Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne
Verdacht auf Befall - Logs auswerten

Verdacht auf Befall - Logs auswerten


Mülltonne: Verdacht auf Befall - Logs auswerten

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 23.09.2008, 17:34   #1
desoh
 
Verdacht auf Befall - Logs auswerten - Standard

Verdacht auf Befall - Logs auswerten


Hi ich habe den Verdacht das mein Rechner befallen sein könnte. Ich hab einige Logs angefertigt aber nichts auffälliges gefunden. Es wäre nett, wenn ihr euch das einmal angucken könntet.

Viel Dank schon einmal im Vorraus

Hier nun die Logs:

HijackThis v2.0.2
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:51, on 23.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\MSTMON_N.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191930168701
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Zetera - Zetera Corporation - C:\Programme\NETGEAR\SC101 Manager Utility\ZeteraService.exe

--
End of file - 3443 bytes

Runscanner
Code:
ATTFilter
Runscanner logfile h**p://www.runscanner.net 

* = signed file
- = file not found

General info
------------
Computer name : PC-0140
Creation time : 23.09.2008 12:14:02
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : Deutsch (Deutschland)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
  C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
  C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
  C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\RUNDLL32.EXE (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
  C:\WINDOWS\system32\MSTMON_N.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
* C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
* C:\WINDOWS\system32\HPZipm12.exe (HP)
* E:\Programme\Scanner\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
  C:\Programme\NETGEAR\SC101 Manager Utility\ZeteraService.exe (Zetera Corporation)

Unrated items
-------------
002   C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
002   C:\WINDOWS\system32\MSTMON_N.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
002   C:\WINDOWS\system32\nwiz.exe
010   C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (AntiVir PersonalEdition Classic Guard)
010   C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (AntiVir PersonalEdition Classic Planer)
010   C:\Programme\NETGEAR\SC101 Manager Utility\ZeteraService.exe (Zetera)
011 * C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (avgio)
011 * C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (avgntflt)
011 * C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb)
011   c:\windows\system32\drivers\sfsz.sys (DataPlow SFS for Zetera Storage Devices)
011   C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv)
011   C:\WINDOWS\system32\DRIVERS\ZetBus.sys (Zetera Virtual Bus)
011   C:\WINDOWS\system32\DRIVERS\ZetMPD.sys (ZetMPD)
011   C:\WINDOWS\system32\DRIVERS\ZetSFD.sys (ZetSFD)
061   C:\WINDOWS\System32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
061   C:\WINDOWS\System32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
061   C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
061   C:\WINDOWS\System32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
061   C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll (Sun Microsystems, Inc.) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
061   C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll (Sun Microsystems, Inc.) {087B3AE3-E237-4467-B8DB-5A38AB959AC9}
061   C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll (Sun Microsystems, Inc.) {63542C48-9552-494A-84F7-73AA6A7C99C1}
061   C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll (Sun Microsystems, Inc.) {3B092F0C-7696-40E3-A80F-68D74DA84210}
061   C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061   C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
062   C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll (Sun Microsystems, Inc.) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
069   C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)
100   Start Page HKCU : http://www.google.de/
102   GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}
170   {50509f74-684a-11dd-a4dd-00196634c982} : F:\LaunchU3.exe
173   C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221   C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225   C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225   C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
229   C:\WINDOWS\System32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
231   C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll (Sun Microsystems, Inc.) OpenOffice.org Column Handler

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\hpt3xx.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\DOKUME~1\******\LOKALE~1\Temp\mbr.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll

Silent Runners.vbs
Code:
ATTFilter
"Silent Runners.vbs", revision 58, h**p://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"KONICA MINOLTA PagePro 1300WStatusDisplay" = "C:\WINDOWS\system32\MSTMON_N.EXE" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
                                        \StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]


Startup items in "*******" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Zetera, Zetera, "C:\Programme\NETGEAR\SC101 Manager Utility\ZeteraService.exe" ["Zetera Corporation"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
MLMON__N\Driver = "MLMON__N.DLL" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."]


---------- (launch time: 2008-09-23 11:18:21)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 28 seconds, including 7 seconds for message boxes)

F-Secure BlackLight
Code:
ATTFilter
09/23/08 11:19:10 [Info]: BlackLight Engine 1.0.70 initialized
09/23/08 11:19:10 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/23/08 11:19:10 [Note]: 7019 4
09/23/08 11:19:10 [Note]: 7005 0
09/23/08 11:19:13 [Note]: 7006 0
09/23/08 11:19:13 [Note]: 7011 1432
09/23/08 11:19:13 [Note]: 7035 0
09/23/08 11:19:13 [Note]: 7026 0
09/23/08 11:19:14 [Note]: 7026 0
09/23/08 11:19:15 [Note]: FSRAW library version 1.7.1024
09/23/08 11:24:40 [Note]: 2000 1012
09/23/08 11:24:40 [Note]: 2000 1012
09/23/08 11:24:40 [Note]: 2000 1012
09/23/08 11:24:40 [Note]: 2000 1012
09/23/08 11:24:40 [Note]: 2000 1012
09/23/08 11:24:40 [Note]: 2000 1012
09/23/08 11:24:51 [Note]: 7007 0

Stealth MBR rootkit detector
Code:
ATTFilter
Stealth MBR rootkit detector 0.2.4 by Gmer, h**p://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Und hier noch ein listing file:

Fast-Load.net - Dateien hochladen - One Click Hoster - Datei upload - upload files - free webhosting

Vielen Dank nochmal im Vorraus für eure Mithilfe

Viele Grüße

 

Themen zu Verdacht auf Befall - Logs auswerten
antivir, auswerten, avgntflt.sys, avira, components, dll, drivers, einstellungen, explorer, f-secure, finds, helper, hewlett packard, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, konica minolta, location, logfile, malware, mbr rootkit, netgear, nvidia, object, outlook express, pagepro, registry, rootkit, rundll, scanner.exe, shortcut, shut down, software, stealth mbr rootkit, system, tcp/ip, temp, windows, windows xp, windows\system32\drivers


« AntiVir: "TR/pakes.knf"? | popups, keine googelsuche möglich pc extrem langsam »


Ähnliche Themen: Verdacht auf Befall - Logs auswerten


  1. Bitte kurz meine Logs auswerten :)
    Log-Analyse und Auswertung - 12.08.2013 (25)
  2. Computerverhalten; verdacht auf ZBot (Logs anbei)
    Log-Analyse und Auswertung - 13.12.2012 (25)
  3. Win7 64bit, Bka Trojaner Befall, OTL und Malware Logs
    Log-Analyse und Auswertung - 23.07.2012 (15)
  4. (2x) Frühjahrsputz: Logs auswerten
    Mülltonne - 18.04.2012 (3)
  5. Viren Verdacht - Logs inside
    Log-Analyse und Auswertung - 24.12.2010 (2)
  6. Logs auswerten / pmropn.exe
    Log-Analyse und Auswertung - 06.09.2010 (9)
  7. worm.win32.netsky - könnt ihr die logs auswerten? ;)
    Log-Analyse und Auswertung - 10.01.2010 (3)
  8. verdacht auf infektion, office fehler +logs
    Log-Analyse und Auswertung - 14.11.2008 (9)
  9. Bitte um Hilfe beim auswerten des HJT Logs!!
    Mülltonne - 06.08.2008 (0)
  10. Spyware Verdacht, benötige Hilfe bei Auswertung der LOGs
    Log-Analyse und Auswertung - 28.07.2008 (13)
  11. HiJackThis Logs auswerten brauche bitte Hilfe
    Log-Analyse und Auswertung - 17.06.2008 (7)
  12. 2 logs zum auswerten
    Mülltonne - 05.10.2006 (2)
  13. Popups / Logs auswerten
    Mülltonne - 24.09.2006 (2)
  14. Bitte um Auswertung dieses Logs-- Verdacht: Trojan-DL
    Log-Analyse und Auswertung - 28.07.2006 (9)
  15. Bitte um Hilfe bei Auswerten des Logs
    Log-Analyse und Auswertung - 30.01.2005 (4)
  16. Brauche Hilfe beim Auswerten der Logs
    Log-Analyse und Auswertung - 04.01.2005 (9)
  17. Problem beim Auswerten des Logs
    Log-Analyse und Auswertung - 04.07.2004 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verdacht auf Befall - Logs auswerten - Hi ich habe den Verdacht das mein Rechner befallen sein könnte. Ich hab einige Logs angefertigt aber nichts auffälliges gefunden. Es wäre nett, wenn ihr euch das einmal angucken könntet. - Verdacht auf Befall - Logs auswerten...
Archiv
Du betrachtest: Verdacht auf Befall - Logs auswerten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58