Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   eScan findet Malware (https://www.trojaner-board.de/26518-escan-findet-malware.html)

fritzi07 05.02.2006 00:32
eScan findet Malware
 
Hallo
Ein Scan mit eScan fand folgende Treffer:

Sun Feb 05 00:19:30 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sun Feb 05 00:19:31 2006 => Loading Spyware Signatures from new External Database (Size: 152313).
Sun Feb 05 00:19:31 2006 => Indexed Spyware Databases Successfully Created...

Sun Feb 05 00:19:34 2006 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sun Feb 05 00:19:36 2006 => Offending file found: C:\WINDOWS\system32\redirect.dll
Sun Feb 05 00:19:36 2006 => System found infected with dynamic desktop media Spyware/Adware (redirect.dll)! Action taken: No Action Taken.

Sun Feb 05 00:19:42 2006 => Offending file found: D:\Data\divers\tools\utilities\tweakpower\uninstaller.exe
Sun Feb 05 00:19:42 2006 => System found infected with midaddle Spyware/Adware (uninstaller.exe)! Action taken: No Action Taken.

Sun Feb 05 00:19:45 2006 => Offending file found: C:\Dokumente und Einstellungen\Fritz Renfer\Lokale Einstellungen\temp\outlook logging\firstrun.log
Sun Feb 05 00:19:45 2006 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.

Sun Feb 05 00:19:47 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sun Feb 05 00:19:47 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.

Sun Feb 05 00:19:47 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\tools\system\futuremark\pcmark04\readme.url
Sun Feb 05 00:19:47 2006 => System found infected with midaddle Spyware/Adware (readme.url)! Action taken: No Action Taken.

Sun Feb 05 00:19:47 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\tools\system\futuremark\pcmark04\readme.url
Sun Feb 05 00:19:47 2006 => System found infected with midaddle Spyware/Adware (readme.url)! Action taken: No Action Taken.

Sun Feb 05 00:19:48 2006 => Offending file found: D:\Data\divers\tools\utilities\tweakpower\uninstaller.exe
Sun Feb 05 00:19:48 2006 => System found infected with midaddle Spyware/Adware (uninstaller.exe)! Action taken: No Action Taken.

Hier das dazugehörige HJT-Log:

Logfile of HijackThis v1.99.1
Scan saved at 00:29:27, on 05.02.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
D:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\HHVcdV7Sys\VC7Play.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
D:\tools\ASUS\Probe\AsusProb.exe
C:\programme\musicmatch\musicmatch jukebox\mmtask.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Komponenten\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Tools\WinZip\WZQKPICK.EXE
D:\Tools\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Tools\Utilities\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\HHVcdV7Sys\VC7SecS.exe
D:\Programme\Applications\VMware(2)\VMware Workstation\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Applications\Browser\Mozilla Firefox\firefox.exe
D:\Tools\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\***\LOKALE~1\Temp\mexe.com
C:\DOKUME~1\***\LOKALE~1\Temp\kavss.exe
D:\Programme\Applications\Browser\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Messenger\msmsgs.exe
D:\Data\Divers\Tools\Utilities\Virus\HjT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.bluewin.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\Utilities\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Tools\UTILIT~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Tools\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VC7Player] C:\Programme\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Tools\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ASUS Probe] d:\tools\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [mmtask] c:\programme\musicmatch\musicmatch jukebox\mmtask.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [NBJ] "D:\Programme\Applications\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Tools\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\APPLIC~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Tools\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\APPLIC~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132958975046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132958962750
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WB - D:\Tools\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - D:\Tools\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe"

-k runservice (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\KOMPON~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Tools\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Tools\Utilities\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Tools\Utilities\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Programme\Applications\VMware(2)\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image

Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Danke für Eure Hilfe

fritzi07 06.02.2006 23:27
Hallo

Habe ich falsch gepostet oder hat niemand eine Idee?
Ich wäre wirklich dankbar für Antworten.

Danke

Wildone 07.02.2006 00:10
Hallo,
sieht eigentlich alles sehr sauber aus, bis auf die C:\WINDOWS\system32\redirect.dll die solltest du löschen. Der Rest ist Geblubber von Escan (also alles false positives).


Grüße Wildone

fritzi07 08.02.2006 00:35
Danke schön, werd ich machen.
Gruss

ramajoke 04.04.2006 22:57
Hallo,

Zitat:
Der Rest ist Geblubber von Escan (also alles false positives).
...

sehr interessant ....
bei mir findet eScan ebenfalls Clientman & eUniverse. Mit allen anderen Progs wie z.B Ewido, Spybot, Defender usw. wird überhaupt nichts gefunden.
Wenn ich übrigens die "angeblich ?! " gefundenen Dateien löschen möchte mit eScan-Check 1.10, dann findet dieses ebenfalls keine Dateien aus der mwav.log - habt Ihr ein Ahnung was ich nun machen soll ????

Hier mal mein HJT Log (der ist aber sauber):

Code:
Logfile of HijackThis v1.99.1
Scan saved at 16:29:25, on 04.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\tools\tune_up_06\WinStylerThemeSvc.exe
D:\tools\windows_defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\ATI-CPanel\atiptaxx.exe
D:\tools\xampp\apache\bin\Apache.exe
D:\multimedia\PowerDVD\PDVDServ.exe
D:\tools\Acronis\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\eHome\ehRecvr.exe
D:\text\adobe\Distillr\Acrotray.exe
C:\WINDOWS\eHome\ehSched.exe
D:\tools\ewido_\ewido anti-malware\ewidoctrl.exe
D:\tools\pccillin_14\pccguide.exe
D:\tools\windows_defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\tools\tune_up_06\MemOptimizer.exe
D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
D:\tools\ActiveSync\WCESCOMM.EXE
D:\tools\xampp\mysql\bin\mysqld-nt.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
D:\TOOLS\PCCILL~1\PCCTLCOM.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
D:\tools\WinZip\WZQKPICK.EXE
D:\tools\PCCILL~1\Tmntsrv.exe
D:\tools\PCCILL~1\tmproxy.exe
D:\TOOLS\PCCILL~1\TMPFW.EXE
D:\tools\xampp\apache\bin\Apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\tools\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\tools\snagit\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Trend Micro Anti-Betrug-Symbolleiste - {06647158-359E-4D10-A8DE-E6145DA90BE9} - D:\tools\PCCILL~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\text\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\tools\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - d:\text\adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\text\adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\tools\snagit\SnagItIEAddin.dll
O3 - Toolbar: Trend Micro Anti-Betrug-Symbolleiste - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - D:\tools\PCCILL~1\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RemoteControl] D:\multimedia\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "D:\tools\Acronis\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\text\adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\tools\pccillin_14\pccguide.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\tools\windows_defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\tools\tune_up_06\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\tools\ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\tools\Skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\tools\spybotsearch\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\tools\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\text\office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://d:\text\adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\tools\ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\tools\ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\tools\ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\text\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120290729109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - D:\tools\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - D:\tools\ewido_\ewido anti-malware\ewidoctrl.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - D:\tools\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\tools\PCCILL~1\PcCtlCom.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\tools\SiSoftware Sandra Lite 2005.SR1\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\tools\PCCILL~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\tools\PCCILL~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\tools\PCCILL~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tools\tune_up_06\WinStylerThemeSvc.exe
rama

dartus 04.04.2006 23:17
Hallo ramajoke,

sofern keine Datei und kein Registry-Eintrag angezeigt wird, brauchst Du Dir keine Sorgen machen (Verkaufshile).

dartus

ramajoke 05.04.2006 11:53
Hallo Dartus,

Zitat:
sofern keine Datei und kein Registry-Eintrag angezeigt wird, brauchst Du Dir keine Sorgen machen
...

unten die Logs ... hoffe alles ist ok so :dummguck:

Zitat:
(Verkaufshile).
...

ist ja interessant .. :pfui:

hier die found.txt
Code:
---------- RESULTS.TXT
Tue Apr 04 13:21:10 2006 => Virus Database Date: 4/3/2006
Tue Apr 04 13:21:10 2006 => Virus Database Count: 185802
Tue Apr 04 13:21:55 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 13:21:55 2006 => Virus Database Count: 182128
Tue Apr 04 13:38:02 2006 => Virus Database Date: 4/3/2006
Tue Apr 04 13:38:02 2006 => Virus Database Count: 185802
Tue Apr 04 13:39:23 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 13:39:23 2006 => Virus Database Count: 182128
Tue Apr 04 13:47:13 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 13:47:13 2006 => Virus Database Count: 182128
Tue Apr 04 16:16:31 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 16:16:31 2006 => Virus Database Count: 182128
Tue Apr 04 16:19:37 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 16:19:37 2006 => Virus Database Count: 182128
Auszug aus der mwav.log

Code:
Tue Apr 04 13:49:58 2006 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.

 
Tue Apr 04 13:49:59 2006 => System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken.

Tue Apr 04 13:49:59 2006 => System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken.



Tue Apr 04 16:16:30 2006 => ***** Scanning complete. *****
 
Tue Apr 04 16:16:30 2006 => Total Objects Scanned: 132995
Tue Apr 04 16:16:30 2006 => Total Critical Objects: 3
Tue Apr 04 16:16:30 2006 => Total Disinfected Objects: 0
Tue Apr 04 16:16:31 2006 => Total Objects Renamed: 0
Tue Apr 04 16:16:31 2006 => Total Deleted Objects: 0
Tue Apr 04 16:16:31 2006 => Total Errors: 13
Tue Apr 04 16:16:31 2006 => Time Elapsed: 02:28:07
Tue Apr 04 16:16:31 2006 => Virus Database Date: 4/4/2006
Tue Apr 04 16:16:31 2006 => Virus Database Count: 182128
 
Tue Apr 04 16:16:31 2006 => Scan Completed.
rama


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131