Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   suchergebnisse (https://www.trojaner-board.de/12399-suchergebnisse.html)

wolferl 18.01.2005 23:54
suchergebnisse
 
egal welchen begriff ich in eine suchmaschine eingebe, die ersten 10 ergebnisse sind immer die selben... ich habe leider keine ahnung wie ich das beheben kann.
erbitte höflichst rat.
danke

cacatoa 19.01.2005 08:43
Hi,
welche Ergebnisse sind das; und poste mal ein HiJackThis -Logfile rein.

wolferl 19.01.2005 12:49
meisstens eine liste anderer suchmaschinen; oft:www.unlimitedhosting.co.nz

mein logfile:
Logfile of HijackThis v1.99.0
Scan saved at 12:45:26, on 19.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\iMesh\Client\iMeshClient.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

danke, dass du dich meiner annimmst!!!

cacatoa 19.01.2005 13:58
Bitte als erstes die Datei:
C:\WINDOWS\winsx.dll
online bei Jotti scannen und das Ergebnis (10 Zeilen) posten.
cacatoa

wolferl 19.01.2005 14:07
ich hoffe ich habe das richtig gemacht...

File: winsx.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX

AntiVir No viruses found (0.17 seconds taken)
Avast No viruses found (1.52 seconds taken)
BitDefender No viruses found (0.77 seconds taken)
ClamAV No viruses found (0.79 seconds taken)
Dr.Web No viruses found (1.10 seconds taken)
F-Prot Antivirus No viruses found (0.12 seconds taken)
Kaspersky Anti-Virus No viruses found (1.13 seconds taken)
mks_vir No viruses found (0.42 seconds taken)
NOD32 No viruses found (0.78 seconds taken)
Norman Virus Control No viruses found (0.19 seconds taken)


vielen dank

cacatoa 19.01.2005 14:11
Dann mach bitte folgendes:
Lade Dir den eScan herunter (Beachte die Anleitung) und lass ihn im abgesicherten Modus laufen (dauert ca. 1 Stunde.) Danach neu booten und das Ergebnis posten (Öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.)
cacatoa

wolferl 20.01.2005 19:56
File C:\WINDOWS\eqinpev.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\uxeecgh.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\system32\fastvideoplayer.dll infected by "Trojan-Downloader.Win32.Dyfuca.dn" Virus

File C:\WINDOWS\system32\jhflddgj.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\DOKUME~1\wolf\LOKALE~1\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\0XUR81AR\tbd_web[1].htm infected by "Exploit.CodeBaseExec" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\41AFG9Q3\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\41AFG9Q3\msits[1].exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\DG318QB6\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\KX2RKXQR\ipreg32[1].cab infected by "Trojan-Downloader.Win32.Domcom.a" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\LN7BLDSE\loaderadv156[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\LVSEX2HX\loaderadv157[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\W5YFOL6B\update[1].exe infected by "Trojan-Downloader.Win32.Agent.fs" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0XUR81AR\tbd_web[1].htm infected by "Exploit.CodeBaseExec" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\41AFG9Q3\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\41AFG9Q3\msits[1].exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DG318QB6\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KX2RKXQR\ipreg32[1].cab infected by "Trojan-Downloader.Win32.Domcom.a" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LN7BLDSE\loaderadv156[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LVSEX2HX\loaderadv157[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\W5YFOL6B\update[1].exe infected by "Trojan-Downloader.Win32.Agent.fs" Virus

File C:\Program Files\Altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\adm4005.exe infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\Program Files\Altnet\Points Manager\sysdetect.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\curing_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\deleting_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_files.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_files_02.html
Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_object.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\moving_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\remove_infected_macros.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\renaming_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\send_infected_files_only.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\viewing_details_about_an_infected_file.html

File C:\Programme\Gemeinsame Dateien\rtlsnqoc\alfouoae\dfdncoeq.exe infected by "not-a-virus:AdWare.Gator.a" Virus

File C:\Programme\Gemeinsame Dateien\rtlsnqoc\rmaosbsacu\uqdlcnruo.exe infected by "not-a-virus:AdWare.Gator.a" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010334.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010337.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010338.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010339.dll infected by "not-a-virus:AdWare.Gator.5017" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010340.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010343.exe infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010366.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010367.exe infected by "not-a-virus:AdWare.Gator.6034" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010368.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010369.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010370.dll infected by "not-a-virus:AdWare.Gator.3124" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010371.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010372.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010373.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010374.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010377.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010378.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010382.dll infected by "not-a-virus:AdWare.Aureate" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010384.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010385.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP94\A0011282.exe infected by "Trojan.Win32.StartPage.qp" Virus

15:48:35 File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP94\A0011283.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP94\A0011284.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\Downloaded Program Files\update.exe infected by "Trojan-Downloader.Win32.Agent.fs" Virus

File C:\WINDOWS\eqinpev.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\system32\fastvideoplayer.dll infected by "Trojan-Downloader.Win32.Dyfuca.dn" Virus

File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus

File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus

File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\WINDOWS\uehbica.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\uxeecgh.exe infected by "Trojan.Win32.StartPage.qp" Virus

cacatoa 20.01.2005 20:23
Hi, wolferl,
lade Dir clearprog 1.4.1 final runter, mache alle häkchen bei IE und Windows und clicke auf Löschen. Wenn fertig, beenden.
Dann sind alle temporary internet files... und temp files gelöscht.
Dann Systemwiederherstellung ausschalten, Rechner ausschalten, rechner anschalten, Systemwiederherstellung wieder an, dann sind die "System volume information\restore weg.
Den Rest der bleibt, erst mal im abgesicherten Modus manuell löschen.
Dann neues Logfile posten.
cacatoa

wolferl 20.01.2005 22:09
Logfile of HijackThis v1.99.0
Scan saved at 22:08:33, on 20.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Internet Explorer\iexplore.exe

cacatoa 20.01.2005 22:10
Hi, wolferl,
bitte das komplette Logfile, im normalen Modus erstellt, posten.
cacatoa

wolferl 20.01.2005 22:14
sorry, hab den rest irgendwie übersehen...

Logfile of HijackThis v1.99.0
Scan saved at 22:08:33, on 20.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

cacatoa 20.01.2005 22:23
Schau in Deine Privaten Nachrichten.

wolferl 21.01.2005 17:32
Logfile of HijackThis v1.99.0
Scan saved at 22:08:33, on 20.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

cacatoa 21.01.2005 18:02
Hi, wolf,
bitte die folgenden mit HJT im abgesicherten modus fixen:
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)

Dann folgende Datei manuell löschen:
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

Es sei denn Du hast P2P absichtlich, dann lassen und auch die O16.

Trotz des eScan bitte die folgenden 2 Dateien mal bei Jotti online scannen lassen:
C:\WINDOWS\System32\DSMANA~1.DLL
C:\WINDOWS\winsx.dll

Bitte berichte über das (10-zeilige) Ergebnis.
Nach dem Fixen neues Logfile posten.
cacatoa

cacatoa 21.01.2005 18:14
@ wolf:
Wenn Jotti nicht funktioniert, dann vorerst mal den nehmen.
cacatoa


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:43 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129