Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte Hilfe (https://www.trojaner-board.de/7741-bitte-hilfe.html)

Chefkoch74 22.09.2004 17:17
Hallo

Das Tool CDShredder hatte mir gerade einen Trojaner Namen ausgespuckt und zwar Coolwebsearch Trojan (CWS Smartsearch2).Ich hoffe da hilft weiter.

MFG Chefkoch74

Cidre 22.09.2004 17:23
Suche mal die Datei mwXface.log und poste deren Inhalt. Danach sind wir hoffentlich schlauer. ;)

Chefkoch74 22.09.2004 18:08
Hallo

So habe ich gefunden.Hier das ergebniss

[0x00000b30] 22/09/2004 09:32:57:265 :[msvLclnt.dll]ModuleName = C:\Bases\mwavscan.com
[0x00000b30] 22/09/2004 09:32:57:265 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000b30] 22/09/2004 09:32:57:968 :[msvLclnt.dll]Priority : NORMAL
[0x00000b30] 22/09/2004 09:32:58:234 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000d48] 22/09/2004 09:33:26:187 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\phji.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:33:27:781 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\phji.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:13:953 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\TFTP988 infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:14:609 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\TFTP988 infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:20:640 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\vpc32.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:35:21:281 :[msvLclnt.dll][00000001] File C:\WINDOWS\System32\vpc32.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:50:58:875 :[msvLclnt.dll][00000001] File C:\Dokumente und Einstellungen\Marco\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UFMN0BUR\rbot[1].exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:50:59:406 :[msvLclnt.dll][00000001] File C:\Dokumente und Einstellungen\Marco\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UFMN0BUR\rbot[1].exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 09:52:45:718 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0031071.EXE.VIR infected by Worm.Win32.Welchia.b
[0x00000d48] 22/09/2004 09:52:45:734 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0031071.EXE.VIR infected by Worm.Win32.Welchia.b
[0x00000d48] 22/09/2004 09:52:45:796 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0097850.EXE.VIR infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 09:52:45:843 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\A0097850.EXE.VIR infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 09:52:46:171 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\SVCHOST.EXE.001 infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 09:52:46:187 :[msvLclnt.dll][00000001] File C:\Programme\AVPersonal\INFECTED\SVCHOST.EXE.001 infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 10:05:19:671 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP318\A0110527.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:20:359 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP318\A0110527.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:45:468 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP324\A0113902.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:46:109 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP324\A0113902.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:05:59:625 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116032.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:06:00:062 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116032.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:06:00:734 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116033.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:06:01:375 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{7EDC81A1-6DF4-4C16-9F1B-7ED7F2CBF85B}\RP332\A0116033.exe infected by Backdoor.Rbot.gen
[0x00000d48] 22/09/2004 10:12:31:671 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CXSF6RER\WksPatch[7].exe infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 10:12:31:703 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CXSF6RER\WksPatch[7].exe infected by Worm.Win32.Welchia.e
[0x00000d48] 22/09/2004 10:12:31:828 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRC32FO5\WksPatch[5].exe infected by Worm.Win32.Welchia.h
[0x00000d48] 22/09/2004 10:12:31:828 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MRC32FO5\WksPatch[5].exe infected by Worm.Win32.Welchia.h
[0x00000d48] 22/09/2004 10:13:36:265 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\drivers\etc\hosts infected by Trojan.Win32.Qhost
[0x00000d48] 22/09/2004 10:13:36:281 :[msvLclnt.dll][00000001] File C:\WINDOWS\system32\drivers\etc\hosts infected by Trojan.Win32.Qhost
[0x00000d48] 22/09/2004 10:27:16:265 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000a20] 22/09/2004 12:42:34:890 :[msvLclnt.dll]ModuleName = C:\Bases\mwavscan.com
[0x00000a20] 22/09/2004 12:42:34:890 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000a20] 22/09/2004 12:42:36:062 :[msvLclnt.dll]Priority : NORMAL
[0x00000a20] 22/09/2004 12:42:36:281 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000bac] 22/09/2004 13:42:23:312 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000880] 22/09/2004 14:48:31:937 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22
[0x00000a20] 22/09/2004 16:22:06:968 :[msvLclnt.dll]VirusCount = 104407 Latest Date = 2004/09/22

sieht ja gar nicht so gut aus.

MFG Chefkoch74


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:02 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19