Trojan.WinREG.LowZones.a

Mr.Icetea · 12.03.2007, 16:21

Hallo,

Da ich grad etwas in Zeitnot bin hier die Kurzfassung meiner Probleme mit meinem Rechner:

- quick launch wird nicht gespeichert und ist nach jedem neustart wieder weg
- desktopanordnung, symbolleisten, sonstige symbole dasselbe
- es werden programme beim hochfahren gestartet, die da nicht sein sollten
--> unter msconfig sind nur 'ctfmon' 'antivir' und 'wlan (netgear)' aufgefuehrt;

Ich habe mit escan einen Virencheck gemacht. Der hat auch einige Eintraege gefunden. Kann mir bitte jemand helfen, und mir sagen welche Eintraege/Programme ich wie entfernen kann.

Vielen Dank im Voraus!!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Windows XP [Version 5.1.2600]
Fri Mar 02 14:24:56 2007 => *** File C:\Documents and Settings\Laura\UserData\My Documents\My Music\Mozart - Mozart - Pachabel Cannon In D Minor Perfect Version.mp3 having Size Restriction ***. Filesize 5880 kb
Fri Mar 02 14:01:10 2007 => Virus Database Date: 1/26/2007
Fri Mar 02 14:15:24 2007 => Virus Database Date: 3/2/2007
Fri Mar 02 15:03:27 2007 => Virus Database Date: 3/2/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Mar 02 14:18:08 2007 => System found infected with internet spy Commercial KeyLogger (keylog.txt)! Action taken: No Action Taken.
Fri Mar 02 14:18:40 2007 => System found infected with cws.smartsearch Browser Hijacker (C:\WINDOWS\system32\uninstall.exe)! Action taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Fri Mar 02 14:38:42 2007 => File C:\pz.exe infected by "Trojan.WinREG.LowZones.a" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Fri Mar 02 14:40:21 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc31\Quarantine\F06AAF7C-EED3-4035-9F32-40EAB9\4CF85FCD-486F-40EB-9A24-D00628 tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 02 14:40:21 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc31\Quarantine\F06AAF7C-EED3-4035-9F32-40EAB9\85F0E07B-1494-4958-AC0D-E8D19F tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 02 14:40:21 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc31\Quarantine\F06AAF7C-EED3-4035-9F32-40EAB9\90F70EFE-621C-4F5C-AF85-DCF6BB tagged as "not-a-virus:AdWare.Win32.NavExcel.i". Action Taken: No Action Taken.
Fri Mar 02 14:40:21 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc31\Quarantine\F6CAC6C6-3451-4A15-A95D-88A5A4\41111C5D-8F02-432D-AF5A-4A8876 tagged as "not-a-virus:AdWare.Win32.NavExcel.h". Action Taken: No Action Taken.
Fri Mar 02 14:40:21 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc31\Quarantine\F6CAC6C6-3451-4A15-A95D-88A5A4\4A2E7C09-3DA7-491E-8EC7-EC67A7 tagged as "not-a-virus:AdWare.Win32.NavExcel.h". Action Taken: No Action Taken.
Fri Mar 02 14:40:21 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc31\Quarantine\F6CAC6C6-3451-4A15-A95D-88A5A4\B5AF1E3C-EEA2-4A57-A0C3-16112C tagged as "not-a-virus:AdWare.Win32.NavExcel.h". Action Taken: No Action Taken.
Fri Mar 02 14:40:21 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc31\Quarantine\F6CAC6C6-3451-4A15-A95D-88A5A4\EAB30F76-37CB-40A8-B11E-646BD9 tagged as "not-a-virus:AdWare.Win32.NavExcel.h". Action Taken: No Action Taken.
Fri Mar 02 14:40:57 2007 => File C:\RECYCLER\S-1-5-21-1780737662-1695083492-1532339732-1007\Dc41\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.Win32.MyWay.f". Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Fri Mar 02 14:18:08 2007 => Offending file found: C:\WINDOWS\system32\keylog.txt
Fri Mar 02 14:18:40 2007 => Offending file found: C:\WINDOWS\system32\uninstall.exe
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Fri Mar 02 14:17:50 2007 => Offending Key found: HKLM\Software\magnet !!!
Fri Mar 02 14:18:01 2007 => Offending Key found: HKLM\Software\myway !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 15:58:47, on 12.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Laura\Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.versatel.de/internet-cd/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.ohiou.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Versatel
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: In neuem Avant Browser öffnen - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Program Files\Avant Browser\AddToADBlackList.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173446160316
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

GUA · 12.03.2007, 18:45

ein beitrag für ein problem ist ausreichend

hier geht es für dich weiter http://www.trojaner-board.de/37007-trojan-winreg-lowzones.html

GUA

12.03.2007, 18:45	#2
GUA entlassen	Trojan.WinREG.LowZones.a ein beitrag für ein problem ist ausreichend hier geht es für dich weiter http://www.trojaner-board.de/37007-trojan-winreg-lowzones.html GUA __________________

Trojan.WinREG.LowZones.a

Mülltonne: Trojan.WinREG.LowZones.a

Trojan.WinREG.LowZones.a

Trojan.WinREG.LowZones.a

Ähnliche Themen: Trojan.WinREG.LowZones.a