Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   wie bekomme ich den Dialer / Trojaner wieder weg? (https://www.trojaner-board.de/14243-bekomme-dialer-trojaner-weg.html)

Pferdenoni 21.02.2005 13:46
wie bekomme ich den Dialer / Trojaner wieder weg?
 
Habe seit gestern 20.02.2005 Folgendes Problem:

Immer wenn ich den IE starte erscheint : about:blank
Und es erscheint
Quick Web Search



viagra |xanax| phentermine |online pharmacy| carisoprodol |hydrocodone| valium |cialis| fioricet
texas holdem |party poker| roulette |online gambling| blackjack |slots| casino | adult games
webhosting |domain registration| bonus server | voice mail | work at home
adult movies |personal photos| sex dating |free online dating| xxx dvd |asian sex| fetish
rv finance |visa platinum| merchant account | mortgage
spyware |adware| popup blocker |firewall| soft



wie bekomme ich das wieder weg?




Logfile of HijackThis v1.99.1
Scan saved at 13:39:27, on 21.02.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\EZBUTTON\CP51NBTN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMME\EZBUTTON\CPHKCNT.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\TOSMEM.EXE
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMME\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAMME\MSN APPS\UPDATER\01.02.3000.1001\DE\MSNAPPAU.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.644\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arcor-ip.de:80
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.web.de"); (C:\Programme\Netscape\Users\swidero\prefs.js)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMME\MSN APPS\MSN TOOLBAR\01.02.3000.1001\DE\MSNTB.DLL
O2 - BHO: (no name) - {53BE443D-66A1-4444-99B2-8DFBB0361034} - C:\WINDOWS\SYSTEM\SFCMAN32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMME\MSN APPS\MSN TOOLBAR\01.02.3000.1001\DE\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CP51NBtn] C:\PROGRA~1\EZBUTTON\CP51NBtn.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TosMem] tosmem.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Programme\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Programme\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAMME\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .avi: C:\PROGRAMME\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .swf: C:\PROGRAMME\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .mid: C:\PROGRAMME\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www7.pc-sicherheit.web.de/ols/fscax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.84.244.29:81/activex/AxisCamControl.cab
O18 - Filter: text/html - {56EA2D8E-2ACA-4719-929C-1991CE9F9342} - C:\WINDOWS\SYSTEM\SFCMAN32.DLL
O18 - Filter: text/plain - {56EA2D8E-2ACA-4719-929C-1991CE9F9342} - C:\WINDOWS\SYSTEM\SFCMAN32.DLL

wer kann helfen?
danke

Gigamail 21.02.2005 14:45
Hi,

scanne Dein system mit eScan, siehe Beschreibung unten

Erstelle für den eScan einen neuen Ordner (=Verzeichnis) "bases" auf "c:\". Lade den eScan runter, entpacke ihn mit einem Zip-Programm in diesen neuen Ordner. Beachte dazu die Anleitung . Update den eScan online (siehe Anleitung) und führe ihn offline im abgesicherten Modus aus. Der eScan braucht ca 1 Stunde. Die gefundenen Viren werden von hand gelöscht. Wir geben am Forum Anleitung dazu.
(Shadowdance zitiert)

--> Teile uns bitte mit: wieviel Viren auf Deinem Rechner gefunden wurden - es sieht so aus:

=> Total Files Scanned:
=> Total Virus(es) Found:
=> Total Disinfected Files:
=> Total Files Renamed:
=> Total Deleted Files:
=> Total Errors:
=> Time Elapsed:
=> Virus Database Date:
=> Virus Database Count:
=>Total Number of Files Scanned:
=>Total Number of Virus(es) Found:
***** Scanning complete. *****

--> Wie die Viren heißen, möchten wir auch wissen: "öffne die mwav.log (oder die mwXface.log) -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Cidre zitiert)

http://www.cosgan.net/images/smilie/froehlich/c030.gif

Pferdenoni 21.02.2005 16:16
erst mal Danke
hier die auswertung

Mon Feb 21 15:57:28 2005 => Total Files Scanned: 3911
Mon Feb 21 15:57:28 2005 => Total Virus(es) Found: 8
Mon Feb 21 15:57:28 2005 => Total Disinfected Files: 0
Mon Feb 21 15:57:28 2005 => Total Files Renamed: 0
Mon Feb 21 15:57:28 2005 => Total Deleted Files: 0
Mon Feb 21 15:57:28 2005 => Total Errors: 0
Mon Feb 21 15:57:28 2005 => Time Elapsed: 00:07:33

Mon Feb 21 15:57:28 2005 => ***** Scanning complete. *****
Mon Feb 21 15:57:28 2005 => Virus Database Date: 2005/02/14
Mon Feb 21 15:57:28 2005 => Virus Database Count: 118236

Mon Feb 21 15:57:28 2005 => Scan Completed.


Mon Feb 21 15:51:17 2005 => File C:\WINDOWS\SYSTEM\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:51:18 2005 => File C:\WINDOWS\SYSTEM\truettf.exe infected by "not-a-virus:AdWare.Msnagent.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:51:18 2005 => File C:\WINDOWS\SYSTEM\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:08 2005 => File C:\_RESTORE\ARCHIVE\FS3.CAB infected by "Trojan-Dropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:09 2005 => File C:\_RESTORE\ARCHIVE\FS6.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:14 2005 => File C:\_RESTORE\ARCHIVE\FS9.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:16 2005 => File C:\_RESTORE\ARCHIVE\FS10.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:21 2005 => File C:\_RESTORE\ARCHIVE\FS2.CAB infected by "Trojan.Win32.Dialer.gd" Virus. Action Taken: No Action Taken.

Gigamail 21.02.2005 16:23
Zitat:
Mon Feb 21 15:57:28 2005 => Time Elapsed: 00:07:33
Du hast entweder nicht im abgesicherten Modus gescannt, oder der Scan All Flies war nicht aktiviert. Normal dauert der eScan ca. 1 Stunde
versuch es noch mal ;)

Pferdenoni 21.02.2005 23:00
So jetzt aber komplet

Mon Feb 21 22:44:25 2005 => ***** Scanning complete. *****
Mon Feb 21 22:44:25 2005 => Total Files Scanned: 38552
Mon Feb 21 22:44:25 2005 => Total Virus(es) Found: 11
Mon Feb 21 22:44:25 2005 => Total Disinfected Files: 0
Mon Feb 21 22:44:25 2005 => Total Files Renamed: 0
Mon Feb 21 22:44:25 2005 => Total Deleted Files: 0
Mon Feb 21 22:44:25 2005 => Total Errors: 3
Mon Feb 21 22:44:25 2005 => Time Elapsed: 00:57:47
Mon Feb 21 22:44:25 2005 => Virus Database Date: 2005/02/14
Mon Feb 21 22:44:25 2005 => Virus Database Count: 118236

Mon Feb 21 22:44:25 2005 => Scan Completed.

Mon Feb 21 22:47:01 2005 => Virus Database Date: 2005/02/14
Mon Feb 21 22:47:01 2005 => Virus Database Count: 118236
Mon Feb 21 22:47:21 2005 => AV Library Unloaded (3)...


File C:\WINDOWS\SYSTEM\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\truettf.exe infected by "not-a-virus:AdWare.Msnagent.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS3.CAB infected by "Trojan-Dropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS6.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS9.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS10.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS2.CAB infected by "Trojan.Win32.Dialer.gd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\truettf.exe infected by "not-a-virus:AdWare.Msnagent.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:08 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129