Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Trojaner auf PC - SHeur2.HAN (https://www.trojaner-board.de/67112-trojaner-pc-sheur2-han.html)

BeckerOliver 24.12.2008 10:10
Trojaner auf PC - SHeur2.HAN
 
Hallo zusammen,

ich nutze AVG anti-Virus Free 8.0 und Trojancheck 6. Nun meldet der Resident Shield alert von AVG 8.0, das ein Trojaner entdeckt wurde:

Accessed file ist infected
Threat detected!
File name: C:\Programme\Spyware Guard 2008\spywareguard.exe
Theat name: Trojan horse SHeur2.HAN
Detected on open
Details: Process Name C:\WINDOWS\Explorer.EXE
Process ID: 584

Bitte um Hilfe!

Anbei der Report aus TrojaCheck:


Registry - Standardeinträge
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run MSMSGS "C:\Programme\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run Ashampoo PopUpBlocker C:\Programme\Winoptimizer\Ashampoo WinOptimizer Platinum Suite 2\PopUpKiller.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run H/PC Connection Agent "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run swg C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run Cognac C:\DOKUME~1\OLIVER~1\LOKALE~1\Temp\~tmpb.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run MSFox C:\DOKUME~1\OLIVER~1\LOKALE~1\Temp\yyy10469.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run SoundMAXPnP C:\Programme\Analog Devices\Core\smax4pnp.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run DVDLauncher "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run UpdateManager "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run BOL Master D:\Setup.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run SExplorer C:\Programme\xxx\xxx.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run OpwareSE2 "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run igfxtray C:\WINDOWS\system32\igfxtray.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run igfxpers C:\WINDOWS\system32\igfxpers.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run CAP3ON C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run Adobe Photo Downloader "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run Adobe Reader Speed Launcher "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run ZoneAlarm Client "C:\Programme\ZoneAlarm\zlclient.exe"
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run AVG8_TRAY C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run spywareguard C:\Programme\Spyware Guard 2008\spywareguard.exe


Top

Registry - Shell Spawning
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt
HKEY_CLASSES_ROOT \exefile\shell\open\command "%1" %*
HKEY_CLASSES_ROOT \comfile\shell\open\command "%1" %*
HKEY_CLASSES_ROOT \batfile\shell\open\command "%1" %*
HKEY_CLASSES_ROOT \htafile\Shell\open\Command C:\WINDOWS\system32\mshta.exe "%1" %*
HKEY_CLASSES_ROOT \piffile\shell\open\command "%1" %*


Top

Registry - Active Setup
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} StubPath C:\WINDOWS\system32\ieudinit.exe
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} StubPath C:\WINDOWS\inf\unregmp2.exe /ShowWMP
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} StubPath %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} StubPath RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS StubPath RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} StubPath
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} StubPath
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} StubPath %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} StubPath
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} StubPath "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} StubPath regsvr32.exe /s /n /i:U shell32.dll
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} StubPath C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} StubPath C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c} StubPath


Top

Registry - Virtuelle Gerätetreiber (VxD)
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\JAVASUP StaticVxD JAVASUP.VXD


Top

Registry - ICQ Net
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt


Top

Autostart - Standardeinträge
Pfad Dateiname Link zu
C:\Dokumente und Einstellungen\Oliver Becker\Startmenü\Programme\Autostart\ DESKTOP.INI DESKTOP.INI
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ DESKTOP.INI DESKTOP.INI
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ NETGEAR WG111v3 Smart Wizard.lnk C:\Programme\NETGEAR\WG111v3\WG111v3.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ Statusfenster für Canon LASER SHOT LBP-1120.LNK C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ Ulead Kalendar Checker 4.0 SE.lnk C:\Programme\PhotoExpress4.0\CalCheck.exe


Top

INI Dateien
Dateiname Wert Inhalt
C:\WINDOWS\win.ini load
C:\WINDOWS\system.ini shell Explorer.exe


Top

Batch und Text Dateien
Dateiname Inhalt
c:\msdos.sys Kein Inhalt
c:\autoexec.bat Kein Inhalt
c:\config.sys Kein Inhalt
C:\WINDOWS\wininit.ini
[Rename]
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=



Top

EXPLORER.EXE in C:\
Pfad


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131