Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus oder Trojaner und wie bekomme ichs weg??

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2005, 22:06   #1
Millerworld
 
Virus oder Trojaner und wie bekomme ichs weg?? - Standard

Virus oder Trojaner und wie bekomme ichs weg??



Nach jedem neustart habe ich eine neue exe in meinem task manager bzw. ändert sie immer den namen wenn ichs vorher gelöscht habe. Heute zB apirk.exe oder mal addtw32.exe usw.

es kehrt immer wieder und verändert den namen.

hab schon antivir adaware und spybot probiert, die finden nix...

und ab und zu bekomme ich dann in der taskleiste ein rotes symbol mit weißem kreuz "Your computer might be at risk"

hier mal ein logfile von highjackthis


Logfile of HijackThis v1.99.1
Scan saved at 22:58:59, on 09.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ntvk.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\programme\powerstrip\pstrip.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\system32\apirk.exe
C:\Dokumente und Einstellungen\Netwalker\Eigene Dateien\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gfhjkhgi.biz (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2716D879-C8BD-BABB-F6EA-1EEC82868231} - C:\WINDOWS\iefm.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Class - {FAA3AE33-E236-9AAE-0086-426033A4531F} - C:\WINDOWS\system32\mfchw.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addcd.exe] C:\WINDOWS\addcd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iedd32.exe] C:\WINDOWS\iedd32.exe
O4 - HKLM\..\Run: [crxx.exe] C:\WINDOWS\crxx.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [sdkos32.exe] C:\WINDOWS\sdkos32.exe
O4 - HKLM\..\Run: [winpk.exe] C:\WINDOWS\winpk.exe
O4 - HKLM\..\Run: [mfcvs32.exe] C:\WINDOWS\mfcvs32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [atlxq32.exe] C:\WINDOWS\system32\atlxq32.exe
O4 - HKLM\..\Run: [apirk.exe] C:\WINDOWS\system32\apirk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: >>> EasyWWW.com -Your Easy Surf Home! - http://www.easywww.com/
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107970526901
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - https://www.novaworld.com/NWCommunities/Beta/NLSysInfo.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntvk.exe" /s (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
_____________
Anm.
Aktive Links editiert!
Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis.


LG Cidre
S-Mod TB

Geändert von Cidre (10.06.2005 um 20:12 Uhr)

Alt 09.06.2005, 22:51   #2
dartus
 
Virus oder Trojaner und wie bekomme ichs weg?? - Standard

Virus oder Trojaner und wie bekomme ichs weg??



Hallo Millerworld,

Du hast ziemlich viel in Deinem System.
Grund dafür ist u.a. Dein veraltetes Betriebssystem, SP 2 und weitere Sicherheitsupdates sind aktuell.

Führe mal Escan aus (scan im abgesicherten Modus) und poste die Funde mit Hilfe der "find.bat". Lies die Anleitung bitte aufmerksam durch.
Nimm auch vorher eine Datenträgerbereinigung vor und leere den Quarantäne-Ordner Deines Virenprogrammes.

dartus
__________________

__________________

Alt 10.06.2005, 10:21   #3
Millerworld
 
Virus oder Trojaner und wie bekomme ichs weg?? - Standard

Virus oder Trojaner und wie bekomme ichs weg??



so, hatte nochmal adaware spybot und zum schluss antivir laufen lassen, hat auch mehrere sachen gefunden aber das hauptproblem ist immer noch da. also hab ich mal dieses eScan laufen lassen und das hat noch 119 Viruse gefunden

hier mal das logfile:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Jun 10 03:26:04 2005 => File C:\WINDOWS\system32\WININET.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:05 2005 => File C:\WINDOWS\System32\OLEADM.dll infected by "Trojan.Win32.Agent.eq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:11 2005 => File C:\WINDOWS\system32\mfchw.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:15 2005 => File C:\WINDOWS\inet20057\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:19 2005 => File C:\WINDOWS\ipyx.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:19 2005 => File C:\WINDOWS\d3hk.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:20 2005 => File C:\WINDOWS\system32\mfchw.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:24 2005 => File C:\WINDOWS\inet20057\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:25 2005 => File C:\WINDOWS\d3hk.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:25 2005 => File C:\WINDOWS\ipyx.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:34 2005 => System found infected with CWS.YExe Spyware/Adware ({5321E378-FFAD-4999-8C62-03CA8155F0B3})! Action taken: No Action Taken.
Fri Jun 10 03:26:35 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Jun 10 03:26:51 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Fri Jun 10 03:27:26 2005 => File C:\abcsp.chm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:27:26 2005 => File C:\abcxx.chm infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:32:05 2005 => File C:\Dokumente und Einstellungen\Netwalker\Lokale Einstellungen\Temp\maxdd.game infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:43:25 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Fri Jun 10 04:15:02 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013017.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:02 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013026.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013062.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013063.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013065.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013072.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013096.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:08 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013151.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:09 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013174.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:10 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013199.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:21 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013237.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:28 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014109.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:29 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP54\A0014128.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:30 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP54\A0014145.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:51 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014496.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:01 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014666.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014716.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014734.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014735.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:06 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014757.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014794.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014795.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014797.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014798.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014800.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014802.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014804.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014805.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014806.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014807.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014808.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014811.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014812.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014841.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014843.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014845.exe infected by "Trojan-Downloader.Win32.Delf.og" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014846.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014847.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014848.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014850.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014851.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014852.exe infected by "Trojan-Downloader.Win32.Small.axo" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014853.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014860.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014870.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014871.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014889.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014901.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014902.exe infected by "Trojan-Downloader.Win32.Delf.og" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014904.exe infected by "Trojan-Downloader.Win32.Small.axo" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014905.exe infected by "Trojan-Downloader.Win32.Small.awa" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014906.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014907.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014908.exe infected by "Trojan-Downloader.Win32.Small.axn" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014922.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014923.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:17 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014924.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:21 2005 => File C:\webboxall.chm infected by "Trojan-Downloader.Win32.Small.abw" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:45 2005 => File C:\WINDOWS\atlwv32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:20:22 2005 => File C:\WINDOWS\iefm.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:20:22 2005 => File C:\WINDOWS\iexd32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:21:57 2005 => File C:\WINDOWS\ipum32.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:10 2005 => File C:\WINDOWS\mfcwm32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:20 2005 => File C:\WINDOWS\msdownld.tmp\wupd0000.exe infected by "Trojan-Downloader.Win32.Delf.dd" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:21 2005 => File C:\WINDOWS\n_houpyr.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:21 2005 => File C:\WINDOWS\n_rourji.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:23:21 2005 => File C:\WINDOWS\system32\addga.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:23:21 2005 => File C:\WINDOWS\system32\addli.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:30 2005 => File C:\WINDOWS\system32\forward.exe infected by "Trojan-Downloader.Win32.Agent.dy" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:34 2005 => File C:\WINDOWS\system32\ieef32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:41 2005 => File C:\WINDOWS\system32\iplo.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:54 2005 => File C:\WINDOWS\system32\maxd.exe infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:26:10 2005 => File C:\WINDOWS\system32\netbi32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:26:10 2005 => File C:\WINDOWS\system32\netdq.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:26:24 2005 => File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:27:28 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:27:43 2005 => File C:\WINDOWS\uninstIU.exe infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:49:44 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Jun 10 03:26:09 2005 => File C:\WINDOWS\System32\seqsb.dll tagged as "not-a-virus:AdWare.ToolBar.Neon.c". Action Taken: No Action Taken.
Fri Jun 10 03:26:23 2005 => File C:\WINDOWS\System32\seqsb.dll tagged as "not-a-virus:AdWare.ToolBar.Neon.c". Action Taken: No Action Taken.
Fri Jun 10 03:37:46 2005 => File C:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
Fri Jun 10 03:39:40 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 03:43:45 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
Fri Jun 10 03:44:12 2005 => File C:\Programme\Cool2000\ce2kunin.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 04:02:10 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 04:14:08 2005 => File C:\Programme\WinRAR\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
Fri Jun 10 04:14:08 2005 => File C:\Programme\WinRAR\patch2.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
Fri Jun 10 04:15:20 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013212.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
Fri Jun 10 04:16:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0013940.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
Fri Jun 10 04:16:22 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014015.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
Fri Jun 10 04:16:23 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014030.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014909.exe tagged as not-a-virusownloader.Win32.Awmcash.a. No Action Taken.
Fri Jun 10 04:17:45 2005 => File C:\WINDOWS\brrjv.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
Fri Jun 10 04:20:53 2005 => File C:\WINDOWS\inet20057\3.00.05.dll tagged as "not-a-virus:AdWare.BHO.Ihbo.gen". Action Taken: No Action Taken.
Fri Jun 10 04:25:47 2005 => File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
Fri Jun 10 04:27:47 2005 => File C:\WINDOWS\woinstall.exe tagged as "not-a-virus:AdWare.EZula.ak". Action Taken: No Action Taken.
Fri Jun 10 04:30:45 2005 => File D:\Daten 1\Files\Tools\neu\Paint Shop Pro 8\xxxx.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
Fri Jun 10 04:49:29 2005 => File D:\System Volume Information\_restore{663B9F3E-4E80-44C3-8F1E-46F2D5C4C07F}\RP48\A0017266.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 04:49:31 2005 => File D:\System Volume Information\_restore{663B9F3E-4E80-44C3-8F1E-46F2D5C4C07F}\RP48\A0017267.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Jun 10 04:49:44 2005 => Total Virus(es) Found: 119
Fri Jun 10 04:49:44 2005 => Total Errors: 201
Fri Jun 10 04:49:44 2005 => Time Elapsed: 01:23:41
Fri Jun 10 04:49:44 2005 => Total Objects Scanned: 113851
Fri Jun 10 03:25:04 2005 => Virus Database Date: 2005/06/10
Fri Jun 10 04:49:44 2005 => Virus Database Date: 2005/06/10
Fri Jun 10 11:08:40 2005 => Virus Database Date: 2005/06/10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~
__________________

Alt 10.06.2005, 14:11   #4
Millerworld
 
Virus oder Trojaner und wie bekomme ichs weg?? - Standard

Virus oder Trojaner und wie bekomme ichs weg??



so hab jetzt auch sp2 und alle sicherheitsupdates drauf und nochmal mit adaware und antivir gescannt. problem ist aber immernoch da...

hier mal ein aktuelles highjack log:

Logfile of HijackThis v1.99.1
Scan saved at 15:11:20, on 10.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\inet20057\winlogon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\programme\powerstrip\pstrip.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Maxthon\Maxthon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\mfcik.exe
C:\Dokumente und Einstellungen\Netwalker\Eigene Dateien\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gfhjkhgi.biz (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20057\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Class - {FAA3AE33-E236-9AAE-0086-426033A4531F} - C:\WINDOWS\system32\mfchw.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe
O4 - HKLM\..\Run: [javarc.exe] C:\WINDOWS\system32\javarc.exe
O4 - HKLM\..\Run: [crqw32.exe] C:\WINDOWS\system32\crqw32.exe
O4 - HKLM\..\Run: [addik.exe] C:\WINDOWS\addik.exe
O4 - HKLM\..\Run: [atlcb.exe] C:\WINDOWS\system32\atlcb.exe
O4 - HKLM\..\Run: [d3hk.exe] C:\WINDOWS\d3hk.exe
O4 - HKLM\..\Run: [apiku.exe] C:\WINDOWS\system32\apiku.exe
O4 - HKLM\..\RunOnce: [winch.exe] C:\WINDOWS\system32\winch.exe
O4 - HKLM\..\RunOnce: [mfcik.exe] C:\WINDOWS\mfcik.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: >>> EasyWWW.com -Your Easy Surf Home! - http://www.easywww.com/
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107970526901
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - https://www.novaworld.com/NWCommunities/Beta/NLSysInfo.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
_____________
Anm.
Aktive Links editiert!

LG Cidre
S-Mod TB

Geändert von Cidre (10.06.2005 um 20:13 Uhr)

Alt 10.06.2005, 14:14   #5
Haui45
 
Virus oder Trojaner und wie bekomme ichs weg?? - Standard

Virus oder Trojaner und wie bekomme ichs weg??



Bei der Masse an Malware, die sich munter fortpflanzt lautet meine Empfehlung wie folgt: Setz' das System neu auf!


BTW: Dialer je nach Verbindungsart bitte auf Diskette speichern -> Dialer-Hinweis


Antwort

Themen zu Virus oder Trojaner und wie bekomme ichs weg??
adobe, antivir, antivir update, bho, computer, dsl, einstellungen, exe, explorer, file missing, hijack, hijackthis, home, immer wieder, internet, internet explorer, logfile, neustart, nvidia, obfuscated, rundll, scan, software, system, taskleiste, trojaner, urlsearchhook, virus, weißem kreuz, windows, windows xp, your computer might be at risk




Ähnliche Themen: Virus oder Trojaner und wie bekomme ichs weg??


  1. Bekomme Trojaner, Virus nicht los.
    Log-Analyse und Auswertung - 23.09.2014 (11)
  2. Safesaver wie entferne ichs?
    Log-Analyse und Auswertung - 23.01.2014 (1)
  3. Trojaner oder Virus oder sonst was schädliches ?
    Log-Analyse und Auswertung - 09.12.2012 (28)
  4. Hab einen Trojaner oder wurm oder nen virus weis aber nicht was für einen
    Log-Analyse und Auswertung - 30.11.2011 (2)
  5. trojaner???hilfe bekomme den virus nicht weg
    Plagegeister aller Art und deren Bekämpfung - 04.07.2011 (6)
  6. win32.autorun.tmp wie werd ichs los?!
    Plagegeister aller Art und deren Bekämpfung - 20.03.2011 (22)
  7. Virus oder Trojaner? Browser reagieren nicht oder verzögert.
    Log-Analyse und Auswertung - 20.10.2010 (26)
  8. Virus TR/Agent .X. 2424 Bekomme den Trojaner nicht weg
    Plagegeister aller Art und deren Bekämpfung - 18.02.2010 (1)
  9. trojanisches pferd in meinem forum wie kann ichs entfernen?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (1)
  10. Bekomme den Virus/trojaner was weiß ich nicht weg...
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (2)
  11. virus alert undund... hab ichs schon beseitigt?
    Log-Analyse und Auswertung - 18.08.2008 (1)
  12. Meine Webseite mit JS/Psyme infiziert, wie werde ichs los???
    Plagegeister aller Art und deren Bekämpfung - 23.01.2008 (0)
  13. Trojaner,adaware, wie auch immer ichs nennen soll ;P
    Log-Analyse und Auswertung - 21.03.2006 (4)
  14. windr32.exe- was is das? und wie bekomm ichs weg? ;)
    Mülltonne - 04.01.2006 (1)
  15. Habe TROJANER oder VIRUS nd bekomme ihn nicht weg
    Plagegeister aller Art und deren Bekämpfung - 08.08.2005 (7)
  16. Bekomme Trojaner/Virus nicht weg
    Log-Analyse und Auswertung - 04.05.2005 (6)

Zum Thema Virus oder Trojaner und wie bekomme ichs weg?? - Nach jedem neustart habe ich eine neue exe in meinem task manager bzw. ändert sie immer den namen wenn ichs vorher gelöscht habe. Heute zB apirk.exe oder mal addtw32.exe usw. - Virus oder Trojaner und wie bekomme ichs weg??...
Archiv
Du betrachtest: Virus oder Trojaner und wie bekomme ichs weg?? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.