Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner Dldr.Small.UV.3 und Small.AR.1.C (https://www.trojaner-board.de/15306-trojaner-dldr-small-uv-3-small-ar-1-c.html)

TrojanInfect 12.03.2005 22:43
Trojaner Dldr.Small.UV.3 und Small.AR.1.C
 
Hab ein etwas größeres Problem beim Scan mit ClamWin Antivirus meldete das Programm

Zitat:
c:\_RESTORE\TEMP\A0064746.CPY: Dialer.gen-25 FOUND

c:\_RESTORE\TEMP\A0064749.CPY: Dialer.gen-25 FOUND

c:\_RESTORE\TEMP\A0064752.CPY: Dialer.gen-25 FOUND

c:\_RESTORE\TEMP\A0065933.CPY: Dialer.gen-25 FOUND

c:\_RESTORE\TEMP\A0065936.CPY: Dialer.gen-25 FOUND

c:\_RESTORE\ARCHIVE\FS200.CAB: Trojan.Small.AR FOUND

c:\_RESTORE\ARCHIVE\FS145.CAB: Trojan.Startpage-104 FOUND
Jegliche Verssuche das Zeug mit Clam bzw. Antivir (bei Antivir heißen die Trojaner allerdings : Trojanische Pferd TR/Dldr.Small.UV.3; Trojanische Pferd TR/Small.AR.1.C) sind fehlgeschlagen, zwar melden beide Programme "removed" bzw. gelöscht doch bei einem neuerlichen Scan sind die Dinger immer wieder da. Weiß nicht was ich noch tun soll!!!

Hier noch mein HijackThis

Zitat:
Logfile of HijackThis v1.99.1
Scan saved at 22:10:43, on 12.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOME\SYSTEM\KERNEL32.DLL
C:\WINDOME\SYSTEM\MSGSRV32.EXE
C:\WINDOME\SYSTEM\mmtask.tsk
C:\WINDOME\SYSTEM\MPREXE.EXE
C:\WINDOME\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOME\SYSTEM\ATI2EVAE.EXE
C:\WINDOME\EXPLORER.EXE
C:\WINDOME\SYSTEM\MSMSGS.EXE
C:\PROGRAMME\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMME\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAMME\CANON\MULTIPASS4\MPTBOX.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOME\SYSTEM\ATIPTAXX.EXE
C:\WINDOME\SYSTEM\ATI2CWXX.EXE
C:\PROGRAMME\AVPERSONAL\AVSCHED32.EXE
C:\PROGRAMME\0900 WARNER\WARN0900.EXE
C:\WINDOME\SYSTEM\MPS.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOME\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eishockey-leipzig.de/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Programme\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [mps] C:\WINDOME\SYSTEM\mps.exe /s
O4 - HKLM\..\Run: [MPTBox] C:\Programme\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAMME\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [0900 Warner] C:\PROGRA~1\0900WA~1\WARN0900.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOME\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Verweisseiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOME\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOME\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOME\SYSTEM\MSJAVA.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {FC998ACF-FC75-41C5-955F-C51CF9728DE5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FC998ACF-FC75-41C5-955F-C51CF9728DE5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BC5DE84F-28C8-43F0-83F2-0A758C2FE914} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BC5DE84F-28C8-43F0-83F2-0A758C2FE914} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
Hoffe es kann mir jemand helfen, Danke schon mal im voraus!!! ;)

cronos 12.03.2005 22:49
Lade dir mal Clearprog und lösche damit mal deine temporären Dateien.

Bitte im abgesicherten Modus.

Desweitern Systemnwiederherstellung deaktivieren--->Neustart--->Systemwiederherstellung wieder anschalten.

http://www.windowspower.de/article59.html

TrojanInfect 12.03.2005 23:48
Hab deine Anweisungen befolgt, aber der Trojaner ist immer noch da.

Hab auch versucht die Datei manuell im Restore-Ordner zu löschen, ohne Erfolg auch im abgesicherten Modus!!!

Was könnte ich noch tun?

TrojanInfect 13.03.2005 00:49
Hat wirklich keiner ne Idee, was ich noch machen könnte um das Ding loszuwerden? ;)

cronos 13.03.2005 01:01
Dann lade dir bitte mal escan runter und poste uns was gefunden wurde.

Führe die Anweisungen im folgenden Link bitte genau aus:

http://www.trojaner-info.de//hijacker/escan

TrojanInfect 13.03.2005 09:20
So hier mal der Log :

Zitat:
Sun Mar 13 01:32:39 2005 => **********************************************************
Sun Mar 13 01:32:39 2005 => MicroWorld AntiVirus Toolkit Utility.
Sun Mar 13 01:32:39 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Mar 13 01:32:39 2005 => **********************************************************
Sun Mar 13 01:32:39 2005 => Version 5.1.2 (C:\BASES\MWAVSCAN.COM)
Sun Mar 13 01:32:39 2005 => Log File: C:\BASES\MWAV.LOG
Sun Mar 13 01:32:39 2005 => Latest Date of files inside MWAV: 11 Mar 2005 10:03:00.
Sun Mar 13 01:32:47 2005 => AV Library Loaded...
Sun Mar 13 01:32:47 2005 => Scanning File C:\BASES\kavss.exe
Sun Mar 13 01:32:48 2005 => Scanning File C:\BASES\Getvlist.exe
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\kavss.dll
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\kavssdi.dll
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\kavssi.dll
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\kavvlg.dll
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\msvlclnt.dll
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\ipc.dll
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\main.avi
Sun Mar 13 01:32:49 2005 => Scanning File C:\BASES\virus.avi
Sun Mar 13 01:32:50 2005 => Virus Database Date: 2005/03/11
Sun Mar 13 01:32:50 2005 => Virus Database Count: 121166

Sun Mar 13 01:34:17 2005 => **********************************************************
Sun Mar 13 01:34:17 2005 => MicroWorld AntiVirus Toolkit Utility.
Sun Mar 13 01:34:17 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Mar 13 01:34:17 2005 =>
Sun Mar 13 01:34:17 2005 => Support: support@mwti.net
Sun Mar 13 01:34:17 2005 => Web: http://www.mwti.net
Sun Mar 13 01:34:17 2005 => **********************************************************
Sun Mar 13 01:34:17 2005 => Version 5.1.2 (C:\BASES\MWAVSCAN.COM)
Sun Mar 13 01:34:17 2005 => Log File: C:\BASES\MWAV.LOG
Sun Mar 13 01:34:17 2005 => Windows Root Folder: C:\WINDOME
Sun Mar 13 01:34:17 2005 => Windows Sys32 Folder: C:\WINDOME\SYSTEM
Sun Mar 13 01:34:17 2005 => OS: Windows ME
Sun Mar 13 01:34:17 2005 => Latest Date of files inside MWAV: 11 Mar 2005 10:03:00.

Sun Mar 13 01:34:17 2005 => Options Selected by User:
Sun Mar 13 01:34:17 2005 => Memory Check: Enabled
Sun Mar 13 01:34:17 2005 => Registry Check: Enabled
Sun Mar 13 01:34:17 2005 => StartUp Folder Check: Enabled
Sun Mar 13 01:34:17 2005 => System Folder Check: Enabled
Sun Mar 13 01:34:17 2005 => System Area Check: Disabled
Sun Mar 13 01:34:17 2005 => Services Check: Enabled
Sun Mar 13 01:34:17 2005 => Drive Check: Disabled
Sun Mar 13 01:34:17 2005 => All Drive Check :Enabled
Sun Mar 13 01:34:17 2005 => Folder Check: Disabled


Sun Mar 13 01:34:52 2005 => File C:\WINDOME\SYSTEM\MSMSGS.EXE infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:34:54 2005 => File C:\WINDOME\SYSTEM\MSMSGS.EXE infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:35:56 2005 => File C:\WINDOME\SYSTEM\msmsgs.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:37:54 2005 => File C:\WINDOME\winlogon.exe infected by "Trojan-Downloader.Win32.Small.aag" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:45:31 2005 => File C:\_RESTORE\TEMP\A0053915.CPY infected by "Trojan-Clicker.Win32.Small.cz" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:49:19 2005 => File C:\_RESTORE\TEMP\A0064746.CPY infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:49:19 2005 => File C:\_RESTORE\TEMP\A0064749.CPY infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:49:20 2005 => File C:\_RESTORE\TEMP\A0064752.CPY infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:51:43 2005 => File C:\_RESTORE\TEMP\A0065933.CPY infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
Sun Mar 13 01:51:43 2005 => Scanning File C:\_RESTORE\TEMP\A0065936.CPY
Sun Mar 13 01:51:43 2005 => File C:\_RESTORE\TEMP\A0065936.CPY infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
Sun Mar 13 02:17:39 2005 => File C:\_RESTORE\TEMP\A0088752.CPY infected by "Trojan-Clicker.Win32.Small.cz" Virus. Action Taken: No Action Taken.
Sun Mar 13 02:43:43 2005 => File C:\_RESTORE\TEMP\A0104674.CPY infected by "Trojan-Downloader.Win32.Small.anf" Virus. Action Taken: No Action Taken.
Sun Mar 13 02:43:43 2005 => Scanning File C:\_RESTORE\TEMP\A0104675.CPY
Sun Mar 13 02:43:43 2005 => File C:\_RESTORE\TEMP\A0104675.CPY infected by "Trojan-Downloader.Win32.Small.anf" Virus. Action Taken: No Action Taken.
Sun Mar 13 03:03:39 2005 => File C:\_RESTORE\TEMP\A0112086.CPY infected by "not-a-virus:AdWare.ToolBar.MaidBar.a" Virus. Action Taken: No Action Taken.
Sun Mar 13 03:18:52 2005 => File C:\_RESTORE\TEMP\A0118145.CPY infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
Sun Mar 13 04:04:17 2005 => File C:\_RESTORE\ARCHIVE\FS200.CAB infected by "Trojan-Downloader.Win32.Small.ar" Virus. Action Taken: No Action Taken.
Sun Mar 13 04:09:00 2005 => File C:\_RESTORE\ARCHIVE\FS145.CAB infected by "Trojan-Spy.Win32.Small.bj" Virus. Action Taken: No Action Taken.
Sun Mar 13 04:18:09 2005 => File C:\WINDOME\SYSTEM\LogFiles\A52252210.so infected by "Trojan-Dropper.Win32.Small.ty" Virus. Action Taken: No Action Taken.
Sun Mar 13 04:53:54 2005 => File C:\WINDOME\Downloaded Program Files\win.exe infected by "Trojan-Downloader.Win32.Small.aag" Virus. Action Taken: No Action Taken.
Sun Mar 13 04:57:28 2005 => File C:\WINDOME\winlogon.exe infected by "Trojan-Downloader.Win32.Small.aag" Virus. Action Taken: No Action Taken.
Sun Mar 13 05:39:14 2005 => File C:\Programme\AVPersonal\INFECTED\52602252.2E3 infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.

Sun Mar 13 01:35:56 2005 => ERROR!!! Invalid Entry notepad2.exe = popuper.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). Removing it.
Sun Mar 13 01:36:12 2005 => ERROR!!! Invalid Entry \SystemRoot\System\atmarpc.sys. Removing SYSTEM\CurrentControlSet\Services\ATMARPC...
Sun Mar 13 03:55:54 2005 => Result: ERROR!!! File C:\_RESTORE\TEMP\A0128260.CPY is Not Scanned
Sun Mar 13 03:55:54 2005 => C:\_RESTORE\TEMP\A0128260.CPY not Scanned. Possibly password protected...
Sun Mar 13 03:55:54 2005 => Scanning File C:\_RESTORE\TEMP\A0128261.CPY
Sun Mar 13 03:55:55 2005 => Scanning File C:\_RESTORE\TEMP\A0128262.CPY
Sun Mar 13 03:56:04 2005 => Result: ERROR!!! File C:\_RESTORE\TEMP\A0128262.CPY is Not Scanned
Sun Mar 13 03:56:04 2005 => C:\_RESTORE\TEMP\A0128262.CPY not Scanned. Possibly password protected...
Sun Mar 13 04:47:24 2005 => Result: ERROR!!! File C:\WINDOME\Desktop\Desktop\Downloads\aawsepersonal.exe is Not Scanned
Sun Mar 13 04:47:24 2005 => C:\WINDOME\Desktop\Desktop\Downloads\aawsepersonal.exe not Scanned. Possibly password protected...
Sun Mar 13 04:55:20 2005 => Scanning File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
Sun Mar 13 04:55:20 2005 => Result: ERROR!!! File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
Sun Mar 13 04:55:20 2005 => C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip not Scanned. Possibly password protected...
Sun Mar 13 04:55:20 2005 => Scanning File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent.zip
Sun Mar 13 04:55:21 2005 => Result: ERROR!!! File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent.zip is Not Scanned
Sun Mar 13 04:55:21 2005 => C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent.zip not Scanned. Possibly password protected...
Sun Mar 13 04:55:21 2005 => Scanning File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent1.zip
Sun Mar 13 04:55:21 2005 => Result: ERROR!!! File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent1.zip is Not Scanned
Sun Mar 13 04:55:21 2005 => C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent1.zip not Scanned. Possibly password protected...
Sun Mar 13 04:55:21 2005 => Scanning File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent2.zip
Sun Mar 13 04:55:21 2005 => Result: ERROR!!! File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent2.zip is Not Scanned
Sun Mar 13 04:55:21 2005 => C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WildTangent2.zip not Scanned. Possibly password protected...
Sun Mar 13 04:55:21 2005 => Scanning File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip
Sun Mar 13 04:55:21 2005 => Result: ERROR!!! File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned
Sun Mar 13 04:55:21 2005 => C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip not Scanned. Possibly password protected...
Sun Mar 13 04:55:21 2005 => Scanning File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip
Sun Mar 13 04:55:21 2005 => Result: ERROR!!! File C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned
Sun Mar 13 04:55:21 2005 => C:\WINDOME\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip not Scanned. Possibly password protected...
Sun Mar 13 05:31:24 2005 => Scanning File C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask
Sun Mar 13 05:31:24 2005 => Result: ERROR!!! File C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask is Not Scanned
Sun Mar 13 05:31:24 2005 => C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask not Scanned. Possibly password protected...
Hab aber die Scanning Files rausgelöscht weil der LOG sich sonst über km erstreckt hätte.

TrojanInfect 14.03.2005 14:36
So hab die Platte gelöscht, neu formatiert und alles neu installiert!!! ;)

Jetzt meldet AntVir und Escan nichts!!!

Aber Clamwin :

c:\Programme\AVPersonal\VIRINFO.HLP: Worm.Maslan.B-unp FOUND
c:\_RESTORE\TEMP\A0005286.CPY: Worm.Maslan.B-unp FOUND

Hier noch Hijack

Zitat:
Logfile of HijackThis v1.99.1
Scan saved at 14:47:23, on 14.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\CLAMWIN\BIN\CLAMTRAY.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS2\KERNEL.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS2\SC_WATCH.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS2\PROFILEMGR.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eishockey-leipzig.de/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ClamWin] C:\Programme\ClamWin\bin\ClamTray.exe --logon
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunOnce: [InstMsi0] C:\WINDOWS\SYSTEM\msiexec.exe /regserver
O4 - HKLM\..\RunOnce: [InstMsi1] rundll32.exe C:\WINDOWS\SYSTEM\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Installer\InstMsi0"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Verweisseiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
Wat nun tun????

Hoffe es kann mir jemand helfen!!! ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132