Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Hab seit längerem einen trojaner der nicht weg will(TR/Agent.33302) (https://www.trojaner-board.de/40243-hab-seit-laengerem-trojaner-weg-will-tr-agent-33302-a.html)

J4YDe 23.06.2007 13:10
Hab seit längerem einen trojaner der nicht weg will(TR/Agent.33302)
 
Hab seit längerem einen trojaner in der datei =>cbxyxuu.dll
Wenn ich ihn löschen will dann stürzt mein Pc ab ..bitte helft mir

Hir noch ein paar log files

von HiJack
Logfile of HijackThis v1.99.1
Scan saved at 13:20:31, on 23.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Counter\Valve\Steam\steam.exe
E:\Teamspeak2_RC2\TeamSpeak.exe
D:\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\regedit.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\AntiVir PersonalEdition Classic\avguard.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.de - Nachrichten, Unterhaltung, Geld & Finanzen, Autos und mehr bei MSN
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hloenipc.dll",realset
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Mousometer.lnk = E:\Mousometer\mousometer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = E:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dslpy.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - I:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)

vonComboFix
ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\Toastbrot\Eigene Dateien\ICQ Lite\334558159\Jannik_227448109\ComboFix.exe
"Toastbrot" - 2007-06-23 13:50:23 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-23 13:32 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 13:30 <DIR> d-------- C:\VundoFix Backups
2007-06-22 19:46 4,628 --a------ C:\WINDOWS\system32\mdaliptk.exe
2007-06-21 13:15 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
2007-06-21 12:54 <DIR> d--hs---- C:\found.000
2007-06-21 11:31 <DIR> d-------- C:\DOKUME~1\TOASTB~1\ANWEND~1\Lavasoft
2007-06-21 11:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-21 10:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-20 18:23 49,536 --a------ C:\WINDOWS\system32\drivers\a8f6jguv.sys
2007-06-20 18:14 33,302 --------- C:\WINDOWS\system32\cbxyxuu.dll
2007-06-20 18:01 <DIR> d-------- C:\Programme\CureROM
2007-06-20 17:54 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4390.exe
2007-06-20 17:54 <DIR> d-------- C:\Programme\Alcohol Toolbar
2007-06-20 17:07 <DIR> d-------- C:\DOKUME~1\TOASTB~1\ANWEND~1\InstallShield
2007-06-15 18:01 <DIR> d-------- C:\ATI
2007-06-07 19:08 <DIR> d-------- C:\DOKUME~1\TOASTB~1\ANWEND~1\Petroglyph
2007-06-06 18:02 <DIR> d-------- C:\DOKUME~1\TOASTB~1\ANWEND~1\AdobeUM
2007-05-30 14:51 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-23 11:03:54 -------- d-----w C:\Programme\ICQLite
2007-06-22 18:03:38 -------- d-----w C:\DOKUME~1\TOASTB~1\ANWEND~1\teamspeak2
2007-06-20 15:50:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-20 15:47:44 -------- d-----w C:\Programme\DAEMON Tools
2007-06-20 15:08:22 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-06-07 15:01:47 -------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:58:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-18 01:57:53 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:57:34 2,164,736 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-18 01:51:01 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-18 01:50:52 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-18 01:50:46 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-18 01:49:14 479,232 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-18 01:48:26 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-18 01:41:03 2,922,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-05-18 01:30:58 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-05-18 01:30:41 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-05-18 01:30:40 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-05-18 01:19:50 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-18 01:17:27 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-05-18 01:16:04 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-05-18 01:10:21 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-17 19:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-05 18:15:55 144,357 ----a-w C:\WINDOWS\system32\atiicdxx.dat
2007-03-25 15:16:57 70,580 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 15:16:57 405,118 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-23 20:23:23 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 19:38]
{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}=C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-06-20 17:54]
{D5FD7368-83AA-43C8-BFF1-CA8F5728B595}=C:\WINDOWS\system32\awvts.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-24 17:42]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"QuickTime Task"="C:\Programme\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-09-01 15:57]
"avgnt"="D:\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"UnlockerAssistant"="D:\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 13:52:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 13:53:19
C:\ComboFix-quarantined-files.txt ... 2007-06-23 13:52

--- E O F ---


Danke schon mal im Voraus J4YDe

GUA 23.06.2007 13:36
doppelt gemoppelt :rolleyes:

GUA


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131