|
Plagegeister aller Art und deren Bekämpfung: Virus oder Trojaner und wie bekomme ichs weg??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.06.2005, 22:06 | #1 |
| Virus oder Trojaner und wie bekomme ichs weg?? Nach jedem neustart habe ich eine neue exe in meinem task manager bzw. ändert sie immer den namen wenn ichs vorher gelöscht habe. Heute zB apirk.exe oder mal addtw32.exe usw. es kehrt immer wieder und verändert den namen. hab schon antivir adaware und spybot probiert, die finden nix... und ab und zu bekomme ich dann in der taskleiste ein rotes symbol mit weißem kreuz "Your computer might be at risk" hier mal ein logfile von highjackthis Logfile of HijackThis v1.99.1 Scan saved at 22:58:59, on 09.06.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ntvk.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\programme\powerstrip\pstrip.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\netdde.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\System32\LVComsX.exe C:\WINDOWS\system32\apirk.exe C:\Dokumente und Einstellungen\Netwalker\Eigene Dateien\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gfhjkhgi.biz (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjjsa.dll/sp.html#55135 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjjsa.dll/sp.html#55135 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rjjsa.dll/sp.html#55135 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjjsa.dll/sp.html#55135 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjjsa.dll/sp.html#55135 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjjsa.dll/sp.html#55135 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjjsa.dll/sp.html#55135 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {2716D879-C8BD-BABB-F6EA-1EEC82868231} - C:\WINDOWS\iefm.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Class - {FAA3AE33-E236-9AAE-0086-426033A4531F} - C:\WINDOWS\system32\mfchw.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [addcd.exe] C:\WINDOWS\addcd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iedd32.exe] C:\WINDOWS\iedd32.exe O4 - HKLM\..\Run: [crxx.exe] C:\WINDOWS\crxx.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [sdkos32.exe] C:\WINDOWS\sdkos32.exe O4 - HKLM\..\Run: [winpk.exe] C:\WINDOWS\winpk.exe O4 - HKLM\..\Run: [mfcvs32.exe] C:\WINDOWS\mfcvs32.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [atlxq32.exe] C:\WINDOWS\system32\atlxq32.exe O4 - HKLM\..\Run: [apirk.exe] C:\WINDOWS\system32\apirk.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O8 - Extra context menu item: >>> EasyWWW.com -Your Easy Surf Home! - http://www.easywww.com/ O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107970526901 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - https://www.novaworld.com/NWCommunities/Beta/NLSysInfo.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntvk.exe" /s (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe _____________ Anm. Aktive Links editiert! Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis. LG Cidre S-Mod TB Geändert von Cidre (10.06.2005 um 20:12 Uhr) |
09.06.2005, 22:51 | #2 |
| Virus oder Trojaner und wie bekomme ichs weg?? Hallo Millerworld,
__________________Du hast ziemlich viel in Deinem System. Grund dafür ist u.a. Dein veraltetes Betriebssystem, SP 2 und weitere Sicherheitsupdates sind aktuell. Führe mal Escan aus (scan im abgesicherten Modus) und poste die Funde mit Hilfe der "find.bat". Lies die Anleitung bitte aufmerksam durch. Nimm auch vorher eine Datenträgerbereinigung vor und leere den Quarantäne-Ordner Deines Virenprogrammes. dartus
__________________ |
10.06.2005, 10:21 | #3 |
| Virus oder Trojaner und wie bekomme ichs weg?? so, hatte nochmal adaware spybot und zum schluss antivir laufen lassen, hat auch mehrere sachen gefunden aber das hauptproblem ist immer noch da. also hab ich mal dieses eScan laufen lassen und das hat noch 119 Viruse gefunden
__________________hier mal das logfile: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Jun 10 03:26:04 2005 => File C:\WINDOWS\system32\WININET.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:05 2005 => File C:\WINDOWS\System32\OLEADM.dll infected by "Trojan.Win32.Agent.eq" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:11 2005 => File C:\WINDOWS\system32\mfchw.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:15 2005 => File C:\WINDOWS\inet20057\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:19 2005 => File C:\WINDOWS\ipyx.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:19 2005 => File C:\WINDOWS\d3hk.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:20 2005 => File C:\WINDOWS\system32\mfchw.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:24 2005 => File C:\WINDOWS\inet20057\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:25 2005 => File C:\WINDOWS\d3hk.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:25 2005 => File C:\WINDOWS\ipyx.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 03:26:34 2005 => System found infected with CWS.YExe Spyware/Adware ({5321E378-FFAD-4999-8C62-03CA8155F0B3})! Action taken: No Action Taken. Fri Jun 10 03:26:35 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Fri Jun 10 03:26:51 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Fri Jun 10 03:27:26 2005 => File C:\abcsp.chm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. Fri Jun 10 03:27:26 2005 => File C:\abcxx.chm infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken. Fri Jun 10 03:32:05 2005 => File C:\Dokumente und Einstellungen\Netwalker\Lokale Einstellungen\Temp\maxdd.game infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken. Fri Jun 10 03:43:25 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Fri Jun 10 04:15:02 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013017.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:02 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013026.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013062.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013063.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013065.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013072.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013096.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:08 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013151.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:09 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013174.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:10 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013199.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:15:21 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013237.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:16:28 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014109.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:16:29 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP54\A0014128.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:16:30 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP54\A0014145.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:16:51 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014496.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:01 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014666.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014716.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014734.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014735.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:06 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014757.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014794.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014795.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014797.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014798.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014800.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014802.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014804.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014805.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014806.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014807.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014808.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014811.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014812.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014841.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014843.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014845.exe infected by "Trojan-Downloader.Win32.Delf.og" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014846.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014847.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014848.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014850.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014851.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014852.exe infected by "Trojan-Downloader.Win32.Small.axo" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014853.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014860.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014870.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014871.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014889.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014901.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014902.exe infected by "Trojan-Downloader.Win32.Delf.og" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014904.exe infected by "Trojan-Downloader.Win32.Small.axo" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014905.exe infected by "Trojan-Downloader.Win32.Small.awa" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014906.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014907.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014908.exe infected by "Trojan-Downloader.Win32.Small.axn" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014922.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014923.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:17 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014924.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:21 2005 => File C:\webboxall.chm infected by "Trojan-Downloader.Win32.Small.abw" Virus! Action Taken: No Action Taken. Fri Jun 10 04:17:45 2005 => File C:\WINDOWS\atlwv32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken. Fri Jun 10 04:20:22 2005 => File C:\WINDOWS\iefm.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:20:22 2005 => File C:\WINDOWS\iexd32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:21:57 2005 => File C:\WINDOWS\ipum32.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken. Fri Jun 10 04:22:10 2005 => File C:\WINDOWS\mfcwm32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken. Fri Jun 10 04:22:20 2005 => File C:\WINDOWS\msdownld.tmp\wupd0000.exe infected by "Trojan-Downloader.Win32.Delf.dd" Virus! Action Taken: No Action Taken. Fri Jun 10 04:22:21 2005 => File C:\WINDOWS\n_houpyr.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:22:21 2005 => File C:\WINDOWS\n_rourji.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:23:21 2005 => File C:\WINDOWS\system32\addga.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken. Fri Jun 10 04:23:21 2005 => File C:\WINDOWS\system32\addli.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken. Fri Jun 10 04:25:30 2005 => File C:\WINDOWS\system32\forward.exe infected by "Trojan-Downloader.Win32.Agent.dy" Virus! Action Taken: No Action Taken. Fri Jun 10 04:25:34 2005 => File C:\WINDOWS\system32\ieef32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken. Fri Jun 10 04:25:41 2005 => File C:\WINDOWS\system32\iplo.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken. Fri Jun 10 04:25:54 2005 => File C:\WINDOWS\system32\maxd.exe infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken. Fri Jun 10 04:26:10 2005 => File C:\WINDOWS\system32\netbi32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:26:10 2005 => File C:\WINDOWS\system32\netdq.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:26:24 2005 => File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eq" Virus! Action Taken: No Action Taken. Fri Jun 10 04:27:28 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken. Fri Jun 10 04:27:43 2005 => File C:\WINDOWS\uninstIU.exe infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken. Fri Jun 10 04:49:44 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Jun 10 03:26:09 2005 => File C:\WINDOWS\System32\seqsb.dll tagged as "not-a-virus:AdWare.ToolBar.Neon.c". Action Taken: No Action Taken. Fri Jun 10 03:26:23 2005 => File C:\WINDOWS\System32\seqsb.dll tagged as "not-a-virus:AdWare.ToolBar.Neon.c". Action Taken: No Action Taken. Fri Jun 10 03:37:46 2005 => File C:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. Fri Jun 10 03:39:40 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Fri Jun 10 03:43:45 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken. Fri Jun 10 03:44:12 2005 => File C:\Programme\Cool2000\ce2kunin.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Fri Jun 10 04:02:10 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Fri Jun 10 04:14:08 2005 => File C:\Programme\WinRAR\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. Fri Jun 10 04:14:08 2005 => File C:\Programme\WinRAR\patch2.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. Fri Jun 10 04:15:20 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013212.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken. Fri Jun 10 04:16:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0013940.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken. Fri Jun 10 04:16:22 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014015.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken. Fri Jun 10 04:16:23 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014030.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken. Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014909.exe tagged as not-a-virusownloader.Win32.Awmcash.a. No Action Taken. Fri Jun 10 04:17:45 2005 => File C:\WINDOWS\brrjv.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken. Fri Jun 10 04:20:53 2005 => File C:\WINDOWS\inet20057\3.00.05.dll tagged as "not-a-virus:AdWare.BHO.Ihbo.gen". Action Taken: No Action Taken. Fri Jun 10 04:25:47 2005 => File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken. Fri Jun 10 04:27:47 2005 => File C:\WINDOWS\woinstall.exe tagged as "not-a-virus:AdWare.EZula.ak". Action Taken: No Action Taken. Fri Jun 10 04:30:45 2005 => File D:\Daten 1\Files\Tools\neu\Paint Shop Pro 8\xxxx.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. Fri Jun 10 04:49:29 2005 => File D:\System Volume Information\_restore{663B9F3E-4E80-44C3-8F1E-46F2D5C4C07F}\RP48\A0017266.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Fri Jun 10 04:49:31 2005 => File D:\System Volume Information\_restore{663B9F3E-4E80-44C3-8F1E-46F2D5C4C07F}\RP48\A0017267.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Fri Jun 10 04:49:44 2005 => Total Virus(es) Found: 119 Fri Jun 10 04:49:44 2005 => Total Errors: 201 Fri Jun 10 04:49:44 2005 => Time Elapsed: 01:23:41 Fri Jun 10 04:49:44 2005 => Total Objects Scanned: 113851 Fri Jun 10 03:25:04 2005 => Virus Database Date: 2005/06/10 Fri Jun 10 04:49:44 2005 => Virus Database Date: 2005/06/10 Fri Jun 10 11:08:40 2005 => Virus Database Date: 2005/06/10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ |
10.06.2005, 14:11 | #4 |
| Virus oder Trojaner und wie bekomme ichs weg?? so hab jetzt auch sp2 und alle sicherheitsupdates drauf und nochmal mit adaware und antivir gescannt. problem ist aber immernoch da... hier mal ein aktuelles highjack log: Logfile of HijackThis v1.99.1 Scan saved at 15:11:20, on 10.06.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\inet20057\winlogon.exe C:\WINDOWS\system32\CTHELPER.EXE C:\programme\powerstrip\pstrip.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Maxthon\Maxthon.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\mfcik.exe C:\Dokumente und Einstellungen\Netwalker\Eigene Dateien\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gfhjkhgi.biz (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - Default URLSearchHook is missing F3 - REG:win.ini: run=C:\WINDOWS\inet20057\winlogon.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Class - {FAA3AE33-E236-9AAE-0086-426033A4531F} - C:\WINDOWS\system32\mfchw.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe O4 - HKLM\..\Run: [javarc.exe] C:\WINDOWS\system32\javarc.exe O4 - HKLM\..\Run: [crqw32.exe] C:\WINDOWS\system32\crqw32.exe O4 - HKLM\..\Run: [addik.exe] C:\WINDOWS\addik.exe O4 - HKLM\..\Run: [atlcb.exe] C:\WINDOWS\system32\atlcb.exe O4 - HKLM\..\Run: [d3hk.exe] C:\WINDOWS\d3hk.exe O4 - HKLM\..\Run: [apiku.exe] C:\WINDOWS\system32\apiku.exe O4 - HKLM\..\RunOnce: [winch.exe] C:\WINDOWS\system32\winch.exe O4 - HKLM\..\RunOnce: [mfcik.exe] C:\WINDOWS\mfcik.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O8 - Extra context menu item: >>> EasyWWW.com -Your Easy Surf Home! - http://www.easywww.com/ O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107970526901 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - https://www.novaworld.com/NWCommunities/Beta/NLSysInfo.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe _____________ Anm. Aktive Links editiert! LG Cidre S-Mod TB Geändert von Cidre (10.06.2005 um 20:13 Uhr) |
10.06.2005, 14:14 | #5 |
| Virus oder Trojaner und wie bekomme ichs weg?? Bei der Masse an Malware, die sich munter fortpflanzt lautet meine Empfehlung wie folgt: Setz' das System neu auf! BTW: Dialer je nach Verbindungsart bitte auf Diskette speichern -> Dialer-Hinweis |
Themen zu Virus oder Trojaner und wie bekomme ichs weg?? |
adobe, antivir, antivir update, bho, computer, dsl, einstellungen, exe, explorer, file missing, hijack, hijackthis, home, immer wieder, internet, internet explorer, logfile, neustart, nvidia, obfuscated, rundll, scan, software, system, taskleiste, trojaner, urlsearchhook, virus, weißem kreuz, windows, windows xp, your computer might be at risk |