Trojaner-Board - Browser Hijacker

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Browser Hijacker (https://www.trojaner-board.de/13042-browser-hijacker.html)

Browser Hijacker

Hallo! Hab mir einen Browser hijacker eingefangen: O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll
Habe schon so fast jeden Virenscanner versucht den es gibt! Hat alles nichts geholfen. Bitte um hilfe!!!

Logfile of HijackThis v1.98.0
Scan saved at 00:29:19, on 31.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programe\Musicmatch\mmtask.exe
D:\Programe\Musicmatch\mm_tray.exe
D:\Patches & Downloads\bitdefender\bdmcon.exe
D:\Patches & Downloads\bitdefender\bdswitch.exe
G:\MicrosoftAntiSpywareInstall\gcasServ.exe
D:\Patches & Downloads\avwinsfx_6.29.00.03\AVGNT.EXE
G:\MicrosoftAntiSpywareInstall\gcasDtServ.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Patches & Downloads\avwinsfx_6.29.00.03\AVGUARD.EXE
D:\Patches & Downloads\avwinsfx_6.29.00.03\AVWUPSRV.EXE
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTFMONSS.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Patches & Downloads\Common\Bin\WinCinemaMgr.exe
C:\Programme\Video Bearbeitung\WinDVR3\SchSvr.exe
G:\spysubtract\SpySub.exe
C:\WINDOWS\System32\CSRSSW.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
G:\PESTPA~1\PESTPA~1\ppcontrol.exe
C:\Programme\Internet Explorer\iexplore.exe
G:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Patches & Downloads\Pop Up\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] D:\Programe\Musicmatch\mmtask.exe
O4 - HKLM\..\Run: [MMTray] D:\Programe\Musicmatch\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BDMCon] D:\Patches & Downloads\bitdefender\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] D:\Patches & Downloads\bitdefender\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] D:\Patches & Downloads\bitdefender\bdswitch.exe
O4 - HKLM\..\Run: [gcasServ] "G:\MicrosoftAntiSpywareInstall\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] D:\Patches & Downloads\avwinsfx_6.29.00.03\AVGNT.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PPMemCheck] G:\pestpatrol\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] G:\pestpatrol\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] G:\MicrosoftAntiSpywareInstall\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMONSS] C:\WINDOWS\System32\CTFMONSS.EXE
O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Patches & Downloads\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Programme\Video Bearbeitung\WinDVR3\SchSvr.exe
O4 - Global Startup: SpySubtract.lnk = G:\spysubtract\SpySub.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106155705000
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O20 - AppInit_DLLs: sockspy.dll

Da ist mehr als nur ein Browser-Hijacker.
Scanne dein System bitte mit eScan im abgesicherten Modus (Anleitung genau befolgen!) und poste was gefunden wird. Am einfachsten machst du das so:
Direkt nach dem Scan, den Inhalt des Fensters "Virus Log Information" kopieren (Strg+A alles markieren; Strg+C kopieren) und dann in einer Textdatei abspeichern (z.B. mit Wordpad o.ä.). Dazu den Inhalt mit Strg+V in das Textverarbeitungsprogramm einfügen und das Dokument dann abspeichern. Nach dem Neustart kannst du die Infos aus der Datei dann einfach ins Forum kopieren.

o.k werde es gleich mal versuchen!

Meine Virus Log Information von eScan

File C:\WINDOWS\wtlbass32.dll infected by "not-a-virus:AdWareAction Taken.
File C:\WINDOWS\System32\CTFMONSS.EXE infected by "Trojan-Dropper.Win32.Small.qv" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\CSRSSW.EXE infected by "Trojan-Dropper.Win32.Small.qv" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\1042004.exe infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\1042004_2.exe infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\20dab.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\24.exe infected by "TrojanDropper.Win32.Small.hb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\25.exe infected by "TrojanDropper.Win32.Small.hb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bad01.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bad1474.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\baddom3.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\frame1.exe infected by "Trojan.Win32.Small.v" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\redalert.exe infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\stoolbd.dll infected by "not-a-virus:AdWare.ToolBar.FastLook.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\WTLBUI.exe infected by "Trojan.Win32.StartPage.ig" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\consys98.exe infected by "TrojanClicker.Win32.Small.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ozwu0c6rluk.dll infected by "Trojan.Win32.Krepper.p" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\secupd0312.exe infected by "TrojanDownloader.Win32.Esepor.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\secupd050104.exe infected by "TrojanDownloader.Win32.Esepor.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\secupd1203.exe infected by "TrojanDownloader.Win32.Esepor.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\secupd1305.exe infected by "TrojanDownloader.Win32.Esepor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\secupdcl.exe infected by "TrojanDownloader.Win32.Esepor.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\supd130404.exe infected by "TrojanDownloader.Win32.Esepor.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\supd180204.exe infected by "TrojanDownloader.Win32.Esepor.x" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\v7d726lw4t.dll infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Franz Valdec\Desktop\vv.dat infected by "Trojan-Dropper.Win32.Small.qv" Virus. Action Taken: No Action Taken.
File C:\ntdetect.hta infected by "Trojan-Dropper.VBS.Inor.cj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52D2D090-D27C-44F7-A735-13A8DBEB21F1}\RP288\A0073528.exe infected by "Trojan.Win32.StartPage.ig" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52D2D090-D27C-44F7-A735-13A8DBEB21F1}\RP288\A0073543.dll infected by "not-a-virus:AdWare.BHO.SearchAssistant.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{52D2D090-D27C-44F7-A735-13A8DBEB21F1}\RP288\A0073553.dll infected by "not-a-virus:AdWare.BHO.SearchAssistant.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\1042004.exe infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\1042004_2.exe infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\20dab.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\24.exe infected by "TrojanDropper.Win32.Small.hb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\25.exe infected by "TrojanDropper.Win32.Small.hb" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bad01.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bad1474.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\baddom3.exe infected by "Trojan.Win32.Dissec.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\frame1.exe infected by "Trojan.Win32.Small.v" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\redalert.exe infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\stoolbd.dll infected by "not-a-virus:AdWare.ToolBar.FastLook.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\consys98.exe infected by "TrojanClicker.Win32.Small.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ozwu0c6rluk.dll infected by "Trojan.Win32.Krepper.p" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\secupd0312.exe infected by "TrojanDownloader.Win32.Esepor.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\secupd050104.exe infected by "TrojanDownloader.Win32.Esepor.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\secupd1203.exe infected by "TrojanDownloader.Win32.Esepor.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\secupd1305.exe infected by "TrojanDownloader.Win32.Esepor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\secupdcl.exe infected by "TrojanDownloader.Win32.Esepor.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\supd130404.exe infected by "TrojanDownloader.Win32.Esepor.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\supd180204.exe infected by "TrojanDownloader.Win32.Esepor.x" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\v7d726lw4t.dll infected by "Trojan.Win32.Krepper.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\WTLBUI.exe infected by "Trojan.Win32.StartPage.ig" Virus. Action Taken: No Action Taken.
File C:\winup.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken.