TR/Proxy Agent CS - was tun?

Framel · 16.03.2005, 21:15

Hallo!
Habe mir einen Trojaner eingefangen, der einfach nicht zu entfernen ist... :-(
Nennt sich TR/Proxy Agend CS (ied_s7_c_7.exe) und ist irgendwie im CAB Microsoft....habe keine Ahnung wie ich den loswerden soll..
Kann jemand helfen?

chaosman · 16.03.2005, 21:28

@Framel
poste ein HJT logfile
direktdownload
anleitung
lade escan
download
anleitung
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

chaosman

Framel · 18.03.2005, 15:32

@chaosman: also... diesen trojaner konnte ich nun wohl doch löschen, aber dafür tausende andere sachen gefunden, wo ich keinen plan habe...??? :-(((

O1 - Hosts: 255.255.255.255 www.casinoxo.com
Böse Dieser Eintrag muss sofort gefixt werden. Muss gefixt werden
------------------------------------------------------------------------
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

da folgt dann das:

Details

-- Resultate auf den Namen: "NvCplDaemon" --

Name Datei Status
NvCplorNvCplDaemon rundll32.exe NvCpl.dll, NvStartup Gut
NvCplDaemon rundll32.exe NvQtwk.dll, NvCplDaemon Gut
NvCpl or NvCplDaemon rundll32.exe NvCpl.dll, NvStartup Gut
NvCplDaemon rundll32.exe NvQtwk.dll, NvCplDaemon Gut
NvCplDaemon NvCpl.dll Gut
NvCplDaemon rundll32.exe NvCpl.dll Gut
NvCplDaemon NvStartup Gut

-- Resultate auf die Datei: "RUNDLL32.EXE" --

Datei Name Status
rundll32.exe shell32.dll, Control_RunDLL ...123456 123456 Böse rundll32.exe stmctrl.dll, TaskBar AdslTaskBar Gut
rundll32.exe bcmhal9x.dll, bcinit BCMHal Gut
Rundll32.exe BDSrHook.dll, Rundll32 BIE Böse
RunDLL32.exe irprops.cpl, BluetoothAuthenticationA BlueToothAuthentication Agent Gut
rundll32.exe ...Bridge.dll Bridge Böse
Rundll32.exe bs3.dll, DllRun Bsx3 Böse
RunDLL32.EXE bsx5.dll bxsx5 Böse
RunDLL32.EXE bxxs5.dll, dllrun bxxs5 Böse
rundll32.exe streamci, StreamingDeviceSetup Ccdecode Gut
Rundll32.exe CNSMIN.DLL, Rundll32 CnsMin Böse
Rundll32.exe SECURE32.CPL, Service Compaq Computer Security Unbekannt
rundll32.exe MSA64CHK.dll, DllMostrar ContentDownload Böse
rundll32.exe ctrlpan.dll, Restore ControlPanel Control Böse
rundll32.exe DeadAIM.ocm, ExportedCheckODLs DeadAIM Gut
rundll32.exe advpack.dll, DelNodeRunDLL32 submit.e delsubmit Böse
rundll32.exe msconfd.dll, Restore ControlPanel Desktop Böse
rundll32.exe msa32chk.dll Dialer Böse
rundll32.exe QaBar.dll, ForceShowBar ForceShow Böse
rundll32.exe MSA64CHK.DLL, DllMostrar FreeMP3download Böse rundll32.exe Icsdclt.dll, ICSClient ICSDCLT Gut
rundll32.exe EGDHTML_1023.dll, InstantAccess Instant Access Böse rundll32.exe ..lhttseng.inf, RemoveCabinet lhttseng Gut
rundll32.exe mshtmpre.dll, MShtmpre LoadHTML Böse
Rundll32.exepowrprof.dll LoadPowerProfile Gut
Rundll32.exe LoadPowerProfile Böse
rundll32.exe MSDServ.dll, check registry Mass storage check registry Gut
rundll32.exe migrate.dll, CallVendorSetupDlls MigrationVendorSetupCaller Unbekannt
RUNDLL32.EXE reg.dll, ondll_reg Module Call initialize Böse
rundll32.exe navupd.dll, Startup NAVUpd Böse
rundll32.exe NewDotNetStartup Newdot~2.exe New.netorNEWDOT~1 Böse
rundll32.exe NvQtwk.dll, NvColorInit NvColorInit Unbekannt
rundll32.exe NvCpl.dll, NvStartup NvCplorNvCplDaemon Gut
rundll32.exe NvQtwk.dll, NvCplDaemon NvCplDaemon Gut
rundll32.exe NvQtwk.dll, NvTaskbarInit NvidiaQuickTweakorNVQuickTweak Gut
rundll32.exe nview.dll, nViewLoadHook NVIEW Gut
rundll32.exe NvQtwk.dll, NvXTInit NvInitialize Gut
RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit NVMCTRAY Unbekannt
RunDLL32.exe NvMCTray.dll, NvTaskbarInit NvMediaCenter Gut
Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoN OfotoNow USB Detection Gut
RunDLL32.EXE oo4.dll, DllRun oo4 Böse
RUNDLL32.EXE MSSIGN30.DLL ondll_reg Protected Storage Böse
RUNDLL32.EXE reg678.dll ondll_reg Remote Procedure Call Locator Böse
rundll32.exe bridge.dll, Load RunDLL Böse
Rundll32.exe Rundll32 Böse
RUNDLL32.EXE NvQtwk, NvCplDaemon RUNDLL32 Gut
RunDLL32.exe NvMCTray.dll, NvTaskbarInit RunDLL32 Gut
Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings rundll32 Gut
Rundll32.exe ptipbm.dll, SetWriteBack Rundll32 Böse
rundll32.exe ptipbmf.dll, SetWriteCacheMode rundll32 Unbekannt
rundll32.exe rundll32 Böse
RunDLL32.exe irprops.cpl, BluetoothAuthenticationA rundll32 Gut
rundll32.exe MSIEFR40.DLL, DllRunServer Rundll32_7 Böse
rundll32.exe inetp60.dll, DllRunServer Rundll32_8 Böse
rundll32.exe RUSBHOLoader.dll, AutoRegister RUSBHOLoader Unbekannt
rundll32.exe sasync.dll, SyncWait saSyncMgr Böse
rundll32.exe stlbupdt.DLL, DllRunMain stlbupdt Böse
Rundll32.exe SysDll32.dll, SystemCheck System Check Gut
rundll32.exe TaskMan Böse
rundll32.exe tweakui.cpl, tweakmeup Tweak UI Gut
rundll32.exe tweakui.cpl, tweaklogon Tweak UI Gut
rundll32.exe UCMTSAIE.dll, DllShowTB UCmore XP - The Search Accelerator Gut
Rundll32.exe UPDATEHOOK Unbekannt
RUNDLL32.exe MSSIGN30.DLL ondll_reg VFW Encoder/Decoder Settings Böse
rundll32.exe 3DBBps.dll, BansheeLoadSettings VoodooBanshee Gut
rundll32.exe w3knet.dll, dllinitrun W3KNetwork Böse
RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu WIAWizardMenu Gut
Rundll32.exe Win32 Rundll Loader Böse
Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings Winfast2KLoadDefault Gut
Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings WinFast_Gamma Gut
rundll32.exe wh95.dll, HackMe WinHacker Gut
rundll32.exe stlbdist.dll, DllRunMain {2CF0B992-5EEB-4143-99C0-5297EF71F444} Böse
rundll32.exe stlbupdt.DLL, DllRunMain {2CF0B992-5EEB-4143-99C2-5297EF71F44B} Böse
rundll32.exe BatInfEx Gut
rundll32.exe MSA64CHK.dll, DllMostrar CoolDownloads Böse
rundll32.exe MSA64CHK.dll, DllMostrar CoolMP3 Böse
rundll32.exe CrazyTalk.dll, DIIServeMediaFile CrazyTalk Serve Gut
rundll32.exe MSA64CHK.dll, DllMostrar DownloadLegalMusic Böse
rundll32.exe MSA64CHK.dll, DllMostrar GetTheMusic Böse
rundll32.exe (path) he3e3fc4.dll,EnableRunDLL32 he3e3fc4 Böse
rundll32.exe (path) icdd7ee6.dll,EnableRunDLL32 icdd7ee6 Böse
rundll32.exe (path) iel2cde8.dll,EnableRunDLL32 iel2cde8 Böse
rundll32.exe [file name].dll, InstantAccess Instant Access Böse
rundll32.exe (path) kw3eef76.dll,EnableRunDLL32 kw3eef76 Böse
rundll32.exe (path) li01f948.dll,EnableRunDLL32 li01f948 Böse
rundll32.exe [path] SIPSPI32.dll,SIPSPI32 LoadSIPS Böse
rundll32.exe migrate.dll, CallVendorSetupDlls MigrationVend or SetupCaller Unbekannt
rundll32.exe NewDotNetStartup Newdot~2.exe New.net or NEWDOT~1 Böse
rundll32.exe MSA64CHK.dll, DllMostrar NiceDownloads Böse
rundll32.exe NvCpl.dll, NvStartup NvCpl or NvCplDaemon Gut
rundll32.exe NvQtwk.dll, NvTaskbarInit NvidiaQuickTweak or NVQuickTweak Gut
rundll32.exeptipbmf.dll Ptipbmf Gut
rundll32.exe (path) readdb40.dll,EnableRunDLL32 readdb40 Böse
rundll32.exe npvpg005.dll RFX_auto_upgrade Gut
rundll32.exe (path) si91e44b.dll,EnableRunDLL32 si91e44b Böse Rundll32.exe v128iitw.dll, STB_InitTweak V128IID Gut
rundll32.exe wftask.dll,WFDllLoadDefaultSettings WinFast_Taskbar Gut
RUNDLL32.EXE (random value).dll,_mainRD winupd Böse
rundll32.exe (path) wm41a398.dll,EnableRunDLL32 wm41a398 Böse
rundll32.exe stlb2.dll,DllRunMain {12EE7A5E-0674-42f9-A76B-000000004D00} Böse
rundll32.exe wextract_cleanup0 Gut
rundll32.exe shell32.dll, Control_RunDLL ...123456 123456 Böse rundll32.exe stmctrl.dll, TaskBar AdslTaskBar Gut
rundll32.exe bcmhal9x.dll, bcinit BCMHal Gut
Rundll32.exe BDSrHook.dll, Rundll32 BIE Böse
rundll32.exe irprops.cpl,,BluetoothAuthenticationA BlueToothAuthentication Agent Gut
rundll32.exe ...Bridge.dll Bridge Böse
RunDLL32.EXE bsx5.dll bxsx5 Böse
RunDLL32.EXE bxxs5.dll, dllrun bxxs5 Böse
rundll32.exe streamci, StreamingDeviceSetup Ccdecode Gut
rundll32.exe MSA64CHK.dll, DllMostrar ContentDownload Böse
rundll32.exe CrazyTalk.dll, DIIServeMediaFile CrazyTalk Serve Gut
rundll32.exe DeadAIM.ocm, ExportedCheckODLs DeadAIM Gut
rundll32.exe msconfd.dll, Restore ControlPanel Desktop Böse
rundll32.exe msa32chk.dll Dialer Böse
rundll32.exe QaBar.dll, ForceShowBar ForceShow Böse
rundll32.exe Icsdclt.dll, ICSClient ICSDCLT Gut
rundll32.exe [file name].dll, InstantAccess Instant Access Böse
rundll32.exe ..lhttseng.inf, RemoveCabinet lhttseng Gut
rundll32.exe MSDServ.dll, check registry Mass storage check registry Gut
rundll32.exe navupd.dll, Startup NAVUpd Böse
rundll32.exe NewDotNetStartup Newdot~2.exe New.net or NEWDOT~1 Böse
rundll32.exe NvQtwk.dll, NvColorInit NvColorInit Unbekannt
rundll32.exe NvQtwk.dll, NvCplDaemon NvCplDaemon Gut
rundll32.exe NvQtwk.dll, NvTaskbarInit NvidiaQuickTweak or NVQuickTweak Gut
rundll32.exe nview.dll, nViewLoadHook NVIEW Gut
rundll32.exe NvQtwk.dll, NvXTInit NvInitialize Gut
RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit NVMCTRAY Gut
Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoN OfotoNow USB Detection Gut
RunDLL32.EXE oo4.dll, DllRun oo4 Böse
rundll32.exe npvpg005.dll RFX_auto_upgrade Gut
rundll32.exe bridge.dll, Load RunDLL Böse
Rundll32.exe Rundll32 Böse
RUNDLL32.EXE NvQtwk, NvCplDaemon RUNDLL32 Gut
RunDLL32.exe NvMCTray.dll, NvTaskbarInit RunDLL32 Gut
Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings rundll32 Gut
Rundll32.exe ptipbm.dll, SetWriteBack Rundll32 Böse
rundll32.exeirprops.cpl BluetoothAuthenticationAgent Gut
rundll32.exe rundll32 Böse RunDLL32.exe irprops.cpl, BluetoothAuthenticationA rundll32 Gut
rundll32.exe MSIEFR40.DLL, DllRunServer Rundll32_7 Böse
rundll32.exe inetp60.dll, DllRunServer Rundll32_8 Böse
rundll32.exe sasync.dll, SyncWait saSyncMgr Böse
Rundll32.exe SysDll32.dll, SystemCheck System Check Gut
rundll32.exe TaskMan Böse
rundll32.exe tweakui.cpl, tweakmeup Tweak UI Gut
rundll32.exe tweakui.cpl, tweaklogon Tweak UI Gut
rundll32.exe UCMTSAIE.dll, DllShowTB UCmore XP - The Search Accelerator Gut
rundll32.exe wftask.dll,WFDllLoadDefaultSettings WinFast_Taskbar Gut
Rundll32.exe v128iitw.dll, STB_InitTweak V128IID Gut
rundll32.exe 3DBBps.dll, BansheeLoadSettings VoodooBanshee Gut
rundll32.exe w3knet.dll, dllinitrun W3KNetwork Böse
RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu WIAWizardMenu Gut
Rundll32.exe Win32 Rundll Loader Böse
Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings Winfast2KLoadDefault Gut
Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings WinFast_Gamma Gut
rundll32.exe wh95.dll, HackMe WinHacker Gut
rundll32.exe stlbupdt.DLL, DllRunMain {2CF0B992-5EEB-4143-99C2-5297EF71F44B} Böse
rundll32.exe [path] SIPSPI32.dll,SIPSPI32 LoadSIPS Böse
rundll32.exe BatInfEx Gut
RUNDLL32.EXE (random value).dll,_mainRD winupd Böse
rundll32.exe stlb2.dll,DllRunMain {12EE7A5E-0674-42f9-A76B-000000004D00} Böse
"%\Windows%\rundll32.exe "%System%\mmsystem.dll"", MMSystem Böse
rundll32.exe E6F1873B.DLL,D9EBC318C A70F6A1D-0195-42a2-934C-D8AC0F7C08EB Böse
RUNDLL32.exe cdaEngine0400.dll",cdaEngineMain WildTangent CDA Gut
rundll32.exe [path] tbGame.dll" DllShowTB Games toolbar Böse
rundll32.exe [path] tbextn.dll DllShowTB IE Menu Extension toolbar Böse
rundll32.exe Windows DLL Loader Böse
rundll32.exe [path] MMFS.DLL,Service LicCtrl Gut
rundll32.exe NvCpl.dll NvCplDaemon Gut
RUNDLL32.EXETWEAKUI.CPL Tweak UI Gut
rundll32.exenview.dll NVIEW Gut
rundll32.exebthprops.cpl BluetoothAuthenticationAgent Gut

--------------------------------------------------------------------------
und dann das noch:

O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Downloa...sloader_v3.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab

O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/...LER_loader.exe

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/31...CX/FlashAX.cab

O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} - http://www.imperialcasino.com/dload/gvdload.cab

ich verstehe nix!!! ganze rechner im arsch...???!? hilllfeeeeeeeeeee.... :-((

Haui45 · 18.03.2005, 15:41

Poste das ganze HijackThis-Logfile und die Ergebnisse von eScan in diesem Thread.

Framel · 18.03.2005, 15:57

hier escan:

Fri Mar 18 14:41:57 2005 => File C:\Dokumente und Einstellungen\Standard\Startmenü\Programme\Autostart\DLHelperEXE.exe infected by "not-a-virus:AdWare.Thumper.a" Virus. Action Taken: No Action Taken.
Fri Mar 18 14:47:16 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\UnknownType.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
Fri Mar 18 14:52:02 2005 => Scanning File C:\ied_s7.cab
Fri Mar 18 14:52:02 2005 => File C:\ied_s7.cab infected by "Trojan-Downloader.Win32.Mediket.r" Virus. Action Taken: No Action Taken.
Fri Mar 18 14:55:53 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Fri Mar 18 14:55:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0076688.EXE.VIR
Fri Mar 18 14:55:53 2005 => File C:\Programme\AVPersonal\INFECTED\A0076688.EXE.VIR infected by "Trojan-Proxy.Win32.Ranky.ao" Virus. Action Taken: No Action Taken.

Fri Mar 18 14:55:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\VIXEN.EXE.VIR
Fri Mar 18 14:55:53 2005 => File C:\Programme\AVPersonal\INFECTED\VIXEN.EXE.VIR infected by "Trojan-Proxy.Win32.Agent.cs" Virus. Action Taken: No Action Taken.

Fri Mar 18 14:55:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\vixen.VIR
Fri Mar 18 14:55:53 2005 => File C:\Programme\AVPersonal\INFECTED\vixen.VIR infected by "Trojan-Proxy.Win32.Agent.cs" Virus. Action Taken: No Action Taken.
Fri Mar 18 15:00:19 2005 => Scanning Folder: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\Infected\*.*
Fri Mar 18 15:00:19 2005 => Scanning File C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\Infected.wav
Fri Mar 18 15:15:58 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP375\A0076645.exe infected by "not-a-virus:AdWare.PowerScan.c" Virus. Action Taken: No Action Taken.
Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077813.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077814.exe
Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077814.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.

Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe
Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe
Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077815.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.

Fri Mar 18 15:17:29 2005 => Scanning File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077816.vbs
Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077816.vbs infected by "Trojan-Downloader.VBS.Psyme.as" Virus. Action Taken: No Action Taken.
Fri Mar 18 15:17:29 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP377\A0077820.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
Fri Mar 18 15:23:48 2005 => File C:\System Volume Information\_restore{3D04C148-B3C2-4958-80BE-2E24D1B2F216}\RP391\A0083954.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.

und das andere:

Logfile of HijackThis v1.99.1
Scan saved at 15:04:01, on 18.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\winadm.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\winadmd.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\Standard\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\Standard\LOKALE~1\Temp\kavss.exe
C:\Programme\WinZip\WINZIP32.EXE
C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfcv.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O1 - Hosts: 255.255.255.255 www.casinoxo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [_winadm] C:\WINDOWS\System32\winadm.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tif: C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for ¸æ: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/...LER_loader.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/31...CX/FlashAX.cab
O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} - http://www.imperialcasino.com/dload/gvdload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{977143EF-CD3B-411B-B161-FA965B2C5B4A}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

so ok????

TR/Proxy Agent CS - was tun?

Plagegeister aller Art und deren Bekämpfung: TR/Proxy Agent CS - was tun?