Trojaner-Board - Öffnet sich selbstständig ein neues Fenster

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Öffnet sich selbstständig ein neues Fenster (https://www.trojaner-board.de/11995-offnet-selbststaendig-neues-fenster.html)

Öffnet sich selbstständig ein neues Fenster

Ist meine Erste anfrage, deswegen bitte ein wenig Nachsicht. :crazy:

Rechner nimmt Verbindung zum Internet auf.
Bzw. während einer Internet Sitzung öffnet sich selbstständig ein neues Fenster.
Steht drin a-w-a-r-d......
Besteht die Gefahr ausspioniert zu werden??? :nixda:

Logfile of HijackThis v1.99.0
Scan saved at 08:52:15, on 12.01.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
F:\Programme\Microsoft Office\Office\OWSTIMER.EXE
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\inetsrv\inetinfo.exe
F:\WINNT\Explorer.EXE
F:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
F:\WINNT\system32\internat.exe
F:\Programme\Gemeinsame Dateien\WinTools\WSup.exe
F:\WINNT\system32\rundll32.exe
F:\Dokumente und Einstellungen\regor\Desktop\trojaner\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [q72dNHp5] F:\WINNT\msrccxwy.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinTools] F:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "F:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O10 - Unknown file in Winsock LSP: f:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: f:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: f:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: f:\winnt\system32\aklsp.dll
O23 - Service: Ati HotKey Poller - Unknown - F:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - F:\WINNT\system32\ati2sgag.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: FileZilla Server FTP server - Unknown - C:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown - F:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Office Server Extensions Notification Service - Unknown - F:\Programme\Microsoft Office\Office\OWSTIMER.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)

http://www.trojaner-board.de/42731-escan-anleitung.html

Lass mal E-Scan wie beschrieben updaten und durchlaufen lassen, suche und poste dann aus dem Log die "infected"-Einträge.
Hol dir auch schon mal dieses Programm:

http://www.cexx.org/lspfix.htm

Danke für die schnelle Antwort.
Hier die Ergebnisse

Lspfix sagt

rnr20.dll TCP/IP
winrnr.dll NTDS
aklsp.dll (Protocol handler)
msafd.dll (Protocol handler)
rsvpsp.dll (Protocol handler)

escan sagt

Wed Jan 12 09:59:59 2005 => File F:\WINNT\system32\o0lu0a39ed.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:00:02 2005 => File F:\WINNT\system32\pFesocks_1030.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:00:10 2005 => File F:\WINNT\system32\swobject.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:00:12 2005 => File F:\WINNT\system32\u4ru0e99eh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:00:12 2005 => File F:\WINNT\system32\upp10.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:15 2005 => File F:\WINNT\system32\aklsp.dll infected by "TrojanDownloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:42 2005 => File F:\WINNT\iconu.exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:51 2005 => File F:\WINNT\system32\akcore.dll infected by "not-a-virus:AdWare.Coreak" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:52 2005 => File F:\WINNT\system32\aklsp.dll infected by "TrojanDownloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:52 2005 => File F:\WINNT\system32\akrules.dll infected by "TrojanDownloader.Win32.Agent.bt" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:52 2005 => File F:\WINNT\system32\akupd.dll infected by "TrojanDownloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:55 2005 => File F:\WINNT\system32\azau0719e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:58 2005 => File F:\WINNT\system32\cdtdll.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:12:58 2005 => File F:\WINNT\system32\cgl3d32.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:02 2005 => File F:\WINNT\system32\cStsrvut.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:08 2005 => File F:\WINNT\system32\dn4001hme.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:11 2005 => File F:\WINNT\system32\dtmsadsn.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:12 2005 => File F:\WINNT\system32\en40l1hm1.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:13 2005 => File F:\WINNT\system32\exentprf.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:16 2005 => File F:\WINNT\system32\gll6l33s1.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:16 2005 => File F:\WINNT\system32\gpl6l33s1.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:18 2005 => File F:\WINNT\system32\hrn0055me.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:19 2005 => File F:\WINNT\system32\iCspolcy.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:20 2005 => File F:\WINNT\system32\iexwan.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:21 2005 => File F:\WINNT\system32\ilrtrmgr.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:22 2005 => File F:\WINNT\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
Wed Jan 12 10:13:24 2005 => File F:\WINNT\system32\j86mlij118o.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:25 2005 => File F:\WINNT\system32\jt2207foe.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:25 2005 => File F:\WINNT\system32\jtju0719e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:25 2005 => File F:\WINNT\system32\k608lgdu1608.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:28 2005 => File F:\WINNT\system32\kt08l7du1.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:28 2005 => File F:\WINNT\system32\kt2ql7f51.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:28 2005 => File F:\WINNT\system32\ktjul7191.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:28 2005 => File F:\WINNT\system32\l28m0cl1efq.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:31 2005 => File F:\WINNT\system32\lv4m09h1e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:31 2005 => File F:\WINNT\system32\lvj6091se.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:31 2005 => File F:\WINNT\system32\lvr8099ue.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:31 2005 => File F:\WINNT\system32\lvro0993e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:33 2005 => File F:\WINNT\system32\mgxml3.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:43 2005 => File F:\WINNT\system32\mv6ol9j31.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:43 2005 => File F:\WINNT\system32\mvrml9911.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:44 2005 => File F:\WINNT\system32\MYC42DEU.DLL infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:44 2005 => File F:\WINNT\system32\myvcrt.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:48 2005 => File F:\WINNT\system32\nydsbsrv.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:48 2005 => File F:\WINNT\system32\o0lu0a39ed.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:49 2005 => File F:\WINNT\system32\o4lule391h.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:13:53 2005 => File F:\WINNT\system32\pFesocks_1030.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:14:07 2005 => File F:\WINNT\system32\swobject.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:14:11 2005 => File F:\WINNT\system32\u4ru0e99eh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:14:11 2005 => File F:\WINNT\system32\upp10.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:41:48 2005 => File F:\WINNT\system32\aklsp.dll infected by "TrojanDownloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.

Ok, dann deinstalliere Wintools, deaktiviere die Systemwiederherstellung und fixe im abgesicherten Modus:

R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearc
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [q72dNHp5] F:\WINNT\msrccxwy.exe
O23 - Service: FileZilla Server FTP server - Unknown - C:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing

Lösche die von E-Scan gefunden Sachen, bis auf:

Wed Jan 12 10:13:22 2005 => File F:\WINNT\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.

Setze dann mit lsp-fix deine winsock wieder zurück. Botte normal und aktiviere die Wiederherstellung und erstelle ein neues Log.

Ersteinmahl DANKE für die Hilfe

Diverse Dateien leisen sich nicht löschen!

Wed Jan 12 09:59:59 2005 => File F:\WINNT\system32\o0lu0a39ed.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:00:02 2005 => File F:\WINNT\system32\pFesocks_1030.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:00:10 2005 => File F:\WINNT\system32\swobject.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 12 10:00:12 2005 => File F:\WINNT\system32\u4ru0e99eh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.

Dann ging mein Zugang zum Internet nicht mehr!

Ich habe mich für eine Neuinstallation von Win2000 entschieden, dafür habe ich mit allen Zusatzprogrammen ca. 2 Stunden gebraucht.

Mit den doofen Trojanern kämpfe ich schon 2 Monate.

Jetzt hatte ich die Nase voll.

Trotzdem Danke.
:sword2:

lies dir dass durch, um weitere viren und trojanerbefälle aufzuhalten