Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner !

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.01.2008, 04:07   #1
N3M3S1S
 
Trojaner ! - Standard

Trojaner !



Ich habe Folgene Trojaner

und würde gerne wissen wo ich für die trojaner entfernungs toll bekomme

Agent BQE Trojaner
Vundo Trojaner
Agent AOY Trojaner

und evt mehr problemme

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 03:53:50, on 08.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Mixer.exe
C:\Programme\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\dhyyoxta.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\explorer.exe
C:\Programme\ICQ6\ICQ.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: {a7179a04-0ca0-ebd8-9364-2228b40fff76} - {67fff04b-8222-4639-8dbe-0ac040a9717a} - C:\WINDOWS\system32\ofccinik.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {DF9F2104-B8B5-47D4-BC22-AF2F2350E85B} - C:\WINDOWS\system32\vtstq.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WheelMouse] C:\Programme\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [589dfd28] rundll32.exe "C:\WINDOWS\system32\txbwbwux.dll",b
O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp322.dll' missing
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: dfgjrtt3 - {7A81DF49-1DB8-4db4-B070-AD6758ECBA2A} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\dhyyoxta.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Programme\Icecast2 Win32\icecastService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Platinum (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

--
End of file - 5523 bytes

Alt 08.01.2008, 04:09   #2
N3M3S1S
 
Trojaner ! - Standard

Trojaner !



StartupList report, 08.01.2008, 04:08:34
StartupList version: 1.52.2
Started from : C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis_v2.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Mixer.exe
C:\Programme\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\dhyyoxta.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\explorer.exe
C:\Programme\ICQ6\ICQ.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis_v2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
MSI US54SE II Wireless Client Utility.lnk = C:\Programme\MSI\US54SE II\Installer\WINXP\MCU.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\idaw64.exe,C:\WINDOWS\system32\actcontroller.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

C-Media Mixer = Mixer.exe /startup
WheelMouse = C:\Programme\A4Tech\Mouse\Amoumain.exe
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
589dfd28 = rundll32.exe "C:\WINDOWS\system32\txbwbwux.dll",b
SweetIM = C:\Programme\Macrogaming\SweetIM\SweetIM.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = ~"C:\Programme\MSN Messenger\msnmsgr.exe" /background
MSMSGS = "C:\Programme\Messenger\msmsgs.exe" /background
SweetIM = C:\Programme\Macrogaming\SweetIM\SweetIM.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry key not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

XTTBPos00 - C:\PROGRA~1\ICQTOO~1\toolbaru.dll - {055FD26D-3A88-4e15-963D-DC8493744B1D}
(no name) - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
SWEETIE - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
{a7179a04-0ca0-ebd8-9364-2228b40fff76} - C:\WINDOWS\system32\ofccinik.dll - {67fff04b-8222-4639-8dbe-0ac040a9717a}
(no name) - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\WINDOWS\system32\vtstq.dll - {DF9F2104-B8B5-47D4-BC22-AF2F2350E85B}
(no name) - C:\WINDOWS\system32\byxxvtt.dll - {FED51DF2-9644-4C58-9104-90244EDD6EEC}


--------------------------------------------------

Enumerating Task Scheduler jobs:

XoftSpySE.job

--------------------------------------------------

Enumerating Download Program Files:

[F-Secure Online Scanner 3.1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll
CODEBASE = h**p://support.f-secure.com/ols/fscax.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = h**p://go.microsoft.com/fwlink/?linkid=39204

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Programme\Bonjour\mdnsNSP.dll
Protocol #6: rsvp322.dll (file MISSING)
Protocol #7: rsvp322.dll (file MISSING)
Protocol #8: rsvp322.dll (file MISSING)
Protocol #9: rsvp322.dll (file MISSING)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\~nsu.tmp\Au_.exe|||L

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 6.185 bytes
Report generated in 0,047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
__________________


Geändert von N3M3S1S (08.01.2008 um 04:27 Uhr)

Alt 08.01.2008, 04:20   #3
N3M3S1S
 
Trojaner ! - Standard

Trojaner !



so meine frage wie bekomme ich das zeug weg ohne den pc neu zu machen wird zwar nicht leicht denke ich mal aber ne lösung gibt es bestimmt

und was noch so schädliches drauf ist wenn ihr noch was findet
__________________

Antwort

Themen zu Trojaner !
administrator, adobe, bho, browseui preloader, ctfmon.exe, dateien, desktop, dll, einstellungen, f-secure, firefox, firewall, hijack, hijackthis, hkus\s-1-5-18, icq, internet, internet explorer, microsoft, mozilla, mozilla firefox, nvidia, programme, rundll, s-1-5-18, server, software, sweetim, system, trojaner, urlsearchhook, windows, windows xp




Zum Thema Trojaner ! - Ich habe Folgene Trojaner und würde gerne wissen wo ich für die trojaner entfernungs toll bekomme Agent BQE Trojaner Vundo Trojaner Agent AOY Trojaner und evt mehr problemme Logfile of - Trojaner !...
Archiv
Du betrachtest: Trojaner ! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.