Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Log-Analyse erbeten - TR\Agent.CP & TR\Stervice.C (https://www.trojaner-board.de/18677-log-analyse-erbeten-tr-agent-cp-tr-stervice-c.html)

filou167 06.06.2005 19:31
Log-Analyse erbeten - TR\Agent.CP & TR\Stervice.C
 
Hallo,

danke für die Möglichkeit das Hijackthis Log-File analysieren zu lassen. Die Virenscanner, die ich bisher versucht habe, konnten das Problem leider nicht lösen. AntiVir etwa findet regelmässig die Trojaner TR\Agent.CP & TR\<Stervice.C kann diese aber nicht endgültig löschen.

Betroffen sind vorallem das System32 und das Windows Verzeichnis sowie folgende Dateien: qgrxvn.exe, svcproc.exe, drpmon.dll, kuegfd.exe, poller.exe, A0267510.exe, fajtkwnef.exe usw.

Hier mein Log-File mit der Bitte um Auswertung:

Logfile of HijackThis v1.99.1
Scan saved at 20:22:01, on 06.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Virus Chaser\Spidernt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Virus Chaser\Spiderui.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\DOKUME~1\**\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.gmx.net/de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programme\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-at\msntb.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de-at\msntb.dll
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - h**p://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - h**p://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - h**p://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} - h**p://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - h**p://www.photoprintonline.com/upload/XUpload.ocx
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Virus Chaser Spider NT (spidernt) - New Technology Wave Inc. - C:\Programme\Virus Chaser\Spidernt.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Grüße aus Tirol,

Filou

cronos 06.06.2005 19:43
Überprüfe dein System zunächst mit Escan .
Teile uns die Ergebnisse mit.

filou167 08.06.2005 19:29
Ergebnis von eScan
 
Hier das Ergebnis der Analyse mit eScan:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Tue Jun 07 20:15:18 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e2468})! Action taken: No Action Taken.
Tue Jun 07 20:15:18 2005 => System found infected with Bargain Buddy Spyware/Adware ({c6906a23-4717-4e1f-b6fd-f06ebed15678})! Action taken: No Action Taken.
Tue Jun 07 20:15:18 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e5678})! Action taken: No Action Taken.
Tue Jun 07 20:15:19 2005 => System found infected with Zango Spyware/Adware ({99410cde-6f16-42ce-9d49-3807f78f0287})! Action taken: No Action Taken.
Tue Jun 07 20:15:19 2005 => System found infected with SearchEXE Spyware/Adware ({002F4E27-B273-4FA5-ADFC-1FB9ED210B37})! Action taken: No Action Taken.
Tue Jun 07 20:15:19 2005 => System found infected with MyBar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Tue Jun 07 20:15:24 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Tue Jun 07 20:15:24 2005 => System found infected with eZula Spyware/Adware (ezstub.exe)! Action taken: No Action Taken.
Tue Jun 07 20:16:33 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Tue Jun 07 20:16:33 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Tue Jun 07 20:16:33 2005 => System found infected with AdDestroyer Spyware/Adware (swrt01.dll)! Action taken: No Action Taken.
Tue Jun 07 21:09:55 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Tue Jun 07 21:09:56 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0245090.EXE.VIR
Tue Jun 07 21:09:56 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\AQUATICADASHBAR_S_INST-1.EXE.VIR
Tue Jun 07 21:09:56 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\iiusmb.VIR
Tue Jun 07 21:09:56 2005 => File C:\Programme\AVPersonal\INFECTED\iiusmb.VIR infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Tue Jun 07 21:09:56 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\kuegfd.VIR
Tue Jun 07 21:09:56 2005 => File C:\Programme\AVPersonal\INFECTED\kuegfd.VIR infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Tue Jun 07 21:43:38 2005 => Scanning Folder: C:\Programme\Virus Chaser\infected.!!!\*.*
Tue Jun 07 22:40:16 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Tue Jun 07 20:17:34 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Tue Jun 07 20:17:34 2005 => File C:\WINDOWS\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
Tue Jun 07 20:17:35 2005 => File C:\WINDOWS\preInsMt.exe tagged as "not-a-virus:AdWare.BiSpy.q". Action Taken: No Action Taken.
Tue Jun 07 20:18:10 2005 => File C:\WINDOWS\system32\BO2802040113.dll tagged as "not-a-virus:AdWare.VirtualBouncer.d". Action Taken: No Action Taken.
Tue Jun 07 20:18:11 2005 => File C:\WINDOWS\system32\BO2802040113.dlltmp tagged as "not-a-virus:AdWare.VirtualBouncer.d". Action Taken: No Action Taken.
Tue Jun 07 20:20:40 2005 => File C:\WINDOWS\system32\SWRT01.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
Tue Jun 07 21:39:11 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWay.b". Action Taken: No Action Taken.
Tue Jun 07 21:39:11 2005 => File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.g". Action Taken: No Action Taken.
Tue Jun 07 21:42:58 2005 => File C:\Programme\Support Software\SS2.DLL tagged as "not-a-virus:AdWare.MediaPops.a". Action Taken: No Action Taken.
Tue Jun 07 21:46:47 2005 => File C:\The Web\Downloads\DVD-Rip\DivX.5.Pro.Full.(Cracked).exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Tue Jun 07 21:46:48 2005 => File C:\The Web\Downloads\DVD-Rip\DivXPro502GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Tue Jun 07 21:47:20 2005 => File C:\The Web\Downloads\Get it Right Downloadmanager\getrt45d.exe tagged as "not-a-virus:AdWare.Gator.1050". Action Taken: No Action Taken.
Tue Jun 07 21:59:04 2005 => File C:\The Web\Downloads\Macromedia Studio Mx 2004\Macromedia_Studio_MX_2004_mit_Flash_Professional_German\Studio MX 2004\FSCOMMAND\Flash_Video_Exporter.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Tue Jun 07 22:02:01 2005 => File C:\The Web\Downloads\Wave to mp3-Converter\now installed\setupwavtomp3.exe tagged as "not-a-virus:AdWare.BargainBuddy.v". Action Taken: No Action Taken.
Tue Jun 07 22:23:25 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Tue Jun 07 22:23:25 2005 => File C:\WINDOWS\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
Tue Jun 07 22:24:38 2005 => File C:\WINDOWS\preInsMt.exe tagged as "not-a-virus:AdWare.BiSpy.q". Action Taken: No Action Taken.
Tue Jun 07 22:31:14 2005 => File C:\WINDOWS\system32\BO2802040113.dll tagged as "not-a-virus:AdWare.VirtualBouncer.d". Action Taken: No Action Taken.
Tue Jun 07 22:31:14 2005 => File C:\WINDOWS\system32\BO2802040113.dlltmp tagged as "not-a-virus:AdWare.VirtualBouncer.d". Action Taken: No Action Taken.
Tue Jun 07 22:37:14 2005 => File C:\WINDOWS\system32\SWRT01.dll tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Tue Jun 07 22:40:16 2005 => Total Virus(es) Found: 42
Tue Jun 07 22:40:16 2005 => Total Errors: 194
Tue Jun 07 22:40:16 2005 => Time Elapsed: 02:24:16
Tue Jun 07 22:40:16 2005 => Total Objects Scanned: 102270
Tue Jun 07 20:04:28 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 20:13:19 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 22:40:17 2005 => Virus Database Date: 2005/06/07
Tue Jun 07 23:39:51 2005 => Virus Database Date: 2005/06/07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Grüße,

Filou

filou167 14.06.2005 18:36
Hallo,

leider ist noch keine Auswertung da. Würde mich sehr freuen, wenn ihr euch meinem Problem trotzdem noch annehmen würdet!

Filou


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131