![]() |
Bin ich verseucht? Helft mir bitte. Logfile of HijackThis v1.98.2 Scan saved at 20:14:10, on 31.10.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE F:\Programme\Norton GoBack\GBPoll.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\SndMon32.exe F:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\crsss.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE F:\Programme\Norton GoBack\GBTray.exe F:\Programme\OpenOffice.org1.1.2\program\soffice.exe F:\Programme\Opera\opera internet browser.exe C:\Dokumente und Einstellungen\Andy\Desktop\hijackthis1982\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R3 - URLSearchHook: (no name) - {E7BB3809-0D1B-DC8B-69C2-BCA8B5DA79E5} - C:\WINDOWS\Hxikkjyz.dll (file missing) O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll (file missing) O2 - BHO: (no name) - {96D5096C-B5F2-FBA3-140E-9F7998D7DE7D} - C:\WINDOWS\Hxikkjyz.dll (file missing) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing) O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing) O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll (file missing) O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search - {590D015E-639B-A092-1E88-F8884A4770F7} - C:\WINDOWS\Hxikkjyz.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "f:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [ICQ Lite] f:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe O4 - HKLM\..\Run: [OEM32 Tools] ntfs16.exe O4 - HKLM\..\RunServices: [QuicktimeMngr] QuicktimeMngr.exe O4 - HKLM\..\RunServices: [Windows media service] crsss.exe O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe O4 - HKLM\..\RunServices: [OEM32 Tools] ntfs16.exe O4 - HKLM\..\RunOnce: [Windows Sound Manager] SndMon32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LDM] F:\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe O4 - HKCU\..\Run: [QuicktimeMngr] QuicktimeMngr.exe O4 - HKCU\..\Run: [mRouterConfig] "C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe O4 - HKCU\..\RunOnce: [Windows Sound Manager] SndMon32.exe O4 - Startup: OpenOffice.org 1.1.2.lnk = F:\Programme\OpenOffice.org1.1.2\program\quickstart.exe O4 - Startup: PalNetaware.lnk = F:\Programme\Paltalk\pnetaware.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = ? O4 - Global Startup: Norton GoBack.lnk = F:\Programme\Norton GoBack\GBTray.exe O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programme\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098128192048 O17 - HKLM\System\CCS\Services\Tcpip\..\{4A538B4C-C997-4643-8243-103E628FF134}: NameServer = 217.237.151.161 217.237.151.33 O20 - AppInit_DLLs: PAVWAIT.DLL so und was ist mit crsss. Ist dieses Prog gefährlich? Und was ist mit msnsc und nvsvc? Die machen mein Internet langasm oder? Help plz |
Ja! Starte dein Windows bitte im abgesicherten Modus (beim Bootvorgang F8 drücken) Beende bitte folgende Prozesse mit dem Taskmanager von Windows: SndMon32.exe (Eine Variante des W32/Spybot Wurms) crsss.exe (SDBOT-Wurm) Fixe danach bitte folgende Einträge: O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe O4 - HKLM\..\Run: [OEM32 Tools] ntfs16.exe O4 - HKLM\..\RunServices: [QuicktimeMngr] QuicktimeMngr.exe O4 - HKLM\..\RunServices: [Windows media service] crsss.exe O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe O4 - HKLM\..\RunServices: [OEM32 Tools] ntfs16.exe O4 - HKLM\..\RunOnce: [Windows Sound Manager] SndMon32.exe O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe O4 - HKCU\..\Run: [QuicktimeMngr] QuicktimeMngr.exe O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe O4 - HKCU\..\RunOnce: [Windows Sound Manager] SndMon32.exe O4 - Startup: PalNetaware.lnk = F:\Programme\Paltalk\pnetaware.exe Lade dir danach bitte folgende Programme runter um solche Probleme zu vermeiden: Allerdings bieten auch Schutzprogramme keinen 100% Schutz Denke immer vorher nach bevor du ne Datei öffnest! Antivir Ad-Aware Se GrEEtZ Shady:daumenhoc |
Du bist in der Tat extrem verseucht und zwar mit vielen Backdoorprogrammen, u.a.: http://www.sophos.de/virusinfo/analy...2forbotbu.html http://www.sophos.de/virusinfo/analyses/w32rbotly.html http://uk.trendmicro-europe.com/ente...OT.AAR&VSect=T Daher solltest du definitiv deinen Rechner neu aufsetzen und zwar exakt nach dieser Anleitung: http://board.protecus.de/showtopic.p...me=1097944155& Danach arbeite dich durch diesen Text und setze die genanngen Dinge in der Zukunft um, damit du das Risiko erneuter Infektionen geringer halten kannst: http://www.mathematik.uni-marburg.de...ompromise.html |
Hi, danke erst mal. Hier meine neue log. ÄIch habe alles gamcht und schaut bitte mal obs jetzt clean ist: Logfile of HijackThis v1.98.2 Scan saved at 21:36:52, on 31.10.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE F:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE F:\Programme\Norton GoBack\GBTray.exe F:\Programme\OpenOffice.org1.1.2\program\soffice.exe F:\Programme\Norton GoBack\GBPoll.exe C:\WINDOWS\System32\nvsvc32.exe f:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe f:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe F:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\Programme\Opera\opera internet browser.exe C:\Dokumente und Einstellungen\Andy\Desktop\hijackthis1982\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R3 - URLSearchHook: (no name) - {E7BB3809-0D1B-DC8B-69C2-BCA8B5DA79E5} - C:\WINDOWS\Hxikkjyz.dll (file missing) O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll (file missing) O2 - BHO: (no name) - {96D5096C-B5F2-FBA3-140E-9F7998D7DE7D} - C:\WINDOWS\Hxikkjyz.dll (file missing) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing) O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing) O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll (file missing) O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search - {590D015E-639B-A092-1E88-F8884A4770F7} - C:\WINDOWS\Hxikkjyz.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "f:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ICQ Lite] f:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [KAV50] "f:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LDM] F:\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mRouterConfig] "C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - Startup: OpenOffice.org 1.1.2.lnk = F:\Programme\OpenOffice.org1.1.2\program\quickstart.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = ? O4 - Global Startup: Norton GoBack.lnk = F:\Programme\Norton GoBack\GBTray.exe O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programme\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098128192048 O17 - HKLM\System\CCS\Services\Tcpip\..\{4A538B4C-C997-4643-8243-103E628FF134}: NameServer = 217.237.151.161 217.237.151.33 O20 - AppInit_DLLs: PAVWAIT.DLL |
Der Log sieht jetzt clean aus! Trotzdem solltest du sämtliche Passwörter ändern, da es sein könnte das jemand die Passwörter bereits ausgelesen/mitgeloggt hat! GrEEtZ Shady :daumenhoc |
Lass wenigstens noch mal E-Scan drüberlaufen: http://www.trojaner-board.de/42731-escan-anleitung.html und fixe die "file missing" Einträge. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 22:47 Uhr. |
Copyright ©2000-2025, Trojaner-Board