| |
| |||||||
Log-Analyse und Auswertung: Trojan-Downloader.win32.Agent VariantWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
31.05.2007, 19:49
| #1 |
| |  Trojan-Downloader.win32.Agent Variant Hallo Zusammen. Also zu meinem Problem. immer wenn ich das Spiel World of Warcraft starte kommt die Warnung : klick hier ich hab auch schon nach dem Trjaner bei Google gesucht aber nichts hilfreiches gefunden. Ich hoffe das man den Trojaner entfernen kann da bei einer Formatierung ziemlich viele Dateien Verloren gehen würden. MfG. Veruxo Ps: hier noch meinen HijackThis Logfile Logfile of HijackThis v1.99.1 Scan saved at 20:20:51, on 31.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\RedLine\Taskbar.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\ASUS\Ai Nap\AiNap.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Winamp\winampa.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\NetPumper\NetPumperIEProxy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Winamp\winamp.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\World of Warcraft\WoW.exe C:\DOKUME~1\Veruxo\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis_199.zip\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RedLine Taskbar] C:\Programme\RedLine\Taskbar.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Programme\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SeekmoToolbar] C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE} O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BLASC] "C:\Programme\World of Warcraft\BLASC\BLASC.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{09B80DC5-8731-409F-B5CF-20C9A16FD7FD}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{335D967F-6116-47F1-9866-FDAC9FE9F883}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5879AAE8-8F7D-44A3-8802-09BA035A9742}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1C7BBB-AB14-4040-A1C3-648D98A545BE}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{83E4FA04-1941-4CAF-9192-69DAA0B3F6CB}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{89C531C6-FE2B-4115-B8B0-75377C7388EC}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
31.05.2007, 19:59
| #2 |
 | Trojan-Downloader.win32.Agent Variant Du hast zango-Search. ich glaube, das bekommst du mit Combofix weg.
__________________Öffnen, den link mit der datei auf der Seite öffnen und nach der Anleitung durchgehen. Log abkopieren und hier posten. Außerdem noch dein Hijackthislog ( aktuell) nach der Aktion mit Combofix. |
|
31.05.2007, 21:29
| #3 |
| | Trojan-Downloader.win32.Agent Variant "Veruxo" - 2007-05-31 22:22:45 Service Pack 2
__________________ComboFix 07-05.27.BV - Running from: "C:\Dokumente und Einstellungen\MarcelB\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\WINDOWS\system32\kdchg.exe" ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 )))))))))))))))))))))))))))))))))) 2007-05-31 17:37 <DIR> d-------- C:\Programme\World of Warcraft 2007-05-31 17:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment 2007-05-30 22:30 12,366,629 --------- C:\AVG7QT.DAT 2007-05-30 18:33 512 --a------ C:\drmHeader.bin 2007-05-20 19:42 <DIR> d-------- C:\Programme\Anti-Leech 2007-05-19 15:35 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-05-19 15:30 <DIR> dr-h----- C:\DOKUME~1\Veruxo\ANWEND~1\SecuROM 2007-05-19 15:30 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\Command & Conquer 3 Tiberium Wars 2007-05-18 14:01 <DIR> d-------- C:\Programme\iTunes 2007-05-18 14:01 <DIR> d-------- C:\Programme\iPod 2007-05-18 14:00 <DIR> d-------- C:\Programme\QuickTime 2007-05-13 17:50 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-05-13 17:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-05-13 17:21 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\Command & Conquer 3 Tiberium Wars Demo 2007-05-13 17:19 <DIR> d-------- C:\Programme\Electronic Arts 2007-05-13 16:55 <DIR> d-------- C:\Programme\GetRight 2007-05-13 16:55 <DIR> d-------- C:\Downloads 2007-05-13 15:07 <DIR> d-------- C:\Programme\NetPumper 2007-05-13 15:07 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\NetPumper 2007-05-12 20:37 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\MusicIP 2007-05-11 19:54 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-05-11 06:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-11 06:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-11 06:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-11 06:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-09 17:33 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-05-07 22:13 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\Symantec 2007-05-07 21:47 <DIR> d-------- C:\Programme\Norton 360 2007-04-23 02:15 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 02:15 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-04-23 02:15 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-04-23 02:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-04-23 02:02 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 02:02 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-04-23 02:02 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 02:02 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-04-23 02:02 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-04-23 02:02 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-04-23 02:02 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-04-23 02:01 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-04-23 02:01 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-08 02:07 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\SeekmoToolbar 2007-04-02 18:26 <DIR> d-------- C:\Programme\SeekmoToolbar (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-31 17:47:27 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-05-28 12:08:56 -------- d-----w C:\Programme\Hewlett-Packard 2007-05-28 12:04:20 -------- d-----w C:\Programme\Google 2007-05-28 12:04:07 -------- d-----w C:\Programme\Winamp 2007-05-23 14:41:59 -------- d-----w C:\DOKUME~1\Veruxo\ANWEND~1\Azureus 2007-05-21 17:54:30 -------- d-----w C:\Programme\DivX 2007-05-19 18:49:24 -------- d-----w C:\Programme\ZKB Onba 2007-05-18 11:57:54 -------- d-----w C:\Programme\Apple Software Update 2007-05-13 15:50:52 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2007-05-12 21:36:12 -------- d-----w C:\Programme\Fraps 2007-05-07 19:49:00 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-07 19:49:00 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-07 19:49:00 -------- d-----w C:\Programme\Symantec 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-30 14:44:52 186,520 ----a-w C:\WINDOWS\system32\SymNPPWA.dll 2007-03-25 11:12:03 63,580 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-03-25 11:12:03 391,000 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39] {1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 05:22] {5CBE2611-C31B-401F-89BC-4CBB25E853D7}=C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll [2007-02-12 17:49] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [] "RedLine Taskbar"="C:\Programme\RedLine\Taskbar.exe" [2003-02-09 18:56] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 23:59] "Launch Ai Booster"="C:\Programme\ASUS\Ai Booster\OverClk.exe" [2006-05-05 17:49] "Ai Nap"="C:\Programme\ASUS\Ai Nap\AiNap.exe" [2006-05-10 20:28] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 21:33] "SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07] "SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 10:19] "SeekmoToolbar"="C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}" [] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-04-25 17:44] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-04-27 11:25] "NetPumper"="C:\Programme\NetPumper\NetPumperIEProxy.exe" [2004-07-03 21:06] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-05-30 22:37] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:33] "BLASC"="C:\Programme\World of Warcraft\BLASC\BLASC.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7d45821-7292-11db-87ab-806d6172696f}] AutoRun\command- D:\Bin\Assetup.exe *Newly Created Service* - COMHOST Contents of the 'Scheduled Tasks' folder 2007-05-18 11:56:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-31 22:25:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-31 22:26:55 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-31 22:26 --- E O F --- |
|
31.05.2007, 21:42
| #4 |
| | Trojan-Downloader.win32.Agent Variant Poste bitte dein aktuelles Hijackthislog. |
|
01.06.2007, 15:35
| #5 |
| | Trojan-Downloader.win32.Agent Variant Hab gestern HijackThis vergessen zu posten , hab nochmal beides durchlaufen lassen. "Veruxo" - 2007-06-01 16:25:08 Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Dokumente und Einstellungen\Veruxo\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 )))))))))))))))))))))))))))))))))) 2007-05-31 22:26 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-31 17:37 <DIR> d-------- C:\Programme\World of Warcraft 2007-05-31 17:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment 2007-05-30 22:30 12,366,629 --------- C:\AVG7QT.DAT 2007-05-30 18:33 512 --a------ C:\drmHeader.bin 2007-05-20 19:42 <DIR> d-------- C:\Programme\Anti-Leech 2007-05-19 15:35 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-05-19 15:30 <DIR> dr-h----- C:\DOKUME~1\Veruxo\ANWEND~1\SecuROM 2007-05-19 15:30 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\Command & Conquer 3 Tiberium Wars 2007-05-18 14:01 <DIR> d-------- C:\Programme\iTunes 2007-05-18 14:01 <DIR> d-------- C:\Programme\iPod 2007-05-18 14:00 <DIR> d-------- C:\Programme\QuickTime 2007-05-13 17:50 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-05-13 17:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-05-13 17:21 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\Command & Conquer 3 Tiberium Wars Demo 2007-05-13 17:19 <DIR> d-------- C:\Programme\Electronic Arts 2007-05-13 16:55 <DIR> d-------- C:\Programme\GetRight 2007-05-13 16:55 <DIR> d-------- C:\Downloads 2007-05-13 15:07 <DIR> d-------- C:\Programme\NetPumper 2007-05-13 15:07 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\NetPumper 2007-05-12 20:37 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\MusicIP 2007-05-11 19:54 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-05-11 06:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-11 06:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-11 06:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-11 06:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-09 17:33 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-05-07 22:13 <DIR> d-------- C:\DOKUME~1\Veruxo\ANWEND~1\Symantec 2007-05-07 21:47 <DIR> d-------- C:\Programme\Norton 360 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-31 17:47:27 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-05-28 12:08:56 -------- d-----w C:\Programme\Hewlett-Packard 2007-05-28 12:04:20 -------- d-----w C:\Programme\Google 2007-05-28 12:04:07 -------- d-----w C:\Programme\Winamp 2007-05-23 14:41:59 -------- d-----w C:\DOKUME~1\Veruxo\ANWEND~1\Azureus 2007-05-21 17:54:30 -------- d-----w C:\Programme\DivX 2007-05-19 18:49:24 -------- d-----w C:\Programme\ZKB Onba 2007-05-18 11:57:54 -------- d-----w C:\Programme\Apple Software Update 2007-05-13 15:50:52 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2007-05-12 21:36:12 -------- d-----w C:\Programme\Fraps 2007-05-07 19:49:00 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-07 19:49:00 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-07 19:49:00 -------- d-----w C:\Programme\Symantec 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-08 00:07:29 -------- d-----w C:\DOKUME~1\Veruxo\ANWEND~1\SeekmoToolbar 2007-04-02 16:26:35 -------- d-----w C:\Programme\SeekmoToolbar 2007-03-30 14:44:52 186,520 ----a-w C:\WINDOWS\system32\SymNPPWA.dll 2007-03-25 11:12:03 63,580 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-03-25 11:12:03 391,000 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39] {1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 05:22] {5CBE2611-C31B-401F-89BC-4CBB25E853D7}=C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll [2007-02-12 17:49] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [] "RedLine Taskbar"="C:\Programme\RedLine\Taskbar.exe" [2003-02-09 18:56] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 23:59] "Launch Ai Booster"="C:\Programme\ASUS\Ai Booster\OverClk.exe" [2006-05-05 17:49] "Ai Nap"="C:\Programme\ASUS\Ai Nap\AiNap.exe" [2006-05-10 20:28] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 21:33] "SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07] "SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 10:19] "SeekmoToolbar"="C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}" [] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-04-25 17:44] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-04-27 11:25] "NetPumper"="C:\Programme\NetPumper\NetPumperIEProxy.exe" [2004-07-03 21:06] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-05-30 22:37] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:33] "BLASC"="C:\Programme\World of Warcraft\BLASC\BLASC.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7d45821-7292-11db-87ab-806d6172696f}] AutoRun\command- D:\Bin\Assetup.exe *Newly Created Service* - COMHOST Contents of the 'Scheduled Tasks' folder 2007-05-18 11:56:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-01 16:26:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-01 16:26:52 C:\ComboFix-quarantined-files.txt ... 2007-06-01 16:26 C:\ComboFix2.txt ... 2007-05-31 22:26 --- E O F --- ------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 16:32:31, on 01.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\RedLine\Taskbar.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\ASUS\Ai Nap\AiNap.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Winamp\winampa.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\NetPumper\NetPumperIEProxy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUME~1\Veruxo\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RedLine Taskbar] C:\Programme\RedLine\Taskbar.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Programme\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SeekmoToolbar] C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE} O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BLASC] "C:\Programme\World of Warcraft\BLASC\BLASC.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{09B80DC5-8731-409F-B5CF-20C9A16FD7FD}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{335D967F-6116-47F1-9866-FDAC9FE9F883}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5879AAE8-8F7D-44A3-8802-09BA035A9742}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1C7BBB-AB14-4040-A1C3-648D98A545BE}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{83E4FA04-1941-4CAF-9192-69DAA0B3F6CB}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{89C531C6-FE2B-4115-B8B0-75377C7388EC}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
01.06.2007, 15:57
| #6 |
| | Trojan-Downloader.win32.Agent Variant Hole dir Spybot Search and destroy. DIREKTDOWNLOAD Installiere es und hol dir die neuen Updates unter "Updates". dazu musst du zuerst unter dem Punkt nach ihnen suchen, sie mit einem Haken markieren und "Gewählte Updates downloaden" klicken. Überprüfe jedoch noch nicht! Gehe in den Abgesicherten Modus ( beim rebooten F8 drücken ) Klicke auf den Arbeitsplatz und navigiere nach: C:\ Programme\ und lösche den Ordner "NetPumper" Lösche den Papierkorb. Solltest du diesen nicht finden, gehst du auf irgendeinen Ornder und stellst oben per Extras - > Ordneroptionen -> Ansicht -> unter dem menüpunkt "Versteckte Dateien und Ordner" den Punkt "Alle dateien und ordner anzeigen" ein. Übernehmen, Ok. Dann versuchst du es nocheinmal. Jetzt scannst du mit Spybot Search and Destroy. Wenn der Scann durchgelaufen ist, haben sich mehrere rote Objekte angesammelt. Diese sind bereits mit einem haken markiert. Nun betätigst du noch den Button "Markierte probleme beheben" und nachdem die Objekte gelöscht wurden, startest du normal neu. Erstelle ein aktuelles HijackThis Log und poste es hier. Fast geschafft! |
|
01.06.2007, 17:25
| #7 |
| | Trojan-Downloader.win32.Agent Variant Vielen Dank, es funktioniert wieder  und hier noch der HijackThis logLogfile of HijackThis v1.99.1 Scan saved at 18:21:21, on 01.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\RedLine\Taskbar.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\ASUS\Ai Nap\AiNap.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Winamp\winampa.exe C:\Programme\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\DOKUME~1\Veruxo\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis_199.zip\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RedLine Taskbar] C:\Programme\RedLine\Taskbar.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Programme\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SeekmoToolbar] C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE} O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BLASC] "C:\Programme\World of Warcraft\BLASC\BLASC.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{09B80DC5-8731-409F-B5CF-20C9A16FD7FD}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{335D967F-6116-47F1-9866-FDAC9FE9F883}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5879AAE8-8F7D-44A3-8802-09BA035A9742}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1C7BBB-AB14-4040-A1C3-648D98A545BE}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{83E4FA04-1941-4CAF-9192-69DAA0B3F6CB}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{89C531C6-FE2B-4115-B8B0-75377C7388EC}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
01.06.2007, 17:56
| #8 |
| | Trojan-Downloader.win32.Agent Variant Leider noch nicht fertig, warte. |
|
01.06.2007, 18:00
| #9 |
| | Trojan-Downloader.win32.Agent Variant Mit HijackThis scannen, Häkchen vor folgende Einträge setzen: O4 - HKLM\..\Run: [SeekmoToolbar] C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FI LE} O2 - BHO: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dl l O3 - Toolbar: Seekmo Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Programme\SeekmoToolbar\Bin\4.8.4.0\SkHostIE.dl l O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe" Bei www.virustotal.com prüfen: C:\Programme\PartyGaming\PartyCasino\RunCasino.exe Posxte das Ergebnis hier. Erstelle ein neues HijackThis Logfile. Wir haben es bald geschafft! |
|
02.06.2007, 16:10
| #10 |
| | Trojan-Downloader.win32.Agent Variant Complete scanning result of "RunCasino.exe", received in VirusTotal at 06.02.2007, 17:01:55 (CET). Antivirus Version Update Result AhnLab-V3 2007.5.31.2 06.01.2007 no virus found AntiVir 7.4.0.29 06.01.2007 no virus found Authentium 4.93.8 05.23.2007 no virus found Avast 4.7.997.0 06.01.2007 no virus found AVG 7.5.0.467 06.01.2007 no virus found BitDefender 7.2 06.02.2007 no virus found CAT-QuickHeal 9.00 06.01.2007 no virus found ClamAV devel-20070416 06.02.2007 no virus found DrWeb 4.33 06.02.2007 no virus found eSafe 7.0.15.0 05.31.2007 no virus found eTrust-Vet 30.7.3684 06.02.2007 no virus found Ewido 4.0 06.02.2007 no virus found FileAdvisor 1 06.02.2007 no virus found Fortinet 2.85.0.0 06.02.2007 no virus found F-Prot 4.3.2.48 06.01.2007 no virus found F-Secure 6.70.13030.0 06.01.2007 no virus found Ikarus T3.1.1.8 06.02.2007 no virus found Kaspersky 4.0.2.24 06.02.2007 no virus found McAfee 5044 06.01.2007 no virus found Microsoft 1.2503 06.02.2007 no virus found NOD32v2 2305 06.01.2007 no virus found Norman 5.80.02 06.01.2007 no virus found Panda 9.0.0.4 06.02.2007 no virus found Prevx1 V2 06.02.2007 no virus found Sophos 4.18.0 06.01.2007 no virus found Sunbelt 2.2.907.0 05.30.2007 no virus found Symantec 10 06.02.2007 no virus found TheHacker 6.1.6.128 05.31.2007 no virus found VBA32 3.12.0 06.01.2007 no virus found VirusBuster 4.3.23:9 06.02.2007 no virus found Webwasher-Gateway 6.0.1 06.02.2007 no virus found Aditional Information File size: 110592 bytes MD5: 77504a939253f52f50b0d3cb3b83fa5d SHA1: 48d04efc35d5408490f0cf6834bcc596e6b28ac8 ----------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:08:26, on 02.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\RedLine\Taskbar.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\ASUS\Ai Nap\AiNap.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Winamp\winampa.exe C:\Programme\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUME~1\Veruxo\LOKALE~1\Temp\Temporäres Verzeichnis 4 für hijackthis_199.zip\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file) O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RedLine Taskbar] C:\Programme\RedLine\Taskbar.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Programme\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SeekmoToolbar] C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE} O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BLASC] "C:\Programme\World of Warcraft\BLASC\BLASC.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{09B80DC5-8731-409F-B5CF-20C9A16FD7FD}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{335D967F-6116-47F1-9866-FDAC9FE9F883}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5879AAE8-8F7D-44A3-8802-09BA035A9742}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1C7BBB-AB14-4040-A1C3-648D98A545BE}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{83E4FA04-1941-4CAF-9192-69DAA0B3F6CB}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{89C531C6-FE2B-4115-B8B0-75377C7388EC}: NameServer = 85.255.114.110,85.255.112.170 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.170 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
12.06.2007, 17:55
| #11 |
| |  Trojan-Downloader.win32.Agent Variant Hallo gleiches Problem gleiche Meldung! Hier mein HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 18:43:50, on 12.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe C:\WINDOWS\ATKKBService.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programme\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Programme\McAfee\MSK\MskSrver.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\AOL\1178635475\ee\AOLSoftware.exe C:\Programme\McAfee\MSK\MskAgent.exe C:\Programme\SiteAdvisor\6066\SiteAdv.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\MSMSGS.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\AOL 9.0a\aoltray.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\McAfee\MPS\mpsevh.exe C:\Programme\AOL 9.0a\waol.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\System32\alg.exe C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe C:\Programme\AOL 9.0a\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\Dokumente und Einstellungen\***\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {51A75FD4-CF23-4D62-BAB6-BA61D9A7FC59} - C:\WINDOWS\system32\sprjo800.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\programme\mcafee\mps\mcpopup.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1178635475\ee\AOLSoftware.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178637393796 O17 - HKLM\System\CCS\Services\Tcpip\..\{03983F1E-A02F-45C1-872B-E5AB9016CAA6}: NameServer = 85.255.114.25,85.255.112.69 O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF013E0-6374-43AB-B1F0-8F75529E55EC}: NameServer = 85.255.114.25,85.255.112.69 O17 - HKLM\System\CCS\Services\Tcpip\..\{16F29E81-ACF0-468C-9A22-27D4567C711A}: NameServer = 85.255.114.25,85.255.112.69 O17 - HKLM\System\CCS\Services\Tcpip\..\{5740556A-AFCF-4750-8174-EBC76B81D3AE}: NameServer = 85.255.114.25,85.255.112.69 O17 - HKLM\System\CCS\Services\Tcpip\..\{EF37AC1F-00D4-473D-8DBC-29DA17DBABE9}: NameServer = 205.188.146.145 O17 - HKLM\System\CCS\Services\Tcpip\..\{EF5D2DC3-A430-4F93-851C-F4D220389D25}: NameServer = 85.255.114.25,85.255.112.69 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69 O17 - HKLM\System\CS1\Services\Tcpip\..\{03983F1E-A02F-45C1-872B-E5AB9016CAA6}: NameServer = 85.255.114.25,85.255.112.69 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programme\SiteAdvisor\6066\SAService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Mfg Maggot |
|
18.12.2007, 15:43
| #12 |
| | Trojan-Downloader.win32.Agent Variant alsoo ich hab genau das gleiche problem. kenne mich aba kein meter mit so was aus. könnte das mir bitte jemand schritt für schritt und mit alles detais beschreiben was ich machen muss? dankee scho ma in voraus... hab dicke kriese deswegen  WOW^^ |
|
18.12.2007, 16:00
| #13 | |
| | Trojan-Downloader.win32.Agent VariantZitat:
__________________ Gruß 11Boy  |
|
| Themen zu Trojan-Downloader.win32.Agent Variant |
| adobe, alert, application, bho, browser, downloader, drivers, e-mail, entfernen, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, monitor, mozilla, mozilla firefox, photoshop, programme, symantec, system, temp, trojan-downloader.win32.agent, trojaner, trojaner entferne, trojaner entfernen, warnung, windows, windows xp |
Linear-Darstellung
