Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Escan logfile, brauche hilfe.. (https://www.trojaner-board.de/22079-escan-logfile-brauche-hilfe.html)

SilverFenix 22.09.2005 17:22
Escan logfile, brauche hilfe..
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 18 23:41:47 2005 => System found infected with zipitpro Spyware/Adware (E:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Sun Sep 18 23:41:48 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Sun Sep 18 23:45:42 2005 => Total Disinfected Files: 0
Mon Sep 19 18:15:53 2005 => System found infected with zipitpro Spyware/Adware (E:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Mon Sep 19 18:15:54 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Mon Sep 19 18:31:25 2005 => Scanning Folder: E:\Programme\AVPersonal\INFECTED\*.*
Mon Sep 19 19:34:29 2005 => Total Disinfected Files: 0
Wed Sep 21 10:57:04 2005 => System found infected with zipitpro Spyware/Adware (E:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Wed Sep 21 10:57:05 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Wed Sep 21 11:12:39 2005 => Scanning Folder: E:\Programme\AVPersonal\INFECTED\*.*
Wed Sep 21 12:45:25 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 18 23:42:19 2005 => File E:\WINDOWS\pludll.exe tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
Mon Sep 19 18:25:10 2005 => File E:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Mon Sep 19 19:06:01 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP184\A0065366.dll tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
Mon Sep 19 19:19:27 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP213\A0068735.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 11:06:26 2005 => File E:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 11:46:02 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP184\A0065366.dll tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
Wed Sep 21 11:58:47 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP213\A0068735.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 12:31:31 2005 => File E:\WINDOWS\pludll.exe tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 18 23:41:30 2005 => Offending Folder found: E:\PROGRA~1\limewire
Sun Sep 18 23:41:30 2005 => Offending Folder found: E:\DOKUME~1\*****\STARTM~1\PROGRA~1\limewire
Sun Sep 18 23:41:30 2005 => Offending Folder found: E:\DOKUME~1\*****\FAVORI~1\going places
Sun Sep 18 23:41:47 2005 => Offending file found: E:\WINDOWS\iun6002.exe
Sun Sep 18 23:45:42 2005 => Total Virus(es) Found: 6
Mon Sep 19 18:15:35 2005 => Offending Folder found: E:\PROGRA~1\limewire
Mon Sep 19 18:15:35 2005 => Offending Folder found: E:\DOKUME~1\*****\STARTM~1\PROGRA~1\limewire
Mon Sep 19 18:15:36 2005 => Offending Folder found: E:\DOKUME~1\*****\FAVORI~1\going places
Mon Sep 19 18:15:53 2005 => Offending file found: E:\WINDOWS\iun6002.exe
Mon Sep 19 19:34:29 2005 => Total Virus(es) Found: 8
Wed Sep 21 10:56:45 2005 => Offending Folder found: E:\PROGRA~1\limewire
Wed Sep 21 10:56:45 2005 => Offending Folder found: E:\DOKUME~1\*****\STARTM~1\PROGRA~1\limewire
Wed Sep 21 10:56:46 2005 => Offending Folder found: E:\DOKUME~1\*****\FAVORI~1\going places
Wed Sep 21 10:57:04 2005 => Offending file found: E:\WINDOWS\iun6002.exe
Wed Sep 21 12:45:24 2005 => Total Virus(es) Found: 9
Sun Sep 18 23:45:42 2005 => Total Errors: 31
Mon Sep 19 19:34:29 2005 => Total Errors: 140
Wed Sep 21 12:45:25 2005 => Total Errors: 140
Sun Sep 18 23:45:42 2005 => Time Elapsed: 00:05:40
Mon Sep 19 19:34:29 2005 => Time Elapsed: 01:19:44
Wed Sep 21 12:45:25 2005 => Time Elapsed: 01:49:31
Sun Sep 18 23:45:42 2005 => Total Objects Scanned: 25666
Mon Sep 19 19:34:29 2005 => Total Objects Scanned: 64840
Wed Sep 21 12:45:24 2005 => Total Objects Scanned: 81225
Sun Sep 18 23:39:24 2005 => Virus Database Date: 2005/09/18
Sun Sep 18 23:45:42 2005 => Virus Database Date: 2005/09/18
Sun Sep 18 23:47:32 2005 => Virus Database Date: 2005/09/18
Mon Sep 19 18:13:48 2005 => Virus Database Date: 2005/09/18
Mon Sep 19 19:34:29 2005 => Virus Database Date: 2005/09/18
Mon Sep 19 19:34:49 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 10:55:34 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 12:45:25 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 15:03:10 2005 => Virus Database Date: 2005/09/18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

wie gehts jetzt weiter? o.O will nichts falsches löschen..

SilverFenix 22.09.2005 20:29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Sep 21 10:57:04 2005 => System found infected with zipitpro Spyware/Adware (E:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Wed Sep 21 10:57:05 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Wed Sep 21 11:12:39 2005 => Scanning Folder: E:\Programme\AVPersonal\INFECTED\*.*
Wed Sep 21 12:45:25 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Sep 21 11:06:26 2005 => File E:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 11:46:02 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP184\A0065366.dll tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
Wed Sep 21 11:58:47 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP213\A0068735.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 12:31:31 2005 => File E:\WINDOWS\pludll.exe tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Sep 21 10:56:45 2005 => Offending Folder found: E:\PROGRA~1\limewire
Wed Sep 21 10:56:45 2005 => Offending Folder found: E:\DOKUME~1\Timon\STARTM~1\PROGRA~1\limewire
Wed Sep 21 10:56:46 2005 => Offending Folder found: E:\DOKUME~1\Timon\FAVORI~1\going places
Wed Sep 21 10:57:04 2005 => Offending file found: E:\WINDOWS\iun6002.exe
Wed Sep 21 12:45:24 2005 => Total Virus(es) Found: 9
Wed Sep 21 12:45:25 2005 => Total Errors: 140
Wed Sep 21 12:45:25 2005 => Time Elapsed: 01:49:31
Wed Sep 21 12:45:24 2005 => Total Objects Scanned: 81225
Wed Sep 21 10:55:34 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 12:45:25 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 15:03:10 2005 => Virus Database Date: 2005/09/18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

so is besser glaub ich :P

Cidre 22.09.2005 20:41
Deaktiviere die Systemwiederherstellung und lösche diese Datei (E:\WINDOWS\pludll.exe). Anschließend setzt du RegSeeker ein und bereinigst die Registry (nur grüne Funde löschen!).

Abschließend postest du nochmals die Virus Log Information von eScan (lösche aber zuvor die mwav.log wie beschrieben!) und ein HJT Log-File.

SilverFenix 23.09.2005 14:55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Sep 23 13:57:46 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Fri Sep 23 15:13:45 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Sep 23 14:05:23 2005 => File E:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Sep 23 13:57:24 2005 => Offending Folder found: E:\PROGRA~1\limewire
Fri Sep 23 13:57:24 2005 => Offending Folder found: E:\DOKUME~1\Timon\STARTM~1\PROGRA~1\limewire
Fri Sep 23 15:13:45 2005 => Total Virus(es) Found: 3
Fri Sep 23 15:13:45 2005 => Total Errors: 125
Fri Sep 23 15:13:45 2005 => Time Elapsed: 01:17:10
Fri Sep 23 15:13:45 2005 => Total Objects Scanned: 68931
Fri Sep 23 13:56:13 2005 => Virus Database Date: 2005/09/18
Fri Sep 23 15:13:45 2005 => Virus Database Date: 2005/09/18
Fri Sep 23 15:19:11 2005 => Virus Database Date: 2005/09/18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Logfile of HijackThis v1.99.1
Scan saved at 15:55:27, on 23.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\FRITZ!DSL\IGDCTRL.EXE
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
E:\WINDOWS\Explorer.EXE
E:\Programme\Microsoft AntiSpyware\gcasServ.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
E:\Programme\FRITZ!DSL\StCenter.exe
E:\Programme\FRITZ!DSL\FwebProt.exe
E:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Dokumente und Einstellungen\Timon\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - E:\Programme\GMX\GMX Toolbar\toolbar.dll
O4 - HKLM\..\Run: [gcasServ] "E:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "E:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - Startup: Adobe Gamma.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FRITZ!DSL Protect.lnk = E:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = E:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - E:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - E:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - E:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

SilverFenix 26.09.2005 07:46
und weiter?


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:38 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129