|
Log-Analyse und Auswertung: Trojaner !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.01.2008, 04:07 | #1 |
| Trojaner ! Ich habe Folgene Trojaner und würde gerne wissen wo ich für die trojaner entfernungs toll bekomme Agent BQE Trojaner Vundo Trojaner Agent AOY Trojaner und evt mehr problemme Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 03:53:50, on 08.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\Mixer.exe C:\Programme\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\dhyyoxta.exe C:\WINDOWS\system32\mdm.exe C:\WINDOWS\explorer.exe C:\Programme\ICQ6\ICQ.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: {a7179a04-0ca0-ebd8-9364-2228b40fff76} - {67fff04b-8222-4639-8dbe-0ac040a9717a} - C:\WINDOWS\system32\ofccinik.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {DF9F2104-B8B5-47D4-BC22-AF2F2350E85B} - C:\WINDOWS\system32\vtstq.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [WheelMouse] C:\Programme\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [589dfd28] rundll32.exe "C:\WINDOWS\system32\txbwbwux.dll",b O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'rsvp322.dll' missing O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: dfgjrtt3 - {7A81DF49-1DB8-4db4-B070-AD6758ECBA2A} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: DomainService - - C:\WINDOWS\system32\dhyyoxta.exe O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Programme\Icecast2 Win32\icecastService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Platinum (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe -- End of file - 5523 bytes |
08.01.2008, 04:09 | #2 |
| Trojaner ! StartupList report, 08.01.2008, 04:08:34
__________________StartupList version: 1.52.2 Started from : C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis_v2.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\Mixer.exe C:\Programme\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\dhyyoxta.exe C:\WINDOWS\system32\mdm.exe C:\WINDOWS\explorer.exe C:\Programme\ICQ6\ICQ.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] MSI US54SE II Wireless Client Utility.lnk = C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\idaw64.exe,C:\WINDOWS\system32\actcontroller.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run C-Media Mixer = Mixer.exe /startup WheelMouse = C:\Programme\A4Tech\Mouse\Amoumain.exe SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 589dfd28 = rundll32.exe "C:\WINDOWS\system32\txbwbwux.dll",b SweetIM = C:\Programme\Macrogaming\SweetIM\SweetIM.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"C:\Programme\MSN Messenger\msnmsgr.exe" /background MSMSGS = "C:\Programme\Messenger\msmsgs.exe" /background SweetIM = C:\Programme\Macrogaming\SweetIM\SweetIM.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater] = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry key not found* -------------------------------------------------- Enumerating Browser Helper Objects: XTTBPos00 - C:\PROGRA~1\ICQTOO~1\toolbaru.dll - {055FD26D-3A88-4e15-963D-DC8493744B1D} (no name) - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} SWEETIE - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} {a7179a04-0ca0-ebd8-9364-2228b40fff76} - C:\WINDOWS\system32\ofccinik.dll - {67fff04b-8222-4639-8dbe-0ac040a9717a} (no name) - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\WINDOWS\system32\vtstq.dll - {DF9F2104-B8B5-47D4-BC22-AF2F2350E85B} (no name) - C:\WINDOWS\system32\byxxvtt.dll - {FED51DF2-9644-4C58-9104-90244EDD6EEC} -------------------------------------------------- Enumerating Task Scheduler jobs: XoftSpySE.job -------------------------------------------------- Enumerating Download Program Files: [F-Secure Online Scanner 3.1] InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll CODEBASE = h**p://support.f-secure.com/ols/fscax.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = h**p://go.microsoft.com/fwlink/?linkid=39204 -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\Programme\Bonjour\mdnsNSP.dll Protocol #6: rsvp322.dll (file MISSING) Protocol #7: rsvp322.dll (file MISSING) Protocol #8: rsvp322.dll (file MISSING) Protocol #9: rsvp322.dll (file MISSING) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\~nsu.tmp\Au_.exe|||L -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 6.185 bytes Report generated in 0,047 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Geändert von N3M3S1S (08.01.2008 um 04:27 Uhr) |
08.01.2008, 04:20 | #3 |
| Trojaner ! so meine frage wie bekomme ich das zeug weg ohne den pc neu zu machen wird zwar nicht leicht denke ich mal aber ne lösung gibt es bestimmt
__________________und was noch so schädliches drauf ist wenn ihr noch was findet |
Themen zu Trojaner ! |
administrator, adobe, bho, browseui preloader, ctfmon.exe, dateien, desktop, dll, einstellungen, f-secure, firefox, firewall, hijack, hijackthis, hkus\s-1-5-18, icq, internet, internet explorer, microsoft, mozilla, mozilla firefox, nvidia, programme, rundll, s-1-5-18, server, software, sweetim, system, trojaner, urlsearchhook, windows, windows xp |