Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   eScan findet Malware (https://www.trojaner-board.de/26518-escan-findet-malware.html)

fritzi07 05.02.2006 00:32
eScan findet Malware
 
Hallo
Ein Scan mit eScan fand folgende Treffer:

Sun Feb 05 00:19:30 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sun Feb 05 00:19:31 2006 => Loading Spyware Signatures from new External Database (Size: 152313).
Sun Feb 05 00:19:31 2006 => Indexed Spyware Databases Successfully Created...

Sun Feb 05 00:19:34 2006 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sun Feb 05 00:19:36 2006 => Offending file found: C:\WINDOWS\system32\redirect.dll
Sun Feb 05 00:19:36 2006 => System found infected with dynamic desktop media Spyware/Adware (redirect.dll)! Action taken: No Action Taken.

Sun Feb 05 00:19:42 2006 => Offending file found: D:\Data\divers\tools\utilities\tweakpower\uninstaller.exe
Sun Feb 05 00:19:42 2006 => System found infected with midaddle Spyware/Adware (uninstaller.exe)! Action taken: No Action Taken.

Sun Feb 05 00:19:45 2006 => Offending file found: C:\Dokumente und Einstellungen\Fritz Renfer\Lokale Einstellungen\temp\outlook logging\firstrun.log
Sun Feb 05 00:19:45 2006 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.

Sun Feb 05 00:19:47 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sun Feb 05 00:19:47 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.

Sun Feb 05 00:19:47 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\tools\system\futuremark\pcmark04\readme.url
Sun Feb 05 00:19:47 2006 => System found infected with midaddle Spyware/Adware (readme.url)! Action taken: No Action Taken.

Sun Feb 05 00:19:47 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\tools\system\futuremark\pcmark04\readme.url
Sun Feb 05 00:19:47 2006 => System found infected with midaddle Spyware/Adware (readme.url)! Action taken: No Action Taken.

Sun Feb 05 00:19:48 2006 => Offending file found: D:\Data\divers\tools\utilities\tweakpower\uninstaller.exe
Sun Feb 05 00:19:48 2006 => System found infected with midaddle Spyware/Adware (uninstaller.exe)! Action taken: No Action Taken.

Hier das dazugehörige HJT-Log:

Logfile of HijackThis v1.99.1
Scan saved at 00:29:27, on 05.02.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
D:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\HHVcdV7Sys\VC7Play.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
D:\tools\ASUS\Probe\AsusProb.exe
C:\programme\musicmatch\musicmatch jukebox\mmtask.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Komponenten\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Tools\WinZip\WZQKPICK.EXE
D:\Tools\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Tools\Utilities\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\HHVcdV7Sys\VC7SecS.exe
D:\Programme\Applications\VMware(2)\VMware Workstation\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Applications\Browser\Mozilla Firefox\firefox.exe
D:\Tools\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\***\LOKALE~1\Temp\mexe.com
C:\DOKUME~1\***\LOKALE~1\Temp\kavss.exe
D:\Programme\Applications\Browser\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Messenger\msmsgs.exe
D:\Data\Divers\Tools\Utilities\Virus\HjT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.bluewin.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\Utilities\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Tools\UTILIT~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Tools\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VC7Player] C:\Programme\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Tools\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ASUS Probe] d:\tools\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [mmtask] c:\programme\musicmatch\musicmatch jukebox\mmtask.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [NBJ] "D:\Programme\Applications\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Tools\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\APPLIC~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Tools\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\APPLIC~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132958975046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132958962750
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WB - D:\Tools\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - D:\Tools\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe"

-k runservice (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Tools\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Tools\Utilities\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Tools\Utilities\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Programme\Applications\VMware(2)\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image

Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Danke für Eure Hilfe

fritzi07 06.02.2006 23:27
Hallo

Habe ich falsch gepostet oder hat niemand eine Idee?
Ich wäre wirklich dankbar für Antworten.

Danke

Wildone 07.02.2006 00:10
Hallo,
sieht eigentlich alles sehr sauber aus, bis auf die C:\WINDOWS\system32\redirect.dll die solltest du löschen. Der Rest ist Geblubber von Escan (also alles false positives).


Grüße Wildone

fritzi07 08.02.2006 00:35
Danke schön, werd ich machen.
Gruss

ramajoke 04.04.2006 22:57
Hallo,

Zitat:
Der Rest ist Geblubber von Escan (also alles false positives).
...

sehr interessant ....
bei mir findet eScan ebenfalls Clientman & eUniverse. Mit allen anderen Progs wie z.B Ewido, Spybot, Defender usw. wird überhaupt nichts gefunden.
Wenn ich übrigens die "angeblich ?! " gefundenen Dateien löschen möchte mit eScan-Check 1.10, dann findet dieses ebenfalls keine Dateien aus der mwav.log - habt Ihr ein Ahnung was ich nun machen soll ????

Hier mal mein HJT Log (der ist aber sauber):

Code:
Logfile of HijackThis v1.99.1
Scan saved at 16:29:25, on 04.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\tools\tune_up_06\WinStylerThemeSvc.exe
D:\tools\windows_defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\ATI-CPanel\atiptaxx.exe
D:\tools\xampp\apache\bin\Apache.exe
D:\multimedia\PowerDVD\PDVDServ.exe
D:\tools\Acronis\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\eHome\ehRecvr.exe
D:\text\adobe\Distillr\Acrotray.exe
C:\WINDOWS\eHome\ehSched.exe
D:\tools\ewido_\ewido anti-malware\ewidoctrl.exe
D:\tools\pccillin_14\pccguide.exe
D:\tools\windows_defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\tools\tune_up_06\MemOptimizer.exe
D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
D:\tools\ActiveSync\WCESCOMM.EXE
D:\tools\xampp\mysql\bin\mysqld-nt.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
D:\TOOLS\PCCILL~1\PCCTLCOM.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
D:\tools\WinZip\WZQKPICK.EXE
D:\tools\PCCILL~1\Tmntsrv.exe
D:\tools\PCCILL~1\tmproxy.exe
D:\TOOLS\PCCILL~1\TMPFW.EXE
D:\tools\xampp\apache\bin\Apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\tools\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\tools\snagit\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Trend Micro Anti-Betrug-Symbolleiste - {06647158-359E-4D10-A8DE-E6145DA90BE9} - D:\tools\PCCILL~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\text\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\tools\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - d:\text\adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\text\adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\tools\snagit\SnagItIEAddin.dll
O3 - Toolbar: Trend Micro Anti-Betrug-Symbolleiste - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - D:\tools\PCCILL~1\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RemoteControl] D:\multimedia\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "D:\tools\Acronis\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\text\adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\tools\pccillin_14\pccguide.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\tools\windows_defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\tools\tune_up_06\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\tools\ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\tools\Skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\tools\spybotsearch\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\tools\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\text\office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\tools\ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\tools\ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\tools\ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\text\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120290729109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - D:\tools\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - D:\tools\ewido_\ewido anti-malware\ewidoctrl.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - D:\tools\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\tools\PCCILL~1\PcCtlCom.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\tools\SiSoftware Sandra Lite 2005.SR1\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\tools\PCCILL~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\tools\PCCILL~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\tools\PCCILL~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tools\tune_up_06\WinStylerThemeSvc.exe
rama

dartus 04.04.2006 23:17
Hallo ramajoke,

sofern keine Datei und kein Registry-Eintrag angezeigt wird, brauchst Du Dir keine Sorgen machen (Verkaufshile).

dartus

ramajoke 05.04.2006 11:53
Hallo Dartus,

Zitat:
sofern keine Datei und kein Registry-Eintrag angezeigt wird, brauchst Du Dir keine Sorgen machen
...

unten die Logs ... hoffe alles ist ok so :dummguck:

Zitat:
(Verkaufshile).
...

ist ja interessant .. :pfui:

hier die found.txt
Code:
---------- RESULTS.TXT
Tue Apr 04 13:21:10 2006 => Virus Database Date: 4/3/2006
Tue Apr 04 13:21:10 2006 => Virus Database Count: 185802
Tue Apr 04 13:21:55 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 13:21:55 2006 => Virus Database Count: 182128
Tue Apr 04 13:38:02 2006 => Virus Database Date: 4/3/2006
Tue Apr 04 13:38:02 2006 => Virus Database Count: 185802
Tue Apr 04 13:39:23 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 13:39:23 2006 => Virus Database Count: 182128
Tue Apr 04 13:47:13 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 13:47:13 2006 => Virus Database Count: 182128
Tue Apr 04 16:16:31 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 16:16:31 2006 => Virus Database Count: 182128
Tue Apr 04 16:19:37 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 16:19:37 2006 => Virus Database Count: 182128
Auszug aus der mwav.log

Code:
Tue Apr 04 13:49:58 2006 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.

 
Tue Apr 04 13:49:59 2006 => System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken.

Tue Apr 04 13:49:59 2006 => System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken.



Tue Apr 04 16:16:30 2006 => ***** Scanning complete. *****
 
Tue Apr 04 16:16:30 2006 => Total Objects Scanned: 132995
Tue Apr 04 16:16:30 2006 => Total Critical Objects: 3
Tue Apr 04 16:16:30 2006 => Total Disinfected Objects: 0
Tue Apr 04 16:16:31 2006 => Total Objects Renamed: 0
Tue Apr 04 16:16:31 2006 => Total Deleted Objects: 0
Tue Apr 04 16:16:31 2006 => Total Errors: 13
Tue Apr 04 16:16:31 2006 => Time Elapsed: 02:28:07
Tue Apr 04 16:16:31 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 16:16:31 2006 => Virus Database Count: 182128
 
Tue Apr 04 16:16:31 2006 => Scan Completed.
rama


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55