|
Bitte Hickag Log anschauen. Danke! Also, habe schon früher mal geposted-wollte den Computer nicht neu formatieren. Jetzt habe ich ein Hijack Log gemacht und ein ESCAN log: Das Hijack Log sieht so aus: welche Dateien muss ich löschen? Logfile of HijackThis v1.99.1 Scan saved at 02:02:51, on 17.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\soft.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\SealedMedia\sealmon.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Programme\Microsoft Office\Office\POWERPNT.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe D:\wsftpurl.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mwavscan.com C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kavss.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe C:\WINDOWS\System32\HPBPRO.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\wsbho2k0.dll O2 - BHO: BHO Class - {F6053709-5723-454E-AB9D-7FC7E681AFA5} - C:\WINDOWS\System32\WinTitle.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sealmon] C:\Programme\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\msxmidi.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\msxmidi.exe O4 - Startup: winupdate05456709[1].exe O4 - Startup: winupdate11035751[1].exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.addictivetechnologies.com O15 - Trusted Zone: *.addictivetechnologies.net O15 - Trusted Zone: *.admin2cash.biz O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.bettersearch.biz O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.crazywinnings.com O15 - Trusted Zone: *.f1organizer.com O15 - Trusted Zone: *.finefind.nettraffic2cash.biz O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.megapornix.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.pizdato.biz O15 - Trusted Zone: *.private-dialer.biz O15 - Trusted Zone: *.private-iframe.biz O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.sp2fucked.biz O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.vse-moe.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10aea576...p/RdxIE601.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe Hier die ESCAN Liste: File C:\WINDOWS\System32\soft.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\WinTitle.dll infected by "Trojan-Clicker.Win32.Agent.bz" Virus. Action Taken: No Action Taken. File C:\WINDOWS\explorer.exe infected by "Virus.Win32.Bube.d" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\WinTitle.dll infected by "Trojan-Clicker.Win32.Agent.bz" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Explorer.exe infected by "Virus.Win32.Bube.d" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\soft.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\msxmidi.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Au tostart\winupdate05456709[1].exe infected by "Trojan-Downloader.Win32.Small.ait" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Au tostart\winupdate11035751[1].exe infected by "Trojan-Downloader.Win32.Small.ait" Virus. Action Taken: No Action Taken. File C:\WINDOWS\4gfgfg.exe infected by "Trojan-Clicker.Win32.Agent.bz" Virus. Action Taken: No Action Taken. File C:\WINDOWS\dfe.exe infected by "Trojan.Win32.LowZones.aj" Virus. Action Taken: No Action Taken. File C:\WINDOWS\eree.exe infected by "Trojan-Clicker.Win32.Agent.bn" Virus. Action Taken: No Action Taken. File C:\WINDOWS\feee.exe infected by "Trojan-Clicker.Win32.Agent.ca" Virus. Action Taken: No Action Taken. File C:\WINDOWS\htt.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken. File C:\WINDOWS\msxmidi.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\sfee.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.aa" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\WinSuck.dll infected by "Trojan-Clicker.Win32.Agent.ca" Virus. Action Taken: No Action Taken. Den URL zu meinem schon früheren Post ist: http://www.trojaner-board.com/showthread.php?t=13796 Danke für jegliche Hilfe! Grüsse aus Amsterdam Alessa |
Hallo ! Also Ich würde dir DRINGEND empfehlen ein NeuInstallieren deines Computers zu vollziehen ! Sind eingie Viren drauf ! Was du unbedingt Fixen solltest: O15 - Trusted Zone: *.addictivetechnologies.com O15 - Trusted Zone: *.addictivetechnologies.net O15 - Trusted Zone: *.admin2cash.biz O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.bettersearch.biz O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.megapornix.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.pizdato.biz O15 - Trusted Zone: *.private-dialer.biz O15 - Trusted Zone: *.private-iframe.biz O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.sp2fucked.biz O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.vse-moe.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) Diese hier solltest du dir mal genauer angucken: C:\WINDOWS\System32\soft.exe C:Programme\SealedMedia\sealmon.exe D:\wsftpurl.exe F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe O2 - BHO: BHO Class - {F6053709-5723-454E-AB9D-7FC7E681AFA5} - C:\WINDOWS\System32\WinTitle.dll O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\msxmidi.exe O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\msxmidi.exe O4 - Startup: winupdate05456709[1].exe O4 - Startup: winupdate11035751[1].exe O15 - Trusted Zone: *.f1organizer.com O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone C:\WINDOWS\System32\soft.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken File C:\WINDOWS\explorer.exe infected by "Virus.Win32.Bube.d" Virus. Action Taken: No Action Taken File C:\WINDOWS\Explorer.exe infected by "Virus.Win32.Bube.d" Virus. Action Taken: No Action Taken File C:\WINDOWS\System32\soft.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\msxmidi.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Au tostart\winupdate05456709[1].exe infected by "Trojan-Downloader.Win32.Small.ait" Virus. Action Taken: No Action File C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Au tostart\winupdate11035751[1].exe infected by "Trojan-Downloader.Win32.Small.ait" Virus. Action Taken: No Action Taken. File C:\WINDOWS\4gfgfg.exe infected by "Trojan-Clicker.Win32.Agent.bz" Virus. Action Taken: No Action Taken. File C:\WINDOWS\dfe.exe infected by "Trojan.Win32.LowZones.aj" Virus. Action Taken: No Action Taken. File C:\WINDOWS\eree.exe infected by "Trojan-Clicker.Win32.Agent.bn" Virus. Action Taken: No Action Taken. File C:\WINDOWS\feee.exe infected by "Trojan-Clicker.Win32.Agent.ca" Virus. Action Taken: No Action Taken. File C:\WINDOWS\htt.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken. File C:\WINDOWS\msxmidi.exe infected by "Virus.Win32.Bube.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\sfee.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.aa" Virus. Action Taken: No Action Taken. VG jackyoo |
@Alessa ich würde neuaufsetzen, dieser hier ist ja sehr übel http://securityresponse.symantec.com...admincash.html du hast ja sonst noch einiges im system hier eine anleitung http://www.trojaner-board.de/showpos...28&postcount=2 sry chaosman |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:42 Uhr. |
Copyright ©2000-2025, Trojaner-Board