.07.2005 (0)

Zum Thema Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log - Hallo, habe meinen Laptop mit escan untersucht und haben mehrere Warnungen erhalten, jetz brauch ich hilfe um diese zu beseitigen =) Hier mein Escan Objekt "gain.gator Spyware/Adware" im Dateisystem gefunden! - Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log...
Archiv
Du betrachtest: Escan melden Befall z.B. gain.gator, winfixer, fujacks worm, HJT Log und Escan Log auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.