Imer wieder Trojan.small hin und wieder werbe pop-ups..

FleurMia · 30.05.2006, 10:53

Hi...

ewido findet immer wieder Trojaner und Kaspersky hat gestern zwei trojan.downloader gelöscht... aber irgendwie scheint immer noch etwas hängengeblieben zu sein.. wollte die Testversion von Panda instalieren, aber der hatte Probleme mit Avast!Antivir, was allerdings schon längst gelöscht wurde... hatte es überall gesucht und nirgends gefunden, aber im Hijack taucht es wieder auf... vielleicht hat das auch irgendetwas damit zu tun?? und das mit flingstone und teensguru ect. ist auch sehr seltsam...
Danke schonmal im Vorraus...

Hijack
_____________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:46:35, on 30.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\oodag.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
F:\eMule\emule.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE
F:\sw\Best Anti-Spyware Kit\BKR HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://wxx.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://wxx.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://wxx.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://wxx.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {2D3E7E21-EAE2-CB41-EE28-E4ABBD4DB5C8} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - (no file)
O2 - BHO: (no name) - {2D3E7E21-EAE2-CB41-EE28-E4ABBD4DB5C8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0D27764E-DC76-4244-AF76-BFFB1B7B8623} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0D27764E-DC76-4244-AF76-BFFB1B7B8623} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O10 - Broken Internet access because of LSP provider 'spacklsp.dll' missing
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144237121171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - xxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59B5E0B9-33A8-4B4A-B46D-525CCE932875}: NameServer = 217.237.150.188 217.237.151.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{D723D8B1-A44F-4F23-AC67-FB09AC520994}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{59B5E0B9-33A8-4B4A-B46D-525CCE932875}: NameServer = 217.237.150.188 217.237.151.161
O20 - AppInit_DLLs: pushow94.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Unknown owner - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: windllrun - Unknown owner - C:\WINDOWS\system32\windllrun.exe (file missing)

---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 11:33:36, 30.05.2006
+ Report-Checksumme: 2C56EF0D

+ Scanergebnis:

HKLM\SOFTWARE\Classes\CLSID\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -> Trojan.Small : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -> Trojan.Small : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -> Trojan.Small : Gesäubert mit Backup
:mozilla.6:C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\d23ecyxu.Standard-Benutzer\cookies.txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup

::Report Ende

Incident Status Location

Adware:adware/securityerror Not disinfected c:\windows\system32\dxole32.exe
Adware:adware/winprotect Not disinfected c:\windows\balloon.wav
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\programme\gemeinsame dateien\WinSoftware
Adware:adware/ist.istbar Not disinfected Windows Registry
Potentially unwanted tool:application/spyfalcon Not disinfected hkey_local_machine\software\SpyFalcon
Adware:adware/yazzlesudoku Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Adware:adware/digikeygen Not disinfected Windows Registry
Potentially unwanted tool:application/unspypc Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-4734-477F-8257-27CD04F88779}
Adware:adware/winres Not disinfected Windows Registry
Adware:adware/cws.searchmeup Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:spyware/shopnav Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\d23ecyxu.Standard-Benutzer\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Fish\Cookies\fish@as1.falkag[1].txt
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\A?pPatch\d?xplore.exe

Kann mir jemand helfen?

Imer wieder Trojan.small hin und wieder werbe pop-ups..

Log-Analyse und Auswertung: Imer wieder Trojan.small hin und wieder werbe pop-ups..

Trojaner-Problem... bitte anschauen

Ähnliche Themen: Imer wieder Trojan.small hin und wieder werbe pop-ups..