|
log bitte ansehen hallo, hier eine neue log-datei von hijack. und die log von escan. kann mir bitte jemand weiter helfen? danke Logfile of HijackThis v1.99.1 Scan saved at 12:10:55, on 18.05.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe E:\Programme\Virtual CD v4\System\vcdsecs.exe C:\WINDOWS\SOINTGR.EXE E:\Programme\BrowseMouse\mouse32a.exe E:\Programme\BrowseMouse\R2M.EXE E:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\Windows NT\Zubehör\WORDPAD.EXE C:\PROGRA~1\MOZILL~1.6\Mozilla.exe D:\Eigene Dateien\troja\hijackthis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Programme\BrowseMouse\mouse32a.exe O4 - HKLM\..\Run: [FLMBROWSEMOUSE2] E:\Programme\BrowseMouse\R2M.EXE O4 - HKLM\..\Run: [VCDPlayer] E:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Mozilla1.7.6\Mozilla.exe" -turbo O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Programme\aim\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115121651657 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = linux.de O17 - HKLM\Software\..\Telephony: DomainName = linux.de O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = linux.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = linux.de O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VCDSecS - H+H Software GmbH - E:\Programme\Virtual CD v4\System\vcdsecs.exe escan: Tue May 17 12:34:03 2005 => System found infected with eZula Spyware/Adware ({c03351a4-6755-11d4-8a73-0050da2ee1be})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with eZula Spyware/Adware ({c0335197-6755-11d4-8a73-0050da2ee1be})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with eZula Spyware/Adware ({c03351a3-6755-11d4-8a73-0050da2ee1be})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with eZula Spyware/Adware ({c0335198-6755-11d4-8a73-0050da2ee1be})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "Favoriteman Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "eUniverse Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "Favoriteman Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "eUniverse Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with BetterInternet Spyware/Adware ({000006B1-19B5-414A-849F-2A3C64AE6939})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with BetterInternet Spyware/Adware ({4534CD6B-59D6-43FD-864B-06A0D843444A})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with BetterInternet Spyware/Adware ({690BCCB4-6B83-4203-AE77-038C116594EC})! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => Offending value found in HKLM\Software\VGroup !!! Tue May 17 12:34:03 2005 => System found infected with VGroup Spyware/Adware! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "VGroup Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\DMO !!! Tue May 17 12:34:03 2005 => System found infected with DMO Spyware/Adware! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "DMO Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => Offending value found in HKLM\Software\dbi !!! Tue May 17 12:34:03 2005 => System found infected with dbi Spyware/Adware! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "dbi Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:34:03 2005 => System found infected with ezula Spyware/Adware (ezulabootexe.exe)! Action taken: No Action Taken. Tue May 17 12:34:03 2005 => File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 17 12:35:12 2005 => Scanning File C:\WINDOWS\System32\H@tKeysH@@k.DLL Tue May 17 12:35:13 2005 => File C:\WINDOWS\System32\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken. Tue May 17 12:35:30 2005 => File C:\WINDOWS\System32\kuss.scr tagged as not-a-virus:GreetingCard.PySoft. No Action Taken. Tue May 17 12:52:29 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Tue May 17 12:54:41 2005 => File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken. Tue May 17 13:03:23 2005 => File C:\System Volume Information\_restore{EA07B280-7B6A-451C-B014-59FC867220F6}\RP27\A0027213.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Tue May 17 13:04:49 2005 => File C:\WINDOWS\Downloaded Program Files\603828.exe infected by "Trojan.Win32.Dialer.q" Virus. Action Taken: No Action Taken. Tue May 17 13:04:49 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\SysUpdContainer.dll infected by "Trojan-Spy.Win32.Agent.h" Virus. Action Taken: No Action Taken. Tue May 17 13:04:50 2005 => File C:\WINDOWS\Downloaded Program Files\SysUpdContainer.dll infected by "Trojan-Spy.Win32.Agent.h" Virus. Action Taken: No Action Taken. Tue May 17 13:19:06 2005 => File C:\WINDOWS\system32\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken. Tue May 17 13:19:23 2005 => File C:\WINDOWS\system32\kuss.scr tagged as not-a-virus:GreetingCard.PySoft. No Action Taken. Tue May 17 13:28:27 2005 => File D:\Eigene Dateien\troja\hijackthis\backups\backup-20050411-152624-944.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Tue May 17 13:45:26 2005 => File E:\gimp\gimp-setup-20001226.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Tue May 17 13:52:41 2005 => File E:\Programme\java\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken. Tue May 17 13:53:07 2005 => File E:\Programme\java\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken. Tue May 17 14:18:06 2005 => File E:\sammlerEG\download\lilauschi\web\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Tue May 17 14:18:12 2005 => File E:\sammlerEG\download\u4philemon\ymsgrde5.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Tue May 17 14:51:58 2005 => File F:\spiele\rollercoaster\rct_loopy_landscapes_tr\rctaap5.zip tagged as not-a-virus:Cracker.Game.HotHook. No Action Taken. Tue May 17 14:51:59 2005 => File F:\spiele\rollercoaster\rct_loopy_landscapes_tr3.zip tagged as not-a-virus:Cracker.Game.HotHook. No Action Taken. dann noch eine frage, weiss jemand was für dateien oder programme das sein könnten? ime - msagent - msapps - mui - sschasst - CatRoot - sein könnten? sagt mir alles überhaupt nichts. wäre nett, wenn jemand was dazu sagen könnte. thx an euch lauschi |
Hi, lauschi, Dein System ist immer noch nicht up to date; SP2 fehlt!! Lade dir mal Spybot S&D 1.3 runter, update es und lasse es im abgesicherten Modus bei deaktivierter Sytemwiederherstellung laufen. Dann neu booten und Systemwiederherstellung wieder aktivieren. Dann neuen eScan machen und Ergebnis posten. Zitat:
cacatoa |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 13:11 Uhr. |
Copyright ©2000-2025, Trojaner-Board