Virus Lineag Wo 4
Hi,
Ich habe mir vor 1-2 Tagen einen Virus eingefangen und bekomm ihn nicht weg :(
Ich hab Antivir drauf und beim Scan kommt jedoch nichts raus .
ABER : wenn ich auf meiner Partiotion "D" durch die Ordner klicke schlägt jedesmal mal der AntiVir Guard Alarm . ---> TR/Drop.Lineag.Wo.4
Gestern Abend hab ich noch ein Online Scan von Bitdefender unternommen...hat zwar etwas gefunden ...aber das Problem ist immer noch da .
Hier die HJT-Log: Zitat:
Logfile of HijackThis v1.99.1
Scan saved at 16:40:00, on 21.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\WButton.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\WINDOWS\system32\mgr8021x.exe
C:\Programme\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\Spaco Spaci\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Live Search:
O1 - Hosts: 213.23.200.4 l2authd.lineage2.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1
\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE}
- C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1
\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Programme\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKCU\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - Global Startup: AEGIS Client.lnk = ?
O8 - Extra context menu item: Alles mit FlashGet laden -
C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with NetPumper -
C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1
\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\IBM\Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
- C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-
00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%
\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-
11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Programme\IBM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Programme\IBM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1
\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} -
Medionshop.de (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/
O15 - Trusted Zone: Oyun ve Sohbet Dünyasý - Gamyun.Net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
h**p://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
h**p://static.windupdates.com/cab/DownloadAccess/ie/bridge-c283.cab
O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) -
h**p://server.gamyun.net/cert/GamyunIeToolbar.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
h**p://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
h**p://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
h**p://arcade.icq.com/online2/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) -
h**p://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42308433-640F-415B-B45F-07AD8FFA5B86}:
NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1
\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH -
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH -
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programme\Dassault
Systemes\B12\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programme\IBM\Bluetooth
Software\bin\btwdins.exe (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates -
C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates -
C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. -
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates -
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame
Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software -
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: AEGIS Client (SVC8021X) - Meetinghouse Data Communications -
C:\WINDOWS\system32\svc8021x.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software
GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10
\Common\x10nets.exe
| Ich weiss nicht mehr weiter
Ihr seid meine letzte HOFFNUNG :( :confused: | 