Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   honeq.exe / Bitte Log analysieren (https://www.trojaner-board.de/78358-honeq-exe-bitte-log-analysieren.html)

seppu 12.10.2009 10:57
honeq.exe / Bitte Log analysieren
 
Hallo Zusammen.

Habe wahrscheinlich einen Virus eingefangen. Das Anti-Vieren Programm bleibt jedoch stumm. Der Prozess honeq.exe kann nicht beendet werden und verursacht ziemlich hohe CPU-Aulastung.

Hier erst mal das Logfile & vielen Dank für eure Hilfe:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:51, on 12.10.2009
MSIE: Internet Explorer
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CA\SharedComponents\Alert\ALERT.EXE
C:\Programme\Symantec\pcAnywhere\awhost32.exe
D:\Programme\CA\BrightStor ARCserve Backup\DBENG.exe
C:\Programme\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
D:\Programme\CA\BrightStor ARCserve Backup\jobeng.exe
D:\Programme\CA\BrightStor ARCserve Backup\RDS.EXE
D:\Programme\CA\BrightStor ARCserve Backup\msgeng.exe
D:\Programme\CA\BrightStor ARCserve Backup\caserved.exe
D:\Programme\CA\BrightStor ARCserve Backup\casmrtbk.exe
D:\Programme\CA\BrightStor ARCserve Backup\tapeeng.exe
D:\Programme\CA\BrightStor ARCserve Backup\cadiscovd.exe
D:\Programme\CA\BrightStor ARCserve Backup\Catirpc.exe
C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Programme\Citrix\Licensing\LS\lmgrd.exe
C:\Programme\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
D:\Programme\CA\BrightStor ARCserve Backup\caloggerd.exe
C:\Programme\Citrix\Licensing\LMC\Tomcat\bin\tomcat.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\Programme\Citrix\Licensing\LS\CITRIX.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\CA\BrightStor ARCserve Backup\Mediasvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Programme\CA\BrightStor ARCserve Backup\caauthd.exe
D:\Programme\CA\BrightStor ARCserve Backup\LQServer.exe
C:\WINDOWS\System32\ismserv.exe
D:\Programme\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Programme\Java\jre6\bin\jqs.exe
D:\Programme\esesixtech\JS-Admin 2\jsfwd\jsfwd.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntfrs.exe
d:\programme\pvsw\BIN\W3SQLMGR.EXE
d:\programme\pvsw\BIN\NTBTRV.EXE
C:\WINDOWS\System32\svchost.exe
d:\programme\pvsw\BIN\NTDBSMGR.EXE
C:\PROGRA~1\POWERC~1\pcns.exe
C:\Programme\Java\j2re1.4.2_05\bin\java.exe
C:\Programme\IBM\ServeRAID Manager\RaidServ.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\CA\eTrustITM\InoNmSrv.exe
D:\Programme\CA\SharedComponents\iTechnology\igateway.exe
D:\Programme\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
D:\Programme\CA\eTrustITM\InoRpc.exe
D:\Programme\CA\eTrustITM\inoweb.exe
D:\Programme\CA\eTrustITM\InoRT.exe
D:\Programme\CA\eTrustITM\InoTask.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\CA\eTrustITM\realmon.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\xx\honeq.exe
c:\windows\system32\inetsrv\w3wp.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Dokumente und Einstellungen\xx\Desktop\NV_o2o_Teilnehmer_DE.exe
d:\programme\pvsw\bin\w3sqlmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Dokumente und Einstellungen\xx\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Realtime Monitor] "D:\Programme\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [honeq] C:\Dokumente und Einstellungen\xx\honeq.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: ServeRAID Manager.lnk = C:\Programme\IBM\ServeRAID Manager\jre\bin\javaw.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229674702406
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = *.*
O17 - HKLM\Software\..\Telephony: DomainName = *.*
O17 - HKLM\System\CCS\Services\Tcpip\..\{06437A14-266C-4689-8170-49B87C5A40CA}: NameServer = 192.168.x.x
O17 - HKLM\System\CCS\Services\Tcpip\..\{09BDC6DC-C31E-4D97-B4D0-95E3821B9B5F}: Domain = *.*
O17 - HKLM\System\CCS\Services\Tcpip\..\{09BDC6DC-C31E-4D97-B4D0-95E3821B9B5F}: NameServer = 192.168.x.x
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = *.*
O17 - HKLM\System\CS1\Services\Tcpip\..\{06437A14-266C-4689-8170-49B87C5A40CA}: NameServer = 192.168.x.x
O23 - Service: Alert Notification Server - CA, Inc. - C:\Programme\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Apache Content Server (ApacheContentServer) - Apache Software Foundation - D:\Programme\CA\eTrustITM\Apache\Bin\Apache.exe
O23 - Service: Apache Tomcat Application Server (ApacheTomcatApplicationServer) - Apache Software Foundation - D:\Programme\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CA BrightStor Database Engine (CASDBEngine) - Computer Associates - D:\Programme\CA\BrightStor ARCserve Backup\DBENG.exe
O23 - Service: CA BrightStor Discovery Service (CASDiscoverySvc) - Computer Associates - C:\Programme\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
O23 - Service: CA BrightStor Job Engine (CASJobEngine) - Computer Associates - D:\Programme\CA\BrightStor ARCserve Backup\jobeng.exe
O23 - Service: CA BrightStor Message Engine (CASMsgEngine) - Computer Associates - D:\Programme\CA\BrightStor ARCserve Backup\msgeng.exe
O23 - Service: CA BrightStor Service Controller (CASSvcControlSvr) - Computer Associates - D:\Programme\CA\BrightStor ARCserve Backup\caserved.exe
O23 - Service: CA BrightStor Tape Engine (CASTapeEngine) - Computer Associates - D:\Programme\CA\BrightStor ARCserve Backup\tapeeng.exe
O23 - Service: CA BrightStor Domain Server (CASUnivDomainSvr) - Computer Associates - D:\Programme\CA\BrightStor ARCserve Backup\cadiscovd.exe
O23 - Service: CA Remote Procedure Call Server (CATIRPC) - Computer Associates - D:\Programme\CA\BrightStor ARCserve Backup\Catirpc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: CitrixLicensing - Macrovision Corporation - C:\Programme\Citrix\Licensing\LS\lmgrd.exe
O23 - Service: Citrix Licensing WMI (Citrix_GTLicensingProv) - Unknown owner - C:\Programme\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
O23 - Service: License Management Console for Citrix Licensing (CTXLMC) - Alexandria Software Consulting - C:\Programme\Citrix\Licensing\LMC\Tomcat\bin\tomcat.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - D:\Programme\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM-Server-Dienst (InoNmSrv) - CA - D:\Programme\CA\eTrustITM\InoNmSrv.exe
O23 - Service: eTrust ITM-RPC-Dienst (InoRPC) - CA - D:\Programme\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM-Echtzeitdienst (InoRT) - CA - D:\Programme\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM-Jobdienst (InoTask) - CA - D:\Programme\CA\eTrustITM\InoTask.exe
O23 - Service: eTrust ITM Web Access-Dienst (InoWeb) - CA - D:\Programme\CA\eTrustITM\inoweb.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - D:\Programme\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Jstream Firmware Server (jsfwd) - Unknown owner - D:\Programme\esesixtech\JS-Admin 2\jsfwd\jsfwd.exe
O23 - Service: Jstream Management Server (jsmanaged) - Unknown owner - D:\Programme\esesixtech\JS-Admin 2\jsmanaged\jsmanaged.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pervasive.SQL 2000 (relational) - Simba Technologies Incorporated - d:\programme\pvsw\BIN\W3SQLMGR.EXE
O23 - Service: Pervasive.SQL 2000 (transactional) - Unknown owner - d:\programme\pvsw\BIN\NTBTRV.EXE
O23 - Service: PowerChute Network Shutdown (PowerChuteNetShut) - APC - C:\PROGRA~1\POWERC~1\pcns.exe
O23 - Service: ServeRAID Manager Agent (ServeRAIDManagerAgent) - IBM Corporation - C:\Programme\IBM\ServeRAID Manager\RaidServ.exe

--
End of file - 10760 bytes

cosinus 12.10.2009 18:47
Hallo und :hallo:

Das ist doch bestimmt ein Bürorechner! Domänenmitglied und zB Software von CITRIX!
Du solltest lieber diesen Fall Deinen Kollegen aus der EDV vortragen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131