Auswertung Bericht Spyware Terminator

Thema ist geschlossen!
Thema ist geschlossen!
#0
21.12.2010, 11:46
Member

Beiträge: 180
#1 Mit Spyware Terminator und dem integrierten ClamWin habe ich einen Komplettscan durchgeführt. Dabei wurden einige Infektionen gefunden. Doch sind wirklich so viele Dateien infiziert?

Code

Logfile of Spyware Terminator v2.8.2.192 (db:4.012.020.000)
Scan Time: 12/21/2010 9:34:45 AM  length: 6056 s
Platform: W7 (6.1.0.7600)
User: Admin
Boot Mode: Safe
Scan type: Full_Virus__Spyware_Scan
Scanned Objects: 62015 (Critical:32)
Filter: No System items, No Safe items, No Invalid items

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_one&r=27b50210b125l0314wwk5w4962r232
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} -  [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
02 - BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -  [Threat Expert Ltd.] : C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  [Google Inc.] : C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
02 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -  [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
02 - BHO: HP Smart Web Printing - {555D4D79-4BD2-4094-A395-CFC534424A05} -  [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
02 - BHO: HP Smart Web Printing - {555D4D79-4BD2-4094-A395-CFC534424A05} -  [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
02 - BHO: ClipBookBtn Class - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -  [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

Toolbars
03 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  [Google Inc.] : C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
03 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} -  [Threat Expert Ltd.] : C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NokiaOviSuite2 :  [Nokia] : C:\Program Files\NOKIA\NOKIA OVI SUITE\NOKIAOVISUITE.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AutoStartNPSAgent :  [Samsung Electronics Co., Ltd.] : C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, IAAnotif :  [Intel Corporation] : C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Acer ePower Management :  [Acer Incorporated] : C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, EgisTecLiveUpdate :  [Egis Technology Inc.] : C:\Program Files\EGISTEC EGIS SOFTWARE UPDATE\EGISUPDATE.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, mwlDaemon :  [Egis Technology Inc.] : C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LManager :  [Dritek System Inc.] : C:\Program Files\Launch Manager\LManager.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NokiaMServer :  [Nokia] : C:\Program Files\Common Files\NOKIA\MPLATFORM\NOKIAMSERVER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Hiyo :  [IncrediMail, Ltd.] : C:\Program Files\HIYO\BIN\HIYO.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update :  [Hewlett-Packard] : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ISTray :  [PC Tools] : C:\Program Files\PC TOOLS SECURITY\PCTSGUI.EXE
04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute :  : C:\Windows\system32\UDBDEF.EXE
04 - Startup: %STARTUPALL%\Acer VCM.lnk [Acer Incorporated] : C:\Program Files\Acer\Acer VCM\AcerVCM.exe
04 - Startup: %STARTUPALL%\HP Digital Imaging Monitor.lnk [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Explorer Bars
HP Smart Web Printing - {555D4D79-4BD2-4094-A395-CFC534424A05} -  [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
HP Smart Web Printing - {555D4D79-4BD2-4094-A395-CFC534424A05} -  [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

Shell Extensions
DragDropProtect Class - {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} -  [Egis Technology Inc.] : C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} -  [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} -  [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} -  [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.dll
- {828030A1-22C1-4009-854F-8E305202313F} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.dll
IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  [Skype Technologies] : C:\Program Files\Acer\Acer VCM\Skype4COM.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
Album Download IE Asynchronous Pluggable Protocol Interface - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Services
23 - [Dritek System Inc.] : C:\Windows\system32\DRIVERS\DKbFltr.sys
23 - [Intel Corporation] : C:\Windows\system32\DRIVERS\iaStor.sys
23 - [PC Tools] : C:\Windows\system32\drivers\pctDS.sys
23 - [PC Tools] : C:\Windows\system32\drivers\pctEFA.sys
23 - [Synaptics Incorporated] : C:\Windows\system32\DRIVERS\SynTP.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName :  [Intel Corporation] : C:\Windows\system32\igfxdev.dll

IE URL Search Hooks
PC Tools Browser Guard - {{472734EA-242A-422b-ADF8-83D1E48CC825}} -  [Threat Expert Ltd.] : C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll   (64-bit)

Threat Files
<Heuristics.Broken.Executable> : C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Shredder.exe
<Heuristics.Broken.Executable> : C:\Program Files\Common Files\Windows Live\.cache\22c1aeb21cb9af304\WLXSuite.msi
<Heuristics.Broken.Executable> : C:\Program Files\Common Files\Windows Live\.cache\884afd8c1cb9af30b\crt90.msi
<Heuristics.Broken.Executable> : C:\Program Files\Common Files\Windows Live\.cache\8ee9454b1cb9af30c\d3dx10-x86.msi
<Heuristics.Broken.Executable> : C:\Program Files\Common Files\Windows Live\.cache\a22c471f1cb9af310\Contacts.msi
<Heuristics.Broken.Executable> : C:\Program Files\Common Files\Windows Live\.cache\b776923d1cb9af312\pimt.msi
<Heuristics.Broken.Executable> : C:\Program Files\EgisTec\MyWinLocker 3\Shredder.exe
<Heuristics.Broken.Executable> : C:\Program Files\Samsung\Samsung New PC Studio\RCX134.tmp
<Trojan.Dropper-21990> : C:\ProgramData\.clamwin\quarantine\DSLTurbo_CHIP.exe.infected
<Heuristics.Broken.Executable> : C:\ProgramData\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
<Heuristics.Broken.Executable> : C:\ProgramData\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
<Heuristics.Broken.Executable> : C:\ProgramData\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Packages\VC80_x86_v2\Setup\VC80_x86_v2.msi
<Trojan.Dropper-21990> : C:\Users\All Users\.clamwin\quarantine\DSLTurbo_CHIP.exe.infected
<Heuristics.Broken.Executable> : C:\Users\All Users\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
<Heuristics.Broken.Executable> : C:\Users\All Users\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
<Heuristics.Broken.Executable> : C:\Users\All Users\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Packages\VC80_x86_v2\Setup\VC80_x86_v2.msi
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC\12.0.4518\EXCEL.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC\12.0.4518\VBE.DEV.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC\12.0.4518\POWERPNT.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC\12.0.4518\VBE.DEV.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109910070400000000000F01FEC\12.0.4518\VBE.DEV.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109A10070400000000000F01FEC\12.0.4518\OUTLOOK.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109A10070400000000000F01FEC\12.0.4518\VBE.DEV.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC\12.0.4518\VBE.DEV.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC\12.0.4518\WINWORD.HXS_1031
<Heuristics.Broken.Executable> : C:\Windows\Installer\14b7d6.msi
<Heuristics.Broken.Executable> : C:\Windows\Installer\9d3d34.msi
<Heuristics.Broken.Executable> : C:\Windows\Installer\d57f87.msi
<Heuristics.Broken.Executable> : C:\Windows\Installer\d57fb0.msi
<Heuristics.Broken.Executable> : C:\Windows\Installer\d57fb9.msi
<Heuristics.Broken.Executable> : C:\Windows\Installer\d57fd0.msi
<Heuristics.Broken.Executable> : C:\Windows\Installer\d57fea.msi

Advanced Files Report
%PROGRAMFILES%\EgisTec\MyWinLocker 3\x86\psdprotect.dll [Egis Technology Inc.] [MyWinLocker] MD5=8E69158866FF03025F94D98AA6733797 SIZE=120104
%PROGRAMFILES%\EgisTec\MyWinLocker 3\x86\sysenv.dll [Egis Technology Inc.] [MyWinLocker] MD5=66E7DF4AEA2D6DE684223727D372DD7E SIZE=268584
%PROGRAMFILES%\Acer\Acer VCM\AcerVCM.exe [Acer Incorporated] [Acer Video Conference Manager] MD5=131E6FE09470F057000B0CC01C14D8B7 SIZE=708608
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.] [HP Digital Imaging] MD5=EAA666E9DD8DCDA6E075087091CB85EE SIZE=275072
%PROGRAMFILES%\softonic-de3\tbsof0.dl
%PROGRAMFILES%\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] [Google Toolbar for Internet Explorer] MD5=947BBCD1D4A2D50E8DAF9A8113DC9B31 SIZE=297648
%PROGRAMFILES%\ConduitEngine\ConduitEngine.dl
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=7253E4B62820F944DF0BF59C6BD216A0 SIZE=246640
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=804B308D1E96A7305834AE2692010C6D SIZE=43376
%PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=A00D5FBFABBF281FD059BB0CDA55B6E8 SIZE=131440
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=AED01A07B3F9B7AC9EBEC89EBE78B0A1 SIZE=218112
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k DcomLaunch
%SYSDIR%\DRIVERS\DKbFltr.sys [Dritek System Inc.] [Dritek Keyboard Filter Driver] MD5=C701324C9E0C25DD9D60311BD87FBC84 SIZE=21000
%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted
%SYSDIR%\DRIVERS\iaStor.sys [Intel Corporation] [Intel Matrix Storage Manager driver] MD5=D483687EACE0C065EE772481A96E05F5 SIZE=330264
%SYSDIR%\drivers\pctDS.sys [PC Tools] [pctDS] MD5=F820B4C61D1E591325B679D479D4EEA4 SIZE=338880
%SYSDIR%\drivers\pctEFA.sys [PC Tools] [EFA] MD5=ACC8C15F3D59F17C5D903FF1DE3B43D3 SIZE=656320
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost.exe -k RPCSS
%SYSDIR%\DRIVERS\SynTP.sys [Synaptics Incorporated] [Synaptics Pointing Device Driver] MD5=E09C6AE9F84B5985979046E0A5896584 SIZE=228912
%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=C91C67FEA06BD90AAF2AA00BFC74A035 SIZE=65912
%PROGRAMFILES%\Acer\Acer VCM\Skype4COM.dll [Skype Technologies] [Skype4COM] MD5=BE8FC3EF67D58F8D711EA94F8C17D8F7 SIZE=1942824
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Windows Live Mail] MD5=6D84295FAC747D51FA287BC17DA2C9EE SIZE=741240
%PROGRAMFILES%\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=DF07358FDA177F70DE329D627D838F95 SIZE=42864
%SYSDIR%\\Drivers\PCTCore.sys [PC Tools] [Kernel Driver Suite] MD5=6EF125721A9F1F7DBF3229786F7DECD0 SIZE=239168

End of Report

Seitenanfang Seitenende