Mich hat es auch erwischt mit Nail.exe

Mama69LH · 28.05.2005, 22:33

hab hier endlich mal etwas Hilfe gesehen und hab auch so eine Hijack-log-datei erstellt.

hab die nail.exe gelöscht und in Papierkorb auch habe sie unter G: gefunden. 2 weiter sind in Qarantäne in AnitivirGuard drinnen (SVCPROC.exe+DRPMON.dll)

Hier mein Log-File
Logfile of HijackThis v1.99.1
Scan saved at 23:23:23, on 28.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.exe
G:\Programme\AVPersonal\AVGUARD.EXE
G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
G:\Programme\AVPersonal\AVWUPSRV.EXE
G:\PROGRA~1\CACHEM~1\CachemanXP.exe
G:\WINDOWS\System32\CTSvcCDA.exe
G:\WINDOWS\SYSTEM32\GEARSEC.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\devldr32.exe
G:\Programme\AVPersonal\AVGNT.EXE
D:\programme\steam\steam.exe
G:\Programme\AOL 9.0\waol.exe
G:\Programme\AOL 9.0\shellmon.exe
G:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
G:\Programme\Trojancheck 6\tcguard.exe
D:\Lili\yahoo\Messenger\YPager.exe
G:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
G:\Programme\WinSweep\WSPopup.exe
G:\Programme\MSN Messenger\msnmsgr.exe
D:\Software\Wincomander\WINCMD400\WINCMD32.EXE
G:\DOKUME~1\ASSSSS~1\LOKALE~1\Temp\$wc\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Anni is da
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://G:\Programme\WinSweep\ws.js
F2 - REG:system.ini: Shell=Explorer.exe G:\WINDOWS\Nail.exe
O1 - Hosts: 69.50.188.82 yahoo.com
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\LILI\yahoo\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - G:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - G:\Programme\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - G:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {3434911C-5EA9-41B4-188E-EE7422C38E13} - (no file)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - G:\WINDOWS\System32\winb2s32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Lili\yahoo\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Lili\yahoo\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {6FEA1108-02DF-0FF0-2BDE-5D0AB02931B5} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\LILI\yahoo\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - G:\Programme\WinSweep\SurfBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - G:\WINDOWS\System32\winb2s32.dll
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RSync] G:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] G:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [fiookh] g:\windows\system32\rkxaxk.exe
O4 - HKCU\..\Run: [Steam] "d:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Lili\yahoo\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Lili\yahoo\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Lili\yahoo\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Lili\yahoo\Common/ycmap.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Lili\yahoo\Common\yiesrvc.dll
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - G:\Programme\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - G:\Dokumente und Einstellungen\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - G:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - G:\Programme\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll
O10 - Broken Internet access because of LSP provider 'rpc32vm.dll' missing
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97CE0744-DA8D-4D8A-A379-50F69AEACB52}: NameServer = 205.188.146.145
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - G:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: McAfee Firewall - Unknown owner - G:\Programme\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - G:\WINDOWS\svcproc.exe (file missing)

danke mal für Hilfe!!!

Anmerkung:
Aktive Links editiert.
Bitte zukünftig beachten: Posten von HijackThis-Logs
Gruß, Lutz

Mich hat es auch erwischt mit Nail.exe

Log-Analyse und Auswertung: Mich hat es auch erwischt mit Nail.exe

Mich hat es auch erwischt mit Nail.exe

Ähnliche Themen: Mich hat es auch erwischt mit Nail.exe