|
Hilfe... Trojaner und "coolwebsearch" machen mich fertig... kaspersky hat unter "C:\Dokumente und Einstellungen\Hendrik\Anwendungsdaten\draw dupe" die beiden Trojaner: TrojanDownloader.Win32.Swizzor.bm TrojanDownloader.Win32.Swizzor.bx Wie werde ich die los? Ich benutzte a2. Findet aber nichts... Desweiteren: Habe ich das "coolwebsearch"Problem.. Ich bräuchte bitte eine helfende Hand, die mich durch meine registry führen kann, damit ich diesen Mist wieder loswerden kann. Folgend meine Hijack-log-file: Logfile of HijackThis v1.98.2 Scan saved at 11:38:14, on 17.10.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Samurize\Client.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Opera7\Opera.exe C:\Dokumente und Einstellungen\Hendrik\Desktop\HijackThis19802.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymjvpovbjigxpuxi.com/wmO5...3kW1dc_RT.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KlipFolio] "C:\Programme\KlipFolio\KlipFolio.exe" /BOOT O4 - HKLM\..\Run: [SEEK MEOW DOWNLOAD TONS] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\filestopseekmeow\regsstyle.exe O4 - HKCU\..\Run: [TVgenial] C:\Programme\TVgenial\TVgenial.exe -d O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Comcenter Easy] C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [magsdead] C:\DOKUME~1\Hendrik\ANWEND~1\DRAWDU~1\oozeclosegreat.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Mp3tag Quick Pick.lnk = C:\Programme\Mp3tag\Mp3tagQuickPick.exe O4 - Global Startup: Samurize (2).lnk = C:\Programme\Samurize\Client.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Preispiraten - {94A15285-AAE6-44E8-B2D7-4A2C6CDA9185} - C:\Programme\Preispiraten\preispiraten.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\programme\netlimiter\nl_lsp.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{097A13BE-E38D-4586-948F-F34755183C43}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{097A13BE-E38D-4586-948F-F34755183C43}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{097A13BE-E38D-4586-948F-F34755183C43}: NameServer = 192.168.1.1 Vielleicht kann mir jemand aus dem Schlamassel raushelfen... CWSchred hat auch nichts nichts gebracht.. |
FW: Hilfe... Trojaner und "coolwebsearch" machen mich fertig... Desweiteren habe ich das Prog "StartUpList" drueberlaufen lassen. Hier das Ergebnis: StartupList report, 17.10.2004, 11:40:41 StartupList version: 1.52 Started from : C:\Dokumente und Einstellungen\Hendrik\Desktop\StartupList.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Samurize\Client.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Opera7\Opera.exe C:\Dokumente und Einstellungen\Hendrik\Desktop\StartupList.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Hendrik\Startmenü\Programme\Autostart] Mp3tag Quick Pick.lnk = C:\Programme\Mp3tag\Mp3tagQuickPick.exe Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] Samurize (2).lnk = C:\Programme\Samurize\Client.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup KlipFolio = "C:\Programme\KlipFolio\KlipFolio.exe" /BOOT SEEK MEOW DOWNLOAD TONS = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\filestopseekmeow\regsstyle.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run TVgenial = C:\Programme\TVgenial\TVgenial.exe -d ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe STYLEXP = C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide Skype = "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized Comcenter Easy = C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe msnmsgr = "C:\Programme\MSN Messenger\msnmsgr.exe" /background magsdead = C:\DOKUME~1\Hendrik\ANWEND~1\DRAWDU~1\oozeclosegreat.exe SpybotSD TeaTimer = C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - c:\programme\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} TGTSoft Explorer Toolbar Changer - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll - {C333CF63-767F-4831-94AC-E683D962C63C} -------------------------------------------------- Enumerating Task Scheduler jobs: AA45A786919E5C22.job ADF825EB9187D923.job -------------------------------------------------- Enumerating Download Program Files: [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary...t.cab30149.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeup...ntent/opuc.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.co...065.4362731481 [ZoneIntro Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx CODEBASE = http://messenger.zone.msn.com/binary...o.cab30149.cab [CBreakshotControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Banksht2.dll CODEBASE = http://messenger.zone.msn.com/binary...t.cab30149.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\FLASH.OCX CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab [ZoneChess Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Chess.ocx CODEBASE = http://messenger.zone.msn.com/binary/Chess.cab30149.cab -------------------------------------------------- Enumerating Winsock LSP files: Protocol #20: C:\Programme\NetLimiter\nl_lsp.dll (file MISSING) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 6.314 bytes Report generated in 0,032 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
Fixe bitte mal das: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymjvpovbjigxpuxi.com/wmO...k3kW1dc_RT.html O4 - HKCU\..\Run: [magsdead] C:\DOKUME~1\Hendrik\ANWEND~1\DRAWDU~1\oozeclosegre at.exe O4 - HKLM\..\Run: [SEEK MEOW DOWNLOAD TONS] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\filestopseekmeow\regsstyle.exe Es waere interessant den Inhalt dieser Dateien zu sehen, wenn du nicht weisst, wofuer diese "Jobs" sind: AA45A786919E5C22.job ADF825EB9187D923.job Wahrscheinlich zu finden unter c:\windows\tasks Wenn du netlimiter noch nutzt, kontroliere, ob es noch funktioniert, bzw deinstalliere es ueber "Software" |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:30 Uhr. |
Copyright ©2000-2025, Trojaner-Board