Brauche dringend rat bei Trojanern!!!

#0
20.04.2006, 16:59
...neu hier

Beiträge: 10
#1 Hi,
Kann ma jemand helfen, hab mit hijack gescannt und weiß aber ned was da faul ist...

Antivir zeigt mir mehrmals pro minute irgendwelche trojaner an, immer wieder die selben.



Logfile of HijackThis v1.99.1
Scan saved at 19:40:43, on 19.04.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\amVzc2k\command.exe
C:\WINDOWS\Mixer.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\windows\mousepad12.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\winmx32.EXE
C:\Dokumente und Einstellungen\Jessi\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Programme\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Microsoft Windows Keyboard service] ixplorer.exe
O4 - HKLM\..\Run: [internet service] svho0st98.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname12.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard12.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad12.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows Keyboard service] ixplorer.exe
O4 - HKLM\..\RunServices: [internet service] svho0st98.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\amVzc2k\command.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe (file missing)
O23 - Service: Microsoft Video Capture Controls (NDIS DIP Layer Transport Device) - Unknown owner - C:\WINDOWS\System32\ocxmp.exe" -netsvcs (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows MS Update 32 (Win32) - Unknown owner - C:\WINDOWS\System32\updatis32.exe" -netsvcs (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

Danke für eure hilfe....


PS: Adaware und stinger hab ich auch schon scannen und aufräumen lassen aber die trojaner werden immer noch gefunden.


Bei pestscan.com habe ich noch das gefunden:

Level Pests Type
PacerD Adware
Adware "PacerD" found in:
ProcessId "1488" File "C:\WINDOWS\amVzc2k\command.exe"
More Info
Yazzle Snowball Wars Adware
Adware "Yazzle Snowball Wars" found in:
Key "hkey_local_machine \software\yazzle snowball wars"
Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\yazzle snowball wars"
File "c:\SnowballWarsInstaller.exe"
Folder "c:\programme\Yazzle Snowball Wars"
More Info
Yazzle Sudoku Adware
Adware "Yazzle Sudoku" found in:
Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\yazzlesudoku"
Key "hkey_local_machine \software\yazzle sudoku"
Folder "c:\programme\yazzle sudoku"
More Info
CasClient Adware
Adware "CasClient" found in:
Key "hkey_local_machine \system\currentcontrolset\services\cmdservice"
More Info
MaxSearch Adware
Adware "MaxSearch" found in:
Key "hkey_classes_root \toolband.xbtb04715.1"
Key "hkey_classes_root \typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}"
Key "hkey_classes_root \xbtb04715.xbtb04715.1"
Key "hkey_classes_root \xbtb04715.ietoolbar"
Key "hkey_classes_root \toolband.xbtb04715"
Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\xbtb04715.xbtb04715toolbar"
Key "hkey_classes_root \xbtb04715.ietoolbar.1"
Key "hkey_classes_root \xbtb04715.xbtb04715"
More Info
Target Saver Adware
Adware "Target Saver" found in:
Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\tsa"
File "c:\windows\system32\tsuninst.exe"
More Info
SurfSideKick Adware
Adware "SurfSideKick" found in:
Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}"
Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}"
More Info
Iggsey Toolbar Toolbar
Toolbar "Iggsey Toolbar" found in:
Key "hkey_classes_root \clsid\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f}"
More Info
Unclassified Trojan Trojan
Trojan "Unclassified Trojan" found in:
Key "hkey_current_user \software\microsoft\internet explorer\search\searchassistant explorer\main" value "default_search_url" data "http://searchbar.findthewebsiteyouneed.com"
More Info
TrojanClicker.Win32.Small.jf Trojan
Trojan "TrojanClicker.Win32.Small.jf" found in:
Key "hkey_local_machine \software\microsoft\windows\currentversion\explorer\browser helper objects\{6001cdf7-6f45-471b-a203-0225615e35a7}"
File "c:\windows\dh.ini"
More Info
Ad.YieldManager.com Cookie Tracking Cookie
Tracking Cookie "Ad.YieldManager.com Cookie" found in:
Cookie "jessi@ad.yieldmanager[1].txt" File "C:\Dokumente und Einstellungen\Jessi\Cookies\jessi@ad.yieldmanager[1].txt"
More Info
As1.falkag.de Tracking Cookie
Tracking Cookie "As1.falkag.de" found in:
Cookie "jessi@as1.falkag[1].txt" File "C:\Dokumente und Einstellungen\Jessi\Cookies\jessi@as1.falkag[1].txt"
More Info
Com.com Tracking Cookie
Tracking Cookie "Com.com" found in:
Cookie "jessi@com[1].txt" File "C:\Dokumente und Einstellungen\Jessi\Cookies\jessi@com[1].txt"
More Info
ImIServer IEPlugin Adware
Adware "ImIServer IEPlugin" found in:
File "c:\windows\uninstall_nmon.vbs"
More Info
WebHancer Spyware
Spyware "WebHancer" found in:
Folder "c:\programme\whinstall"
More Info


Bitte kann mir jemand helfen???????
Seitenanfang Seitenende
20.04.2006, 18:31
Moderator
Avatar joschi

Beiträge: 6466
#2 Rechner ist verseucht bis unters Dach. Das Hauptproblem ist, dass kein SP2 installiert ist. System neu aufsetzen wäre meine Empfehlung.
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: