Trojaner TR/Drop.Agent.AAY und TR/Drop.Agent.age.2 auf PC |
||
---|---|---|
#0
| ||
13.06.2007, 18:29
...neu hier
Beiträge: 5 |
||
|
||
13.06.2007, 19:41
Moderator
Beiträge: 7805 |
#2
Arbeite bitte die Punkte 1-3 aus diesem Thread ab: http://board.protecus.de/t23188.htm
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
13.06.2007, 19:53
...neu hier
Themenstarter Beiträge: 5 |
#3
datfind.exe
13.06.2007 13:58 7.275 nvapps.xml 13.06.2007 13:54 2.206 wpa.dbl 05.06.2007 23:38 15.747.032 MRT.exe 30.05.2007 20:35 445.312 FNTCACHE.DAT 11.04.2007 11:21 39.668 PUXPPLAT.UND 06.04.2007 14:09 210 BOOTBAK.INI 02.04.2007 14:21 428.032 swreg.exe 01.04.2007 12:26 5.100 NULL 25.03.2007 10:46 54.076 perfc009.dat 25.03.2007 10:46 382.716 perfh009.dat 25.03.2007 10:46 394.198 perfh007.dat 25.03.2007 10:46 65.286 perfc007.dat 25.03.2007 10:46 905.972 PerfStringBackup.INI Edit: reichen die Infos aus? Anhang: ComboFix.txt Dieser Beitrag wurde am 13.06.2007 um 20:15 Uhr von cereb editiert.
|
|
|
||
14.06.2007, 05:48
Moderator
Beiträge: 7805 |
#4
Ein Hijackthis log waere hilfreich und die Infos, wo diese Viren gefunden wurden.
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
14.06.2007, 13:47
...neu hier
Themenstarter Beiträge: 5 |
#5
sorry bin neu hier.
Logfile of HijackThis v1.99.1 Scan saved at 13:40:48, on 14.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\Filzip\Filzip.exe C:\DOKUME~1\user\LOKALE~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programme\ONSPEED\components\NOWImaging.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://de8.hpwis.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096728815609 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe gefunden wurden die Trojaner auf: C:\Programme\Outlook Express\awimi.exe (TR/Drop.Agent.AAY) C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\z11wini.exe (TR/Drop.Agent.age.2) mfg cereb |
|
|
||
14.06.2007, 13:55
Moderator
Beiträge: 7805 |
#6
Die Dateien wurden geloescht und du hast ATF Cleaner genutzt?
DAs einzige, was auffaellt ist O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programme\ONSPEED\components\NOWImaging.dll (file missing) Diese kannst du in Hijackthis anhaken und fix checked druecken. Ansonsten mache einige Kontrolscans mit Drweb: http://freedrweb.com/ und Ewido: http://downloads.ewido.net/ewido_micro.exe Dein Antivir stelle ein, wie hier beschrieben: http://board.protecus.de/t23979.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
||
14.06.2007, 13:59
...neu hier
Themenstarter Beiträge: 5 |
||
|
||
28.06.2007, 17:02
...neu hier
Themenstarter Beiträge: 5 |
#8
hi könntet ihr nochmal schauen, ob alles passt? Bei cureit.exe findet er nix.
Danke für die Bemühungen. datfind.exe 8.06.2007 15:29 7.275 nvapps.xml 24.06.2007 17:11 2.206 wpa.dbl 14.06.2007 13:32 445.312 FNTCACHE.DAT 13.06.2007 23:13 122.142 TZLog.log 05.06.2007 23:38 15.747.032 MRT.exe 16.05.2007 17:11 683.520 inetcomm.dll 08.05.2007 10:59 3.583.488 mshtml.dll 25.04.2007 16:22 144.896 schannel.dll Logfile of HijackThis v1.99.1 Scan saved at 16:57:33, on 28.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ps2.exe C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Dokumente und Einstellungen\user\Desktop\Virusbekämpfung\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://de8.hpwis.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096728815609 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe ComboFix 07-06-13.3 - C:\Dokumente und Einstellungen\user\Desktop\Virusbek„mpfung\ComboFix.exe "user" - 2007-06-28 16:50:10 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 ))))))))))))))))))))))))))))))) 2007-06-25 12:57 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-24 17:04 <DIR> d-------- C:\Programme\SiSoftware 2007-06-24 17:00 <DIR> d-------- C:\Programme\JAP 2007-06-14 14:11 <DIR> d-------- C:\DOKUME~1\user\DoctorWeb 2007-06-13 19:37 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-13 14:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-06-13 13:55 <DIR> d-------- C:\WINDOWS\system32\de-de 2007-06-13 13:50 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-06-13 13:42 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage 2007-05-31 16:50 5,242,880 --a------ C:\DOKUME~1\user\ntuser.dat 2007-05-31 16:50 <DIR> d-------- C:\Programme\HEAD 2007-05-28 19:50 <DIR> d-------- C:\DOKUME~1\user\ANWEND~1\Skype 2007-05-28 19:49 <DIR> d-------- C:\Programme\Skype 2007-05-28 19:49 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype 2007-05-28 19:49 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-27 15:33:37 -------- d-----w C:\Programme\ICQToolbar 2007-06-26 13:19:01 -------- d-----w C:\Programme\TrackMania Nations ESWC 2007-06-14 13:49:27 -------- d-----w C:\Programme\Everest Poker 2007-06-01 19:29:37 -------- d-----w C:\DOKUME~1\user\ANWEND~1\Avant Browser 2007-06-01 11:38:56 -------- d-----w C:\Programme\PokerStars 2007-05-31 14:50:12 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-05-30 18:04:38 -------- d-----w C:\Programme\The Westerner 2007-05-30 18:00:46 -------- d-----w C:\Programme\Pacz 2007-05-30 17:55:33 -------- d-----w C:\Programme\Picasa 2007-05-30 17:54:00 -------- d-----w C:\Programme\Oberon Media 2007-05-27 08:55:18 -------- d-----w C:\Programme\PHP 2007-05-17 16:07:01 -------- d-----w C:\DOKUME~1\user\ANWEND~1\SlipStream 2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 17:14:20 -------- d-----w C:\Programme\ICQ6 2007-05-15 17:14:17 -------- d-----w C:\DOKUME~1\user\ANWEND~1\ICQ 2007-05-15 17:14:07 -------- d-----w C:\Programme\ICQLite 2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 07:24:34 12,275 -c--a-w C:\WINDOWS\mozver.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2004-07-12 16:50 C:\WINDOWS\system32\nwiz.exe] "FLMK08KB"="C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-11-30 19:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-01-16 11:56] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "InfoCockpit"=C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BusinessOnline Log] "C:\Programme\T-DSL Business\bolog.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] C:\Programme\Picasa\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspwr] C:\WINDOWS\system32\PuXpMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwrUpTweakMe] C:\WINDOWS\system32\PUXPTWKS.EXE /TWEAK [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "D:\Programme\Valve\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TUWinStylerThemeSvc"=3 (0x3) "TSMService"=3 (0x3) "SymWSC"=2 (0x2) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "NVSvc"=2 (0x2) "iPodService"=3 (0x3) "IDriverT"=3 (0x3) "AVM WLAN Connection Service"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background "Mozilla Quick Launch"="C:\Programme\Netscape\Netscape\Netscp.exe" -turbo "TuneUp MemOptimizer"="D:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize "CloneDVDElbyDelay"="D:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe "ElbyCheckAnyDVD"="C:\Programme\AnyDVD\ElbyCheck.exe" /L AnyDVD "Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "BusinessOnline Log"="C:\Programme\T-DSL Business\bolog.exe" "BearShare"="C:\Programme\BearShare\BearShare.exe" /pause "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min "UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r "Dit"=Dit.exe "KBD"=C:\HP\KBD\KBD.EXE "nwiz"=nwiz.exe /install "WinampAgent"="C:\Programme\Winamp\Winampa.exe" "AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc Contents of the 'Scheduled Tasks' folder 2006-05-26 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job 2006-05-28 17:09:00 C:\WINDOWS\tasks\Einfache Internetanmeldung.job 2006-05-28 17:09:00 C:\WINDOWS\tasks\Symantec NetDetect.job ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 ))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-27 15:33:37 -------- d-----w C:\Programme\ICQToolbar 2007-06-26 13:19:01 -------- d-----w C:\Programme\TrackMania Nations ESWC 2007-06-14 13:49:27 -------- d-----w C:\Programme\Everest Poker 2007-06-01 19:29:37 -------- d-----w C:\DOKUME~1\user\ANWEND~1\Avant Browser 2007-06-01 11:38:56 -------- d-----w C:\Programme\PokerStars 2007-05-31 14:50:12 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-05-30 18:04:38 -------- d-----w C:\Programme\The Westerner 2007-05-30 18:00:46 -------- d-----w C:\Programme\Pacz 2007-05-30 17:55:33 -------- d-----w C:\Programme\Picasa 2007-05-30 17:54:00 -------- d-----w C:\Programme\Oberon Media 2007-05-27 08:55:18 -------- d-----w C:\Programme\PHP 2007-05-17 16:07:01 -------- d-----w C:\DOKUME~1\user\ANWEND~1\SlipStream 2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 17:14:20 -------- d-----w C:\Programme\ICQ6 2007-05-15 17:14:17 -------- d-----w C:\DOKUME~1\user\ANWEND~1\ICQ 2007-05-15 17:14:07 -------- d-----w C:\Programme\ICQLite 2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 07:24:34 12,275 -c--a-w C:\WINDOWS\mozver.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2004-07-12 16:50 C:\WINDOWS\system32\nwiz.exe] "FLMK08KB"="C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-11-30 19:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-01-16 11:56] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "InfoCockpit"=C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BusinessOnline Log] "C:\Programme\T-DSL Business\bolog.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] C:\Programme\Picasa\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspwr] C:\WINDOWS\system32\PuXpMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwrUpTweakMe] C:\WINDOWS\system32\PUXPTWKS.EXE /TWEAK [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "D:\Programme\Valve\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TUWinStylerThemeSvc"=3 (0x3) "TSMService"=3 (0x3) "SymWSC"=2 (0x2) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "NVSvc"=2 (0x2) "iPodService"=3 (0x3) "IDriverT"=3 (0x3) "AVM WLAN Connection Service"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background "Mozilla Quick Launch"="C:\Programme\Netscape\Netscape\Netscp.exe" -turbo "TuneUp MemOptimizer"="D:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize "CloneDVDElbyDelay"="D:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe "ElbyCheckAnyDVD"="C:\Programme\AnyDVD\ElbyCheck.exe" /L AnyDVD "Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "BusinessOnline Log"="C:\Programme\T-DSL Business\bolog.exe" "BearShare"="C:\Programme\BearShare\BearShare.exe" /pause "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min "UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r "Dit"=Dit.exe "KBD"=C:\HP\KBD\KBD.EXE "nwiz"=nwiz.exe /install "WinampAgent"="C:\Programme\Winamp\Winampa.exe" "AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc Contents of the 'Scheduled Tasks' folder 2006-05-26 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job 2006-05-28 17:09:00 C:\WINDOWS\tasks\Einfache Internetanmeldung.job 2006-05-28 17:09:00 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-28 16:56:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... cmd.exe [3972] scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-28 16:56:18 C:\ComboFix-quarantined-files.txt ... 2007-06-28 16:56 C:\ComboFix2.txt ... 2007-06-13 19:46 --- E O F --- MfG Cereb |
|
|
||
28.06.2007, 17:13
Moderator
Beiträge: 7805 |
#9
Sieht gut aus. Diesen Eintrag(Ueberbleibsel von Spybot) solltest du noch anhaken und fioxen. Der IE muss vor dem druecken von fix checked geschlossen sein!
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) __________ MfG Ralf SEO-Spam Hunter |
|
|
||
Hab die Trojaner TR/Drop.Agent.AAY und TR/Drop.Agent.age.2 auf meinem PC. Hab sie durch Avira AntiVir gefunden. Wie kann ich sie wieder loswerden?
Information für TR/Drop.Agent.AAY :
http://www.avira.com/de/Thread/section/fulldetails/id_vir/3596/tr_drop.agent.aay.html
Danke. Bin am Verzweifeln.
mfg cereb