|
BDS/Agent.AY auf meiner Platte Hallo zusammen, habe auch den BDS/Agent.AY auf meiner Platte. Vorweg, ich benutze den IE nicht, Firefox ist viel schneller! *g* Ich poste hier mal meine hjt.log Logfile of HijackThis v1.98.2 Scan saved at 19:04:24, on 24.11.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\Anti Virus Personal\AVGUARD.EXE C:\Programme\Anti Virus Personal\AVWUPSRV.EXE C:\WINNT\system32\hidserv.exe C:\intranet\Jana2\janad.exe C:\intranet\mysql\bin\mysqld-nt.exe C:\PROGRA~1\NAVNT\navapsvc.exe C:\PROGRA~1\NAVNT\npssvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\NAVNT\alertsvc.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe C:\Programme\Logitech\2.20\iTouch\iTouch.exe C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programme\ahead\InCD\InCD.exe C:\Programme\Logitech\9.73\MouseWare\system\em_exec.exe C:\WINNT\System32\svchost.exe C:\WINNT\uptodate.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\Programme\NAVNT\POPROXY.EXE C:\PROGRA~1\WINPAT~1\WinPatrol.exe C:\Programme\winamp 5.03\winampa.exe C:\Programme\ZoneAlarm\zlclient.exe C:\Programme\Anti Virus Personal\AVGNT.EXE C:\WINNT\system32\RUNDLL32.EXE C:\Programme\NoPopUp 2003\nopopup.exe C:\Programme\Star Downloader\stardown.exe C:\Programme\VirtualDVR\VirtualDVR.exe C:\Programme\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\TVgenial\TVgenial.exe C:\WINNT\twain_32\C6U14K\WATCH.exe C:\WINNT\BA47.exe C:\Programme\NAVNT\navapw32.exe C:\Programme\Firebird\MozillaFirebird.exe C:\bases\mwavscan.com C:\bases\kavss.exe C:\WINNT\system32\taskmgr.exe G:\unzipped\Viren Worms Trojaner Tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\IPINSIGT.DLL O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINNT\System32\mpz300.dll O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\system32\inetp60.dll O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll O2 - BHO: NetPal Class - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll O2 - BHO: BRedObj Class - {665ACD90-4541-4836-9FE4-062386BB8F05} - C:\Programme\Flt\Flt.dll O2 - BHO: IEHooks Class - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Programme\ClearSearch\IE_ClrSch.DLL O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\2.20\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [MSDIconsAndLabels] rundll32 C:\WINNT\system32\ShellExt\MsdServ.dll,Start C:\WINNT\system32\ShellExt\MSDIconsAndLabels.exe O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe O4 - HKLM\..\Run: [websearch] wjview /cp:p "C:\Programme\websearch\System\Code" Main lp: "C:\Programme\websearch" O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NAVNT\npscheck.exe O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NAVNT\defalert.exe O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\system32\inetp60.dll,DllRunServer O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\NAVNT\POPROXY.EXE O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\winamp 5.03\winampa.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Anti Virus Personal\AVGNT.EXE" /min O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun O4 - HKCU\..\Run: [YAW Autostart] "C:\Programme\YAW3\yaw.exe" O4 - HKCU\..\Run: [Star Downloader] C:\Programme\Star Downloader\stardown.exe O4 - HKCU\..\Run: [VirtualDVR] C:\Programme\VirtualDVR\VirtualDVR.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [TVgenial] C:\Programme\TVgenial\TVgenial.exe -d O4 - Startup: WIN.ECO Secure-Mailer.lnk = C:\Programme\Secure-Mailer\WESecureMailer1.exe O4 - Global Startup: Watch.lnk = C:\WINNT\twain_32\C6U14K\WATCH.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\NAVNT\navapw32.exe O8 - Extra context menu item: Download &All by FD - C:\Programme\FreshDownload\fdiectx2.htm O8 - Extra context menu item: Download with &FD - C:\Programme\FreshDownload\fdiectx.htm O8 - Extra context menu item: Download with Star Downloader - C:\Programme\Star Downloader\sdie.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Browser Pal Toolbar - {07B7F771-1B8E-4B7B-823E-FFAC1732AA9F} - (no file) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: PicGrab - {7830F8A6-59CC-44E8-9EEB-F3018BD38CF6} - C:\Programme\PicGrab\iestarter.exe (HKCU) O9 - Extra button: (no name) - {8E0FA780-A2FE-4D8A-A5BD-17566FA4D5D9} - C:\Programme\PicGrab\iestarter.exe (HKCU) O9 - Extra 'Tools' menuitem: &PicGrab starten - {8E0FA780-A2FE-4D8A-A5BD-17566FA4D5D9} - C:\Programme\PicGrab\iestarter.exe (HKCU) O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://213.229.33.36/java/cs4fs091.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} (SecureWeb Class) - http://secure.aconti.net/(ji0w3u2ami3cig45atuq5ay3)/secureweb/SecureWeb.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/273.../SNDriveBy.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4412701C-7B98-4370-AC12-328B1A804514}: NameServer = 195.3.96.67,195.3.96.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE959B1-EB57-477F-B19E-4C02BF6B54EE}: NameServer = 192.168.0.1 Was ist denn eine AdWare Fortsetzung folgt |
Fortsetzung 1: eScan hab ich laufen lassen: Virus Found 127 Disinfected 0 Deleted 0 Renamed 0 Errors 13 Virus Log Information: File C:\Programme\ClearSearch\IE_ClrSch.DLL tagged as not-a-virus:AdWare.ClearSearch.i. No Action Taken. File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken. File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken. File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken. File C:\WINNT\System32\mpz300.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken. File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken. File C:\WINNT\System32\NetPal.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken. File C:\Programme\ClearSearch\IE_ClrSch.DLL tagged as not-a-virus:AdWare.ClearSearch.i. No Action Taken. File C:\WINNT\AdRoar.dll infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken. File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken. File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken. File C:\WINNT\MSView.DLL tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\WINNT\MSVprep.exe tagged as not-a-virus:AdWare.BiSpy.r. No Action Taken. File C:\WINNT\ast_2to3.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken. File C:\WINNT\ast_1to2.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken. File C:\WINNT\cpruninst.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken. File C:\WINNT\ARUpdate.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken. File C:\WINNT\AdRoar.dll infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\mpz300.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\NLNP13.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken. File C:\WINNT\system32\msbb.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:\WINNT\system32\NLNP!3.exe tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system32\ast_.dll infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\cd_clint.dll tagged as not-a-virus:AdWare.Cydoor. No Action Taken. File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken. File C:\WINNT\system32\msbb1.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:\WINNT\system32\netpal.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\e6f1873b.dll infected by "TrojanDownloader.Win32.Braidupdate.d" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\pr1ze5.dll infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\NLNP131.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system32\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken. File C:\WINNT\system32\prizesurfer_setup.exe infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\ClrSchP0121.dll infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\mbho.dll tagged as not-a-virus:AdWare.WurldMedia. No Action Taken. File C:\WINNT\system32\ClrSchP012.dlltmp infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\nostalgia.dll tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\WINNT\system32\MSView.exe tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\WINNT\system32\ezStubtt.exe tagged as not-a-virus:AdWare.EZula.a. No Action Taken. File C:\WINNT\system32\ezStubi.dll tagged as not-a-virus:AdWare.EZula.a. No Action Taken. File C:\WINNT\system32\mpz300.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\NLNP13.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken. File C:\WINNT\system32\msbb.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:\WINNT\system32\NLNP!3.exe tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system32\ast_.dll infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\cd_clint.dll tagged as not-a-virus:AdWare.Cydoor. No Action Taken. File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken. File C:\WINNT\system32\msbb1.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:\WINNT\system32\netpal.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\e6f1873b.dll infected by "TrojanDownloader.Win32.Braidupdate.d" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\pr1ze5.dll infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\NLNP131.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system32\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken. File C:\WINNT\system32\prizesurfer_setup.exe infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\ClrSchP0121.dll infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\mbho.dll tagged as not-a-virus:AdWare.WurldMedia. No Action Taken. File C:\WINNT\system32\ClrSchP012.dlltmp infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\nostalgia.dll tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\WINNT\system32\MSView.exe tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\WINNT\system32\ezStubtt.exe tagged as not-a-virus:AdWare.EZula.a. No Action Taken. File C:\WINNT\system32\ezStubi.dll tagged as not-a-virus:AdWare.EZula.a. No Action Taken. File C:\WINNT\system\Install_All.DLL tagged as not-a-virus:AdWare.IGetNet.b. No Action Taken. File C:\WINNT\system\RSP001.DLL tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system\Update_com.DLL tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\system\BHO001.DLL tagged as not-a-virus:AdWare.IGetNet. No Action Taken. File C:\WINNT\Downloaded Program Files\gsda.dll tagged as not-a-virus:RiskWare.Downloader.SpyGame. No Action Taken. File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken. File C:\WINNT\MSView.DLL tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\WINNT\MSVprep.exe tagged as not-a-virus:AdWare.BiSpy.r. No Action Taken. File C:\WINNT\ast_2to3.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken. File C:\WINNT\ast_1to2.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken. File C:\WINNT\cpruninst.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken. File C:\WINNT\ARUpdate.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken. File C:\WINNT\AdRoar.dll infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\DivX5Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\{B89449C0-3233-45ED-97FD-F8BC7B21EC4C}\DivX5Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\burp.exe.zip tagged as not-a-virus:Joke.Win32.Rubis. No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\Morph20.rar tagged as not-a-virus:AdWare.WurldMedia. No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\{0B90D3BD-6CBB-410C-B605-72B322C9082E}\DivX5Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\Herzfrequenzbeschleuniger (2).exe.safe infected by "not-virus:Joke.Win32.Badgame" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. |
Fortsetzung 2 File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe tagged as not-a-virus:AdWare.Gator.6034. No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe tagged as not-a-virus:AdWare.Gator.6034. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken. File C:\Programme\ICQ\Received Files\Kera\burp.exe.zip tagged as not-a-virus:Joke.Win32.Rubis. No Action Taken. File C:\Programme\iMesh\Client\cd_install_202.exe tagged as not-a-virus:AdWare.Cydoor. No Action Taken. File C:\Programme\iMesh\Client\imesh_336.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken. File C:\Programme\iMesh\Client\cd_Install_2023.exe tagged as not-a-virus:AdWare.Cydoor. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMP1B.TMP.VIR tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DD2.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DD3.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DE1.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DE2.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DEA.EXE.VIR infected by "TrojanDownloader.Win32.Alchemic" Virus. Action Taken: No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMP2C.TMP.VIR tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMP30.TMP.VIR tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMP39.TMP.VIR infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMP3D.TMP.VIR infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMYOA833.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMYOA834.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMYOA842.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMYOA843.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken. File C:\Programme\Anti Virus Personal\INFECTED\TMYOA84B.EXE.VIR infected by "TrojanDownloader.Win32.Alchemic" Virus. Action Taken: No Action Taken. File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL tagged as not-a-virus:AdWare.Toolbar.MyWay.b. No Action Taken. File C:\Programme\ClearSearch\IE_ClrSch.DLL tagged as not-a-virus:AdWare.ClearSearch.i. No Action Taken. File C:\Programme\ClearSearch\CSSS.DLL tagged as not-a-virus:AdWare.ClearSearch. No Action Taken. File C:\Programme\ClearSearch\CSZT.DLL tagged as not-a-virus:AdWare.ClearSearch. No Action Taken. File C:\Programme\websearch\websearch_grock.exe tagged as not-a-virus:AdWare.HelpExpress. No Action Taken. File C:\Quake III Arena\Extras\WorldNet\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Quake III Arena\Check for Quake III Arena Updates.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. |
Wie soll es jetzt weitergehen mit meiner Festplatte. Hat jemand eine Lösung für mich? mfg Rene |
So, nun hab ich einige Sachen von der Platte entfernt und HJT ausgeführt Logfile of HijackThis v1.98.2 Scan saved at 22:46:25, on 24.11.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\Anti Virus Personal\AVGUARD.EXE C:\Programme\Anti Virus Personal\AVWUPSRV.EXE C:\WINNT\system32\hidserv.exe C:\intranet\Jana2\janad.exe C:\intranet\mysql\bin\mysqld-nt.exe C:\PROGRA~1\NAVNT\navapsvc.exe C:\PROGRA~1\NAVNT\npssvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\NAVNT\alertsvc.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe C:\Programme\Logitech\2.20\iTouch\iTouch.exe C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programme\ahead\InCD\InCD.exe C:\Programme\Logitech\9.73\MouseWare\system\em_exec.exe C:\WINNT\uptodate.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\Programme\NAVNT\POPROXY.EXE C:\PROGRA~1\WINPAT~1\WinPatrol.exe C:\Programme\winamp 5.03\winampa.exe C:\Programme\ZoneAlarm\zlclient.exe C:\Programme\Anti Virus Personal\AVGNT.EXE C:\WINNT\system32\RUNDLL32.EXE C:\Programme\NoPopUp 2003\nopopup.exe C:\Programme\VirtualDVR\VirtualDVR.exe C:\Programme\TVgenial\TVgenial.exe C:\WINNT\twain_32\C6U14K\WATCH.exe C:\Programme\NAVNT\navapw32.exe C:\WINNT\3568.exe C:\WINNT\system32\NOTEPAD.EXE C:\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\IPINSIGT.DLL O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\system32\inetp60.dll O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll O2 - BHO: NetPal Class - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll O2 - BHO: IEHooks Class - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Programme\ClearSearch\IE_ClrSch.DLL O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\2.20\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [MSDIconsAndLabels] rundll32 C:\WINNT\system32\ShellExt\MsdServ.dll,Start C:\WINNT\system32\ShellExt\MSDIconsAndLabels.exe O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NAVNT\npscheck.exe O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NAVNT\defalert.exe O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\system32\inetp60.dll,DllRunServer O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\NAVNT\POPROXY.EXE O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\winamp 5.03\winampa.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Anti Virus Personal\AVGNT.EXE" /min O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun O4 - HKCU\..\Run: [YAW Autostart] "C:\Programme\YAW3\yaw.exe" O4 - HKCU\..\Run: [VirtualDVR] C:\Programme\VirtualDVR\VirtualDVR.exe O4 - HKCU\..\Run: [TVgenial] C:\Programme\TVgenial\TVgenial.exe -d O4 - Global Startup: Watch.lnk = C:\WINNT\twain_32\C6U14K\WATCH.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\NAVNT\navapw32.exe O8 - Extra context menu item: Download &All by FD - C:\Programme\FreshDownload\fdiectx2.htm O8 - Extra context menu item: Download with &FD - C:\Programme\FreshDownload\fdiectx.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://213.229.33.36/java/cs4fs091.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} (SecureWeb Class) - http://secure.aconti.net/(ji0w3u2ami3cig45atuq5ay3)/secureweb/SecureWeb.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/273.../SNDriveBy.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4412701C-7B98-4370-AC12-328B1A804514}: NameServer = 195.3.96.67,195.3.96.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE959B1-EB57-477F-B19E-4C02BF6B54EE}: NameServer = 192.168.0.1 O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} Hat hier noch jemand etwas gefunden was nach Trojaner, Wurm oder Virus aussieht? mfg Rene |
Hallo Rene_joe, Du hast nicht nur eine sehr vielseitige sondern auch eine sehr gefährliche Virensammlung auf dem System. Unter anderem einen Ableger der zahlreichen Familie der Rbots W32/Rbot- und andere Viren mit Backdoor-Funktionalität. Die einzige Antwort, die cih Dir geben kann, ist daher: formatieren und neu aufsetzen, entsprechend Lutz' Datensicherung und Cidre's Rat. Ein löschen dieser Malware genügt nicht. Siehe dazu: Entfernung von Schädlingen und Kompromittierung unvermeidbar?. Zu Deiner Adware-Frage eine ausführliche Antwort. SD |
So, nun hab ich den ganzen nachmittag investiert, um mein Win2000 zu retten. So sieht jetzt meine HJT.log aus: Logfile of HijackThis v1.98.2 Scan saved at 17:15:05, on 25.11.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\Anti Virus Personal\AVGUARD.EXE C:\Programme\Anti Virus Personal\AVWUPSRV.EXE C:\WINNT\system32\hidserv.exe C:\intranet\Jana2\janad.exe C:\intranet\mysql\bin\mysqld-nt.exe C:\PROGRA~1\NAVNT\navapsvc.exe C:\PROGRA~1\NAVNT\npssvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\NAVNT\alertsvc.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe C:\Programme\Logitech\2.20\iTouch\iTouch.exe C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programme\ahead\InCD\InCD.exe C:\Programme\Logitech\9.73\MouseWare\system\em_exec.exe C:\Programme\NAVNT\POPROXY.EXE C:\PROGRA~1\WINPAT~1\WinPatrol.exe C:\Programme\winamp 5.03\winampa.exe C:\Programme\ZoneAlarm\zlclient.exe C:\Programme\Anti Virus Personal\AVGNT.EXE C:\WINNT\system32\RUNDLL32.EXE C:\Programme\NoPopUp 2003\nopopup.exe C:\Programme\VirtualDVR\VirtualDVR.exe C:\WINNT\53B4.exe C:\Programme\TVgenial\TVgenial.exe C:\WINNT\twain_32\C6U14K\WATCH.exe C:\Programme\NAVNT\navapw32.exe C:\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\2.20\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MSDIconsAndLabels] rundll32 C:\WINNT\system32\ShellExt\MsdServ.dll,Start C:\WINNT\system32\ShellExt\MSDIconsAndLabels.exe O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NAVNT\npscheck.exe O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NAVNT\defalert.exe O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\NAVNT\POPROXY.EXE O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\winamp 5.03\winampa.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Anti Virus Personal\AVGNT.EXE" /min O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun O4 - HKCU\..\Run: [YAW Autostart] "C:\Programme\YAW3\yaw.exe" O4 - HKCU\..\Run: [VirtualDVR] C:\Programme\VirtualDVR\VirtualDVR.exe O4 - HKCU\..\Run: [TVgenial] C:\Programme\TVgenial\TVgenial.exe -d O4 - Global Startup: Watch.lnk = C:\WINNT\twain_32\C6U14K\WATCH.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\NAVNT\navapw32.exe O8 - Extra context menu item: Download &All by FD - C:\Programme\FreshDownload\fdiectx2.htm O8 - Extra context menu item: Download with &FD - C:\Programme\FreshDownload\fdiectx.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://213.229.33.36/java/cs4fs091.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4412701C-7B98-4370-AC12-328B1A804514}: NameServer = 195.3.96.67,195.3.96.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE959B1-EB57-477F-B19E-4C02BF6B54EE}: NameServer = 192.168.0.1 Ist doch schon viel besser als gestern, oder? mfg Rene |
Liste der Anhänge anzeigen (Anzahl: 1) eScan 4.6.7 hab nicht gecheckt wie ich das Updaten kann, gibt es da eine Registerkarte oder wie? |
@ Rene_joe, wie Du eScan updaten kannst, steht in der Anleitung. Ich halte es nicht für in Ordnung, dass Du dieses System beibehalten willst. Meiner Ansicht ist es kompromittiert, da Du Backdoor-Programme auf dem Rechner hast, die sich nicht so ohne Weiteres löschen lassen ... Du setzt Deine eigene Sicherheit auf's Spiel und die Sicherheit derer, die mit Dir und Deinem System in Verbindung stehen. MfG Shadowdance |
Hi Shadowdance. Hab es mir mittlerweile überlegt, bin schon beim Sichern, werd mein System neu aufsetzen. Ist zwar eine heidn Arbeit aber i werds schön langsam machen. mfg Rene |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 01:12 Uhr. |
Copyright ©2000-2025, Trojaner-Board