|
Trojaner ??? hallo, habe mir wohl einen trojaner eingefangen: hier mein logfile: was kann ich dagegen tun? format C: ??? StartupList report, 28.04.2005, 17:25:31 StartupList version: 1.52.2 Started from : C:\DOKUME~1\KPBE57~1\LOKALE~1\Temp\Rar$EX00.328\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\AntiVir\AVWUPSRV.EXE E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\popuper.exe C:\WINDOWS\system32\intmonp.exe E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MpfTray.exe E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MpfAgent.exe E:\AnyDVD\AnyDVD.exe C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe E:\Winamp\winampa.exe E:\AntiVir\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe E:\Spybot - Search & Destroy\TeaTimer.exe E:\AntiVir\AVGUARD.EXE E:\eMule\emule.exe E:\Slsk\Soulseek\slsk.exe E:\Vivian Mail\vivian.exe E:\FIREFOX.EXE C:\DOKUME~1\KPBE57~1\LOKALE~1\Temp\Rar$EX00.328\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart] AccSys AutoStart.lnk = G:\cdstart.exe Microsoft Office.lnk = E:\Office 2000\Office\OSA9.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd MPFExe = E:\PROGRA~1\McAfee.com\PERSON~1\PERSON~1\MpfTray.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe AnyDVD = E:\AnyDVD\AnyDVD.exe SunJavaUpdateSched = C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe AWMON = "E:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" SchedulingAgent = mstinit.exe /firstlogon WinampAgent = E:\Winamp\winampa.exe AVGCtrl = E:\AntiVir\AVGNT.EXE /min -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe SpybotSD TeaTimer = E:\Spybot - Search & Destroy\TeaTimer.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce ICQ Lite = E:\Programme\ICQLite\ICQLite.exe -trayboot -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe, SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - E:\Acrobat reader 6\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - E:\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - c:\windows\system\BHOmod.dll (file missing) - {7F6828CA-9E42-462C-BC60-418C8144012C} -------------------------------------------------- Enumerating Download Program Files: [{14A3221B-1678-1982-A355-7263B1281987}] CODEBASE = ms-its:mhtml:file://C:tsk.mht!http://69.50.161.126/5/s1//q.chm::/file.exe [{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}] CODEBASE = http://static.windupdates.com/cab/62.../bridge-c2.cab [{29260269-24F0-0E66-3112-06255F9E6EAB}] CODEBASE = http://216.118.71.185/1/rdgDE1828.exe [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.co...?1113638085624 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run notepad.exe = msmsgs.exe notepad2.exe = popuper.exe -------------------------------------------------- End of report, 5.895 bytes Report generated in 0,015 seconds |
Da kann man nicht viel erkennen, mache das mal: Erstelle einen Log mittels Hijackhis und poste diesen: www.hjt.klaffke.de |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 02:33 Uhr. |
Copyright ©2000-2025, Trojaner-Board