agent.ay hilfe...

anteros · 18.09.2004, 23:00

also 4 punkte kann ich mal ausschließen

sidebar is von nem desktop tool das ich regelmäßig brauche und eigentlich nicht vervirt sein dürfte

weiters is A925 eine verbindungssoftware für mein handy

und der letzte eintrag wird vcon houscall erstellt wenn man den onlinescan von trendmicro macht

werd das nachher gleich ausprobieren

ich danke euch für die hilfe poste morgen neuen hijack

raphaelschnee · 21.09.2005, 11:50

hi an alle,
habe ledier auch den agent.ay habe bereits alle hausaufgaben gemacht, windowsupdate geht allerdings nicht, weil das auch blockiert wird.
anbei das ergebnis meines hijack im abgesicherten... hab eine sachen wie nail etc. schon gefixed, kam aber immer wieder. alle mit * hab ich schon gefixt. kommen aber wieder.

bitte um hilfe!!!

Logfile of HijackThis v1.99.1
Scan saved at 11:32:07, on 21.09.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\jrfkyx.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Dokumente und Einstellungen\Wolf\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = testestet:123
R3 - Default URLSearchHook is missing
*F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\qopmn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\System32\mllii.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
*O4 - HKLM\..\Run: [jcmyhh] C:\WINDOWS\System32\jrfkyx.exe r
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Word\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: AntiVir Guard.lnk = C:\Programme\AVPersonal\AVGNT.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O20 - Winlogon Notify: mllii - C:\WINDOWS\System32\mllii.dll
O20 - Winlogon Notify: qopmn - C:\WINDOWS\SYSTEM32\qopmn.dll
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - *C:\WINDOWS\aim.exe (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner - C:\WINDOWS\System32\rpcclient.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
*O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
*O23 - Service: change me please (virus) - Unknown owner - C:\WINDOWS\pnpasn32.exe (file missing)

Wed Sep 21 12:47:59 2005 => ***** Scanning complete. *****

Wed Sep 21 12:47:59 2005 => Total Objects Scanned: 45467
Wed Sep 21 12:47:59 2005 => Total Virus(es) Found: 14
Wed Sep 21 12:47:59 2005 => Total Disinfected Files: 0
Wed Sep 21 12:47:59 2005 => Total Files Renamed: 0
Wed Sep 21 12:47:59 2005 => Total Deleted Objects: 0
Wed Sep 21 12:47:59 2005 => Total Errors: 40
Wed Sep 21 12:47:59 2005 => Time Elapsed: 01:07:05
Wed Sep 21 12:47:59 2005 => Virus Database Date: 2005/09/09
Wed Sep 21 12:47:59 2005 => Virus Database Count: 148428

Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Network1.Popups Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Network1.Popups Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Media Pass Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "saap Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ABetterInternet.Aurora Adware" found in File System! Action Taken: No Action Taken.
Object "windupdate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "aurora Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "aurora Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "aurora Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\wuweb.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\Dokumente und Einstellungen\Wolf\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\hijackthis.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NetMD.dll" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\NetMD.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OmgSetup.exe" refers to invalid object "C:\Programme\Sony Corporation\OpenMG Setup\OmgSetup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Sony DV Shared Library" refers to invalid object "C:\Programme\Gemeinsame Dateien\Sony Shared\DVLib\Sony DV Shared Library". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Sony MPEG-Decoder-Bibliothek" refers to invalid object "C:\Programme\Sony Corporation\Sony MPEG-Decoder-Bibliothek\Sony MPEG-Decoder-Bibliothek". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Sony Shared Library für XP" refers to invalid object "C:\Programme\Sony Corporation\Sony Shared Library für XP\Sony Shared Library für XP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".csv". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ftp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IND". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".klb". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIR". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate1.6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RealProducer 8.5". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RealProducerX 6.0". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SymSetup.{C6B28661-7910-442E-ADDD-72EAA8395380}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3075C5C3-0807-4924-AF8F-FF27052C12AE}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}" refers to invalid object "C:\PROGRA~2\MEDIAP~1\MEDIAP~2.EXE". Action Taken: No Action Taken.
Entry "HKCR\.bkf" refers to invalid object "msbackupfile". Action Taken: No Action Taken.
Entry "HKCR\.spl" refers to invalid object "ShockwaveFlash.ShockwaveFlash". Action Taken: No Action Taken.
Entry "HKCR\.swf" refers to invalid object "ShockwaveFlash.ShockwaveFlash". Action Taken: No Action Taken.
Entry "HKCR\WEBInstaller.CExecute" refers to invalid object "{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}". Action Taken: No Action Taken.
Entry "HKCR\WEBInstaller.CExecute.1" refers to invalid object "{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZIHH4F9U\sideb[1].exe tagged as "not-a-virus:AdWare.ToolBar.EliteBar.z". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7Q0A23VN\thin-143-1-x-x[1].exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPQ0S2U4\mmxmetal[1].exe infected by "Trojan-Downloader.Win32.VB.jl" Virus! Action Taken: No Action Taken.

agent.ay hilfe...

Log-Analyse und Auswertung: agent.ay hilfe...

agent.ay hilfe...

agent.ay hilfe...eiei mich hats auch erwischt

Ähnliche Themen: agent.ay hilfe...