Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win32.agent.dw gefunden (https://www.trojaner-board.de/27086-win32-agent-dw-gefunden.html)

Drinkuth 23.02.2006 14:52
Win32.agent.dw gefunden
 
Hallo Bitte um Auswertung von HJT Log und escan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Feb 23 13:30:38 2006 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic\INFECTED\*.*
Thu Feb 23 13:50:14 2006 => File C:\RECYCLER\Q678341.exe infected by "Trojan.Win32.Agent.dw" Virus! Action Taken: No Action Taken.
Thu Feb 23 13:51:12 2006 => File C:\System Volume Information\_restore{CB97386A-1DFA-4426-BE05-B0E1AB0D90D5}\RP366\A0042910.exe infected by "Backdoor.Win32.Agent.so" Virus! Action Taken: No Action Taken.
Thu Feb 23 13:51:57 2006 => File C:\System Volume Information\_restore{CB97386A-1DFA-4426-BE05-B0E1AB0D90D5}\RP385\A0045124.exe infected by "not-virus:BadJoke.Win32.Finger.b" Virus! Action Taken: No Action Taken.
Thu Feb 23 14:04:12 2006 => File G:\AOL-download\Filme-Kiewert\Schwedin.exe infected by "not-virus:BadJoke.Win32.Badgame" Virus! Action Taken: No Action Taken.
Thu Feb 23 14:04:19 2006 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Feb 23 13:55:29 2006 => File C:\WINDOWS\MegaXXX.exe tagged as "not-a-virus:Porn-Dialer.Win32.AsianRaw.j". Action Taken: No Action Taken.
Thu Feb 23 13:59:11 2006 => File C:\WINDOWS\XxxAccess.exe tagged as "not-a-virus:Porn-Dialer.Win32.AsianRaw.j". Action Taken: No Action Taken.
Thu Feb 23 13:59:11 2006 => File D:\clon-CD Image\delwbi.tmp tagged as "not-a-virus:Dialer.Win32.gen". Action Taken: No Action Taken.
Thu Feb 23 13:59:12 2006 => File D:\Datei\Kza(1-kza-1-0-#0).exe tagged as "not-a-virus:Dialer.Win32.FileSharing.b". Action Taken: No Action Taken.
Thu Feb 23 14:04:15 2006 => File G:\My Shared Folder\kmd171_de.exe tagged as "not-a-virus:AdWare.Win32.Cydoor". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Feb 23 14:04:19 2006 => Total Objects Scanned: 59493
Thu Feb 23 14:04:19 2006 => Total Critical Objects: 9
Thu Feb 23 14:04:19 2006 => Total Disinfected Objects: 0
Thu Feb 23 14:04:19 2006 => Total Deleted Objects: 0
Thu Feb 23 14:04:19 2006 => Total Errors: 66
Thu Feb 23 14:04:19 2006 => Time Elapsed: 00:34:27
Thu Feb 23 13:26:20 2006 => Virus Database Date: 2/16/2006
Thu Feb 23 13:27:41 2006 => Virus Database Date: 2/23/2006
Thu Feb 23 14:04:19 2006 => Virus Database Date: 2/23/2006


Logfile of HijackThis v1.99.1
Scan saved at 12:45:05, on 23.02.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\HP Web Jetadmin\hpwebjetd.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\AOL 8.0\aoltray.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijack\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VirtualDrive] "C:\Programme\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{89C1229D-51A7-4A48-9029-E99A076891C4}: NameServer = 192.168.0.100
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\\aolserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: WindowInstallSystem (fd9ebab4978svr) - Unknown owner - C:\WINDOWS\fd9ebab4978.exe
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Programme\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

irrlicht 23.02.2006 15:38
Hallo Drinkuth,
gehe danach mal Googeln ! :Backdoor.Win32.Agent.so
Der ist deine Strafe dafür :
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Völlig veraltet,von Widows Updates hast du schon gehört ?
Aktuell ist Service pack 2 - dann wäre dir obiges wahrscheinlich erspart geblieben.
Irrlicht


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55