mrjj.exe,ran.popuppers.com & Co.

Iolanthe · 01.01.2006, 20:11

Hallo, freues neues Jahr an alle!
Meine Mutter hat ein riesiges Problem mit Iherem Lap Top und ich weiss jetzt auch nicht mehr wie ich ihr helfen kann.
Erstens kommen ab und zu Popups mit folgender info:
1. you or a programm have requested information from aus2.mozilla.org(es kommen unterschiedliche links: ran.popuppers.com, prutect.com, e2give.com, aber auch andere)which connection do you want to use. und es springt ein fenster auf, das mrj heisst.

2. beim hochfahren kommen VCCClient.exe und VCMain.exe Application Error

3.unter software sind folgende verdächtige software zu finden:
Related Page
e2give Plug-in
Web Nexus Network
Webhancer Customer Companion
webHancer Survey Companion
4.es laufen mrjj.exe und ccApp.exe im Hintergrund

5. wenn ich ins internet gehe taucht immer die gleiche seite auf:www.adultfriendfinder.com

Ich habe schon die Festplatte formatiert und spywarescanner , antivirus, etc..heruntergeladen, aber die dinge kommen immer wieder. Ich weiss nicht, was ich noch tun kann????

hoerni26 · 01.01.2006, 21:47

hallo,

poste bitte ein HJT logfile..
anleitung im link meiner signatur..

Iolanthe · 02.01.2006, 21:43

Hallo,
Spybot findet ab zu mal wieder LSA, ansonsten ist alles clear.

Hier ist der Logfile von Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:36:26, on 02/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\User\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Microsoft Conference] mscf.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Conference] mscf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsoft Conference] mscf.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [rsobca] C:\WINDOWS\System32\rsobca.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Microsoft Conference] mscf.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135967102649
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

und von Spyware Doctor:

Scan Results:
scan start: 02/01/2006 21:15:46
scan stop: 02/01/2006 21:27:22
scanned items: 48261
found items: 178
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
Internet Explorer Security Settings multiple Info & PUAs
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll## Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll##.Owner Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll##{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll Elevated
MediaMotor HKCR\IEMonitor.cBrowsers High
MediaMotor HKCR\IEMonitor.cBrowsers## High
MediaMotor HKCR\IEMonitor.cBrowsers\Clsid High
MediaMotor HKCR\IEMonitor.cBrowsers\Clsid## High
MediaMotor HKCR\IEMonitor.IEEvents High
MediaMotor HKCR\IEMonitor.IEEvents## High
MediaMotor HKCR\IEMonitor.IEEvents\Clsid High
MediaMotor HKCR\IEMonitor.IEEvents\Clsid## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6} High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib## High
MediaMotor HKCR\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib##Version High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B} High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib## High
MediaMotor HKCR\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib##Version High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707} High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid32 High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid32## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib## High
MediaMotor HKCR\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib##Version High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C} High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}## High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0 High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0## High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\0 High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\0## High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\0\win32 High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\0\win32## High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\FLAGS High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\FLAGS## High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\HELPDIR High
MediaMotor HKCR\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\HELPDIR## High
Webhancer HKLM\software\microsoft\windows\currentversion\app management\arpcache\whsurvey Medium
Webhancer HKLM\software\microsoft\windows\currentversion\app management\arpcache\whsurvey## Medium
Webhancer HKLM\software\microsoft\windows\currentversion\app management\arpcache\whsurvey##SlowInfoCache Medium
Webhancer HKLM\software\microsoft\windows\currentversion\app management\arpcache\whsurvey##Changed Medium
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Control High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\InprocServer32 High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus\1 High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ProgID High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ToolboxBitmap32 High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\TypeLib High
MediaMotor HKCR\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\VERSION High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Control High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\InprocServer32 High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus\1 High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ProgID High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ToolboxBitmap32 High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\TypeLib High
MediaMotor HKLM\Software\Classes\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\VERSION High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83} High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\ProgID High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Programmable High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\TypeLib High
MediaMotor HKCR\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\VERSION High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83} High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\ProgID High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\Programmable High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\TypeLib High
MediaMotor HKLM\Software\Classes\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\VERSION High
Mirar HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} Low
Mirar HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 Low
Mirar HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib Low
Mirar HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} Low
Mirar HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 Low
Mirar HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib Low
Pru-tect C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\d1[1].htm Medium
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\smartload_stats[3].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\smartload[1].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\smartload_d[1].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\drsmartload[1].exe High
MediaMotor C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\log3[1].php High
MediaMotor C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\joysaver[1].cab High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\ibarshow[1].gif High
I-Search Desktop Search Toolbar C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\installer[1].exe Elevated
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\smartload_einde[1].htm High
Pru-tect C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\f[1].aspx Medium
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\ibarinstall[1].gif High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\ibar[1].js High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\ibar[1].css High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\ibarie[1].css High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\smartload[1].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\drsmartload_js[1].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\MediaTicketsInstaller[1].cab High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\adtech2006a[1].exe High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\timessquare[1].exe High
TargetSavers C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\tsupdate2[1].ini High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\1[1].css High
MediaMotor C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\pi1_25[1].exe High
I-Search Desktop Search Toolbar C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\checkin[1].htm Elevated
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\donotdelete[1].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\smartload_stats[2].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\drsmartloadb[1].exe High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\smartload_stats[1].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\drsmartload124a[1].exe High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\ibarbg[1].gif High
MediaMotor C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\unstall[1].exe High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\tussen[1].gif High
Pru-tect C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\file1[1].ashx Medium
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\ibarhide[1].gif High
MediaMotor C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\whCC-GIANT[1].exe High
MediaMotor C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\mrj[1].exe High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\logo[3].gif High
MediaMotor C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\876029[1].exe High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\mtrslib2[1].js High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\mbimg[1].gif High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\ibarbgon[1].gif High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\ibarhideon[1].gif High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\smartload_stats[1].htm High
Known Bad Sites C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\hoek[1].gif High
Tracking Cookie(s) C:\Documents and Settings\User\Cookies\user@xmts[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\User\Cookies\user@exitexchange[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[2].txt Medium
Advertising C:\Documents and Settings\User\Cookies\user@com[2].txt Low
E2.Give.IEBHOs C:\Documents and Settings\User\Local Settings\Temp\ei.exe Medium
TargetSavers C:\DOCUME~1\User\LOCALS~1\Temp\GLFCGLFC.EXE High
MediaMotor C:\Documents and Settings\User\Desktop\hijackthis\backups\backup-20060101-204706-612.dll High
MediaMotor C:\Documents and Settings\User\Desktop\hijackthis\backups\backup-20060101-204706-612.inf High
ClkOptimizer C:\Documents and Settings\User\Local Settings\Temp\f5118810.exe High
MediaTickets C:\Documents and Settings\User\Local Settings\Temp\ICD1.tmp\MediaTicketsInstaller.INF Elevated
TargetSavers C:\Documents and Settings\User\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe High
E2.Give.IEBHOs C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\ei[1].exe Medium
InternetOptimizer C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2W8S94HT\optimize[1].exe High
Trojan.Downloader.Small.BUY C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\MTE3NDI6ODoxNg[1].exe High
ClkOptimizer C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\41225C51\rcverlib[1].exe High
ClkOptimizer C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\install[1].exe High
E2.Give.IEBHOs C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\pi1_25[1].exe Medium
TargetSavers C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P5KVCI6P\stub_113_4_0_4_0[1].exe High
Trojan.Startpage.AW C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YWDJDZJT\timessquare[1].exe High
MediaMotor C:\RECYCLER\S-1-5-21-1060284298-746137067-1957994488-1003\Dc10.ocx High
MediaMotor C:\RECYCLER\S-1-5-21-1060284298-746137067-1957994488-1003\Dc11.exe High
MediaMotor C:\RECYCLER\S-1-5-21-1060284298-746137067-1957994488-1003\Dc2.exe High
Trojan.Startpage.AW C:\RECYCLER\S-1-5-21-1060284298-746137067-1957994488-1003\Dc4.exe High
E2.Give C:\RECYCLER\S-1-5-21-1060284298-746137067-1957994488-1003\Dc6.dll High
E2.Give C:\RECYCLER\S-1-5-21-1060284298-746137067-1957994488-1003\Dc7.exe High
MediaMotor C:\RECYCLER\S-1-5-21-1060284298-746137067-1957994488-1003\Dc8.tlb High
I-Search Desktop Search Toolbar C:\WINDOWS\VXNlcg\asappsrv.dll Elevated
I-Search Desktop Search Toolbar C:\WINDOWS\VXNlcg\command.exe Elevated
I-Search Desktop Search Toolbar C:\WINDOWS\VXNlcg\prh5w0.vbs

dartus · 03.01.2006, 01:45

Hallo Iolanthe,

Dein System ist bei weitem nicht in Ordnung. Einige Eiträge weisen auf eine Backdoor-Torjaner hin, daher mein Rat:

http://www.trojaner-board.de/showthread.php?t=12154

dartus

mrjj.exe,ran.popuppers.com & Co.

Plagegeister aller Art und deren Bekämpfung: mrjj.exe,ran.popuppers.com & Co.