I have RBOT.AR Help ! (marcosource)

Hallihallo...
Hab heute den Eintrag Explorer.EXE im Taskman gefunden.
Nach Trendmicros Housecall vier Viren gefunden:
2* Korgo V,einmal Korgo I und einen Rbot.AR.
Vielleicht hat ja jemand Zeit,mal meine Daten zu checken.
Also die Korgos hab ich gelöscht (glaube ich zumindest).
Hab auch die Wiederherst.punkte gelöscht.
Jetzt muss Ich mich um den Rbot kümmern.
Mal sehen was ich darüber finde.
Aber diese Explore.EXE sieht mir suspekt aus.
Bitte um Hilfe...
Hier nun mein Hijackthis log:

StartupList report, 14.07.2004, 17:13:28
StartupList version: 1.52.2
Started from : F:\Dokumente und Einstellungen\Marco\Desktop\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\Mixer.exe
F:\Programme\Browser MOUSE\mouse32a.exe
F:\cFosNT\cFosDNT.exe
F:\WINDOWS\System32\rundll32.exe
F:\Programme\Trojancheck 6\tcguard.exe
F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
F:\Programme\cFosSpeed\cFosSpeed.exe
F:\WINDOWS\System32\ctfmon.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Dokumente und Einstellungen\Marco\Desktop\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nwiz = nwiz.exe /install
C-Media Mixer = Mixer.exe /startup
NeroFilterCheck = F:\WINDOWS\system32\NeroCheck.exe
FLMOFFICE4DMOUSE = F:\Programme\Browser MOUSE\mouse32a.exe
cFosDNT = F:\cFosNT\cFosDNT.exe
NvCplDaemon = RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
VersionCheck = "F:\Programme\Onlineeye Pro\vcheck.exe"
Trojancheck 6 Guard = F:\Programme\Trojancheck 6\tcguard.exe
Zone Labs Client = F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
VirtualDrive = "F:\Programme\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
QuickTime Task = "F:\Programme\QuickTime\qttask.exe" -atboottime
RealTray = F:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
cFosSpeed = F:\Programme\cFosSpeed\cFosSpeed.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = F:\WINDOWS\System32\ctfmon.exe
NvMediaCenter = RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Shell & screensaver key from F:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=F:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

F:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
F:\WINDOWS\Explorer\Explorer.exe: not present
F:\WINDOWS\System\Explorer.exe: not present
F:\WINDOWS\System32\Explorer.exe: not present
F:\WINDOWS\Command\Explorer.exe: not present
F:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = F:\Programme\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[MSSecurityAdvisor Class]
InProcServer32 = F:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1088629082432

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe

[HouseCall-Kontrolle]
InProcServer32 = F:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

[Update Class]
InProcServer32 = F:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38165.5567824074

[Shockwave Flash Object]
InProcServer32 = F:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[FlashXControl Object]
InProcServer32 = F:\WINDOWS\System32\FlashAX\FlashAX.ocx
CODEBASE = https://riverbelle.microgaming.com/riverbelle/FlashAX.cab

[MCSendMessageHandler Class]
InProcServer32 = F:\WINDOWS\Downloaded Program Files\MISBH.dll
CODEBASE = http://xtraz.icq.com/xtraz/activex/MISBH.cab

--------------------------------------------------

Ps:Hab Win XP home OEM

I have RBOT.AR Help !

Antworten zu I have RBOT.AR Help !:

Re: I have RBOT.AR Help !

Mehr zu I have RBOT.AR Help !