Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Böse fallen? (https://www.trojaner-board.de/16537-boese-fallen.html)

MonKeyBot 11.04.2005 14:47
Böse fallen?
 
der rechner ist nur am streiken und das modem hat auch aktivität obwohl ich keine operationen am ausführen bin. cpu läuft auch auf 99% meine logfile ist:

Logfile of HijackThis v1.99.1
Scan saved at 15:20:19, on 11.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\system32\drivers\CDAC11BA.EXE
E:\WINDOWS\System32\svchost.exe
E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Programme\Softwin\BitDefender8\bdoesrv.exe
E:\Programme\Softwin\BitDefender8\bdswitch.exe
E:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
E:\Programme\Saitek\Saitek Gaming Extensions\saicnfig.exe
E:\Programme\QuickTime\qttask.exe
E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programme\iTunes\iTunesHelper.exe
E:\Programme\D-Tools\daemon.exe
E:\Programme\BySoft FreeRAM\FreeRAM.exe
E:\Programme\iPod\bin\iPodService.exe
E:\Programme\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
E:\Programme\TaskSwitchXP\TaskSwitchXP.exe
E:\Programme\MSI\Bluetooth Software\BTTray.exe
E:\Programme\ScanWizard 5\ScannerFinder.exe
E:\Temp\CalCheck.exe
E:\Programme\Ashampoo\Ashampoo UnInstaller Suite Plus\Mail Virus Blocker\Server.exe
E:\PROGRA~1\MSI\BLUETO~1\BTSTAC~1.EXE
E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
E:\Programme\Softwin\BitDefender8\vsserv.exe
e:\progra~1\softwin\bitdef~1\bdmcon.exe
E:\Programme\Real\RealPlayer\RealPlay.exe
E:\Programme\Opera\opera.exe
E:\Dokumente und Einstellungen\Schönemann\Desktop\download\hijack finder\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - E:\PROGRA~1\Ashampoo\ASHAMP~2\PopUp.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Media Playback Support Dll - {9D9A7350-46C9-4E3C-92EF-382B5740A1C3} - E:\WINDOWS\system32\bvicore.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDMCon] e:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] E:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] e:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] E:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] E:\Programme\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] E:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [NVMixerTray] "E:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BySoft FreeRAM] E:\Programme\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [UIWatcher] E:\Programme\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Programme\TaskSwitchXP\TaskSwitchXP.exe
O4 - Startup: Ashampoo Mail Virus Blocker Server.lnk = E:\Programme\Ashampoo\Ashampoo UnInstaller Suite Plus\Mail Virus Blocker\Server.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = E:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = E:\Programme\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = E:\Temp\CalCheck.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40DEDD3-6BAF-45E0-804E-ABCA6D08BE3A}: NameServer = 217.237.149.225 217.237.151.97
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - E:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - E:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

-----------------------------------------------------------------------

bei der auswertung kamen die dateien:

O4 - Startup: Ashampoo Mail Virus Blocker Server.lnk = E:\Programme\Ashampoo\Ashampoo UnInstaller Suite Plus\Mail Virus Blocker\Server.exe

und

R3 - Default URLSearchHook is missing

bei der ersten kann ich mir schlecht vorstellen das die infiziert ist und von der zweiten weiß ich nicht wie ich sie finden soll. bitte helft mir!!!

Cidre 11.04.2005 16:40
Hallo,

überprüfe mal diese Datei bei bei http://virusscan.jotti.org/de und poste das Ergebnis:
E:\WINDOWS\system32\bvicore.dll

Welcher Prozess verursacht die hohe Auslastung?
Es ist aber nicht der Leerlaufprozess, oder?

MonKeyBot 17.04.2005 14:58
war alles ok

hab aber schon wider probleme schau mal bitte

Logfile of HijackThis v1.99.1
Scan saved at 15:57:25, on 17.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\system32\drivers\CDAC11BA.EXE
E:\WINDOWS\System32\svchost.exe
E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Programme\Softwin\BitDefender8\bdoesrv.exe
E:\Programme\Softwin\BitDefender8\bdswitch.exe
E:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
E:\Programme\Saitek\Saitek Gaming Extensions\saicnfig.exe
E:\Programme\QuickTime\qttask.exe
E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
E:\Programme\iTunes\iTunesHelper.exe
E:\Programme\D-Tools\daemon.exe
E:\Programme\SlySoft\AnyDVD\AnyDVD.exe
E:\Programme\BySoft FreeRAM\FreeRAM.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programme\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
E:\Programme\TaskSwitchXP\TaskSwitchXP.exe
E:\Programme\iPod\bin\iPodService.exe
E:\Programme\MSI\Bluetooth Software\BTTray.exe
E:\Programme\ScanWizard 5\ScannerFinder.exe
E:\Temp\CalCheck.exe
E:\PROGRA~1\MSI\BLUETO~1\BTSTAC~1.EXE
E:\Programme\Azureus\Azureus.exe
E:\Programme\Java\j2re1.4.2_04\bin\javaw.exe
E:\Programme\Opera\opera.exe
E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
E:\Programme\Softwin\BitDefender8\vsserv.exe
e:\progra~1\softwin\bitdef~1\bdmcon.exe
E:\Dokumente und Einstellungen\Schönemann\Desktop\download\hijack finder\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - E:\PROGRA~1\Ashampoo\ASHAMP~2\PopUp.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Media Playback Support Dll - {9D9A7350-46C9-4E3C-92EF-382B5740A1C3} - E:\WINDOWS\system32\bvicore.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDMCon] e:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] E:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] e:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] E:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] E:\Programme\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] E:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [NVMixerTray] "E:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AnyDVD] E:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] E:\Programme\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [UIWatcher] E:\Programme\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Programme\TaskSwitchXP\TaskSwitchXP.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = E:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = E:\Programme\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = E:\Temp\CalCheck.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40DEDD3-6BAF-45E0-804E-ABCA6D08BE3A}: NameServer = 217.237.149.225 217.237.151.97
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - E:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - E:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

--------------------------------------------------------------------------

hab außerdem ne sfx.exe aufem rechner die nicht löschbar ist. Schreibt immer das das die datei von nem anderen programm verwendet wird


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131