|
... und hier die fortsetzung: :D :eek: File C:\Programme\AVPersonal\INFECTED\SQRMNCME.EXE.001 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\AVPersonal\INFECTED\SQRMNCME.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMEUpd.exe infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GFormCTM.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GSvcMgr.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GSvcSAP.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\themexp\Themexp.org File\NNEZTA388.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. File C:\Programme\themexp\Themexp.org File\TBEZA127Q.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{B4346058-B968-4C29-861D-336D766B6E8A}\RP133\A0081232.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{B4346058-B968-4C29-861D-336D766B6E8A}\RP133\A0082231.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{B4346058-B968-4C29-861D-336D766B6E8A}\RP133\A0083231.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{B4346058-B968-4C29-861D-336D766B6E8A}\RP133\A0083242.sys infected by "Trojan.Win32.Agent.aw" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LXIJ3XBD\ldr32a[1].exe infected by "TrojanDownloader.Win32.Small.yq" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cp.exe infected by "Trojan-Downloader.Win32.Agent.ic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\ldr32c.exe infected by "TrojanDownloader.Win32.Small.yq" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\yzhigejv.exe infected by "Trojan-Proxy.Win32.Agent.l" Virus. Action Taken: No Action Taken. So das war alles, reicht aber auch, hoffentlich könnt Ihr mir bald helfen. THX @ all |
MasterB Du musst dein System sofort neu aufsetzen,geh dazu nach der Anleitung vor http://www.trojaner-board.de/showthread.php?t=12154 Gruss |
Heisst das ich muss windows neu installieren oder was? Also ich hab mir jetzt dieses knoppix bestellt, kann ich bis dahin irgendwas tun |
Hallo zusammen, wie viele andere hier auch, hab ich besagtes Problem mit dem BackdoorAgent. Ich hoffe ich hab alle Anweisungen richtig befolgt und gebe hier brauchbare Daten wieder... Logfile of HijackThis v1.99.0 Scan saved at 23:16:33, on 02.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\Programs\antivir\AVGUARD.EXE E:\Programs\antivir\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\tppaldr.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\program files\altnet\points manager\points manager.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe E:\Programs\antivir\AVGNT.EXE C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe C:\Programme\D-Link AirPlus\AirPlus.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\Windows Media Player\wmplayer.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\Admin\LOKALE~1\Temp\mwavscan.com C:\DOKUME~1\Admin\LOKALE~1\Temp\kavss.exe C:\DOKUME~1\Admin\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgard-forum.de/forum/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1 R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\programs\acrobat reader 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [ICQ Lite] E:\Programs\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [AVGCtrl] E:\Programs\antivir\AVGNT.EXE /min O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programs\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = E:\Programs\Office XP\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\Programs\OFFICE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Programs\aim\aim.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programs\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O17 - HKLM\System\CCS\Services\Tcpip\..\{F3357456-119A-49C9-9359-AAE3224B5527}: NameServer = 192.168.0.1 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\Programs\antivir\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\Programs\antivir\AVWUPSRV.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe eScan: Wed Feb 02 23:49:22 2005 => ***** Scanning complete. ***** Wed Feb 02 23:49:22 2005 => Total Files Scanned: 81911 Wed Feb 02 23:49:22 2005 => Total Virus(es) Found: 83 Wed Feb 02 23:49:22 2005 => Total Disinfected Files: 0 Wed Feb 02 23:49:22 2005 => Total Files Renamed: 0 Wed Feb 02 23:49:22 2005 => Total Deleted Files: 0 Wed Feb 02 23:49:22 2005 => Total Errors: 7 Wed Feb 02 23:49:22 2005 => Time Elapsed: 00:48:15 Wed Feb 02 23:49:22 2005 => Virus Database Date: 2005/01/28 Wed Feb 02 23:49:22 2005 => Virus Database Count: 117012 Wed Feb 02 23:49:22 2005 => Scan Completed. File C:\PROGRA~2\Altnet\DOWNLO~1\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File c:\PROGRA~1\GEMEIN~1\cmeii\GCONTR~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\CMEII\GIOCLC~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File c:\PROGRA~1\GEMEIN~1\cmeii\GSTORE~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File c:\PROGRA~1\GEMEIN~1\cmeii\gdwldeng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File c:\PROGRA~1\GEMEIN~1\cmeii\gmtproxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File c:\PROGRA~1\GEMEIN~1\cmeii\gappmgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\GMT\EGNSEN~1.DLL infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\GMT\EGIEPR~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\GMT\EGGCEN~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\GEMEIN~1\GMT\EGIEEN~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken. tbc |
File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\Admin\LOKALE~1\Temp\ADMCache\adm759.tmp infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\Admin\LOKALE~1\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\Admin\LOKALE~1\Temp\perfectnavUninstall.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\Admin\LOKALE~1\Temp\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ADMCache\adm759.tmp infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\perfectnavUninstall.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. File C:\Program Files\altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\altnet\Download Manager\adm4005.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\Program Files\altnet\Points Manager\sysdetect.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken. File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken. File C:\Programme\PerfectNav\BHO\PerfectNav150c.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{93D5ED30-62E9-47C2-851F-27913DBFF688}\RP265\A0129116.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{93D5ED30-62E9-47C2-851F-27913DBFF688}\RP265\A0129117.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{93D5ED30-62E9-47C2-851F-27913DBFF688}\RP265\A0129119.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{93D5ED30-62E9-47C2-851F-27913DBFF688}\RP266\A0130134.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{93D5ED30-62E9-47C2-851F-27913DBFF688}\RP266\A0130135.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Adware\Setup_PerfectNav.exe infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File E:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File E:\Programs\antivir\INFECTED\ABAQQLACL.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File E:\Programs\antivir\INFECTED\NDABQMCL.EXE.001 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File E:\Programs\antivir\INFECTED\NDABQMCL.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File E:\Programs\antivir\INFECTED\sp.VIR infected by "Trojan.Win32.Spooner.d" Virus. Action Taken: No Action Taken. File E:\Programs\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.d" Virus. Action Taken: No Action Taken. File E:\setups\Morpheus\Morph20.exe infected by "not-a-virus:AdWare.WurldMedia" Virus. Action Taken: No Action Taken. File E:\setups\Win-Setups\Win98se\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken. File E:\setups\Win-Setups\Win98se\OLS\AOL\AOL40DE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Die XP-Install-CD liegt schon bereit :koch: Kurze Frage am Rande... Generell wird ja empfohlen, beim Neuaufsetzen des Systems ALLE Partitionen der Festplatte zu formatieren. (Bei mir wären das C: und E: ) Escan zeigt mir jetzt ein paar 'infizierte' Dateien auf E: an. So wie ich das verstanden habe, sind diese Dateien nicht zwangsläufig gefährlich. Gibt es eine sichere Möglichkeit für mich, meine Festplatte auch ohne die Formatierung von E: wieder 'vertrauenswürdig' zu machen? Liebe Grüße SG (der sich schon die Nacht durcharbeiten sieht... :heulen: ) |
Antivir findet Backdoor BDS/Agent.AY HJT zeigt: Logfile of HijackThis v1.99.0 Scan saved at 15:53:57, on 08.02.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\RoamMgr.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe C:\Programme\Apoint2K\Apoint.exe C:\PROGRA~1\MT\MT.EXE C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Programme\Apoint2K\Apntex.exe C:\program files\altnet\points manager\points manager.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Dokumente und Einstellungen\Leo\Desktop\hijackthis199\HijackThis.exe O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Meine Traffic] C:\PROGRA~1\MT\MT.EXE O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe Was soll ich nun tun? |
Hallo, auch ich bin schon seit längerem mit diesem Virus konfrontiert. Habe diesen Systemcheck gemacht, nachstehend das Ergebnis mit der Bitte um Hilfe: Logfile of HijackThis v1.99.0 Scan saved at 10:35:33, on 13.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Microsoft Works\WksSb.exe C:\WINDOWS\system32\atiptaxx.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\WINDOWS\System32\qttask.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Sierra Imaging\Image Expert\IXApplet.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\Corel\Graphics9\Register\Remind32.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\AVPersonal\AVGUARD.EXE c:\programme\internet explorer\iexplore.exe C:\DOKUME~1\Florian\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Florian\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Florian\LOKALE~1\Temp\sp.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Florian\LOKALE~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Florian\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Florian\LOKALE~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Florian\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {50FC3CF5-426D-4B3D-9549-9CFD33E1E074} - C:\WINDOWS\System32\ecee.dll (file missing) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sws.exe] c:\programme\GlobalDialer\domer00046\gd-domer00046_de.exe -remove O4 - Startup: Corel Registration.lnk = C:\Programme\Corel\Graphics9\Register\Remind32.exe O4 - Global Startup: Camio Viewer.lnk = C:\Programme\Sierra Imaging\Image Expert\IXApplet.exe O4 - Global Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ? O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV3 - Activex Control) - http://support.fujitsu-siemens.de/De...pi/activex.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.service-url.de/install/StarInstall.ocx O18 - Filter: text/html - {0C488B3E-2635-44F1-B8F7-BBE2FEBD08E7} - C:\WINDOWS\System32\ecee.dll O18 - Filter: text/plain - {0C488B3E-2635-44F1-B8F7-BBE2FEBD08E7} - C:\WINDOWS\System32\ecee.dll O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE Viele Grüße Kiwigreen |
Brauche Hilfe mit BAckdoor Trojaner Hallo zusammen, ich hab ebenfalls diesen Backdoor BDS/Agent.AY Trojaner und bräuchte dringend eure Hilfe.Ich hab mit Hijackthis ein logfile erstellt und hoffe ihr könnt mir dadurch weiterhelfen: Logfile of HijackThis v1.99.1 Scan saved at 11:01:19, on 20.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe D:\OUTPOS~1\outpost.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe D:\Firefox\firefox.exe C:\Dokumente und Einstellungen\Michi\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [Outpost Firewall] D:\OUTPOS~1\outpost.exe /waitservice O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{10FB9738-01D2-4239-9097-4098A1F50A47}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10FB9738-01D2-4239-9097-4098A1F50A47}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{10FB9738-01D2-4239-9097-4098A1F50A47}: NameServer = 192.168.0.1 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - D:\OUTPOS~1\outpost.exe Ich wäre euch wirklich sehr dankbar wenn ihr mir helfen könntet,denn ich hab schon alles versucht.AntiVir löscht ihn zwar,er kam aber nach ein paar Minuten wieder.Eine Komplette Formatierung hat auch nicht geholfen,da er danach auch wieder gekommen ist. :balla: |
Hallo habe das gleiche Problem wie die anderen auch. Habe alles so gemacht wie es zuvor beschrieben wurde, allerdings werde ich das Gefühl nicht los, dass trotzallem mein PC nicht mehr so wie vorher funktioniert. Hier meine Daten zur Überprüfung: Logfile of HijackThis v1.99.1 Scan saved at 08:31:25, on 23.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\hphmon05.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\FRITZ!DSL\Awatch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\gearsec.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\1&1 Internet\Profi-Dialer\ProfiDialer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Violeta\Lokale Einstellungen\Temp\Temporäres Verzeichnis 11 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=9705 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CamMonitor] C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2EBB8F33-E6A9-42F4-B542-2AA92F2C5F93}: NameServer = 217.237.150.33 217.237.151.161 O17 - HKLM\System\CCS\Services\Tcpip\..\{47095232-5E8F-4B03-8BE6-F2CC1FEB6018}: NameServer = 192.168.122.252,192.168.122.253 O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Ich hoffe Ihr könnt mir weiter helfen. Escan zeigt in allen Bereichen 0 an. Bitte helft mir weiter Danke!!! |
@ carolina: Dein Logfile ist sauber. Es fehlt auf Deinem Rechner allerdings das SP2, das solltest Du installieren. cacatoa |
Danke!!!! Aber woran mag es denn liegen, dass mein Internet so langsam geworden ist? Bin ich jetzt wieder gesichert oder können meine Daten trotzallem noch von dem Angreifer eingesehen werden??? Gruß |
Hi @ All habe auch das Prob mit dem BDS/Agent.AY. NAchdem ich den post etwas durchgelesen habe, habe ich auch gleich noch das HJT-Logfile gemacht. Also bitte sagt mir was ich tun kannn, hier das log: Logfile of HijackThis v1.99.1 Scan saved at 14:33:20, on 27.02.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\Programme\Gemeinsame Dateien\eAcceleration\eanthology.exe C:\Programme\Acceleration Software\Anti-Virus\stopsignav.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\System32\cdaccess.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\eMule.de\emule.exe C:\Programme\WinMX\WinMX.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Gucky\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [EanthologyApp] "C:\Programme\Gemeinsame Dateien\eAcceleration\eanthology.exe" /b Startup O4 - HKLM\..\Run: [WebScan] C:\Programme\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Auto CD-ROM Startup] cdaccess.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunServices: [Auto CD-ROM Startup] cdaccess.exe O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.lycos.de/app/uploader/FileUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F364A046-AB56-4A48-9437-9D47C49B95DC}: NameServer = 217.237.149.225 217.237.151.97 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Tja, mehr kann ich dazu jetzt auch nicht sagen. Danke für eure Hilfe schon mal im voraus! Simon |
patche dein system sonst hast du noch mehr solche probleme wenn du einen backdoor aufm pc hast solltest du dein system neuaufsetzen das ist am sichersten. |
Hallo DC-SirSimon. eine Variante dieses Besuchers läuft auf Deinem Rechner: http://www.sophos.de/virusinfo/analyses/w32rbotaau.html Bei einem derartigen Befall (Trojaner mit Backdoorfunktionalität) wird Dir hier "format C:", um wieder ein vertrauenswürdiges System herzustellen. Bitte halte dich an diese Anweisung: http://www.trojaner-board.de/showthread.php?t=12154 Thema Datensicherung: http://www.trojaner-board.de/showpos...8&postcount=11 sry dartus @The Don - D.R. mit allgemeinen Floskel kann kann ein Hilfesuchender nichts anfangen. Versuch es mal ein wenig genauer. |
So, nun bin auch ich reif für das Board! Da habe ich den Rechner gerade erst neu eingerichtet und schon steht die Hintertür offen... Ich habe schonmal einen eScan durchgeführt und auch das Hijackprotokoll parat: escan: Wed Mar 02 00:42:18 2005 => Total Files Scanned: 78378 Wed Mar 02 00:42:18 2005 => Total Virus(es) Found: 42 Wed Mar 02 00:42:18 2005 => Total Disinfected Files: 0 Wed Mar 02 00:42:18 2005 => Total Files Renamed: 0 Wed Mar 02 00:42:18 2005 => Total Deleted Files: 0 Wed Mar 02 00:42:18 2005 => Total Errors: 1 Wed Mar 02 00:42:18 2005 => Time Elapsed: 01:50:13 Wed Mar 02 00:42:18 2005 => Virus Database Date: 2005/03/01 Wed Mar 02 00:42:18 2005 => Virus Database Count: 119869 ile C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\Program Files\Altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\Altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\Altnet\Download Manager\adm4005.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\Altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. File C:\Program Files\Altnet\Points Manager\sysdetect.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken. File C:\Programme\AVPersonal\INFECTED\LPJEJDNAB.EXE.001 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\AVPersonal\INFECTED\LPJEJDNAB.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\AVPersonal\INFECTED\TRJCJCHN.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken. File C:\Programme\INSTAFINK\instafink.dll infected by "not-a-virus:AdWare.ToolBar.404Search.h" Virus. Action Taken: No Action Taken. File C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.d" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{44CE609B-8769-42DB-9EE7-8D3FD77CFD31}\RP55\A0008846.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{44CE609B-8769-42DB-9EE7-8D3FD77CFD31}\RP55\A0008847.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{44CE609B-8769-42DB-9EE7-8D3FD77CFD31}\RP55\A0008866.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. hijack: Logfile of HijackThis v1.99.1 Scan saved at 22:19:28, on 01.03.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Ahead\InCD\InCD.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\DTSTA.EXE C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe E:\Ramsch\Programmzeug\hijack\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {*gelöscht, weil evtl vertraulich?*} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DTSTA.EXE] DTSTA.EXE START O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: CAPIControl.lnk = ? O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: HomeNet Control.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {*gelöscht, weil evtl vertraulich?*} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {*gelöscht, weil evtl vertraulich?*} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {*gelöscht, weil evtl vertraulich?*} (Web P2P Installer) - O16 - DPF: {*gelöscht, weil evtl vertraulich?*} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Danke für dieses Forum und gute Nacht erstmal. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:34 Uhr. |
Copyright ©2000-2025, Trojaner-Board