Hi Leutz,

bin total ratlos. Wäre für Hilfe sehr dankbar. Hier mein Log:



Logfile of HijackThis v1.99.0
Scan saved at 09:08:05, on 25.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mshelp32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Outlook Express\msimn.exe
D:\install\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-on-the-net.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.de.msn.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-web-search.com/adult/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Programme\IESearchToolbar\IESearchToolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\install\SpyBot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Programme\IESearchToolbar\IESearchToolbar.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\System32\mshelp32.exe
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987507} - C:\SEXO126de\SEXO126de.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/0...es/initial.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317...dxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093722566875
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://access.phonecookie.nl/users/penasus_12/de.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?319
O17 - HKLM\System\CCS\Services\Tcpip\..\{1345B7C1-526D-4C07-94CD-8CD484D78694}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{486217EB-689A-4DBF-9301-4E4A43A0F44F}: NameServer = 62.27.27.62 62.27.53.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A9102C-3072-483E-A105-38B1B006CB6D}: NameServer = 192.168.0.254
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVSync Manager - Unknown - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\PROGRAMME\TELEDAT\de_serv.exe
O23 - Service: e-DiagTools LAN Configuration Agent - Hewlett-Packard - C:\Programme\HP\e-DiagTools\edtsrv.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Moin,

Zitat:

C:\WINDOWS\System32\mshelp32.exe

Das sieht verdächtig nach einer RBot-Variante aus. Wenn dies stimmt, wäre die Browserentführung Dein kleineres Problem.

Mach mal einen Scan mit eScan (siehe Signatur) und poste anschließend, was gefunden wurde.
Öffne dazu die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

N'abend,

Keine Treffer unter 'tagged' dafür umso mehr unter 'infected' - zu viel
für ein Post, daher hier der 1. Teil:

Tue Jan 25 10:01:21 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:01:27 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:01:28 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:01:29 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:01:35 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:01:35 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:01:36 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:02:00 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:02:01 2005 => File c:\windows\jjfixer.exe infected by "Trojan-Dropper.Win32.Small.ql" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:12 2005 => File C:\WINDOWS\sys053.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:12 2005 => Scanning File C:\WINDOWS\sys059.exe
Tue Jan 25 10:03:12 2005 => File C:\WINDOWS\sys059.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:12 2005 => Scanning File C:\WINDOWS\sys112.exe
Tue Jan 25 10:03:13 2005 => File C:\WINDOWS\sys112.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:13 2005 => Scanning File C:\WINDOWS\sys118.exe
Tue Jan 25 10:03:13 2005 => File C:\WINDOWS\sys118.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:13 2005 => Scanning File C:\WINDOWS\sys12.exe
Tue Jan 25 10:03:13 2005 => File C:\WINDOWS\sys12.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:13 2005 => Scanning File C:\WINDOWS\sys144.exe
Tue Jan 25 10:03:14 2005 => File C:\WINDOWS\sys144.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:14 2005 => Scanning File C:\WINDOWS\sys18.exe
Tue Jan 25 10:03:14 2005 => File C:\WINDOWS\sys18.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:14 2005 => Scanning File C:\WINDOWS\sys218.exe
Tue Jan 25 10:03:15 2005 => File C:\WINDOWS\sys218.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:15 2005 => Scanning File C:\WINDOWS\sys222.exe
Tue Jan 25 10:03:15 2005 => File C:\WINDOWS\sys222.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:15 2005 => Scanning File C:\WINDOWS\sys254.exe
Tue Jan 25 10:03:15 2005 => File C:\WINDOWS\sys254.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:15 2005 => Scanning File C:\WINDOWS\sys718.exe
Tue Jan 25 10:03:16 2005 => File C:\WINDOWS\sys718.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:16 2005 => Scanning File C:\WINDOWS\sys747.exe
Tue Jan 25 10:03:16 2005 => File C:\WINDOWS\sys747.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:16 2005 => Scanning File C:\WINDOWS\sys753.exe
Tue Jan 25 10:03:17 2005 => File C:\WINDOWS\sys753.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:17 2005 => Scanning File C:\WINDOWS\sys81.exe
Tue Jan 25 10:03:17 2005 => File C:\WINDOWS\sys81.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:17 2005 => Scanning File C:\WINDOWS\sys815.exe
Tue Jan 25 10:03:17 2005 => File C:\WINDOWS\sys815.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:03:18 2005 => Scanning File C:\WINDOWS\sys87.exe
Tue Jan 25 10:03:18 2005 => File C:\WINDOWS\sys87.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:05:21 2005 => File C:\WINDOWS\System32\dsmanager.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:05:21 2005 => Scanning File C:\WINDOWS\System32\dsmanager32.dll
Tue Jan 25 10:05:21 2005 => File C:\WINDOWS\System32\dsmanager32.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:05:57 2005 => File C:\WINDOWS\System32\IEHelper.dll_tobedeleted infected by "Trojan-Spy.Win32.Banker.iv" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:06:03 2005 => File C:\WINDOWS\System32\init32m.exe.tcf infected by "Trojan-Downloader.Win32.Agent.ho" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:26:30 2005 => File C:\hawa.chm infected by "Trojan.Win32.Dialer.ce" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:37:40 2005 => Total Disinfected Files: 0

Tue Jan 25 10:57:27 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:57:31 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:57:39 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:57:40 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:57:46 2005 => File C:\Programme\IESearchToolbar\IESearchToolbar.dll infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:57:47 2005 => File C:\WINDOWS\System32\DSMANA~1.DLL infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:57:47 2005 => File C:\WINDOWS\system32\javafix3.dll infected by "Trojan-Downloader.Win32.Agent.ht" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:58:11 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:58:12 2005 => File c:\windows\jjfixer.exe infected by "Trojan-Dropper.Win32.Small.ql" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:20 2005 => File C:\WINDOWS\sys053.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:20 2005 => Scanning File C:\WINDOWS\sys059.exe
Tue Jan 25 10:59:21 2005 => File C:\WINDOWS\sys059.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:21 2005 => Scanning File C:\WINDOWS\sys112.exe
Tue Jan 25 10:59:21 2005 => File C:\WINDOWS\sys112.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:21 2005 => Scanning File C:\WINDOWS\sys118.exe
Tue Jan 25 10:59:21 2005 => File C:\WINDOWS\sys118.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:22 2005 => Scanning File C:\WINDOWS\sys12.exe
Tue Jan 25 10:59:22 2005 => File C:\WINDOWS\sys12.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:22 2005 => Scanning File C:\WINDOWS\sys144.exe
Tue Jan 25 10:59:22 2005 => File C:\WINDOWS\sys144.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:22 2005 => Scanning File C:\WINDOWS\sys18.exe
Tue Jan 25 10:59:23 2005 => File C:\WINDOWS\sys18.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:23 2005 => Scanning File C:\WINDOWS\sys218.exe
Tue Jan 25 10:59:23 2005 => File C:\WINDOWS\sys218.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:23 2005 => Scanning File C:\WINDOWS\sys222.exe
Tue Jan 25 10:59:24 2005 => File C:\WINDOWS\sys222.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:24 2005 => Scanning File C:\WINDOWS\sys254.exe
Tue Jan 25 10:59:24 2005 => File C:\WINDOWS\sys254.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:24 2005 => Scanning File C:\WINDOWS\sys718.exe
Tue Jan 25 10:59:24 2005 => File C:\WINDOWS\sys718.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:25 2005 => Scanning File C:\WINDOWS\sys747.exe
Tue Jan 25 10:59:25 2005 => File C:\WINDOWS\sys747.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:25 2005 => Scanning File C:\WINDOWS\sys753.exe
Tue Jan 25 10:59:25 2005 => File C:\WINDOWS\sys753.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

...und hier der 2. Teil - also Rest:




Tue Jan 25 10:59:25 2005 => Scanning File C:\WINDOWS\sys81.exe
Tue Jan 25 10:59:26 2005 => File C:\WINDOWS\sys81.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:26 2005 => Scanning File C:\WINDOWS\sys815.exe
Tue Jan 25 10:59:26 2005 => File C:\WINDOWS\sys815.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 10:59:26 2005 => Scanning File C:\WINDOWS\sys87.exe
Tue Jan 25 10:59:27 2005 => File C:\WINDOWS\sys87.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 11:01:21 2005 => File C:\WINDOWS\System32\dsmanager.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 11:01:21 2005 => Scanning File C:\WINDOWS\System32\dsmanager32.dll
Tue Jan 25 11:01:21 2005 => File C:\WINDOWS\System32\dsmanager32.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 11:01:55 2005 => File C:\WINDOWS\System32\IEHelper.dll_tobedeleted infected by "Trojan-Spy.Win32.Banker.iv" Virus. Action Taken: No Action Taken.

Tue Jan 25 11:02:02 2005 => File C:\WINDOWS\System32\init32m.exe.tcf infected by "Trojan-Downloader.Win32.Agent.ho" Virus. Action Taken: No Action Taken.

Tue Jan 25 11:23:04 2005 => File C:\hawa.chm infected by "Trojan.Win32.Dialer.ce" Virus. Action Taken: No Action Taken.

Tue Jan 25 12:36:07 2005 => File C:\info6.cab infected by "Trojan.Win32.Dialer.t" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:01 2005 => File C:\WINDOWS\sys053.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:01 2005 => Scanning File C:\WINDOWS\sys059.exe
Tue Jan 25 13:54:01 2005 => File C:\WINDOWS\sys059.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:01 2005 => Scanning File C:\WINDOWS\sys112.exe
Tue Jan 25 13:54:02 2005 => File C:\WINDOWS\sys112.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:02 2005 => Scanning File C:\WINDOWS\sys118.exe
Tue Jan 25 13:54:02 2005 => File C:\WINDOWS\sys118.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:02 2005 => Scanning File C:\WINDOWS\sys12.exe
Tue Jan 25 13:54:02 2005 => File C:\WINDOWS\sys12.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:03 2005 => Scanning File C:\WINDOWS\sys144.exe
Tue Jan 25 13:54:03 2005 => File C:\WINDOWS\sys144.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:03 2005 => Scanning File C:\WINDOWS\sys18.exe
Tue Jan 25 13:54:03 2005 => File C:\WINDOWS\sys18.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:03 2005 => Scanning File C:\WINDOWS\sys218.exe
Tue Jan 25 13:54:04 2005 => File C:\WINDOWS\sys218.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:04 2005 => Scanning File C:\WINDOWS\sys222.exe
Tue Jan 25 13:54:04 2005 => File C:\WINDOWS\sys222.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:04 2005 => Scanning File C:\WINDOWS\sys254.exe
Tue Jan 25 13:54:05 2005 => File C:\WINDOWS\sys254.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:05 2005 => Scanning File C:\WINDOWS\sys718.exe
Tue Jan 25 13:54:05 2005 => File C:\WINDOWS\sys718.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:05 2005 => Scanning File C:\WINDOWS\sys747.exe
Tue Jan 25 13:54:06 2005 => File C:\WINDOWS\sys747.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:06 2005 => Scanning File C:\WINDOWS\sys753.exe
Tue Jan 25 13:54:06 2005 => File C:\WINDOWS\sys753.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:06 2005 => Scanning File C:\WINDOWS\sys81.exe
Tue Jan 25 13:54:07 2005 => File C:\WINDOWS\sys81.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:07 2005 => Scanning File C:\WINDOWS\sys815.exe
Tue Jan 25 13:54:07 2005 => File C:\WINDOWS\sys815.exe infected by "not-a-virus:AdWare.ToolBar.Perez.a" Virus. Action Taken: No Action Taken.

Tue Jan 25 13:54:07 2005 => Scanning File C:\WINDOWS\sys87.exe
Tue Jan 25 13:54:08 2005 => File C:\WINDOWS\sys87.exe infected by "Trojan-Clicker.Win32.Agent.bs" Virus. Action Taken: No Action Taken.

Tue Jan 25 14:00:31 2005 => File C:\WINDOWS\system32\dsmanager.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 14:00:31 2005 => Scanning File C:\WINDOWS\system32\dsmanager32.dll
Tue Jan 25 14:00:32 2005 => File C:\WINDOWS\system32\dsmanager32.dll infected by "not-a-virus:AdWare.ToolBar.BHO.j" Virus. Action Taken: No Action Taken.

Tue Jan 25 14:01:08 2005 => File C:\WINDOWS\system32\IEHelper.dll_tobedeleted infected by "Trojan-Spy.Win32.Banker.iv" Virus. Action Taken: No Action Taken.

Tue Jan 25 14:01:14 2005 => File C:\WINDOWS\system32\init32m.exe.tcf infected by "Trojan-Downloader.Win32.Agent.ho" Virus. Action Taken: No Action Taken.

Tue Jan 25 14:45:51 2005 => File D:\install\Hijack this\log\hijackthis.log infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Tue Jan 25 14:45:51 2005 => File D:\install\Hijack this\log\hijackthis.log.vir1 infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Tue Jan 25 15:19:41 2005 => File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd1.vir.vir infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Tue Jan 25 15:19:41 2005 => Scanning File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd2.vir1.vir
Tue Jan 25 15:19:41 2005 => File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd2.vir1.vir infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Tue Jan 25 15:19:41 2005 => Scanning File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd23.pdf
Tue Jan 25 15:19:41 2005 => Scanning File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd3.vir.vir
Tue Jan 25 15:19:41 2005 => File D:\RECYCLER\S-1-5-21-995690780-2495073255-2427954689-1005\Dd3.vir.vir infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Tue Jan 25 15:19:46 2005 => Total Disinfected Files: 0

Moin,

ich habe es mir fast gedacht, wenn auch nicht Rbot, sondern folgendes zu der Datei angegeben wird:

Zitat:

Tue Jan 25 10:58:11 2005 => File C:\WINDOWS\System32\mshelp32.exe infected by "Trojan-Proxy.Win32.Small.an" Virus. Action Taken: No Action Taken.

Dein Rechner kann quasi jederzeit für Spam-,Wurmversand oder auch DOS-Attacken mißbraucht werden!
Bei den ganzen Downloadern habe ich jetzt nicht im Einzelnen nachgesehen, was die u.U. veranstalten...

Wenn Du Deinem Rechner wieder 'vertrauen' willst, solltest Du ihn unter Beachtung dieser Anleitung neu aufsetzen. Zur Datensicherung noch dieser Hinweis, allerdings solltest Du hierbei auf ausführbare Dateien gänzlich verzichten.

Da auch ein paar Dialer gefunden wurden, solltest Du diese zwecks evtl. Beweissicherung bei erhöhten Telefonrechnungen vorher auf Diskette (o. vgl.) speichern. Wenn Du eine reine DSL-Verbindung hast, also weder ISDN, noch Modem und auch keine Telefonanlage am PC angeschlossen hast, kannst Du Dir diese Beweissicherung sparen.

Hallo,

kann bitte nochmal jemand meinen log checken....?

Ich glaub' der Hijacker ist irgendwie weg...

Danke im voraus !!!


Logfile of HijackThis v1.99.0
Scan saved at 19:54:01, on 04.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mshelp32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\HP\hpcoretech\comp\hptskmgr.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Programme\Sophos SWEEP for NT\ICMON.EXE
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\install\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ka-news.de/
O1 - Hosts: 127.0.0.0 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\install\SpyBot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\System32\mshelp32.exe
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Programme\Sophos SWEEP for NT\ICMON.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317...dxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093722566875
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?319
O17 - HKLM\System\CCS\Services\Tcpip\..\{1345B7C1-526D-4C07-94CD-8CD484D78694}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{486217EB-689A-4DBF-9301-4E4A43A0F44F}: NameServer = 62.27.27.62 62.27.53.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A9102C-3072-483E-A105-38B1B006CB6D}: NameServer = 192.168.0.254
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVSync Manager - Unknown - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\PROGRAMME\TELEDAT\de_serv.exe
O23 - Service: e-DiagTools LAN Configuration Agent - Hewlett-Packard - C:\Programme\HP\e-DiagTools\edtsrv.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus Network - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS

Du hast einen rbot drauf.
der wurm hat backdoor qualitäten; dein system ist kompromittiert und muss neu installiert werden. beachte auch diese Anleitung

@escobar
wie lutz schon postete, kuckst du hier
http://www3.ca.com/securityadvisor/v....aspx?id=39437
C:\WINDOWS\System32\mshelp32.exe
da kann man dich nur empfehlen neuaufzusetzen (format C)

hier eine hilfestellung
http://www.trojaner-board.de/showpos...28&postcount=2


sry
chaosman