Hallo,
von Antivir kommt ständig die Meldung, dass der Trojaner "Dldr.Agent.EX" auf dem Rechner ist. Über Google habe ich schon verschiende Infos eingeholt und ein Logfile erstellt. Leider sagt mir das alles nichts... Wer kann mir helfen?
Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 12:25:10, on 07.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\VS KEN!\AVWUPSRV.EXE
C:\Programme\KEN!\KENCLI.EXE
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Programme\KEN!\kentbcli.exe
C:\windows\redirect9a.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\VS KEN!\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Matrox\eDualHead\eDualHead Toolbar.exe
C:\Programme\VS KEN!\AVGUARD.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\SpeedProject\SpeedCommander 10\SpeedCommander.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://169.254.100.95:3128/ken2000.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://169.254.100.95:3128/ken2000.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=169.254.100.95:3128;http=169.254.100.95:3128;h ttps=169.254.100.95:3128;socks=169.254.100.95:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O1 - Hosts: 80.69.74.15 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - c:\windows\toolbar_nieuw14.dll
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [KEN Taskbar Client] "C:\Programme\KEN!\kentbcli.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\VS KEN!\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eDualHead Toolbar.lnk = C:\Programme\Matrox\eDualHead\eDualHead Toolbar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://169.254.100.95:3128/ken2000.html
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - https://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v ... 7620260367
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - https://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O23 - Service: Virenschutz für KEN! Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\VS KEN!\AVGUARD.EXE
O23 - Service: Virenschutz für KEN! Update Service (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\VS KEN!\AVWUPSRV.EXE
O23 - Service: AVM KEN Klient (KEN Client Service) - AVM Berlin - C:\Programme\KEN!\KENCLI.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
Danke - Danke - DANKE !!!