Trojaner ???

KÖP · 28.04.2005, 19:04

hallo, habe mir wohl einen trojaner eingefangen: hier mein logfile: was kann ich dagegen tun? format C: ???

StartupList report, 28.04.2005, 17:25:31
StartupList version: 1.52.2
Started from : C:\DOKUME~1\KPBE57~1\LOKALE~1\Temp\Rar$EX00.328\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\AntiVir\AVWUPSRV.EXE
E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\intmonp.exe
E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MpfTray.exe
E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MpfAgent.exe
E:\AnyDVD\AnyDVD.exe
C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Winamp\winampa.exe
E:\AntiVir\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
E:\AntiVir\AVGUARD.EXE
E:\eMule\emule.exe
E:\Slsk\Soulseek\slsk.exe
E:\Vivian Mail\vivian.exe
E:\FIREFOX.EXE
C:\DOKUME~1\KPBE57~1\LOKALE~1\Temp\Rar$EX00.328\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart]
AccSys AutoStart.lnk = G:\cdstart.exe
Microsoft Office.lnk = E:\Office 2000\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
MPFExe = E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MpfTray.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
AnyDVD = E:\AnyDVD\AnyDVD.exe
SunJavaUpdateSched = C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
AWMON = "E:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
SchedulingAgent = mstinit.exe /firstlogon
WinampAgent = E:\Winamp\winampa.exe
AVGCtrl = E:\AntiVir\AVGNT.EXE /min

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer = E:\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

ICQ Lite = E:\Programme\ICQLite\ICQLite.exe -trayboot

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe,
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - E:\Acrobat reader 6\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - E:\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\windows\system\BHOmod.dll (file missing) - {7F6828CA-9E42-462C-BC60-418C8144012C}

--------------------------------------------------

Enumerating Download Program Files:

[{14A3221B-1678-1982-A355-7263B1281987}]
CODEBASE = ms-its:mhtml:file://C:tsk.mht!http://69.50.161.126/5/s1//q.chm::/file.exe

[{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]
CODEBASE = http://static.windupdates.com/cab/62.../bridge-c2.cab

[{29260269-24F0-0E66-3112-06255F9E6EAB}]
CODEBASE = http://216.118.71.185/1/rdgDE1828.exe

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.co...?1113638085624

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

notepad.exe = msmsgs.exe
notepad2.exe = popuper.exe

--------------------------------------------------

End of report, 5.895 bytes
Report generated in 0,015 seconds

felix1 · 28.04.2005, 19:45

Da kann man nicht viel erkennen, mache das mal:
Erstelle einen Log mittels Hijackhis und poste diesen:

www.hjt.klaffke.de

28.04.2005, 19:45	#2
felix1 /// Helfer-Team	Trojaner ??? Da kann man nicht viel erkennen, mache das mal: Erstelle einen Log mittels Hijackhis und poste diesen: www.hjt.klaffke.de __________________

Trojaner ???

Log-Analyse und Auswertung: Trojaner ???

Trojaner ???

Trojaner ???