Geschrieben von lilu am 14.07.2005 um 17:36:
mein Logfile + virusscanbericht!!! was nun?Logfile of HijackThis v1.99.1
Scan saved at 15:20:12, on 14.07.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tbcrksrv.exe
C:\Program Files\ABBYY Lingvo 9.0 Multilingual Dictionary\Lvagent.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tweak-XP\blads.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Programme\hjt\HijackThis.exe
C:\PROGRA~2\MOZILL~1\FIREFOX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
h**p://runonce.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP
Pro\wsbho2k0.dll
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} -
c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TheBatCrackServer] C:\WINDOWS\System32\tbcrksrv.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~2\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 9.0
Multilingual Dictionary\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [bEFGQsUw] C:\PROGRA~2\wxprwqpp\YogFD8BN.exe
O4 - HKLM\..\Run: [Rg0GSoUw] C:\PROGRA~2\wxprwqpp\GIQAFsBM.exe
O4 - HKLM\..\Run: [ZUpGScov] C:\PROGRA~2\wxprwqpp\cYQAH8hM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BlockAds] C:\Program Files\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search -
h**p://bar.mywebsearch.com/menusearch.html?p=ZRxdm102
O8 - Extra context menu item: Add A Page Note - C:\Program
Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program
Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program
Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program
Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~2\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~2\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O11 - Options group: [CommonName] CommonName
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
h**p://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
h**p://ak.imgfarm.com/images/nocache/funwebproducts/PopularScreenSaversInit
ia
lSetup1.0.0.6.cab
O16 - DPF: {59B07B2C-A35D-4D73-BF28-58687F95D183} (Mpbox Control) -
h**p://ms.inlive.co.kr/player/mpbox.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
h**p://www2.flingstone.com/cab/2000XP/bridge.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
h**p://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
h**p://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
h**p://www2.inc**mail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8C2D35A3-9BBF-47D3-8868-B22FEB259FA1}:
NameServer = 217.237.151.33 217.237.149.225
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany
- C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program
Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program
Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH,
Germany - C:\DOCUME~1\K***Y\LOCALS~1\TEMP\_VWUPSRV.EXE
Mein Virusscanbericht:
das komplette bericht:
Auslastung:
0% 100%
Datei: winik.sys
Status:
INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme:
-
AntiVir
TR/RKit.Agent.Q gefunden
ArcaVir
Trojan.Rootkit.Agent.Q gefunden
Avast
Win32:Adware-gen. gefunden
AVG Antivirus
Keine Viren gefunden
BitDefender
Trojan.Rootkit.Q gefunden
ClamAV
Keine Viren gefunden
Dr.Web
Keine Viren gefunden
F-Prot Antivirus
Keine Viren gefunden
Fortinet
W32/Agent.Q-tr gefunden
Kaspersky Anti-Virus
Rootkit.Win32.Agent.q gefunden
NOD32
Win32/Rootkit.Q gefunden
Norman Virus Control
Keine Viren gefunden
UNA
Trojan.Win32.Agent gefunden
VBA32
Rootkit.Win32.Agent.q gefunden
) [1], solltest du dir in Zukunft vielleicht mal Gedanken darüber machen, warum die Hersteller für Software, Patches und Updates bereitstellen.
irgendwann wird das zum sprichwörtlichen Fass ohne Boden.