|
Plagegeister aller Art und deren Bekämpfung: TR/Proxy Agent CS - was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.03.2005, 21:15 | #1 |
| TR/Proxy Agent CS - was tun? Hallo! Habe mir einen Trojaner eingefangen, der einfach nicht zu entfernen ist... :-( Nennt sich TR/Proxy Agend CS (ied_s7_c_7.exe) und ist irgendwie im CAB Microsoft....habe keine Ahnung wie ich den loswerden soll.. Kann jemand helfen? |
16.03.2005, 21:28 | #2 |
| TR/Proxy Agent CS - was tun? @Framel
__________________poste ein HJT logfile direktdownload anleitung lade escan download anleitung EscanErgebnis Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." chaosman
__________________ |
18.03.2005, 15:32 | #3 |
| TR/Proxy Agent CS - was tun? @chaosman: also... diesen trojaner konnte ich nun wohl doch löschen, aber dafür tausende andere sachen gefunden, wo ich keinen plan habe...??? :-(((
__________________O1 - Hosts: 255.255.255.255 www.casinoxo.com Böse Dieser Eintrag muss sofort gefixt werden. Muss gefixt werden ------------------------------------------------------------------------ O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize da folgt dann das: Details -- Resultate auf den Namen: "NvCplDaemon" -- Name Datei Status NvCplorNvCplDaemon rundll32.exe NvCpl.dll, NvStartup Gut NvCplDaemon rundll32.exe NvQtwk.dll, NvCplDaemon Gut NvCpl or NvCplDaemon rundll32.exe NvCpl.dll, NvStartup Gut NvCplDaemon rundll32.exe NvQtwk.dll, NvCplDaemon Gut NvCplDaemon NvCpl.dll Gut NvCplDaemon rundll32.exe NvCpl.dll Gut NvCplDaemon NvStartup Gut -- Resultate auf die Datei: "RUNDLL32.EXE" -- Datei Name Status rundll32.exe shell32.dll, Control_RunDLL ...123456 123456 Böse rundll32.exe stmctrl.dll, TaskBar AdslTaskBar Gut rundll32.exe bcmhal9x.dll, bcinit BCMHal Gut Rundll32.exe BDSrHook.dll, Rundll32 BIE Böse RunDLL32.exe irprops.cpl, BluetoothAuthenticationA BlueToothAuthentication Agent Gut rundll32.exe ...Bridge.dll Bridge Böse Rundll32.exe bs3.dll, DllRun Bsx3 Böse RunDLL32.EXE bsx5.dll bxsx5 Böse RunDLL32.EXE bxxs5.dll, dllrun bxxs5 Böse rundll32.exe streamci, StreamingDeviceSetup Ccdecode Gut Rundll32.exe CNSMIN.DLL, Rundll32 CnsMin Böse Rundll32.exe SECURE32.CPL, Service Compaq Computer Security Unbekannt rundll32.exe MSA64CHK.dll, DllMostrar ContentDownload Böse rundll32.exe ctrlpan.dll, Restore ControlPanel Control Böse rundll32.exe DeadAIM.ocm, ExportedCheckODLs DeadAIM Gut rundll32.exe advpack.dll, DelNodeRunDLL32 submit.e delsubmit Böse rundll32.exe msconfd.dll, Restore ControlPanel Desktop Böse rundll32.exe msa32chk.dll Dialer Böse rundll32.exe QaBar.dll, ForceShowBar ForceShow Böse rundll32.exe MSA64CHK.DLL, DllMostrar FreeMP3download Böse rundll32.exe Icsdclt.dll, ICSClient ICSDCLT Gut rundll32.exe EGDHTML_1023.dll, InstantAccess Instant Access Böse rundll32.exe ..lhttseng.inf, RemoveCabinet lhttseng Gut rundll32.exe mshtmpre.dll, MShtmpre LoadHTML Böse Rundll32.exepowrprof.dll LoadPowerProfile Gut Rundll32.exe LoadPowerProfile Böse rundll32.exe MSDServ.dll, check registry Mass storage check registry Gut rundll32.exe migrate.dll, CallVendorSetupDlls MigrationVendorSetupCaller Unbekannt RUNDLL32.EXE reg.dll, ondll_reg Module Call initialize Böse rundll32.exe navupd.dll, Startup NAVUpd Böse rundll32.exe NewDotNetStartup Newdot~2.exe New.netorNEWDOT~1 Böse rundll32.exe NvQtwk.dll, NvColorInit NvColorInit Unbekannt rundll32.exe NvCpl.dll, NvStartup NvCplorNvCplDaemon Gut rundll32.exe NvQtwk.dll, NvCplDaemon NvCplDaemon Gut rundll32.exe NvQtwk.dll, NvTaskbarInit NvidiaQuickTweakorNVQuickTweak Gut rundll32.exe nview.dll, nViewLoadHook NVIEW Gut rundll32.exe NvQtwk.dll, NvXTInit NvInitialize Gut RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit NVMCTRAY Unbekannt RunDLL32.exe NvMCTray.dll, NvTaskbarInit NvMediaCenter Gut Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoN OfotoNow USB Detection Gut RunDLL32.EXE oo4.dll, DllRun oo4 Böse RUNDLL32.EXE MSSIGN30.DLL ondll_reg Protected Storage Böse RUNDLL32.EXE reg678.dll ondll_reg Remote Procedure Call Locator Böse rundll32.exe bridge.dll, Load RunDLL Böse Rundll32.exe Rundll32 Böse RUNDLL32.EXE NvQtwk, NvCplDaemon RUNDLL32 Gut RunDLL32.exe NvMCTray.dll, NvTaskbarInit RunDLL32 Gut Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings rundll32 Gut Rundll32.exe ptipbm.dll, SetWriteBack Rundll32 Böse rundll32.exe ptipbmf.dll, SetWriteCacheMode rundll32 Unbekannt rundll32.exe rundll32 Böse RunDLL32.exe irprops.cpl, BluetoothAuthenticationA rundll32 Gut rundll32.exe MSIEFR40.DLL, DllRunServer Rundll32_7 Böse rundll32.exe inetp60.dll, DllRunServer Rundll32_8 Böse rundll32.exe RUSBHOLoader.dll, AutoRegister RUSBHOLoader Unbekannt rundll32.exe sasync.dll, SyncWait saSyncMgr Böse rundll32.exe stlbupdt.DLL, DllRunMain stlbupdt Böse Rundll32.exe SysDll32.dll, SystemCheck System Check Gut rundll32.exe TaskMan Böse rundll32.exe tweakui.cpl, tweakmeup Tweak UI Gut rundll32.exe tweakui.cpl, tweaklogon Tweak UI Gut rundll32.exe UCMTSAIE.dll, DllShowTB UCmore XP - The Search Accelerator Gut Rundll32.exe UPDATEHOOK Unbekannt RUNDLL32.exe MSSIGN30.DLL ondll_reg VFW Encoder/Decoder Settings Böse rundll32.exe 3DBBps.dll, BansheeLoadSettings VoodooBanshee Gut rundll32.exe w3knet.dll, dllinitrun W3KNetwork Böse RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu WIAWizardMenu Gut Rundll32.exe Win32 Rundll Loader Böse Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings Winfast2KLoadDefault Gut Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings WinFast_Gamma Gut rundll32.exe wh95.dll, HackMe WinHacker Gut rundll32.exe stlbdist.dll, DllRunMain {2CF0B992-5EEB-4143-99C0-5297EF71F444} Böse rundll32.exe stlbupdt.DLL, DllRunMain {2CF0B992-5EEB-4143-99C2-5297EF71F44B} Böse rundll32.exe BatInfEx Gut rundll32.exe MSA64CHK.dll, DllMostrar CoolDownloads Böse rundll32.exe MSA64CHK.dll, DllMostrar CoolMP3 Böse rundll32.exe CrazyTalk.dll, DIIServeMediaFile CrazyTalk Serve Gut rundll32.exe MSA64CHK.dll, DllMostrar DownloadLegalMusic Böse rundll32.exe MSA64CHK.dll, DllMostrar GetTheMusic Böse rundll32.exe (path) he3e3fc4.dll,EnableRunDLL32 he3e3fc4 Böse rundll32.exe (path) icdd7ee6.dll,EnableRunDLL32 icdd7ee6 Böse rundll32.exe (path) iel2cde8.dll,EnableRunDLL32 iel2cde8 Böse rundll32.exe [file name].dll, InstantAccess Instant Access Böse rundll32.exe (path) kw3eef76.dll,EnableRunDLL32 kw3eef76 Böse rundll32.exe (path) li01f948.dll,EnableRunDLL32 li01f948 Böse rundll32.exe [path] SIPSPI32.dll,SIPSPI32 LoadSIPS Böse rundll32.exe migrate.dll, CallVendorSetupDlls MigrationVend or SetupCaller Unbekannt rundll32.exe NewDotNetStartup Newdot~2.exe New.net or NEWDOT~1 Böse rundll32.exe MSA64CHK.dll, DllMostrar NiceDownloads Böse rundll32.exe NvCpl.dll, NvStartup NvCpl or NvCplDaemon Gut rundll32.exe NvQtwk.dll, NvTaskbarInit NvidiaQuickTweak or NVQuickTweak Gut rundll32.exeptipbmf.dll Ptipbmf Gut rundll32.exe (path) readdb40.dll,EnableRunDLL32 readdb40 Böse rundll32.exe npvpg005.dll RFX_auto_upgrade Gut rundll32.exe (path) si91e44b.dll,EnableRunDLL32 si91e44b Böse Rundll32.exe v128iitw.dll, STB_InitTweak V128IID Gut rundll32.exe wftask.dll,WFDllLoadDefaultSettings WinFast_Taskbar Gut RUNDLL32.EXE (random value).dll,_mainRD winupd Böse rundll32.exe (path) wm41a398.dll,EnableRunDLL32 wm41a398 Böse rundll32.exe stlb2.dll,DllRunMain {12EE7A5E-0674-42f9-A76B-000000004D00} Böse rundll32.exe wextract_cleanup0 Gut rundll32.exe shell32.dll, Control_RunDLL ...123456 123456 Böse rundll32.exe stmctrl.dll, TaskBar AdslTaskBar Gut rundll32.exe bcmhal9x.dll, bcinit BCMHal Gut Rundll32.exe BDSrHook.dll, Rundll32 BIE Böse rundll32.exe irprops.cpl,,BluetoothAuthenticationA BlueToothAuthentication Agent Gut rundll32.exe ...Bridge.dll Bridge Böse RunDLL32.EXE bsx5.dll bxsx5 Böse RunDLL32.EXE bxxs5.dll, dllrun bxxs5 Böse rundll32.exe streamci, StreamingDeviceSetup Ccdecode Gut rundll32.exe MSA64CHK.dll, DllMostrar ContentDownload Böse rundll32.exe CrazyTalk.dll, DIIServeMediaFile CrazyTalk Serve Gut rundll32.exe DeadAIM.ocm, ExportedCheckODLs DeadAIM Gut rundll32.exe msconfd.dll, Restore ControlPanel Desktop Böse rundll32.exe msa32chk.dll Dialer Böse rundll32.exe QaBar.dll, ForceShowBar ForceShow Böse rundll32.exe Icsdclt.dll, ICSClient ICSDCLT Gut rundll32.exe [file name].dll, InstantAccess Instant Access Böse rundll32.exe ..lhttseng.inf, RemoveCabinet lhttseng Gut rundll32.exe MSDServ.dll, check registry Mass storage check registry Gut rundll32.exe navupd.dll, Startup NAVUpd Böse rundll32.exe NewDotNetStartup Newdot~2.exe New.net or NEWDOT~1 Böse rundll32.exe NvQtwk.dll, NvColorInit NvColorInit Unbekannt rundll32.exe NvQtwk.dll, NvCplDaemon NvCplDaemon Gut rundll32.exe NvQtwk.dll, NvTaskbarInit NvidiaQuickTweak or NVQuickTweak Gut rundll32.exe nview.dll, nViewLoadHook NVIEW Gut rundll32.exe NvQtwk.dll, NvXTInit NvInitialize Gut RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit NVMCTRAY Gut Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoN OfotoNow USB Detection Gut RunDLL32.EXE oo4.dll, DllRun oo4 Böse rundll32.exe npvpg005.dll RFX_auto_upgrade Gut rundll32.exe bridge.dll, Load RunDLL Böse Rundll32.exe Rundll32 Böse RUNDLL32.EXE NvQtwk, NvCplDaemon RUNDLL32 Gut RunDLL32.exe NvMCTray.dll, NvTaskbarInit RunDLL32 Gut Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings rundll32 Gut Rundll32.exe ptipbm.dll, SetWriteBack Rundll32 Böse rundll32.exeirprops.cpl BluetoothAuthenticationAgent Gut rundll32.exe rundll32 Böse RunDLL32.exe irprops.cpl, BluetoothAuthenticationA rundll32 Gut rundll32.exe MSIEFR40.DLL, DllRunServer Rundll32_7 Böse rundll32.exe inetp60.dll, DllRunServer Rundll32_8 Böse rundll32.exe sasync.dll, SyncWait saSyncMgr Böse Rundll32.exe SysDll32.dll, SystemCheck System Check Gut rundll32.exe TaskMan Böse rundll32.exe tweakui.cpl, tweakmeup Tweak UI Gut rundll32.exe tweakui.cpl, tweaklogon Tweak UI Gut rundll32.exe UCMTSAIE.dll, DllShowTB UCmore XP - The Search Accelerator Gut rundll32.exe wftask.dll,WFDllLoadDefaultSettings WinFast_Taskbar Gut Rundll32.exe v128iitw.dll, STB_InitTweak V128IID Gut rundll32.exe 3DBBps.dll, BansheeLoadSettings VoodooBanshee Gut rundll32.exe w3knet.dll, dllinitrun W3KNetwork Böse RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu WIAWizardMenu Gut Rundll32.exe Win32 Rundll Loader Böse Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings Winfast2KLoadDefault Gut Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings WinFast_Gamma Gut rundll32.exe wh95.dll, HackMe WinHacker Gut rundll32.exe stlbupdt.DLL, DllRunMain {2CF0B992-5EEB-4143-99C2-5297EF71F44B} Böse rundll32.exe [path] SIPSPI32.dll,SIPSPI32 LoadSIPS Böse rundll32.exe BatInfEx Gut RUNDLL32.EXE (random value).dll,_mainRD winupd Böse rundll32.exe stlb2.dll,DllRunMain {12EE7A5E-0674-42f9-A76B-000000004D00} Böse "%\Windows%\rundll32.exe "%System%\mmsystem.dll"", MMSystem Böse rundll32.exe E6F1873B.DLL,D9EBC318C A70F6A1D-0195-42a2-934C-D8AC0F7C08EB Böse RUNDLL32.exe cdaEngine0400.dll",cdaEngineMain WildTangent CDA Gut rundll32.exe [path] tbGame.dll" DllShowTB Games toolbar Böse rundll32.exe [path] tbextn.dll DllShowTB IE Menu Extension toolbar Böse rundll32.exe Windows DLL Loader Böse rundll32.exe [path] MMFS.DLL,Service LicCtrl Gut rundll32.exe NvCpl.dll NvCplDaemon Gut RUNDLL32.EXETWEAKUI.CPL Tweak UI Gut rundll32.exenview.dll NVIEW Gut rundll32.exebthprops.cpl BluetoothAuthenticationAgent Gut -------------------------------------------------------------------------- und dann das noch: O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Downloa...sloader_v3.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/...LER_loader.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/31...CX/FlashAX.cab O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} - http://www.imperialcasino.com/dload/gvdload.cab ich verstehe nix!!! ganze rechner im arsch...???!? hilllfeeeeeeeeeee.... :-(( |
18.03.2005, 15:41 | #4 |
| TR/Proxy Agent CS - was tun? Poste das ganze HijackThis-Logfile und die Ergebnisse von eScan in diesem Thread. |
18.03.2005, 15:57 | #5 |
| TR/Proxy Agent CS - was tun? hier escan: Fri Mar 18 14:41:57 2005 => File C:\Dokumente und Einstellungen\Standard\Startmenü\Programme\Autostart\DLHelperEXE.exe infected by "not-a-virus:AdWare.Thumper.a" Virus. Action Taken: No Action Taken. Fri Mar 18 14:47:16 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\UnknownType.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken. Fri Mar 18 14:52:02 2005 => Scanning File C:\ied_s7.cab Fri Mar 18 14:52:02 2005 => File C:\ied_s7.cab infected by "Trojan-Downloader.Win32.Mediket.r" Virus. Action Taken: No Action Taken. Fri Mar 18 14:55:53 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Fri Mar 18 14:55:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0076688.EXE.VIR Fri Mar 18 14:55:53 2005 => File C:\Programme\AVPersonal\INFECTED\A0076688.EXE.VIR infected by "Trojan-Proxy.Win32.Ranky.ao" Virus. Action Taken: No Action Taken. Fri Mar 18 14:55:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\VIXEN.EXE.VIR Fri Mar 18 14:55:53 2005 => File C:\Programme\AVPersonal\INFECTED\VIXEN.EXE.VIR infected by "Trojan-Proxy.Win32.Agent.cs" Virus. Action Taken: No Action Taken. Fri Mar 18 14:55:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\vixen.VIR Fri Mar 18 14:55:53 2005 => File C:\Programme\AVPersonal\INFECTED\vixen.VIR infected by "Trojan-Proxy.Win32.Agent.cs" Virus. Action Taken: No Action Taken. Fri Mar 18 15:00:19 2005 => Scanning Folder: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\Infected\*.* Fri Mar 18 15:00:19 2005 => Scanning File C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\Infected.wav Fri Mar 18 15:15:58 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP375\A0076645.exe infected by "not-a-virus:AdWare.PowerScan.c" Virus. Action Taken: No Action Taken. Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077813.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077814.exe Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077814.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken. Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken. Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077816.vbs Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077816.vbs infected by "Trojan-Downloader.VBS.Psyme.as" Virus. Action Taken: No Action Taken. Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077820.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Fri Mar 18 15:23:48 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP391\A0083954.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken. und das andere: Logfile of HijackThis v1.99.1 Scan saved at 15:04:01, on 18.03.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\winadm.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\winadmd.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\DOKUME~1\Standard\LOKALE~1\Temp\mwavscan.com C:\DOKUME~1\Standard\LOKALE~1\Temp\kavss.exe C:\Programme\WinZip\WINZIP32.EXE C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfcv.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O1 - Hosts: 255.255.255.255 www.casinoxo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [_winadm] C:\WINDOWS\System32\winadm.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Startup: DLHelperEXE.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .tif: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll O12 - Plugin for ¸æ: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Downloa...sloader_v3.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/...LER_loader.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/31...CX/FlashAX.cab O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} - http://www.imperialcasino.com/dload/gvdload.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{977143EF-CD3B-411B-B161-FA965B2C5B4A}: NameServer = 217.237.151.225 217.237.150.225 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe so ok???? |
Themen zu TR/Proxy Agent CS - was tun? |
.exe, agent, ahnung, einfach, eingefangen, entferne, entfernen, gefangen, gen, helfen, keine ahnung, loswerden, troja, trojaner, trojaner eingefangen, was tun, was tun? |