Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Schaut mal bitte ... eScan & Hijack Log (https://www.trojaner-board.de/22508-schaut-mal-bitte-escan-hijack-log.html)

LeXy4L!Fe 06.10.2005 17:33

Schaut mal bitte ... eScan & Hijack Log
 
Könntet ihr des bitte mal prüfen!? Danke!

Gruß
LeXy

eScan:

Thu Oct 06 17:13:55 2005 => Offending Key found: HKCU\Software\casino !!!
Thu Oct 06 17:14:02 2005 => Object "gohip Spyware/Adware" found in File System! Action Taken: Keine Aktion vorgenommen.

Thu Oct 06 17:14:06 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas
Thu Oct 06 17:14:06 2005 => Object "casinoclient Spyware/Adware" found in File System! Action Taken: Keine Aktion vorgenommen.

Thu Oct 06 17:14:09 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas
Thu Oct 06 17:14:09 2005 => Object "casinoclient Spyware/Adware" found in File System! Action Taken: Keine Aktion vorgenommen.

Thu Oct 06 17:14:09 2005 => Offending file found: C:\WINDOWS\iun6002.exe
Thu Oct 06 17:14:09 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: Keine Aktion vorgenommen.


Hijackthis:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_
04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [GameJack 5] F:\Programme\GameJack 5\GameJack.exe -autorun
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] F:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SAFE8] "F:\Programme\Steganos Safe 8\SAFE8.exe" -boot
O4 - HKCU\..\Run: [PcSync] F:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digitale Telefonauskunft 2005 - Schnellstarter.lnk = C:\Programme\Digitale Telefonauskunft\Digitale Telefonauskunft 2005\KSTART32.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109864001078
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programme\ANYCOM\Blue USB-130-250\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe

cronos 06.10.2005 17:40

Werder der Escan- noch der Hijackthis-Log sind vollständig!
Lies dir speziell für den Escan-Log nochmal die Anleitung durch, wie die Ergebnisse übermittelt werden sollen.

LeXy4L!Fe 06.10.2005 18:09

okay, so besser?

Funde für "infected"

Thu Oct 06 17:14:09 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: Keine Aktion vorgenommen.

Thu Oct 06 17:43:28 2005 => Scanne Verzeichniss: F:\Programme\AVPersonal\INFECTED\*.*


Funde für "offending"

Thu Oct 06 17:13:55 2005 => Offending Key found: HKCU\Software\casino !!!

Thu Oct 06 17:14:06 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas

Thu Oct 06 17:14:09 2005 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas

Thu Oct 06 17:14:09 2005 => Offending file found: C:\WINDOWS\iun6002.exe

Summary:


Thu Oct 06 18:07:26 2005 => Gescannte Dateien: 80138
Thu Oct 06 18:07:26 2005 => Gefundene Viren: 4
Thu Oct 06 18:07:26 2005 => Anzahl der desinfizierten Dateien: 0
Thu Oct 06 18:07:26 2005 => Umbenannte Dateien: 0
Thu Oct 06 18:07:26 2005 => Anzahl der gelöschten Dateien: 0
Thu Oct 06 18:07:26 2005 => Anzahl Fehler: 101
Thu Oct 06 18:07:26 2005 => Zeit vergangen: 00:53:24
Thu Oct 06 18:07:26 2005 => Virus Datenbank Datum: 2005/10/04
Thu Oct 06 18:07:26 2005 => Virus Datenbank Zähler: 152426

LeXy4L!Fe 06.10.2005 18:11

HJT-Log

Logfile of HijackThis v1.99.1
Scan saved at 19:10:19, on 06.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
F:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\SOUNDMAN.EXE
F:\Programme\ANYCOM\Blue USB-130-250\bin\btwdins.exe
F:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
F:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE12.exe
F:\Programme\GameJack 5\GameJack.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
F:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
F:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
F:\Programme\Steganos Safe 8\SAFE8.exe
F:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Messenger\msmsgs.exe
F:\Programme\ANYCOM\Blue USB-130-250\BTTray.exe
C:\Programme\Digitale Telefonauskunft\Digitale Telefonauskunft 2005\KSTART32.EXE
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme\Firefox\firefox.exe
C:\Dokumente und Einstellungen\***\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [GameJack 5] F:\Programme\GameJack 5\GameJack.exe -autorun
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] F:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SAFE8] "F:\Programme\Steganos Safe 8\SAFE8.exe" -boot
O4 - HKCU\..\Run: [PcSync] F:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digitale Telefonauskunft 2005 - Schnellstarter.lnk = C:\Programme\Digitale Telefonauskunft\Digitale Telefonauskunft 2005\KSTART32.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\Messaging\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programme\ANYCOM\Blue USB-130-250\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109864001078
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programme\ANYCOM\Blue USB-130-250\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131