Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe mein PC spinnt !! (https://www.trojaner-board.de/39660-hilfe-pc-spinnt.html)

upsmatrix 05.06.2007 19:59
Hilfe mein PC spinnt !!
 
Also nach häufigen virenmeldung und seltsame IE verknüpfungen wende ich mich an euch , ob bei mir was seltsam ist !
Mir kam seltsam vor das ich immer öfters auf irgendwelche internetseiten weitergeleitet wurde !!


Hijackhis:

Logfile of HijackThis v1.99.1
Scan saved at 20:56:24, on 05.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\windows\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\nod\nod32krn.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Guido\Programme\alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wscntfy.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\RunDLL32.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\windows\System32\svchost.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Programme\nod\nod32kui.exe
C:\windows\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Messenger\msmsgs.exe
C:\Guido\Programme\Maus\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Guido\Programme\Maus\SetPoint\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Internet Explorer\iexplore.exe
K:\Computer\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tot-clan-bf2.de/include.php?event=2&moveto=&PHPKITSID=4ccaca63fd85e006e85e531f9a170c26
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programme\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\nod\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Guido\Programme\Maus\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Guido\Programme\Maus\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Guido\Programme\Maus\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Guido\Common\Database\bin\fbserver.exe
O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\nod\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Guido\Programme\alcohol\Alcohol 120\StarWind\StarWindService.exe



Fixwarout auswertung:

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="\"C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"JMB36X Configure"="C:\\WINDOWS\\System32\\JMRaidTool.exe boot"
"Ai Nap"="\"C:\\Program Files\\ASUS\\Ai Suite\\AiNap\\AiNap.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\\WINDOWS\\System32\\sw20.exe"
"SW24"="C:\\WINDOWS\\System32\\sw24.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"AsusStartupHelp"="C:\\Programme\\ASUS\\AASP\\1.00.15\\AsRunHelp.exe"
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"LogitechCommunicationsManager"="\"C:\\Programme\\Gemeinsame Dateien\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"Launch LCDMon"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\LCD Manager\\lcdmon.exe\""
"Launch LGDCore"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"NVIDIA nTune"="\"C:\\Programme\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"
"PaperPort PTD"="C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Programme\\Brother\\Brmfl05a\\BrStDvPt.exe"
"nod32kui"="\"C:\\Programme\\nod\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\windows\\system32\\ctfmon.exe"
"LDM"="C:\\Guido\\Programme\\Maus\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"NVIDIA nTune"="\"C:\\Programme\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»



bitte hilft mir !

felix1 05.06.2007 21:29
Hi,

lasse diese beiden Dateien mal bei Virustotal scannen.

Zitat:
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
Manche Schadprogramme (Viren und andere schädliche Dateien) können sich als sw20.exe tarnen.

VIRUSTOTAL - Free Online Virus and Malware Scan

Poste das Ergebnis hier.

Gruss:party:

upsmatrix 05.06.2007 23:24
ja gemacht !

zu sw20.exe

AhnLab-V3 2007.5.31.2 06.05.2007 no virus found
AntiVir 7.4.0.32 06.05.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.05.2007 no virus found
AVG 7.5.0.467 06.05.2007 no virus found
BitDefender 7.2 06.05.2007 no virus found
CAT-QuickHeal 9.00 06.05.2007 no virus found
ClamAV devel-20070416 06.05.2007 no virus found
DrWeb 4.33 06.05.2007 no virus found
eSafe 7.0.15.0 06.05.2007 no virus found
eTrust-Vet 30.7.3693 06.05.2007 no virus found
Ewido 4.0 06.05.2007 no virus found
FileAdvisor 1 06.06.2007 Not analyzed yet
Fortinet 2.85.0.0 06.05.2007 no virus found
F-Prot 4.3.2.48 06.05.2007 no virus found
F-Secure 6.70.13030.0 06.05.2007 no virus found
Ikarus T3.1.1.8 06.05.2007 no virus found
Kaspersky 4.0.2.24 06.06.2007 no virus found
McAfee 5046 06.05.2007 no virus found
Microsoft 1.2503 06.05.2007 no virus found
NOD32v2 2310 06.05.2007 no virus found
Norman 5.80.02 06.05.2007 no virus found
Panda 9.0.0.4 06.05.2007 no virus found
Prevx1 V2 06.06.2007 no virus found
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 06.04.2007 no virus found
Symantec 10 06.05.2007 no virus found
TheHacker 6.1.6.129 06.04.2007 no virus found
VBA32 3.12.0 06.04.2007 no virus found
VirusBuster 4.3.23:9 06.05.2007 no virus found
Webwasher-Gateway 6.0.1 06.05.2007 Win32.Vulnerable.gen!High (suspicious)


zu sw24.exe

AhnLab-V3 2007.5.31.2 06.05.2007 no virus found
AntiVir 7.4.0.32 06.05.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.05.2007 no virus found
AVG 7.5.0.467 06.05.2007 no virus found
BitDefender 7.2 06.05.2007 no virus found
CAT-QuickHeal 9.00 06.05.2007 no virus found
ClamAV devel-20070416 06.05.2007 no virus found
DrWeb 4.33 06.05.2007 no virus found
eSafe 7.0.15.0 06.05.2007 no virus found
eTrust-Vet 30.7.3693 06.05.2007 no virus found
Ewido 4.0 06.05.2007 no virus found
FileAdvisor 1 06.06.2007 Not analyzed yet
Fortinet 2.85.0.0 06.05.2007 no virus found
F-Prot 4.3.2.48 06.05.2007 no virus found



allein heute hatte ich diese viren alle von antivir gemeldet:

-TR/Crypt.ULPM.Gen
-TR/Vundo.Gen
-TR/Click.Small.MW

diese 3 tauchen immer wieder auf ich kann sie löschen in quarantene aber sie kommen wieder !!
-


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55