Worm/RBot.SB!?!?!?!?!?!?!

[Rupp]

Hi Anni! Hab deine rettung von beteigeuze! Der das Prop. mit dem Worm/Rbot ?? hatte, war begeistert von deiner hilfe

, hab da irgendwie die gleichen symptome! Kannst dir BITTE mal mein LogFile von HiJackthis ansehn und einfach mal durchseh und mir dann eine kurze antwort geben?!?!? Wär super net!

Logfile of HijackThis v1.98.2
Scan saved at 22:27:50, on 18.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
CrogrammeAVPersonalAVGUARD.EXE
CrogrammeATI TechnologiesATI Control Panelatiptaxx.exe
CrogrammeAVPersonalAVWUPSRV.EXE
C:WINDOWSSOUNDMAN.EXE
CrogrammeMSILive Update 3LMonitor.exe
CrogrammeAVPersonalAVGNT.EXE
CrogrammeMSN MessengerMsnMsgr.Exe
CrogrammeWinAceWinAce.exe
COKUME~1KundeLOKALE~1Temp~AceTemphijackthis1982HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =

Please, Anmelden or Registrieren to view URLs content!

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

Please, Anmelden or Registrieren to view URLs content!

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak =

Please, Anmelden or Registrieren to view URLs content!

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
O1 - Hosts: 127.159.97.155

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.235.39.31 securityresponse.symantec.com
O1 - Hosts: 127.133.244.184 symantec.com
O1 - Hosts: 127.114.89.120

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.139.141.35 mcafee.com
O1 - Hosts: 127.170.114.208 us.mcafee.com
O1 - Hosts: 127.245.59.89

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.192.131.20 sophos.com
O1 - Hosts: 127.119.215.152

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.12.66.108 viruslist.com
O1 - Hosts: 127.173.178.124 f-secure.com
O1 - Hosts: 127.12.49.88

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.54.181.118 kaspersky.com
O1 - Hosts: 127.117.112.229

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.62.183.41

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.113.212.132 avp.com
O1 - Hosts: 127.164.237.33

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.159.14.27 networkassociates.com
O1 - Hosts: 127.4.188.93

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.124.13.114 ca.com
O1 - Hosts: 127.63.101.156 my-etrust.com
O1 - Hosts: 127.41.226.6

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.99.48.112 secure.nai.com
O1 - Hosts: 127.222.199.228 nai.com
O1 - Hosts: 127.0.47.135

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.96.33.35 trendmicro.com
O1 - Hosts: 127.69.170.170

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.85.146.15 housecall.trendmicro.com
O1 - Hosts: 127.127.211.90

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.77.111.35

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.211.87.31

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.215.66.104 www3.ca.com
O1 - Hosts: 127.70.222.223 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.255.23.210 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.114.165.210 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.0.200.174 windowsupdate.microsoft.com
O1 - Hosts: 127.116.172.245

Please, Anmelden or Registrieren to view URLs content!

O1 - Hosts: 127.25.134.68 windowsupdate.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CrogrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CrogrammeSpybot - Search & DestroySDHelper.dll
O4 - HKLM..Run: [ATIPTA] CrogrammeATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [LiveMonitor] CrogrammeMSILive Update 3LMonitor.exe
O4 - HKLM..Run: [AVGCtrl] CrogrammeAVPersonalAVGNT.EXE /min
O4 - HKLM..RunServices: [ccEvtMrg.exe] ccEvtMrg.exe
O4 - HKLM..RunServices: [RegService] sysload16.exe -services
O4 - HKCU..Run: [MsnMsgr] "CrogrammeMSN MessengerMsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CrogrammeMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CrogrammeMessengermsmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) -

Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -

Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -

Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

Please, Anmelden or Registrieren to view URLs content!

O20 - AppInit_DLLs: PAVWAIT.DLL

THX im vorraus! MFG Rupp

 

[chris7ian]

Re: Worm/RBot.SB!?!?!?!?!?!?!

FYI

(for your information)

thema im log.files HiJackThis bearbeitet