|
Log-Analyse und Auswertung: NEED HELP ! Trojan gefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.06.2005, 16:16 | #1 |
| NEED HELP ! Trojan gefangen SOS !!! ich habe trojan gefangen. bitte um die hilfe. da ist mein logfile: Logfile of HijackThis v1.99.1 Scan saved at 17:11:28, on 14.06.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\ICQ\ICQ.exe C:\WINDOWS\tool1.exe C:\Programme\uoot\aupr.exe C:\WINDOWS\system32\n?pdb.exe C:\WINDOWS\System32\paytime.exe C:\Programme\AVPersonal\AVWIN.EXE C:\WINDOWS\ms1.exe c:\windows\system32\ybjrrv.exe C:\WINDOWS\System32\mszx23.exe C:\WINDOWS\System32\Services\{EDB901CF-EFBA-41AD-9EB1-793E0CDD389C}\SVCHOST.EXE C:\WINDOWS\System32\win32.exe C:\Programme\AVPersonal\INETUPD.EXE C:\WINDOWS\System32\newdial1.exe C:\WINDOWS\nmstt.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Dokumente und Einstellungen\mikhail\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com O1 - Hosts: 127.0.0.3 x.full-tgp.net O1 - Hosts: 127.0.0.3 counter.sexmaniack.com O1 - Hosts: 127.0.0.3 autoescrowpay.com O1 - Hosts: 127.0.0.3 www.autoescrowpay.com O1 - Hosts: 127.0.0.3 www.awmdabest.com O1 - Hosts: 127.0.0.3 www.sexfiles.nu O1 - Hosts: 127.0.0.3 awmdabest.com O1 - Hosts: 127.0.0.3 sexfiles.nu O1 - Hosts: 127.0.0.3 allforadult.com O1 - Hosts: 127.0.0.3 www.allforadult.com O1 - Hosts: 127.0.0.3 www.iframe.biz O1 - Hosts: 127.0.0.3 iframe.biz O1 - Hosts: 127.0.0.3 www.newiframe.biz O1 - Hosts: 127.0.0.3 newiframe.biz O1 - Hosts: 127.0.0.3 www.vesbiz.biz O1 - Hosts: 127.0.0.3 vesbiz.biz O1 - Hosts: 127.0.0.3 www.pizdato.biz O1 - Hosts: 127.0.0.3 pizdato.biz O1 - Hosts: 127.0.0.3 www.aaasexypics.com O1 - Hosts: 127.0.0.3 aaasexypics.com O1 - Hosts: 127.0.0.3 www.virgin-tgp.net O1 - Hosts: 127.0.0.3 virgin-tgp.net O1 - Hosts: 127.0.0.3 www.awmcash.biz O1 - Hosts: 127.0.0.3 awmcash.biz O1 - Hosts: 127.0.0.3 buldog-stats.com O1 - Hosts: 127.0.0.3 www.buldog-stats.com O1 - Hosts: 127.0.0.3 fregat.drocherway.com O1 - Hosts: 127.0.0.3 slutmania.biz O1 - Hosts: 127.0.0.3 www.slutmania.biz O1 - Hosts: 127.0.0.3 toolbarpartner.com O1 - Hosts: 127.0.0.3 www.toolbarpartner.com O1 - Hosts: 127.0.0.3 www.megapornix.com O1 - Hosts: 127.0.0.3 megapornix.com O1 - Hosts: 127.0.0.3 www.sp2fucked.biz O1 - Hosts: 127.0.0.3 sp2fucked.biz O1 - Hosts: 127.0.0.3 greg-tut.com O1 - Hosts: 127.0.0.3 www.greg-tut.com O1 - Hosts: 127.0.0.3 nylonsexy.com O1 - Hosts: 127.0.0.3 www.nylonsexy.com O1 - Hosts: 127.0.0.3 vparivalka.com O1 - Hosts: 127.0.0.3 www.vparivalka.com O1 - Hosts: 127.0.0.3 iframeprofit.com O1 - Hosts: 127.0.0.3 www.iframeprofit.com O1 - Hosts: 127.0.0.3 topsearch10.com O1 - Hosts: 127.0.0.3 www.topsearch10.com O1 - Hosts: 127.0.0.3 statscash.biz O1 - Hosts: 127.0.0.3 www.statscash.biz O1 - Hosts: 127.0.0.3 vxiframe.biz O1 - Hosts: 127.0.0.3 www.vxiframe.biz O1 - Hosts: 127.0.0.3 crazy-toolbar.com O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com O1 - Hosts: 127.0.0.3 topcash.biz O1 - Hosts: 127.0.0.3 www.topcash.biz O1 - Hosts: 127.0.0.3 loadcash.biz O1 - Hosts: 127.0.0.3 www.loadcash.biz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll O2 - BHO: (no name) - {27B851FF-EE14-94C5-1DC5-93BC6B7EB2E8} - C:\WINDOWS\System32\dhwjbueh.dll O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nscEE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DrWebScheduler] "C:\Programme\DrWeb for Windows\drwebscd.exe" O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [nczicnw] c:\windows\system32\ybjrrv.exe r O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{EDB901CF-EFBA-41AD-9EB1-793E0CDD389C}\SVCHOST.EXE O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{EDB901CF-EFBA-41AD-9EB1-793E0CDD389C}\SECURITY.EXE O4 - HKLM\..\Run: [PSGuard] C:\Programme\PSGuard\PSGuard.exe O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SpyKiller] C:\Programme\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [Lnbu] C:\Programme\uoot\aupr.exe O4 - HKCU\..\Run: [Bwyuh] C:\WINDOWS\System32\n?pdb.exe O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.bestcounter.biz O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 195.95.218.170 O15 - Trusted IP range: 195.95.218.170 (HKLM) O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/LOT64106/thin.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/073da847abd6bd2df006/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118761135427 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://weather.tomsk.net/cam/AxisCamControl.ocx O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{8A914D4B-1057-4E8E-AE88-AED338CD04AF}: NameServer = 192.168.1.254,194.25.2.129 O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll O21 - SSODL: System - {B7D8EA0D-ECCB-459A-AC6C-72531E891C84} - vr_sys.dll (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe _____________ Anm. Aktive Links editiert! Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis. Scheinbar haben dich die Empfehlungen von Rene-gad bzgl. HJT nur peripher tangiert! LG Cidre S-Mod TB Geändert von Cidre (21.06.2005 um 19:40 Uhr) |
14.06.2005, 17:06 | #2 | |
| NEED HELP ! Trojan gefangen @ELF
__________________HJT soll aus einem speziell angelegten Ordner ausgeführt werden. Bitte alle Links im Log deaktivieren (z.B. h**p statt http) Benutzername unerkennbar machen. Zitat:
|
21.06.2005, 15:36 | #3 |
| NEED HELP ! Trojan gefangen ich habe folgende programme installiert und ausgeführt:
__________________1.HijackThis 2. AdAware 3.Spybot S&D 4.eScan so sieht jetzt mein logofile aus ! ich habe (angeblich) noch einige Viren, die nicht vernichtet wurden ! was soll ich als weiteres tun ? danke für eure hilfe ! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\mszx23.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\ICQ\ICQ.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\WINDOWS\System32\wisptis.exe C:\Programme\Microsoft Office\Office\EXCEL.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Microsoft Office\Office\WINWORD.EXE C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\mikhail\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DrWebScheduler] "C:\Programme\DrWeb for Windows\drwebscd.exe" O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{62014812-BAB1-4C84-AF06-6BD8337DA43F}\SVCHOST.EXE O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{62014812-BAB1-4C84-AF06-6BD8337DA43F}\SECURITY.EXE O4 - HKLM\..\Run: [jqjrkg] c:\windows\system32\igkubf.exe r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SpyKiller] C:\Programme\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/073da847abd6bd2df006/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118761135427 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://weather.tomsk.net/cam/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://active.macromedia.com/flash2/cabs/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A914D4B-1057-4E8E-AE88-AED338CD04AF}: NameServer = 192.168.1.254,194.25.2.129 O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) _____________ Anm. Siehe oben! LG Cidre S-Mod TB Geändert von Cidre (21.06.2005 um 19:38 Uhr) |
21.06.2005, 16:14 | #4 |
| NEED HELP ! Trojan gefangen Hallo, mit u.a. dem im System: http://www.sophos.de/virusinfo/analy...haxdoorcn.html nützt das alles nichts mehr. Befolge Rene-gad's Empfehlung zur Neuinstallation. Dein System ist nciht mehr vertrauenswürdig. Denk an Deine eigene Sicherheit. dartus
__________________ Kein Support per PN |
Themen zu NEED HELP ! Trojan gefangen |
adobe, antivir, antivir update, askbar, bho, computer, desktop, drivers, einstellungen, explorer, google, help, hijack, hijackthis, icq, internet, internet explorer, logfile, microsoft, object, programme, scan, shockwave, software, system, trojan, windows, windows xp |