Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte Hilfe (https://www.trojaner-board.de/7741-bitte-hilfe.html)

Chefkoch74 22.09.2004 17:17
Hallo

Das Tool CDShredder hatte mir gerade einen Trojaner Namen ausgespuckt und zwar Coolwebsearch Trojan (CWS Smartsearch2).Ich hoffe da hilft weiter.

MFG Chefkoch74

Cidre 22.09.2004 17:23
Suche mal die Datei mwXface.log und poste deren Inhalt. Danach sind wir hoffentlich schlauer. ;)

Chefkoch74 22.09.2004 18:08
Hallo

So habe ich gefunden.Hier das ergebniss

[0x00000b30] 22/09/2004 09:32:57:265 :[msvLclnt.dll]ModuleName = C:\Bases\mwavscan.com
[0x00000b30] 22/09/2004 09:32:57:265 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]Priority : NORMAL
[0x00000b30] 22/09/2004 09:32:58:234 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000d48] 22/09/2004 09:33:26:187 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\phji.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:33:27:781 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\phji.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:13:953 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\TFTP988 infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:14:609 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\TFTP988 infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:20:640 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\vpc32.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:21:281 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\vpc32.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:50:58:875 :[msvLclnt.dll][00000001] File C:\Dokumente und Einstellungen\Marco\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UFMN0BUR\rbot[1].exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:50:59:406 :[msvLclnt.dll][00000001] File C:\Dokumente und Einstellungen\Marco\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UFMN0BUR\rbot[1].exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:52:45:718 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0031071.EXE.VIR infected by Worm.Win32.Welchia.b
[0x00000d48] 22/09/2004 09:52:45:734 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0031071.EXE.VIR infected by Worm.Win32.Welchia.b
[0x00000d48] 22/09/2004 09:52:45:796 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0097850.EXE.VIR infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 09:52:45:843 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0097850.EXE.VIR infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 09:52:46:171 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\SVCHOST.EXE.001 infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 09:52:46:187 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\SVCHOST.EXE.001 infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 10:05:19:671 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP318\A0110527.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:20:359 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP318\A0110527.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:45:468 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP324\A0113902.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:46:109 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP324\A0113902.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:59:625 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116032.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:06:00:062 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116032.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:06:00:734 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116033.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:06:01:375 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116033.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:12:31:671 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CXSF6RER\WksPatch[7].exe infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 10:12:31:703 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CXSF6RER\WksPatch[7].exe infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 10:12:31:828 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRC32FO5\WksPatch[5].exe infected by Worm.Win32.Welchia.h
[0x00000d48] 22/09/2004 10:12:31:828 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRC32FO5\WksPatch[5].exe infected by Worm.Win32.Welchia.h
[0x00000d48] 22/09/2004 10:13:36:265 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\drivers\etc\hosts infected by Trojan.Win32.Qhost
[0x00000d48] 22/09/2004 10:13:36:281 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\drivers\etc\hosts infected by Trojan.Win32.Qhost
[0x00000d48] 22/09/2004 10:27:16:265 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000a20] 22/09/2004 12:42:34:890 :[msvLclnt.dll]ModuleName = C:\Bases\mwavscan.com
[0x00000a20] 22/09/2004 12:42:34:890 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]Priority : NORMAL
[0x00000a20] 22/09/2004 12:42:36:281 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000bac] 22/09/2004 13:42:23:312 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000880] 22/09/2004 14:48:31:937 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000a20] 22/09/2004 16:22:06:968 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22

sieht ja gar nicht so gut aus.

MFG Chefkoch74


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:58 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131