Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   hilfe habe auch den trojaner TR/VB.qn.C (https://www.trojaner-board.de/12967-hilfe-habe-trojaner-tr-vb-qn-c.html)

crosser 29.01.2005 18:29
hilfe habe auch den trojaner TR/VB.qn.C
 
ich habe hier schon mal mein log file. es währe nett, wenn ihr mal einen blick drauf werfen könntet.

Logfile of HijackThis v1.99.0
Scan saved at 18:26:51, on 29.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
F:\Programme\antivir\AVSched32.EXE
F:\Programme\antivir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\prutmct.exe
F:\Programme\antivir\AVWUPSRV.EXE
C:\Programme\Ulead Systems\Ulead Photo Express 2\CalCheck.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\prutmct.exe
C:\WINDOWS\System32\wuauclt.exe
F:\Programme\antivir\AVGUARD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
c:\Programme\ClearProg\ClearProg.exe
F:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Mario&Martina\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.searchv.com/1/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchv.com/1/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://www.searchv.com/1/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {C4F5E343-9494-47E4-8E35-440B49E25FD5} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\programme\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TeenSex] C:\WINDOWS\Dialer\pdialer.exe !m ln=WMP200000001650} sl=sx000055} dn=TeenSex} sn=TeenSex} tu=hxxp://63.66.136.123/m/} ru=} pl=837} nu=216}
O4 - HKLM\..\Run: [TeenSex(1)] C:\WINDOWS\Dialer\pdialer.exe !m ln=WMP200000000454} sl=sx000813} dn=TeenSex} sn=TeenSex} tu=hxxp://63.66.136.123/m/} ru=} pl=535} nu=372}
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT] C:\Programme\Ulead Systems\Ulead Photo Express 2\ChkFont.exe
O4 - HKLM\..\Run: [AVSCHED32] F:\Programme\antivir\AVSched32.EXE /min
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int129365.exe -auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\antivir\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] F:\PROGRA~1\YAHOOM~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [prutmct] C:\WINDOWS\System32\prutmct.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B1} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/find.html (file missing)
O9 - Extra button: ANTIVIRUS - {0B5F1910-F111-11d2-BB9E-00C05F7956B2} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/antivirus.html (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C05F7956B3} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/ggo.html (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C05F7956B4} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/warning.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B5} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/topsearch.html (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\YAHOOM~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\YAHOOM~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/c/c.pl?url=
O16 - DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - hxxp://software-dl.real.com/133f5e1ce05306fc2805/netzip/RdxIE601_de.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - hxxp://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - hxxp://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {B09B1D8B-88D6-4C91-BB62-378625E8C73E} ({B09B1D8B-88D6-4C91-BB62-378625E8C73E}) - hxxp://www.popup.to/connect/PremiumConnectLoad.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C4F5E343-9494-47E4-8E35-440B49E25FD5} - hxxp://www.fehlerpage.de/cab/fehlerpage.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - hxxp://www.download-url.de/install/StarInstall.ocx
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - hxxp://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - hxxp://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF37ADD-8207-420F-9629-38E2214137DE}: NameServer = 217.237.149.161 217.237.151.225
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - F:\Programme\antivir\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - F:\Programme\antivir\AVWUPSRV.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - F:\Programme\speedmanager\tsmsvc.exe

chaosman 29.01.2005 18:36
@crosser
du hast einiges im system
eine der ursachen
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
system und IE sind völlig veraltet.
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
O4 - HKLM\..\Run: [TeenSex(1)] C:\WINDOWS\Dialer\pdialer.exe !m ln=WMP200000000454} sl=sx000813} dn=TeenSex} sn=TeenSex} tu=http://63.66.136.123/m/} ru=} pl=535} nu=372}
sind 2 dialers.

die dialers sichern auf diskette, zwecks beweismittel, danach in den abgesicherten modus manuell löschen.
system und IE updaten
escan downloaden
anleitung
überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

chaosman

crosser 29.01.2005 18:45
ok dann werde ich mal e-scan durchlaufen lassen.
danke erst mal für die schnelle antwort

crosser 30.01.2005 12:55
also ich habe e-scan durchgeführt und habe die gefundenen viren manuell gelöscht, ebenso wie den ordner e2g. aber was soll ich sagen als ich den rechner im normalen modus wieder gestartet habe bekam ich wieder die warnung von antivir über diesen trojaner:iebhos

hier nun die von e-scan beanstndeten files:
File C:\WINDOWS\d.htm infected by "JS.Fortnight.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Hochzeit[hochzeits-feier,de].exe.exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Mario&Martina\Lokale Einstellungen\Temp\10.tmp infected by "Trojan.Win32.Liech.b" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Mario&Martina\Lokale Einstellungen\Temp\13.tmp infected by "Trojan.Win32.Liech.b" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Mario&Martina\Lokale Einstellungen\Temp\diaAD.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken.
File C:\Programme\WebSiteViewer\111787.dlr infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d.htm infected by "JS.Fortnight.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\gsda.dll tagged as not-a-virus:RiskWare.Downloader.SpyGame. No Action Taken.
File C:\WINDOWS\Hochzeit[hochzeits-feier,de].exe.exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.
File F:\Programme\antivir\INFECTED\IE46BIN.EXE.VIR infected by "Trojan.Win32.StartPage.ag" Virus. Action Taken: No Action Taken.
File F:\Programme\antivir\INFECTED\IEBHOS.DLL.001 infected by "not-a-virus:AdWare.BHO.E2Give.a" Virus. Action Taken: No Action Taken.
File F:\Programme\antivir\INFECTED\IEBHOS.DLL.VIR infected by "not-a-virus:AdWare.BHO.E2Give.a" Virus. Action Taken: No Action Taken.
File F:\Programme\antivir\INFECTED\IEBHOS[1].DLL.001 infected by "not-a-virus:AdWare.BHO.E2Give.a" Virus. Action Taken: No Action Taken.
File F:\Programme\antivir\INFECTED\IEBHOS[1].DLL.002 infected by "not-a-virus:AdWare.BHO.E2Give.a" Virus. Action Taken: No Action Taken.
File F:\Programme\antivir\INFECTED\IEBHOS[1].DLL.VIR infected by "not-a-virus:AdWare.BHO.E2Give.a" Virus. Action Taken: No Action Taken.
File F:\Programme\antivir\INFECTED\MEDAL OF HONOR (ALLIED ASSAULT) CRACK.EXE.VIR infected by "Win32.Parite.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d.htm infected by "JS.Fortnight.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\gsda.dll tagged as not-a-virus:RiskWare.Downloader.SpyGame. No Action Taken.
File C:\WINDOWS\Hochzeit[hochzeits-feier,de].exe.exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.

crosser 30.01.2005 12:56
hier noch mal ein aktuelles log file von hijackthis:
Logfile of HijackThis v1.99.0
Scan saved at 12:40:51, on 30.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
F:\Programme\antivir\AVSched32.EXE
F:\Programme\antivir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\prutmct.exe
F:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\prutmct.exe
F:\Programme\antivir\AVGUARD.EXE
F:\Programme\antivir\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
F:\PROGRA~1\YAHOOM~1\ymsgr_tray.exe
C:\Dokumente und Einstellungen\Mario&Martina\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.searchv.com/1/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchv.com/1/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://www.searchv.com/1/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {C4F5E343-9494-47E4-8E35-440B49E25FD5} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\programme\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT] C:\Programme\Ulead Systems\Ulead Photo Express 2\ChkFont.exe
O4 - HKLM\..\Run: [AVSCHED32] F:\Programme\antivir\AVSched32.EXE /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\antivir\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] F:\PROGRA~1\YAHOOM~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [prutmct] C:\WINDOWS\System32\prutmct.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B1} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/find.html (file missing)
O9 - Extra button: ANTIVIRUS - {0B5F1910-F111-11d2-BB9E-00C05F7956B2} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/antivirus.html (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C05F7956B3} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/ggo.html (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C05F7956B4} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/warning.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B5} - hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/topsearch.html (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\YAHOOM~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\YAHOOM~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: hxxp://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/c/c.pl?url=
O16 - DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - hxxp://software-dl.real.com/133f5e1ce05306fc2805/netzip/RdxIE601_de.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - hxxp://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - hxxp://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {B09B1D8B-88D6-4C91-BB62-378625E8C73E} ({B09B1D8B-88D6-4C91-BB62-378625E8C73E}) - hxxp://www.popup.to/connect/PremiumConnectLoad.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C4F5E343-9494-47E4-8E35-440B49E25FD5} - hxxp://www.fehlerpage.de/cab/fehlerpage.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - hxxp://www.download-url.de/install/StarInstall.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - hxxp://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF37ADD-8207-420F-9629-38E2214137DE}: NameServer = 217.237.149.161 217.237.151.225
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - F:\Programme\antivir\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - F:\Programme\antivir\AVWUPSRV.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - F:\Programme\speedmanager\tsmsvc.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55