Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Antivir startet nicht und laufend ca 3kb Upload??? (https://www.trojaner-board.de/74111-antivir-startet-laufend-ca-3kb-upload.html)

Irie33 13.06.2009 22:11
Antivir startet nicht und laufend ca 3kb Upload???
 
Hallo zusammen

seit kurzem habe ich ständig eine Upload von ca 2-3 kb, manchmal auch mehr.
Des weiteren startet Antivir nicht mehr,
hier mal das Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:19, on 13.06.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\Avira\AntiVir Desktop\sched.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
G:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\cFosSpeed\cFosSpeed.exe
G:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Octoshape Streaming Services\user\OctoshapeClient.exe
C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Dokumente und Einstellungen\user\user.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\cFosSpeed\spd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
G:\Programme\Mozilla Firefox\firefox.exe
G:\Programme\Winamp\winamp.exe
C:\Programme\Trend Micro\HijackThis\text.com.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 208.109.221.107 leader.linkexchange.com
O1 - Hosts: 208.109.221.107 c5.zedo.com
O1 - Hosts: 208.109.221.107 as.casalemedia.com
O1 - Hosts: 208.109.221.107 pn1.adserver.yahoo.com #ebay
O1 - Hosts: 208.109.221.107 dewb.opt.fimserve.com
O1 - Hosts: 208.109.221.107 desk.opt.fimserve.com
O1 - Hosts: 208.109.221.107 dehp.opt.fimserve.com
O1 - Hosts: 208.109.221.107 adserving.cpxinteractive.com
O1 - Hosts: 208.109.221.107 ad.doubleclick.net
O1 - Hosts: 208.109.221.107 altfarm.mediaplex.com # download.com
O1 - Hosts: 208.109.221.107 ad.n2434.doubleclick.net # download.com
O1 - Hosts: 208.109.221.107 mads.download.com # download.com
O1 - Hosts: 208.109.221.107 mads.cnet.com # download.com
O1 - Hosts: 208.109.221.107 mads.com.com
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.170.200 ads.sup.com
O1 - Hosts: 208.109.221.107 delb.opt.fimserve.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O1 - Hosts: 38.113.170.200 themis.geocities.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "G:\Programme\Sony Ericsson\p1i\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] G:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "G:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Anselm\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [mRouterConfig] "C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [user] C:\Dokumente und Einstellungen\user\user.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03B2A7AA-8084-4986-A1ED-72E4B948F74D}: NameServer = 208.67.222.222,66.99.233.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{03B2A7AA-8084-4986-A1ED-72E4B948F74D}: NameServer = 208.67.222.222,66.99.233.130
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - G:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - G:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BlueSoleil Hid Service BlueSoleilBITS (BlueSoleilBITS) - Unknown owner - C:\WINDOWS\system32\aaaamont.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programme\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ce73bba3d22a) (gupdate1c9ce73bba3d22a) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrafficMonitor Packettreiber Initialisierung (TMPService) - Mirko Böer - G:\Programme\NetStat4Win\TMPacketServiceInit.exe

--
End of file - 8606 bytes




Wäre schön wenn mir da jemand helfen könnte!!

Danke
Gruß

Irie.33

john.doe 13.06.2009 22:24
Hallo und :hallo:

1.) Start => Ausführen => notepad c:\windows\system32\drivers\etc\hosts => OK
Kompletten Inhalt löschen und mit dem Inhalt der Box ersetzen und speichern.
Code:
127.0.0.1      localhost
2.) Starte HJT => Do a system scan only => Markiere:
Code:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [user] C:\Dokumente und Einstellungen\user\user.exe /i
=> Fix checked => Neustart

3.) Lade die Datei
Code:
C:\Dokumente und Einstellungen\user\user.exe
bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

4.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19