| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: trojan-Downloader.Win32.Agent variantWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.12.2007, 21:15
| #5 |
| |  trojan-Downloader.Win32.Agent variant Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:08:03, on 19.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LckFldService.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Programme\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Alienwere\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Programme\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\Mixer.exe C:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Messenger\msmsgs.exe C:\DAEMON Tools\daemon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\ARCORO~1\AOButler.exe C:\Programme\Google\Google Updater\GoogleUpdater.exe C:\Widgets\YahooWidgetEngine.exe C:\Widgets\YahooWidgetEngine.exe C:\Widgets\YahooWidgetEngine.exe C:\Widgets\YahooWidgetEngine.exe C:\Widgets\YahooWidgetEngine.exe C:\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Winamp\winamp.exe C:\Steam\Steam.exe C:\Programme\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.daemonsearch.com/de/ý R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll F3 - REG:win.ini: run= O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BullGuard] "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GnabTray] C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe -checkstart O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Arcor Online] C:\PROGRA~1\ARCORO~1\Arcor.exe /inst_typ:2 /kunden_typ:bestand O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Yahoo! Widget Engine.lnk = C:\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.schuelervz.net/photouploader/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4EA1A6BF-D158-412B-8996-0E643C6E8C7B}: NameServer = 85.255.114.56,85.255.112.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5297F3-AF05-4356-B34A-1B370DA54569}: NameServer = 85.255.114.56,85.255.112.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{EAB2A5F0-D72F-4BB3-BA1F-A1D564AE47DD}: NameServer = 195.50.140.178 195.50.140.114 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.56 85.255.112.111 O17 - HKLM\System\CS1\Services\Tcpip\..\{4EA1A6BF-D158-412B-8996-0E643C6E8C7B}: NameServer = 85.255.114.56,85.255.112.111 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.56 85.255.112.111 O17 - HKLM\System\CS2\Services\Tcpip\..\{4EA1A6BF-D158-412B-8996-0E643C6E8C7B}: NameServer = 85.255.114.56,85.255.112.111 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.56 85.255.112.111 O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Borland Remote Debugging Service (BorlandRemoteDebuggingService) - Unknown owner - C:\Programme\Borland\Remote Debugger\7.0\Bin\bordbg70.exe (file missing) O23 - Service: GnabService - Empolis GmbH - c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11434 bytes mh warum muss man das mit den inet addressen so machen? aba joa bitte ;D |
| Themen zu trojan-Downloader.Win32.Agent variant |
| account, account gehackt, ahnung, antivir, avira, avira antivir, frage, gehackt, heulen, troja, trojan-downloader.win32.agent, trojaner/virus, update, updatet, variant, wow account |
Baum-Darstellung