|
Trj/downloader.GK Hallo, eine bekannt von mir hat sich einen Trojaner eingefangen. Trj/downloader.GK Gibt es eine Möglichkeit den zu entfernen ohne Format c: Logfile habe ich gleich mal angehängt. Logfile of HijackThis v1.98.2 Scan saved at 17:35:16, on 22.09.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programme\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE C:\Programme\Panda Software\Panda Antivirus Titanium\apvxdwin.exe C:\Programme\Panda Software\Panda Antivirus Titanium\pavProxy.exe C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\Program Files\Windows SyncroAd\WinSync.exe C:\Programme\Messenger\MSMSGS.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\Steganos Trace Destructor 6.5\itd.exe C:\Skype\Phone\Skype.exe C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe C:\Programme\Web_Rebates\WebRebates1.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\zwergi_1958\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\6.bin\MWSBAR.DLL O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\6.bin\MWSBAR.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ITD65_ITD] "C:\Programme\Steganos Trace Destructor 6.5\itd.exe" /booting O4 - HKCU\..\Run: [Skype] "C:\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: GMX Clicktionary 2.8.lnk = C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...1a0351cafa03db O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab Liebe Grüße Speedy |
Scanne mal hiermit im abgesicherten Modus: http://www.trojaner-board.de/showthread.php?t=6083 Danach erstelle und poste ein neues HijackThis-Log. |
Hallo speedy22667, folgende Arbeiten müssen auf dem Rechner Deiner Bekannten vorgenommen werden: - mit dem online-scan von Kaspersky folgende Dateien scannen: C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\Program Files\Windows SyncroAd\WinSync.exe - das Ergenis der Überprüfung posten und diese Dateien, wenn sie infiziert sein sollten an partytime-germany.ice@web.de senden, mit Verweis auf diesen Thread. - den eScan downloaden und durchführen, laut Anleitung: Thread-6083 - zusammen mit dem Ergebnis des eScan, auch die Namen des Virus/der Viren posten: =>Total Number of Files Scanned: =>Total Number of Virus(es) Found: =>Total Number of Disinfected Files: =>Total Number of Files Renamed: =>Total Number of Deleted Files: - www.windowsupdate.com besuchen und SP2 runterladen. - ein neues Logfile mit Hijack This erstellen und es posten, zusammen mit allen Angaben, um die ich hier gebeten habe. Gruss Shadowdance [edit] Hallo Christian ... ich hab Dich erst nach dem posten entdeckt. [/edit] |
So, nun haben wir die scans gemacht, hier die Ergebnisse. Liebe Grüße Speedy Wed Sep 22 21:38:12 2004 => ***** Checking for specific ITW Viruses ***** Wed Sep 22 21:38:12 2004 => Checking for Welchia Virus... Wed Sep 22 21:38:12 2004 => Checking for LovGate Virus... Wed Sep 22 21:38:12 2004 => Checking for CodeRed Virus... Wed Sep 22 21:38:12 2004 => Checking for OpaServ Virus... Wed Sep 22 21:38:12 2004 => Checking for Sobig.e Virus... Wed Sep 22 21:38:13 2004 => Checking for Winupie Virus... Wed Sep 22 21:38:13 2004 => Checking for Swen Virus... Wed Sep 22 21:38:13 2004 => Checking for JS.Fortnight Virus... Wed Sep 22 21:38:13 2004 => Checking for Novarg Virus... Wed Sep 22 21:38:13 2004 => Checking for Pagabot Virus... Wed Sep 22 21:38:13 2004 => Checking for Parite.b Virus... Wed Sep 22 21:38:13 2004 => Checking for Parite.a Virus... Wed Sep 22 21:38:13 2004 => ***** Scanning complete. ***** Wed Sep 22 21:38:13 2004 => Total Number of Files Scanned: 102715 Wed Sep 22 21:38:13 2004 => Total Number of Virus(es) Found: 24 Wed Sep 22 21:38:13 2004 => Total Number of Disinfected Files: 0 Wed Sep 22 21:38:13 2004 => Total Number of Files Renamed: 11 Wed Sep 22 21:38:13 2004 => Total Number of Deleted Files: 3 Wed Sep 22 21:38:13 2004 => Total Number of Errors: 3 Wed Sep 22 21:38:13 2004 => Time Elapsed: 02:21:49 Wed Sep 22 21:38:13 2004 => Virus Database Date: 2004/09/08 Wed Sep 22 21:38:13 2004 => Virus Database Count: 103474 Wed Sep 22 21:38:13 2004 => Scan Completed. Logfile of HijackThis v1.98.2 Scan saved at 21:55:38, on 22.09.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\Program Files\Windows SyncroAd\WinSync.exe C:\Programme\Messenger\MSMSGS.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\Steganos Trace Destructor 6.5\itd.exe C:\Skype\Phone\Skype.exe C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programme\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE C:\Programme\Web_Rebates\WebRebates1.exe C:\Programme\Panda Software\Panda Antivirus Titanium\pavProxy.exe C:\zwergi_1958\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\6.bin\MWSBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\6.bin\MWSBAR.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ITD65_ITD] "C:\Programme\Steganos Trace Destructor 6.5\itd.exe" /booting O4 - HKCU\..\Run: [Skype] "C:\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: GMX Clicktionary 2.8.lnk = C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...1a0351cafa03db O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab |
Das System ist immer noch nicht sauber. eScan wurde im abgesicherten Modus ausgeführt, oder? Lade Spybot und scanne ebenso im abgesicherten Modus. Danach ein aktuelles Log-File posten. |
wir haben alles im abgesicherten Modus ausgeführt und jetzt Spybot lauen lassen. Hier noch mal die Log. Logfile of HijackThis v1.98.2 Scan saved at 00:26:06, on 23.09.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programme\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE C:\Programme\Panda Software\Panda Antivirus Titanium\apvxdwin.exe C:\Programme\Panda Software\Panda Antivirus Titanium\pavProxy.exe C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\Programme\Messenger\MSMSGS.EXE C:\Programme\Steganos Trace Destructor 6.5\itd.exe C:\Program Files\Windows SyncroAd\WinSync.exe C:\Skype\Phone\Skype.exe C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe C:\Programme\Web_Rebates\WebRebates1.exe C:\zwergi_1958\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\6.bin\MWSBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ITD65_ITD] "C:\Programme\Steganos Trace Destructor 6.5\itd.exe" /booting O4 - HKCU\..\Run: [Skype] "C:\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: GMX Clicktionary 2.8.lnk = C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...1a0351cafa03db O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab |
Also dann machen wir es manuell: Beende diese Prozesse: C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\Program Files\Windows SyncroAd\WinSync.exe C:\Programme\Web_Rebates\WebRebates1.exe Fixe diese Einträge: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\6.bin\MWSBAR.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...a0 351cafa03db O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yah...utocomplete.cab Deinstalliere unter Software => MyWebSearch, Web_Rebates und SyncroAd Wechsle in den abgesicherten Modus und lösche diese Dateien: Ordner C:\Program Files\Windows SyncroAd Ordner C:\Programme\Web_Rebates Ordner C:\Programme\MyWebSearch Leere diese Ordner: C:\Dokumente und Einstellungen\*Benutername*\Lokale Einstellungen\Temp C:\WINDOWS\Downloaded Program Files C:\Dokumente und Einstellungen\*Benutername*\Lokale Einstellungen\Temporary Internet Files Danach Neustart, neue Startseite vergeben und ein neues Log-File posten. |
dumme Frage, wie fixe ich die Einträge???? :schmoll: Liebe Grüße Speedy |
Haken setzen und auf Fix Checked klicken. ;) |
Hallo, haben jetzt wie unten beschrieben alles ausgeführt. Hier wieder die Log. Logfile of HijackThis v1.98.2 Scan saved at 11:38:36, on 23.09.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE C:\Programme\Winamp\Winampa.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Programme\Messenger\MSMSGS.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\Steganos Trace Destructor 6.5\itd.exe C:\Skype\Phone\Skype.exe C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programme\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE C:\Programme\Panda Software\Panda Antivirus Titanium\pavProxy.exe C:\zwergi_1958\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ITD65_ITD] "C:\Programme\Steganos Trace Destructor 6.5\itd.exe" /booting O4 - HKCU\..\Run: [Skype] "C:\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: GMX Clicktionary 2.8.lnk = C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE |
Diesen Eintrag nochmals fixen: O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe Ansonsten sehe ich keine Auffälligkeiten mehr. Damit es auch so bleibt, lese diese Links durch und handle danach: http://www.mathematik.uni-marburg.de...ompromise.html http://faq.underflow.de/#SECTION000110000000000000000 |
Hallo Cidre, vielen Dank für Deine Hilfe, werde mir gleich mal alles durch lesen. Liebe Grüße Speedy |
Gern geschehen. ;) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 00:07 Uhr. |
Copyright ©2000-2024, Trojaner-Board