|
Itrack Ilead It hab da was nettes eingefangen und die POPUPs hören nicht auf. hab den Hijackthis log angehängt danke für die Hilfe gruss Kai |
Hallo, führe dies aus und poste nochmal ein Log-File, aber bitte nicht als Anhang: Das eScan AV Toolkit (mwav.exe) herunterladen, die Datei in den Ordner "c:\Bases" (wichtig !) entpacken und danach die "kavupd.exe" (Update) ausführen. Abgesicherter Modus und den Scanner mit der "mwavscan.com" starten. Alle Häkchen setzen und "Scan clean" klicken. http://www.mwti.net/antivirus/free_utilities.asp |
Escan hab ich vorher schon durchgeführt |
Logfile of HijackThis v1.98.2 Scan saved at 17:20:33, on 02.10.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\PROGRA~1\NavNT\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE C:\PROGRA~1\NavNT\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SLEE401.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\soundman.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\Logi_MwX.Exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NavNT\vptray.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE C:\WINDOWS\system32\krowbgyl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\System32\WISPTIS.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat63.exe C:\Program Files\1&1 Internet\VirtuDrive\VIRTUDRV.EXE D:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_p...ount_id=129474 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_p...ount_id=129474 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=129474 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/de/srchasst/srchasst.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/de/srchasst/srchcust.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0407 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\kai\Application Data\Mozilla\Profiles\default\6bebsoa8.slt\prefs.js) O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\de\msntb.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing) O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [KeyPatrol] C:\PROGRA~1\PESTPA~1\KeyPatrol.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [WiseFTP] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe O4 - HKLM\..\Run: [VirtuDrive] C:\Program Files\1&1 Internet\VirtuDrive\VirtuDrv.Exe |
O4 - HKLM\..\Run: [VirtuDrive] C:\Program Files\1&1 Internet\VirtuDrive\VirtuDrv.Exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [eyvzyvbfdhva] C:\WINDOWS\system32\krowbgyl.exe O4 - HKLM\..\Run: [xyzklycstc] C:\WINDOWS\system32\krowbgyl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...006_serial.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://etrain.pivotal.com/main/Insta...Downloader.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.erocounters.com/TB/Yan/German/MOD/sesso.exe |
Lade Spybot 1.3 und Ad Aware aktualisiere sie und scanne im abgesicherten Modus. Fixe danach diese Einträge: Alle R1 und R3 Einträge O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\de\msntb.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing) O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [eyvzyvbfdhva] C:\WINDOWS\system32\krowbgyl.exe O4 - HKLM\..\Run: [xyzklycstc] C:\WINDOWS\system32\krowbgyl.exe Alle O16 Einträge Überflüssige Einträge im Autostart auch fixen: O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe Diese Dateien löschen: C:\WINDOWS\mxTarget.dll C:\WINDOWS\wsem302.dll Ordner C:\Program Files\MSN Toolbar Ordner C:\Program Files\ISTbar C:\WINDOWS\system32\krowbgyl.exe Danach ein neues Log-File posten. |
Logfile of HijackThis v1.98.2 Scan saved at 18:47:26, on 02.10.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\PROGRA~1\NavNT\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE C:\WINDOWS\soundman.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\Logi_MwX.Exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\NavNT\Rtvscan.exe C:\PROGRA~1\NavNT\vptray.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\WINDOWS\System32\SLEE401.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\1&1 Internet\VirtuDrive\VIRTUDRV.EXE D:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_p...ount_id=129474 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_p...ount_id=129474 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=129474 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\kai\Application Data\Mozilla\Profiles\default\6bebsoa8.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [KeyPatrol] C:\PROGRA~1\PESTPA~1\KeyPatrol.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [WiseFTP] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe O4 - HKLM\..\Run: [VirtuDrive] C:\Program Files\1&1 Internet\VirtuDrive\VirtuDrv.Exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de |
Fixe noch dies: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=129474 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=129474 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=129474 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) |
Hallo, ich habe auch seit Ewigkeiten diese nervigen POPUP´s von ilead.it. Ich bin neu hier und habe eigentlich so gut wie keine Ahnung von Logs, etc. Habe einige Vorschläge befolgt und habe es hinbekommen hier einen Log zu posten. Wenn mir jemand sagen könnte wo ich fix checked anklicken müsste wäre ich sehr dankbar. Hier kommt mein Log: Logfile of HijackThis v1.97.7 Scan saved at 02:28:50, on 04.10.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\Explorer.EXE C:\WINNT\Mixer.exe C:\WINNT\System32\hkcmd.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\ISTsvc\istsvc.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\Sophos SWEEP for NT\ICMON.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\SUSS.EXE C:\WINNT\sud.exe C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS C:\Programme\Internet Explorer\iexplore.exe C:\WINNT\Temporary Internet Files\Content.IE5\66WXDTXO\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trekronor.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.trekronor.de/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [WinVNC] "C:\Programme\RealVNC\WinVNC\winvnc.exe" -servicehelper O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe O4 - HKLM\..\Run: [Windows Shell Command] loadsh.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe O4 - HKLM\..\RunServices: [Windows Shell Command] loadsh.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: DLHelperEXE.exe O4 - Global Startup: AcroTray.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Programme\Sophos SWEEP for NT\ICMON.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ 4.1 (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01d51375...p/RdxIE601.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all01.kundenserver.de/app/...vex/msxml4.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://148.160.20.90/activex/AxisCamControl.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...887.4841435185 O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab O16 - DPF: {C2E4B57D-DF10-4B1C-8FD7-7A308B67C3EC} (GvDload2 Class) - http://www.everestpoker.com/dload/gvdload2.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/21...CX/FlashAX.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab Schöne Grüsse, Thomas |
Hallo, überprüfe diese Dateien bei http://virusscan.jotti.org/de und poste das Ergebnis: C:\WINNT\system32\SUSS.EXE C:\WINNT\sud.exe msnqmgr.exe loadsh.exe |
Hi, diese beiden Dateien habe ich gefunden und scannen lassen aber die anderen beiden finde ich nicht, auch nicht beim Suchen mit der Suchfunktion. Service load: 0% 100% File: SUSS.EXE Status: OK Packers detected: None AntiVir No viruses found (1.32 seconds taken) Avast No viruses found (4.57 seconds taken) BitDefender No viruses found (9.41 seconds taken) ClamAV No viruses found (11.42 seconds taken) Dr.Web No viruses found (4.65 seconds taken) F-Prot Antivirus No viruses found (0.36 seconds taken) Kaspersky Anti-Virus No viruses found (4.03 seconds taken) mks_vir No viruses found (2.38 seconds taken) NOD32 No viruses found (2.48 seconds taken) Norman Virus Control No viruses found (2.83 seconds taken) Statistics Last piece of malware found was Win32/Lorie.A in ILoveLorie.exe, detected by: Scanner Malware name Time taken AntiVir Worm/Lorie 2.58 seconds Avast Win32:Lorie 4.56 seconds BitDefender Win32.Lorie.A@MM 2.58 seconds ClamAV Worm.Lorie 7.57 seconds Dr.Web Win32.HLLM.Lorie 4.30 seconds F-Prot Antivirus security risk or a "backdoor" program 0.41 seconds Kaspersky Anti-Virus I-Worm.Lorie 4.29 seconds mks_vir Worm.Lorie 1.35 seconds NOD32 Win32/Lorie.A 2.21 seconds Norman Virus Control X 45.02 seconds Service load: 0% 100% File: sud.exe Status: OK Packers detected: None AntiVir No viruses found (1.40 seconds taken) Avast No viruses found (4.56 seconds taken) BitDefender No viruses found (3.10 seconds taken) ClamAV No viruses found (13.54 seconds taken) Dr.Web No viruses found (4.73 seconds taken) F-Prot Antivirus No viruses found (0.36 seconds taken) Kaspersky Anti-Virus No viruses found (4.56 seconds taken) mks_vir No viruses found (1.51 seconds taken) NOD32 No viruses found (2.30 seconds taken) Norman Virus Control No viruses found (4.70 seconds taken) Statistics Last piece of malware found was Win32/Lorie.A in ILoveLorie.exe, detected by: Scanner Malware name Time taken AntiVir Worm/Lorie 2.58 seconds Avast Win32:Lorie 4.56 seconds BitDefender Win32.Lorie.A@MM 2.58 seconds ClamAV Worm.Lorie 7.57 seconds Dr.Web Win32.HLLM.Lorie 4.30 seconds F-Prot Antivirus security risk or a "backdoor" program 0.41 seconds Kaspersky Anti-Virus I-Worm.Lorie 4.29 seconds mks_vir Worm.Lorie 1.35 seconds NOD32 Win32/Lorie.A 2.21 seconds Norman Virus Control X 45.02 seconds Schöne Grüsse, Thomas |
Übrigens, hier der Link von einem Banner welcher immer auftaucht: http://ilead.itrack.it/clients/Bonni...scriptid=11816 |
Mach mal ein neues Log von HijackThis mit der aktuellen Version 1.98.2. |
Hi, hier die Logs mit der neuen Version: Logfile of HijackThis v1.98.2 Scan saved at 01:17:14, on 06.10.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\SUSS.EXE C:\WINNT\sud.exe C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS C:\WINNT\Explorer.EXE C:\WINNT\Mixer.exe C:\WINNT\System32\hkcmd.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\ISTsvc\istsvc.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\Sophos SWEEP for NT\ICMON.EXE C:\Programme\Internet Explorer\iexplore.exe C:\antispyware\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trekronor.de/ O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [WinVNC] "C:\Programme\RealVNC\WinVNC\winvnc.exe" -servicehelper O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe O4 - HKLM\..\Run: [Windows Shell Command] loadsh.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe O4 - HKLM\..\RunServices: [Windows Shell Command] loadsh.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: DLHelperEXE.exe O4 - Global Startup: AcroTray.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Programme\Sophos SWEEP for NT\ICMON.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe Vielen Dank für Deine Hilfe. Schöne Grüsse, Thomas P.S.: Ich habe spasseshalber nochmal nach einem ähnlichen Link gesucht und da wurde mir ein Script angezeigt. Vielleicht hilft das ja weiter: http://ilead.itrack.it/clients/scrip...&subwebsiteid= |
Zitat:
schreib den jotti mal an, dass sich einige Fehler auf der Seite befinden! Z. B. trojan.ddos.boxed.n - schreibt sich trojan.boxed und Version n gibt es nicht. Oh wie ich gerade sehe hat er den Filename schon korrigiert, da stand bis gestern noch csrss.exe.....Es gibt zwar Viren, die diese XP Datei infizieren aber das ein trojan.boxed dies tun würde wäre mir neu. Bis bald u. viel Erfolg |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 17:12 Uhr. |
Copyright ©2000-2024, Trojaner-Board