ich war vorgestern im internet und seit dem habe ich eine angere start seite und immer wenn ich ad-aware laufen lasse findet er 6 dingsta lass ich diese entfernen sind sie erst wieder da wenn ich den explorer oeffne ich weiss einfach nicht weiter hir die daten (ich habe nur was fuer ein engliches projeckt bei altavista.de gesucht und einmal auf sonen bezahl seite gelandet):

Vendor:Win32.TrojanDownloader.Agent.al
Category: Data Miner
Object Type:Process
Size:-
Location:C:\WINDOWS\system32\craf32.exe
Last Activity:03.03.2005 16:17:19
Risk Level:High
TAC index:7
Comment: (CSI MATCH)
Description:TrojanDropper

Vendor:Tracking Cookie
Category: Data Miner
Object Type:IECache Entry
Size:95 Bytes
Location:C:\...\<mein name>\LOKALE~1\Temp\Cookies\<mein name>@doubleclick[2].txt
Last Activity:02.03.2005 18:41:42
Risk Level:Low
TAC index:3
Comment:Hits:3
Description:This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.


Vendor:Tracking Cookie
Category: Data Miner
Object Type:IECache Entry
Size:95 Bytes
Location:C:\...\<mein name>\LOKALE~1\Temp\Cookies\<mein name>@doubleclick[2].txt
Last Activity:02.03.2005 18:41:42
Risk Level:Low
TAC index:3
Comment:
Description:This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.

Vendor:Possible Browser Hijack attempt
Category:Misc
Object Type:File
Size:91 Bytes
Location:C:\...\<mein name>\Favoriten\Only sex website.url
Last Activity:03.03.2005 16:23:30
Risk Level:Low
TAC index:3
Comment:Problematic URL discovered: http://www.onlysex.ws/
Description:Possible attempt to control/redirect the browser. This object referrs to a "blacklisted" site. If the site listed is the site intended (in other words, it is set to the setting you wish it to be set to), add this listing to your ignorelist. If not, then selecting this item will reset your browser to the default setting for this item.

Vendor:Possible Browser Hijack attempt
Category:Misc
Object Type:File
Size:91 Bytes
Location:C:\...\<mein name>\Favoriten\Search the web.url
Last Activity:03.03.2005 16:23:30
Risk Level:Low
TAC index:3
Comment:Problematic URL discovered: http://www.lookfor.cc/
Description:Possible attempt to control/redirect the browser. This object referrs to a "blacklisted" site. If the site listed is the site intended (in other words, it is set to the setting you wish it to be set to), add this listing to your ignorelist. If not, then selecting this item will reset your browser to the default setting for this item.

Vendor:Possible Browser Hijack attempt
Category:Misc
Object Type:File
Size:87 Bytes
Location:C:\...\<mein name>\Favoriten\Seven days of free porn.url
Last Activity:03.03.2005 16:23:30
Risk Level:Low
TAC index:3
Comment:Problematic URL discovered: http://www.7days.ws/
Description:Possible attempt to control/redirect the browser. This object referrs to a "blacklisted" site. If the site listed is the site intended (in other words, it is set to the setting you wish it to be set to), add this listing to your ignorelist. If not, then selecting this item will reset your browser to the default setting for this item.

Hi,

poste mal bitte ein Log von HijackThis -> http://www.trojaner-board.de/51130-a...ijackthis.html
Persönliches, wie Deinen Namen bitte wieder unkenntlich machen...

hier die log:



Logfile of HijackThis v1.99.1
Scan saved at 18:07:16, on 03.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\NASDAK\OmniMaus Software\2.1\MOUSE32A.EXE
C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\NILaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\lotus\smartctr\smartctr.exe
C:\Programme\Netropa\Onscreen Display\OSD.exe
C:\Programme\Netropa\InetKb\Inetkb.exe
C:\WINDOWS\wintc.exe
C:\WINDOWS\system32\craf32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\<name>\LOKALE~1\Temp\_tc\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hkpyf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hkpyf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hkpyf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hkpyf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hkpyf.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hkpyf.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - C:\WINDOWS\system32\addyd32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\NASDAK\OmniMaus Software\2.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ipks32.exe] C:\WINDOWS\system32\ipks32.exe
O4 - HKLM\..\Run: [wintc.exe] C:\WINDOWS\wintc.exe
O4 - HKLM\..\RunOnce: [apioc.exe] C:\WINDOWS\apioc.exe
O4 - HKLM\..\RunOnce: [netmi32.exe] C:\WINDOWS\netmi32.exe
O4 - HKLM\..\RunOnce: [syssc.exe] C:\WINDOWS\system32\syssc.exe
O4 - HKLM\..\RunOnce: [javark.exe] C:\WINDOWS\javark.exe
O4 - HKLM\..\RunOnce: [ntjd.exe] C:\WINDOWS\system32\ntjd.exe
O4 - HKLM\..\RunOnce: [addax32.exe] C:\WINDOWS\addax32.exe
O4 - HKLM\..\RunOnce: [apihb32.exe] C:\WINDOWS\apihb32.exe
O4 - HKLM\..\RunOnce: [craf32.exe] C:\WINDOWS\system32\craf32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [fli4l] "C:\FLI4L\windows\imonc\Imonc.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: ADILOOK Deutsche Version auf Laufwerk F.LNK = F:\COKTEL\ADDY4\ADILOOK.EXE
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{D766EFCC-4104-4374-8DC7-215A24BB64C0}: NameServer = 192.168.0.10
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programme\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Network Security Service (NSS) (� 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\ipmb32.exe (file missing)

@Dustin
update als erstes dein system und IE

lade escan

download
anleitung
überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)


chaosman

@chaosman,

in diesem Fall würde ich erst eScan machen. Ich 'fürchte' es läuft auf Format C hinaus. Da braucht Dustin nicht erst aktualisieren....

hir ist alles was ich rausfinden konnte (update von escan geht nur wenn man es kauft):

Thu Mar 03 18:31:17 2005 => File C:\WINDOWS\system32\addyd32.dll infected by "Trojan-Downloader.Win32.Agent.kd" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:25 2005 => File C:\WINDOWS\wintc.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:25 2005 => File C:\WINDOWS\system32\craf32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:39 2005 => File C:\WINDOWS\d3ns.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:40 2005 => File C:\WINDOWS\fouir.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:40 2005 => File C:\WINDOWS\ginia.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:41 2005 => File C:\WINDOWS\hkpyf.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:41 2005 => File C:\WINDOWS\iecf.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:44 2005 => File C:\WINDOWS\mggyt.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:46 2005 => File C:\WINDOWS\pwjdx.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.

Thu Mar 03 18:31:47 2005 => File C:\WINDOWS\sdkms.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:50 2005 => File C:\WINDOWS\vtlhk.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:51 2005 => File C:\WINDOWS\winsk.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:51 2005 => File C:\WINDOWS\winxo32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:51 2005 => File C:\WINDOWS\ykpas.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:53 2005 => File C:\WINDOWS\System32\addjz.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:31:54 2005 => File C:\WINDOWS\System32\appth32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:32:05 2005 => File C:\WINDOWS\System32\crns32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:32:11 2005 => File C:\WINDOWS\System32\d3uc32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:32:25 2005 => File C:\WINDOWS\System32\etdss.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.

Thu Mar 03 18:32:30 2005 => File C:\WINDOWS\System32\HCW848UN.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Thu Mar 03 18:32:38 2005 => File C:\WINDOWS\System32\ipiq32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:32:42 2005 => File C:\WINDOWS\System32\javaah.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:32:54 2005 => File C:\WINDOWS\System32\mgkmc.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:02 2005 => File C:\WINDOWS\System32\msim.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:11 2005 => File C:\WINDOWS\System32\mxndv.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:14 2005 => File C:\WINDOWS\System32\nfxge.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:14 2005 => File C:\WINDOWS\System32\noaff.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:32 2005 => File C:\WINDOWS\System32\qfpll.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:38 2005 => File C:\WINDOWS\System32\rtwjr.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.

Thu Mar 03 18:33:49 2005 => File C:\WINDOWS\System32\sysupd1003.exe infected by "Trojan-Clicker.Win32.Small.an" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:51 2005 => File C:\WINDOWS\System32\tksrv99.exe infected by "Trojan-Downloader.Win32.Esepor.y" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:33:51 2005 => File C:\WINDOWS\System32\tmksrvu.exe infected by "Trojan-Downloader.Win32.Esepor.ab" Virus. Action Taken: No Action Taken.
Thu Mar 03 18:34:01 2005 => File C:\WINDOWS\System32\winbw32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.

Kann mir denn keiner helfen ?