Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   ufdsvc.exe - Schadprogramm oder harmlos? (https://www.trojaner-board.de/47274-ufdsvc-exe-schadprogramm-harmlos.html)

hdsl 23.12.2007 15:54

ufdsvc.exe - Schadprogramm oder harmlos?
 
Hallo!

Ist ufdsvc.exe nun ein Schadprogramm oder nicht?
Lt. HJT soll das der Fall sein; weder S&D, Adaware, noch irgendein Virenprogramm schlägt Alarm. Weiß hier jemand mehr? Danke in voraus!

Beiliegend der Logfile (...übrigend fixen lässt sich dieser Dienst nicht.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:53, on 23.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Eigene_Programme\PC_Pflege\Antivir\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Eigene_Programme\PC_Pflege\ZoneAlarm\zlclient.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Eigene_Programme\PC_Pflege\Defragmentierung\mstDefrag.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Eigene_Programme\PC_Pflege\Acronis\TimounterMonitor.exe
C:\Eigene_Programme\PC_Pflege\Acronis\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Eigene_Programme\PC_Pflege\FIREFOX\firefox.exe
E:\SOFTWARE\01_Sicherheit\HIJack\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Eigene_Programme\PC_Pflege\Antivir\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Eigene_Programme\PC_Pflege\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [mst Defrag] C:\Eigene_Programme\PC_Pflege\Defragmentierung\mstDefrag.exe /minimize
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Eigene_Programme\PC_Pflege\Acronis\TimounterMonitor.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Eigene_Programme\PC_Pflege\Acronis\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Mit &Google suchen - C:\Users\hd\AppData\Roaming\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: An OneNote senden - -{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - -{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://de.acdsee.com
O15 - Trusted Zone: http://www.edv-buchversand.de
O15 - Trusted Zone: http://www.freewarearchiv.com
O15 - Trusted Zone: http://www.mstsoftware.com
O15 - Trusted Zone: http://www.o2online.de
O15 - Trusted Zone: http://www.reiner-sct.com
O15 - Trusted Zone: http://www.t-online.de
O15 - Trusted Zone: http://*.web.de
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Eigene_Programme\PC_Pflege\Adaware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Eigene_Programme\PC_Pflege\Antivir\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Eigene_Programme\PC_Pflege\Antivir\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Eigene_Programme\PC_Pflege\Antivir\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Eigene_Programme\PC_Pflege\Antivir\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\Windows\system32\cjpcsc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mst Defrag Service (mstDfrgS) - mst software GmbH, Germany - C:\Eigene_Programme\PC_Pflege\Defragmentierung\mstDfrgS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\Windows\system32\ufdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 8149 bytes

Sunny 23.12.2007 16:28

Zitat:



Nachdem ich Google, das FAQ und die Boardsuche erfolgreich ignoriert habe...


Ansonsten sollte es sich bei der Datei um folgendes handeln -> CastleCops® UFD Command Service (UFDSVC) ufdsvc.exe

HijackThis meckert deshalb rum weil er a) die Datei nicht kennt, und b) diese Datei (welches ein Treiber darstellen soll!) im Systemordner des Betriebssystems liegt... ;)

hdsl 23.12.2007 20:07

Danke für die rasche Antwort Ich habe mir fast Derartiges gedacht

MfG hdsl


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19