Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus oder Trojaner und wie bekomme ichs weg?? (https://www.trojaner-board.de/18808-virus-trojaner-bekomme-ichs-weg.html)

Millerworld 09.06.2005 22:06
Virus oder Trojaner und wie bekomme ichs weg??
 
Nach jedem neustart habe ich eine neue exe in meinem task manager bzw. ändert sie immer den namen wenn ichs vorher gelöscht habe. Heute zB apirk.exe oder mal addtw32.exe usw.

es kehrt immer wieder und verändert den namen.

hab schon antivir adaware und spybot probiert, die finden nix...

und ab und zu bekomme ich dann in der taskleiste ein rotes symbol mit weißem kreuz "Your computer might be at risk"

hier mal ein logfile von highjackthis


Logfile of HijackThis v1.99.1
Scan saved at 22:58:59, on 09.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ntvk.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\programme\powerstrip\pstrip.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\system32\apirk.exe
C:\Dokumente und Einstellungen\Netwalker\Eigene Dateien\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gfhjkhgi.biz (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjjsa.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2716D879-C8BD-BABB-F6EA-1EEC82868231} - C:\WINDOWS\iefm.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Class - {FAA3AE33-E236-9AAE-0086-426033A4531F} - C:\WINDOWS\system32\mfchw.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [addcd.exe] C:\WINDOWS\addcd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iedd32.exe] C:\WINDOWS\iedd32.exe
O4 - HKLM\..\Run: [crxx.exe] C:\WINDOWS\crxx.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [sdkos32.exe] C:\WINDOWS\sdkos32.exe
O4 - HKLM\..\Run: [winpk.exe] C:\WINDOWS\winpk.exe
O4 - HKLM\..\Run: [mfcvs32.exe] C:\WINDOWS\mfcvs32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [atlxq32.exe] C:\WINDOWS\system32\atlxq32.exe
O4 - HKLM\..\Run: [apirk.exe] C:\WINDOWS\system32\apirk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: >>> EasyWWW.com -Your Easy Surf Home! - http://www.easywww.com/
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107970526901
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - https://www.novaworld.com/NWCommunities/Beta/NLSysInfo.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntvk.exe" /s (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
_____________
Anm.
Aktive Links editiert!
Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis.


LG Cidre
S-Mod TB

dartus 09.06.2005 22:51
Hallo Millerworld,

Du hast ziemlich viel in Deinem System.
Grund dafür ist u.a. Dein veraltetes Betriebssystem, SP 2 und weitere Sicherheitsupdates sind aktuell.

Führe mal Escan aus (scan im abgesicherten Modus) und poste die Funde mit Hilfe der "find.bat". Lies die Anleitung bitte aufmerksam durch.
Nimm auch vorher eine Datenträgerbereinigung vor und leere den Quarantäne-Ordner Deines Virenprogrammes.

dartus

Millerworld 10.06.2005 10:21
so, hatte nochmal adaware spybot und zum schluss antivir laufen lassen, hat auch mehrere sachen gefunden aber das hauptproblem ist immer noch da. also hab ich mal dieses eScan laufen lassen und das hat noch 119 Viruse gefunden :balla:

hier mal das logfile:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Jun 10 03:26:04 2005 => File C:\WINDOWS\system32\WININET.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:05 2005 => File C:\WINDOWS\System32\OLEADM.dll infected by "Trojan.Win32.Agent.eq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:11 2005 => File C:\WINDOWS\system32\mfchw.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:15 2005 => File C:\WINDOWS\inet20057\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:19 2005 => File C:\WINDOWS\ipyx.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:19 2005 => File C:\WINDOWS\d3hk.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:20 2005 => File C:\WINDOWS\system32\mfchw.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:24 2005 => File C:\WINDOWS\inet20057\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:25 2005 => File C:\WINDOWS\d3hk.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:25 2005 => File C:\WINDOWS\ipyx.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:26:34 2005 => System found infected with CWS.YExe Spyware/Adware ({5321E378-FFAD-4999-8C62-03CA8155F0B3})! Action taken: No Action Taken.
Fri Jun 10 03:26:35 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Jun 10 03:26:51 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Fri Jun 10 03:27:26 2005 => File C:\abcsp.chm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:27:26 2005 => File C:\abcxx.chm infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:32:05 2005 => File C:\Dokumente und Einstellungen\Netwalker\Lokale Einstellungen\Temp\maxdd.game infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken.
Fri Jun 10 03:43:25 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Fri Jun 10 04:15:02 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013017.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:02 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013026.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013062.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013063.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013065.dll infected by "Trojan-Downloader.Win32.Agent.lz" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:04 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013072.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP46\A0013096.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:08 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013151.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:09 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013174.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:10 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013199.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:15:21 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013237.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:28 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014109.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:29 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP54\A0014128.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:30 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP54\A0014145.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:16:51 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014496.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:01 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014666.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014716.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014734.exe infected by "Trojan-Downloader.Win32.Agent.oq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:05 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014735.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:06 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP58\A0014757.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014794.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014795.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014797.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014798.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014800.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014802.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014804.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014805.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014806.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014807.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014808.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014811.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:12 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014812.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014841.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014843.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014845.exe infected by "Trojan-Downloader.Win32.Delf.og" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014846.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014847.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014848.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014850.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:13 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014851.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014852.exe infected by "Trojan-Downloader.Win32.Small.axo" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014853.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014860.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014870.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:14 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014871.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014889.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014901.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:15 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014902.exe infected by "Trojan-Downloader.Win32.Delf.og" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014904.exe infected by "Trojan-Downloader.Win32.Small.axo" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014905.exe infected by "Trojan-Downloader.Win32.Small.awa" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014906.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014907.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014908.exe infected by "Trojan-Downloader.Win32.Small.axn" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014922.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014923.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:17 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014924.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:21 2005 => File C:\webboxall.chm infected by "Trojan-Downloader.Win32.Small.abw" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:17:45 2005 => File C:\WINDOWS\atlwv32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:20:22 2005 => File C:\WINDOWS\iefm.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:20:22 2005 => File C:\WINDOWS\iexd32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:21:57 2005 => File C:\WINDOWS\ipum32.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:10 2005 => File C:\WINDOWS\mfcwm32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:20 2005 => File C:\WINDOWS\msdownld.tmp\wupd0000.exe infected by "Trojan-Downloader.Win32.Delf.dd" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:21 2005 => File C:\WINDOWS\n_houpyr.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:22:21 2005 => File C:\WINDOWS\n_rourji.dat infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:23:21 2005 => File C:\WINDOWS\system32\addga.exe infected by "Trojan.Win32.Agent.em" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:23:21 2005 => File C:\WINDOWS\system32\addli.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:30 2005 => File C:\WINDOWS\system32\forward.exe infected by "Trojan-Downloader.Win32.Agent.dy" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:34 2005 => File C:\WINDOWS\system32\ieef32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:41 2005 => File C:\WINDOWS\system32\iplo.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:25:54 2005 => File C:\WINDOWS\system32\maxd.exe infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:26:10 2005 => File C:\WINDOWS\system32\netbi32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:26:10 2005 => File C:\WINDOWS\system32\netdq.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:26:24 2005 => File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eq" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:27:28 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:27:43 2005 => File C:\WINDOWS\uninstIU.exe infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken.
Fri Jun 10 04:49:44 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Jun 10 03:26:09 2005 => File C:\WINDOWS\System32\seqsb.dll tagged as "not-a-virus:AdWare.ToolBar.Neon.c". Action Taken: No Action Taken.
Fri Jun 10 03:26:23 2005 => File C:\WINDOWS\System32\seqsb.dll tagged as "not-a-virus:AdWare.ToolBar.Neon.c". Action Taken: No Action Taken.
Fri Jun 10 03:37:46 2005 => File C:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
Fri Jun 10 03:39:40 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 03:43:45 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
Fri Jun 10 03:44:12 2005 => File C:\Programme\Cool2000\ce2kunin.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 04:02:10 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 04:14:08 2005 => File C:\Programme\WinRAR\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
Fri Jun 10 04:14:08 2005 => File C:\Programme\WinRAR\patch2.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
Fri Jun 10 04:15:20 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP47\A0013212.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
Fri Jun 10 04:16:11 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0013940.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
Fri Jun 10 04:16:22 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014015.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
Fri Jun 10 04:16:23 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP53\A0014030.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
Fri Jun 10 04:17:16 2005 => File C:\System Volume Information\_restore{2356D627-CB45-4F5A-9342-C2134E713063}\RP59\A0014909.exe tagged as not-a-virus:Downloader.Win32.Awmcash.a. No Action Taken.
Fri Jun 10 04:17:45 2005 => File C:\WINDOWS\brrjv.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
Fri Jun 10 04:20:53 2005 => File C:\WINDOWS\inet20057\3.00.05.dll tagged as "not-a-virus:AdWare.BHO.Ihbo.gen". Action Taken: No Action Taken.
Fri Jun 10 04:25:47 2005 => File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
Fri Jun 10 04:27:47 2005 => File C:\WINDOWS\woinstall.exe tagged as "not-a-virus:AdWare.EZula.ak". Action Taken: No Action Taken.
Fri Jun 10 04:30:45 2005 => File D:\Daten 1\Files\Tools\neu\Paint Shop Pro 8\xxxx.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
Fri Jun 10 04:49:29 2005 => File D:\System Volume Information\_restore{663B9F3E-4E80-44C3-8F1E-46F2D5C4C07F}\RP48\A0017266.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 10 04:49:31 2005 => File D:\System Volume Information\_restore{663B9F3E-4E80-44C3-8F1E-46F2D5C4C07F}\RP48\A0017267.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Fri Jun 10 04:49:44 2005 => Total Virus(es) Found: 119
Fri Jun 10 04:49:44 2005 => Total Errors: 201
Fri Jun 10 04:49:44 2005 => Time Elapsed: 01:23:41
Fri Jun 10 04:49:44 2005 => Total Objects Scanned: 113851
Fri Jun 10 03:25:04 2005 => Virus Database Date: 2005/06/10
Fri Jun 10 04:49:44 2005 => Virus Database Date: 2005/06/10
Fri Jun 10 11:08:40 2005 => Virus Database Date: 2005/06/10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Millerworld 10.06.2005 14:11
so hab jetzt auch sp2 und alle sicherheitsupdates drauf und nochmal mit adaware und antivir gescannt. problem ist aber immernoch da...

hier mal ein aktuelles highjack log:

Logfile of HijackThis v1.99.1
Scan saved at 15:11:20, on 10.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\inet20057\winlogon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\programme\powerstrip\pstrip.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Maxthon\Maxthon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\mfcik.exe
C:\Dokumente und Einstellungen\Netwalker\Eigene Dateien\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gfhjkhgi.biz (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dhkgz.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20057\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Class - {FAA3AE33-E236-9AAE-0086-426033A4531F} - C:\WINDOWS\system32\mfchw.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe
O4 - HKLM\..\Run: [javarc.exe] C:\WINDOWS\system32\javarc.exe
O4 - HKLM\..\Run: [crqw32.exe] C:\WINDOWS\system32\crqw32.exe
O4 - HKLM\..\Run: [addik.exe] C:\WINDOWS\addik.exe
O4 - HKLM\..\Run: [atlcb.exe] C:\WINDOWS\system32\atlcb.exe
O4 - HKLM\..\Run: [d3hk.exe] C:\WINDOWS\d3hk.exe
O4 - HKLM\..\Run: [apiku.exe] C:\WINDOWS\system32\apiku.exe
O4 - HKLM\..\RunOnce: [winch.exe] C:\WINDOWS\system32\winch.exe
O4 - HKLM\..\RunOnce: [mfcik.exe] C:\WINDOWS\mfcik.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: >>> EasyWWW.com -Your Easy Surf Home! - http://www.easywww.com/
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107970526901
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - https://www.novaworld.com/NWCommunities/Beta/NLSysInfo.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
_____________
Anm.
Aktive Links editiert!

LG Cidre
S-Mod TB

Haui45 10.06.2005 14:14
Bei der Masse an Malware, die sich munter fortpflanzt ;) lautet meine Empfehlung wie folgt: Setz' das System neu auf!


BTW: Dialer je nach Verbindungsart bitte auf Diskette speichern -> Dialer-Hinweis


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19