Computerhilfen.de Logo
Forum
Tipps
News
Frage stellen

soht is a security risk named W32/VB.GK@bd

-------------------------------  NORMAL SCAN - REPORT -------------------------------

F-PROT ANTIVIRUS
Program version: 3.16
Engine version: 3.16.1

VIRUS SIGNATURE FILES
MACRO.DEF created 11/22/2004
SIGN.DEF created 11/23/2004
SIGN2.DEF created 11/23/2004

StartTime: 11.24.2004  17:11

Scan settings:

Path to scan:
<Hard drive> C:\Dokumente und Einstellungen\Florian\Anwendungsdaten\

Which files:
Depending on file content and extensions.
Scan inside archives.
Scan inside compressed executables
Scan inside subfolders.

Action if malware is found:
Disinfect.
How to scan:
Use heuristics (always in normal mode).

C:\Dokumente und Einstellungen\Florian\Anwendungsdaten\soht.exe->(UPX)  is a security risk named W32/VB.GK@bd
Could not delete the file.
The scanning ended successfully, with infected or suspicious object found

Results of virus scanning:

MBRs scanned..........: 1
Boot sectors scanned..: 2
Files total...........: 146
Scanned objects.......: 103
Infected objects......: 0
Suspicious objects....: 1
Deleted objects.......: 0
Disinfected objects...: 0
Renamed objects.......: 0
Moved objects.........: 0

Endtime: 11.24.2004  17:11

Scantime: 0 sec.
------------------------------- END OF REPORT ------------------------------



das kommt wenn ichC:\Dokumente und Einstellungen\Florian\Anwendungsdatenmit f prot scanne aber wenn er in findet kann er wir nich ent fernen

Logfile of HijackThis v1.98.2
Scan saved at 14:27:59, on 25.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Tools\ICQLite\ICQLite.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Tools\Logitech\MouseWare\system\em_exec.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Tools\Mozilla\MOZILL~1\mozilla\mozilla.exe
C:\WINDOWS\system32\??rss.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Florian\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\Tools\ICQToolbar\toolbaru.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programme\tools\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programme\ISTbar\istbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\Tools\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\Tools\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\Tools\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\Tools\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\Tools\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\Tools\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.de/

dies is hijack this logfile wobei ich soht usw und einiges andre was nicht wichtig war schon gelöscht habe



Antworten zu soht is a security risk named W32/VB.GK@bd:

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

Hallo, noch einiges zu fixen:

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll  
Nasty   Entries found in this registry zone are potentially nasty. This application ([0000607D-D204-42C7-8E46-216055BF9918] - Result: 0000607D-D204-42C7-8E46-216055BF9918) has been checked. Hit rate: 99 %   Must be fixed!

  O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll (file missing)  
Unnecessarily   Entries found in this registry zone are potentially nasty. This application ([00320615-B6C2-40A6-8F99-F1C52D674FAD] - Result: 00320615-B6C2-40A6-8F99-F1C52D674FAD) has been checked. Hit rate: 99 %   Must be fixed!
Unnecessary (deactivated) entry that can be fixed.

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programme\ISTbar\istbar.dll (file missing)  
Unnecessarily   Entries found in this registry zone are potentially nasty. This application ([5F1ABCDB-A875-46c1-8345-B72A4567E486] - Result: 5F1ABCDB-A875-46c1-8345-B72A4567E486) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %   Must be fixed!
Unnecessary (deactivated) entry that can be fixed.

 O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe  
Nasty   The entered application SysTime was identified: SysTime. Hit rate: 99 % (result)   Must be fixed!
  O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe  
Nasty   The entered application Windows SyncroAd was identified: Windows SyncroAd. Hit rate: 99 % (result)   Must be fixed!

O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (file missing)  
Unnecessarily   Unknown buttons or entries in the 'Extras'-menu should be fixed.   To be fixed if the entry 'Mobilen Favoriten erstellen ' is unknown.
Unnecessary (deactivated) entry that can be fixed.

(Kannst das LOG-File auch auf der Site reinkopieren und auf 'Analyze' klicken: Automatische Auswertung: http://www.hijackthis.de/)

 

cool danke wusst nich das das geht kannte hijack this vorher nich

aber irgendwie find ch die dat die fprot findet nich


« ist lsass135c.exe was schädlichesexterne usb festplatte startet nicht! »
 

Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!