|
Habe auch ein Problem mit: TR/Agent.BI Hallo ich habe zwar schon paar Threads über diesen Trojaner gelesen aber das hilft mir irgendwie gar nicht weiter. Ich kenn mich mit diesen Trojanern auch kaum aus. Hab erst vor einer Woche mein System neu aufgesetzt weil ich diesen Trojaner drauf hatte und jetzt ist er wieder da. Ich bin schon langsam am verzweifeln :-( Hier ist ein Hijack log von mir: Logfile of HijackThis v1.98.2 Scan saved at 17:14:23, on 12.05.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe D:\TuneUp Utilities 2004\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe D:\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\AVPersonal\AVGUARD.EXE D:\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\sstray.exe D:\Asus\Asus Probe\AsusProb.exe D:\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\system32\ipjo32.exe D:\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe D:\Webroot\Spy Sweeper\SpySweeper.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe D:\ASUS\Silicon Image\SiISATARaid\SATARaid.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Chef\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\phakw.dll/sp.html#93256 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\phakw.dll/sp.html#93256 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\phakw.dll/sp.html#93256 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\phakw.dll/sp.html#93256 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\phakw.dll/sp.html#93256 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\phakw.dll/sp.html#93256 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\phakw.dll/sp.html#93256 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {4EE6E8A9-A6D3-0E71-5989-4F8D1DEDB279} - C:\WINDOWS\sdkoe32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ASUS Probe] d:\Asus\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SmcService] D:\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ipjo32.exe] C:\WINDOWS\system32\ipjo32.exe O4 - HKLM\..\Run: [AVGCtrl] D:\\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SpySweeper] "D:\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115141913340 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C5E0271-B489-49F3-9A31-8CE52B4821FF}: NameServer = 195.3.96.67 195.3.96.68 ----------------------- und meine Startupliste: StartupList report, 12.05.2005, 17:14:48 StartupList version: 1.52.2 Started from : C:\Dokumente und Einstellungen\Chef\Desktop\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe D:\TuneUp Utilities 2004\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe D:\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\AVPersonal\AVGUARD.EXE D:\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\sstray.exe D:\Asus\Asus Probe\AsusProb.exe D:\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\system32\ipjo32.exe D:\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe D:\Webroot\Spy Sweeper\SpySweeper.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe D:\ASUS\Silicon Image\SiISATARaid\SATARaid.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Chef\Desktop\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE SATARaid.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe ATICCC = "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime nForce Tray Options = sstray.exe /r ASUS Probe = d:\Asus\Asus Probe\AsusProb.exe SpeedTouch USB Diagnostics = "D:\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon SmcService = D:\Sygate\SPF\smc.exe -startgui SunJavaUpdateSched = C:\Programme\Java\jre1.5.0_02\bin\jusched.exe ipjo32.exe = C:\WINDOWS\system32\ipjo32.exe AVGCtrl = D:\\AVPersonal\AVGNT.EXE /min -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe SpySweeper = "D:\Webroot\Spy Sweeper\SpySweeper.exe" /0 -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\WINDOWS\sdkoe32.dll - {4EE6E8A9-A6D3-0E71-5989-4F8D1DEDB279} (no name) - c:\programme\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: 1-Klick-Wartung.job -------------------------------------------------- Enumerating Download Program Files: [{3334504D-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/downlo...4D/mp43dmo.CAB [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.co...?1115141913340 [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/ms...downloader.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5.643 bytes Report generated in 0,031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Hoffe jemand kann mir helfen. Lg Chris |
siehst du schon ab der ersten zeile, wenn du irgendwas nur gelesen hättest hier. ;) dll/sp.html ... es gibt eine eigene rubrik dafür. (infos/tips) http://www.trojaner-board.com/showthread.php?t=14366 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:15 Uhr. |
Copyright ©2000-2025, Trojaner-Board