|
hijackthis Log posten Hallo, bin neu hier und habe Probleme mit coolsearch. Ist zwar nicht mehr meine Startseite, taucht aber immer wieder in unterschiedlichen Abständen im IE auf. Kann jemand helfen Vielen Dank schonmal im Vorraus ! Logfile of HijackThis v1.97.7 Scan saved at 21:05:28, on 12.11.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\usrbridg.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\SOUNDMAN.EXE C:\Programme\Winamp\winampa.exe C:\Programme\D-Tools\daemon.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINNT\system32\PRISMSTA.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\KeyHook.exe C:\Programme\Launch Manager\CtrlVol.exe C:\Programme\Launch Manager\Wbutton.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\WINNT\system32\lwoogv.exe C:\Program Files\Windows SyncroAd\WinSync.exe C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\M9.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\8cEua.exe C:\WINNT\system32\atmlib34.exe C:\WINNT\system32\internat.exe C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\n?rv??.exe C:\Programme\Nokia\PC Suite für den Nokia 9210i Communicator\ECTaskScheduler.exe C:\Programme\Nokia\PC Suite für den Nokia 9210i Communicator\ConnectState.exe C:\Program Files\InterMute\SpySubtract\SpySub.exe C:\WINNT\system32\taskmgr.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\WINNT\system32\UflSN7p.exe C:\WINNT\system32\LrtM.exe C:\WINNT\explorer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\daten\downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINNT\multimpp.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\daten\DOWNLO~1\SPYBOT~1\SPYBOT~2\SDHelper.dll O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll (file missing) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programme\SEP\sep.dll O2 - BHO: (no name) - {CBEFB350-ED5B-4115-B846-C1041676B388} - C:\WINNT\system32\CustIE32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programme\SEP\sep.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [KeyHook] C:\Programme\Launch Manager\KeyHook.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [nlbgghnmy] C:\WINNT\system32\lwoogv.exe O4 - HKLM\..\Run: [M9] C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\M9.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [8cEua] C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\8cEua.exe O4 - HKLM\..\Run: [aa48bed02dbb] C:\WINNT\system32\atmlib34.exe O4 - HKLM\..\Run: [4@NPPH32FN8DDG] C:\WINNT\system32\MkqkPs5.exe O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programme\Bouncer\liveupdate.exe 110 O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Rsoa] C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\n?rv??.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: PC Suite für den Nokia 9210i Communicator Aufgabenplaner.lnk = ? O4 - Global Startup: PC Suite für den Nokia 9210i Communicator.lnk = ? O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: Recherchieren (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {142CFC92-9345-61B1-AC73-4D3578404A68} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {302C872D-9314-3ADB-0378-0FE67FF02E23} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/de/games4.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...002.7316898148 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 O17 - HKLM\System\CCS\Services\Tcpip\..\{703D5669-92B0-438A-B55A-7390B566E166}: NameServer = 192.168.168.205,192.168.168.200 O17 - HKLM\System\CS1\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 O17 - HKLM\System\CS2\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 |
|
Hallo chaosman, erstmal vielen dank für die schnelle antwort. hier das log mit der neue version. bestendank im vorraus Logfile of HijackThis v1.98.2 Scan saved at 21:25:36, on 12.11.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\usrbridg.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\SOUNDMAN.EXE C:\Programme\Winamp\winampa.exe C:\Programme\D-Tools\daemon.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINNT\system32\PRISMSTA.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\KeyHook.exe C:\Programme\Launch Manager\CtrlVol.exe C:\Programme\Launch Manager\Wbutton.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\WINNT\system32\lwoogv.exe C:\Program Files\Windows SyncroAd\WinSync.exe C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\M9.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\8cEua.exe C:\WINNT\system32\atmlib34.exe C:\WINNT\system32\internat.exe C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\n?rv??.exe C:\Programme\Nokia\PC Suite für den Nokia 9210i Communicator\ECTaskScheduler.exe C:\Programme\Nokia\PC Suite für den Nokia 9210i Communicator\ConnectState.exe C:\Program Files\InterMute\SpySubtract\SpySub.exe C:\WINNT\system32\taskmgr.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\WINNT\system32\UflSN7p.exe C:\WINNT\system32\LrtM.exe C:\WINNT\explorer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\daten\downloads\hijackthis\hijackthis_198\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/ R3 - Default URLSearchHook is missing O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINNT\multimpp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\daten\DOWNLO~1\SPYBOT~1\SPYBOT~2\SDHelper.dll O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programme\SEP\sep.dll O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B388} - C:\WINNT\system32\CustIE32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programme\SEP\sep.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [KeyHook] C:\Programme\Launch Manager\KeyHook.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [nlbgghnmy] C:\WINNT\system32\lwoogv.exe O4 - HKLM\..\Run: [M9] C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\M9.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [8cEua] C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\8cEua.exe O4 - HKLM\..\Run: [aa48bed02dbb] C:\WINNT\system32\atmlib34.exe O4 - HKLM\..\Run: [4@NPPH32FN8DDG] C:\WINNT\system32\MkqkPs5.exe O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programme\Bouncer\liveupdate.exe 110 O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Rsoa] C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\n?rv??.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: PC Suite für den Nokia 9210i Communicator Aufgabenplaner.lnk = ? O4 - Global Startup: PC Suite für den Nokia 9210i Communicator.lnk = ? O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\maxspeed.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {142CFC92-9345-61B1-AC73-4D3578404A68} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {302C872D-9314-3ADB-0378-0FE67FF02E23} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/de/games4.cab O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 O17 - HKLM\System\CCS\Services\Tcpip\..\{703D5669-92B0-438A-B55A-7390B566E166}: NameServer = 192.168.168.205,192.168.168.200 O17 - HKLM\System\CS1\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 O17 - HKLM\System\CS2\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 |
@joheve du hast viel im system, lade dir clearprog, www.clearprog.de danach starten, alle häkchen bei windows und IE setzen und löschen danach escan http://www.mwti.net/antivirus/free_utilities.asp hier downloaden und genauso machen wiehier beschrieben wird, dauer 1 -2 stunden. danach nur die ergebnisse von escan posten gebe bitte HJT einen eigenen ordner. überprüfe diese dateien online C:\WINNT\system32\lwoogv.exe C:\WINNT\system32\atmlib34.exe C:\WINNT\system32\MkqkPs5.exe C:\WINNT\system32\UflSN7p.exe C:\WINNT\system32\LrtM.exe hier http://virusscan.jotti.org/de verwendest du so etwas ? http://www.irc-mania.de/bouncer.php wenn du in den abgesicherten modus bist(bei escan), lösche dann manuell C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\n?rv??.exe C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\M9.exe C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\8cEua.exe wenn escan fertig ist, dann starte auch abgesichert denn hier C:\Program Files\InterMute\SpySubtract\SpySub.exe poste danach ein neues HJT logfile, + die (nur die)ergebnisse von escan + die ergebnisse der online überprüfung, wenn etwas gefunden wird chaosman |
@chaosman hier der hjt post: Logfile of HijackThis v1.97.7 Scan saved at 11:36:30, on 13.11.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\usrbridg.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\SOUNDMAN.EXE C:\Programme\Winamp\winampa.exe C:\Programme\D-Tools\daemon.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINNT\system32\PRISMSTA.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\KeyHook.exe C:\Programme\Launch Manager\CtrlVol.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\WINNT\system32\atmlib34.exe C:\WINNT\system32\internat.exe C:\Programme\Nokia\PC Suite für den Nokia 9210i Communicator\ECTaskScheduler.exe C:\Programme\Nokia\PC Suite für den Nokia 9210i Communicator\ConnectState.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\WINNT\system32\YxzS5Vz.exe C:\WINNT\system32\Zvcyl.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINNT\system32\notepad.exe C:\WINNT\system32\taskmgr.exe C:\WINNT\explorer.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINNT\multimpp.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\daten\DOWNLO~1\SPYBOT~1\SPYBOT~2\SDHelper.dll O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {CBEFB350-ED5B-4115-B846-C1041676B388} - C:\WINNT\system32\CustIE32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [KeyHook] C:\Programme\Launch Manager\KeyHook.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [M9] C:\dokumente und einstellungen\johannes\lokale einstellungen\temp\M9.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [aa48bed02dbb] C:\WINNT\system32\atmlib34.exe O4 - HKLM\..\Run: [4@NPPH32FN8DDG] C:\WINNT\system32\MkqkPs5.exe O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programme\Bouncer\liveupdate.exe 110 O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: PC Suite für den Nokia 9210i Communicator Aufgabenplaner.lnk = ? O4 - Global Startup: PC Suite für den Nokia 9210i Communicator.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: Recherchieren (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {142CFC92-9345-61B1-AC73-4D3578404A68} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {2D6A5564-1DB2-6A1A-3B68-4CE26FACE956} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {302C872D-9314-3ADB-0378-0FE67FF02E23} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {70FD50B3-CE9B-145D-5129-7D520CFF338B} - http://82.179.166.72/1/rdgDE208.exe O16 - DPF: {78E69F92-47F6-008B-2477-72873F722D53} - http://213.159.117.150/1/rdgDE187.exe O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/de/games4.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...002.7316898148 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 O17 - HKLM\System\CCS\Services\Tcpip\..\{703D5669-92B0-438A-B55A-7390B566E166}: NameServer = 192.168.168.205,192.168.168.200 O17 - HKLM\System\CS1\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 O17 - HKLM\System\CS2\Services\Tcpip\..\{00A99FE6-654E-4DD7-A4B3-CBA5C8C632A8}: NameServer = 192.168.168.205 Vielen dank im voraus joheve |
@chaosman hier der escan post: File C:\WINNT\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.s. No Action Taken. File C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL tagged as not-a-virus:AdWare.ToolBar.AdvancedSearchBar. No Action Taken. File C:\Programme\SEP\sep.dll infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\CustIE32.dll infected by "Trojan.Win32.StartPage.po" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\Dtck1376.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\msstasks.exe infected by "TrojanDownloader.Win32.Small.is" Virus. Action Taken: No Action Taken. File C:\WINNT\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.s. No Action Taken. File C:\WINNT\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken. File C:\WINNT\system32\Afdjc7P.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\amax.exe infected by "TrojanDownloader.Win32.Agent.eb" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\appsys.exe infected by "TrojanDropper.Win32.Delf.cp" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\atmlib34.exe tagged as not-a-virus:AdWare.ToolBar.VB.a. No Action Taken. File C:\WINNT\system32\CustIE32.dll infected by "Trojan.Win32.StartPage.po" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\doul.exe infected by "TrojanClicker.Win32.Agent.v" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\Dtck1376.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\etile.exe infected by "TrojanClicker.Win32.Agent.af" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\IhsS.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\IpvFme.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\LrtM.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\maxspeed.exe infected by "Trojan.Win32.VB.od" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\MkqkPs5.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\putes.exe infected by "Trojan.Win32.StartPage.po" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\sexru.exe tagged as not-a-virus:PornWare.Dialer.Salc. No Action Taken. File C:\WINNT\system32\UflSN7p.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\ywde.exe infected by "TrojanDownloader.Win32.Agent.eb" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\YxzS5Vz.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\Zvcyl.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\Buddy.exe tagged as not-a-virus:AdWare.MediaTickets.h. No Action Taken. File C:\ezStub.exe tagged as not-a-virus:AdWare.EZula. No Action Taken. File C:\MemoryWatcher_b.exe infected by "Backdoor.VB.oq" Virus. Action Taken: No Action Taken. File C:\Overpro-347.exe tagged as not-a-virus:AdWare.ToolBar.VB.a. No Action Taken. File C:\Programme\Advanced Searchbar\addtolist.js tagged as not-a-virus:AdWare.ToolBar.AdvancedSearchBar. No Action Taken. File C:\Programme\Advanced Searchbar\ADVANCEDBAR.DLL tagged as not-a-virus:AdWare.ToolBar.AdvancedSearchBar. No Action Taken. File C:\Programme\AVPersonal\INFECTED\OK[1].CLASS.VIR infected by "Trojan.Java.Nocheat" Virus. Action Taken: No Action Taken. File C:\Programme\AVPersonal\INFECTED\TMP001.EXE.VIR infected by "Backdoor.Jeemp.c" Virus. Action Taken: No Action Taken. File C:\Programme\Common Files\midaddle\WildWinTracker.exe tagged as not-a-virus:AdWare.WinFetcher.f. No Action Taken. File C:\Programme\se\v11\se.DLL tagged as not-a-virus:AdWare.WindowEnhancer. No Action Taken. File C:\Programme\SEP\sep.dll infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken. File C:\Programme\VVSN\VVSN.exe tagged as not-a-virus:AdWare.SaveNow.z. No Action Taken. File C:\Programme\Windows Media Player\wmplayer.exe infected by "TrojanDownloader.Win32.Agent.eq" Virus. Action Taken: No Action Taken. File C:\SEPinst.exe infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken. File C:\sicherung\Tools\DiVx\DivX505Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\tmp002.exe infected by "Backdoor.Thunk.d" Virus. Action Taken: No Action Taken. File C:\VVSN_STAT1041Inst.exe tagged as not-a-virus:AdWare.SaveNow.z. No Action Taken. File C:\WINNT\Downloaded Program Files\CONFLICT.1\load.exe infected by "TrojanDownloader.Win32.Harnig.gen" Virus. Action Taken: No Action Taken. File C:\WINNT\Downloaded Program Files\CONFLICT.2\load.exe infected by "TrojanDownloader.Win32.Harnig.gen" Virus. Action Taken: No Action Taken. File C:\WINNT\Downloaded Program Files\CONFLICT.3\load.exe infected by "TrojanDownloader.Win32.Harnig.gen" Virus. Action Taken: No Action Taken. File C:\WINNT\Downloaded Program Files\CONFLICT.4\load.exe infected by "TrojanDownloader.Win32.Harnig.gen" Virus. Action Taken: No Action Taken. File C:\WINNT\Downloaded Program Files\CONFLICT.5\load.exe infected by "TrojanDownloader.Win32.Harnig.gen" Virus. Action Taken: No Action Taken. File C:\WINNT\Downloaded Program Files\CONFLICT.6\load.exe infected by "TrojanDownloader.Win32.Harnig.gen" Virus. Action Taken: No Action Taken. File C:\WINNT\Downloaded Program Files\load.exe infected by "TrojanDownloader.Win32.Harnig.g" Virus. Action Taken: No Action Taken. File C:\WINNT\Downloaded Program Files\SyncroAdX.dll tagged as not-a-virus:AdWare.WinAD. No Action Taken. File C:\WINNT\Downloaded Program Files\WUInst.dll tagged as not-a-virus:AdWare.SaveNow.ab. No Action Taken. File C:\WINNT\Downloaded Program Files\YSBactivex.dll infected by "TrojanDownloader.Win32.IstBar.fy" Virus. Action Taken: No Action Taken. File C:\WINNT\msstasks.exe infected by "TrojanDownloader.Win32.Small.is" Virus. Action Taken: No Action Taken. File C:\WINNT\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.s. No Action Taken. File C:\WINNT\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken. File C:\WINNT\system32\Afdjc7P.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\amax.exe infected by "TrojanDownloader.Win32.Agent.eb" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\appsys.exe infected by "TrojanDropper.Win32.Delf.cp" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\atmlib34.exe tagged as not-a-virus:AdWare.ToolBar.VB.a. No Action Taken. File C:\WINNT\system32\CustIE32.dll infected by "Trojan.Win32.StartPage.po" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\doul.exe infected by "TrojanClicker.Win32.Agent.v" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\Dtck1376.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\etile.exe infected by "TrojanClicker.Win32.Agent.af" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\IhsS.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\IpvFme.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\LrtM.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\maxspeed.exe infected by "Trojan.Win32.VB.od" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\MkqkPs5.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\MSOffice\services.exe infected by "TrojanDownloader.Win32.Agent.eq" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\putes.exe infected by "Trojan.Win32.StartPage.po" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\sexru.exe tagged as not-a-virus:PornWare.Dialer.Salc. No Action Taken. File C:\WINNT\system32\UflSN7p.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\ywde.exe infected by "TrojanDownloader.Win32.Agent.eb" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\YxzS5Vz.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINNT\system32\Zvcyl.exe infected by "TrojanDownloader.Win32.VB.em" Virus. Action Taken: No Action Taken. joheve |
@chaosman hier die ergebnisse der online überprüfung: Service load: 0% 100% File: atmlib34.exe Status: INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain in the ass -, results will not be stored in the database.) Packers detected: None AntiVir No viruses found (0.14 seconds taken) Avast No viruses found (1.54 seconds taken) BitDefender No viruses found (0.32 seconds taken) ClamAV Trojan.VB-7 (0.30 seconds taken) Dr.Web No viruses found (0.48 seconds taken) F-Prot Antivirus No viruses found (0.06 seconds taken) Kaspersky Anti-Virus not-a-virus:AdWare.ToolBar.VB.a (0.58 seconds taken) mks_vir No viruses found (0.22 seconds taken) NOD32 No viruses found (0.34 seconds taken) Norman Virus Control No viruses found (0.38 seconds taken) Service load: 0% 100% File: MkqkPs5.exe Status: INFECTED/MALWARE Packers detected: None AntiVir TR/Dldr.VB.EM.2 (0.14 seconds taken) Avast Win32:Trojano-434 (1.51 seconds taken) BitDefender Trojan.Downloader.VB.EM (0.32 seconds taken) ClamAV No viruses found (0.36 seconds taken) Dr.Web BackDoor.Generic.853 (0.52 seconds taken) F-Prot Antivirus W32/Raquad.B@bd (0.07 seconds taken) Kaspersky Anti-Virus TrojanDownloader.Win32.VB.em (0.61 seconds taken) mks_vir Trojan.Trojandownloader.Vb.Em (0.20 seconds taken) NOD32 Win32/TrojanDownloader.VB.EM (0.34 seconds taken) Norman Virus Control W32/Quadrogram.H (0.12 seconds taken) Service load: 0% 100% File: UflSN7p.exe Status: INFECTED/MALWARE Packers detected: None AntiVir TR/Dldr.VB.EM.1 (0.14 seconds taken) Avast No viruses found (1.51 seconds taken) BitDefender Trojan.Downloader.VB.EM (0.32 seconds taken) ClamAV No viruses found (0.32 seconds taken) Dr.Web BackDoor.Generic.820 (0.50 seconds taken) F-Prot Antivirus W32/Raquad.B@bd (0.06 seconds taken) Kaspersky Anti-Virus TrojanDownloader.Win32.VB.em (0.57 seconds taken) mks_vir No viruses found (0.21 seconds taken) NOD32 Win32/TrojanDownloader.Small.NAR (0.34 seconds taken) Norman Virus Control W32/Quadrogram.I (0.11 seconds taken) Service load: 0% 100% File: LrtM.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: None AntiVir TR/Dldr.VB.EM.1 (0.14 seconds taken) Avast No viruses found (1.51 seconds taken) BitDefender Trojan.Downloader.VB.EM (0.31 seconds taken) ClamAV No viruses found (0.34 seconds taken) Dr.Web BackDoor.Generic.820 (0.50 seconds taken) F-Prot Antivirus W32/Raquad.B@bd (0.06 seconds taken) Kaspersky Anti-Virus TrojanDownloader.Win32.VB.em (0.58 seconds taken) mks_vir No viruses found (0.20 seconds taken) NOD32 Win32/TrojanDownloader.Small.NAR (0.35 seconds taken) Norman Virus Control W32/Quadrogram.I (0.11 seconds taken) joheve |
Hallo joheve, sende die Dateien C:\WINNT\system32\lwoogv.exe C:\WINNT\system32\atmlib34.exe C:\WINNT\system32\MkqkPs5.exe C:\WINNT\system32\UflSN7p.exe C:\WINNT\system32\LrtM.exe passwortgeschützt an partytime-germany.ice@web.de mit Hinweis auf diesen Thread (Forschungszwecke). Bei der Vielzahl verschiedener Viren, Trojaner und Backdoors, die Du auf Deinem System hast, kann ich Dir nur empfehlen, Dein System zu formatieren und neu aufzusetzen, entsprechend dieser Empfehlung: Cidre's Rat. [Anleitung zum Formatieren] SD |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:10 Uhr. |
Copyright ©2000-2025, Trojaner-Board