Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google Seite entführt auf (https://www.trojaner-board.de/12188-google-seite-entfuehrt.html)

Blackmoon 15.01.2005 13:01
Google Seite entführt auf
 
Meine Google seite wird nach einer suche auf folgende Adresse gelenkt:
http://61.131.54.618.cc/search.php?a...%3D12145&meta=

kann mir jemand helfen diesen zustand wieder zubeseitigen - bitte, bitte

schon mal vielen dank im voraus

hatte vorher einen browser hijack gehabt

Cidre 15.01.2005 13:08
Hallo,

erstelle mit HiJackThis ein Log-File und poste es hier rein.
Persönliche Informationen, wie Benutzername und dergleichen, bitte unkenntlich machen.

Blackmoon 15.01.2005 13:10
Logfile of HijackThis v1.99.0
Scan saved at , on 15.01.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\SYSTEM-PROGRAMME\SICHERHEIT\ANTIVIRPERS\AVGCTRL.EXE
D:\SYSTEM-PROGRAMME\DOWNLOAD-MANAGER\NETPUMPER\NETPUMPERIEPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\SYSTEM-PROGRAMME\DATENPACKER\WINACE\WINACE.EXE
C:\WINDOWS\TEMP\~ACETEMP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\SYSTEM-PROGRAMME\DOWNLOAD-MANAGER\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\System-Programme\Sicherheit\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\SYSTEM\DSMANA~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\INTERN~1\IEDOCT~1\IEDRBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\SYSTEM-PROGRAMME\DOWNLOAD-MANAGER\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] D:\SYSTEM-PROGRAMME\SICHERHEIT\ANTIVIRPERS\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [NetPumper] "D:\System-Programme\Download-Manager\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Mit FlashGet laden - D:\SYSTEM-PROGRAMME\DOWNLOAD-MANAGER\FLASHGET\jc_link.htm
O8 - Extra context menu item: Alles mit FlashGet laden - D:\SYSTEM-PROGRAMME\DOWNLOAD-MANAGER\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download with NetPumper - D:\System-Programme\Download-Manager\NetPumper\AddUrl.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programme\Chat-Tools\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programme\Chat-Tools\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SYSTEM-PROGRAMME\DOWNLOAD-MANAGER\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SYSTEM-PROGRAMME\DOWNLOAD-MANAGER\FLASHGET\FLASHGET.EXE
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\System-Programme\Bild - Textanzeiger\IrfanView\Ebay\Ebay.htm
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - D:\Programme\Internet-Tools\PicGrabber Deluxe\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - D:\Programme\Internet-Tools\PicGrabber Deluxe\PICGRABBER.EXE (HKCU)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://ohmytrance.com/tv/nsvplayx_vp3_mp3.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab

Cidre 15.01.2005 13:19
Fixe diesen Eintrag und lösche danach die Datei:
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\SYSTEM\DSMANA~1.DLL

Danach dies ausführen:
Lade und scanne mit eScan AntiVirus im abgesicherten Modus wie beschrieben.
Poste anschliessend die Virus Log Information von eScan AntiVirus:
Öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

Blackmoon 15.01.2005 17:11
LOG File E-SCAN:
File C:\WINDOWS\Anwendungsdaten\pebe.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\setup.exe infected by "Trojan.Win32.Liech.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WinAdCtlX.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mp3.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WINADC~1.DLL infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\mp3.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\WINSER~1.DLL infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\setup.exe infected by "Trojan.Win32.Liech.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\setup.exe infected by "Trojan.Win32.Liech.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WinCommX.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mp3.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\mp3.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\DE411_100.exe infected by "Trojan.Win32.Dialer.ba" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\WUInst.dll infected by "not-a-virus:AdWare.SaveNow.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\mp3.ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ipreg32.dll infected by "Trojan-Downloader.Win32.Domcom.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\inetg\services.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Recycled\Q383305.exe infected by "TrojanDownloader.Win32.Small.uq" Virus. Action Taken: No Action Taken.
File C:\Downloads\netpumper-1.20.1-setup.exe infected by "not-a-virus:AdWare.SaveNow.v" Virus. Action Taken: No Action Taken.
File C:\GermanFunScript\Mirc32.exe tagged as not-a-virus:RiskWare.mIRC.5.9. No Action Taken.
File C:\GermanFunScript\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\GermanFunScript\Tools\nukenabber.exe tagged as not-a-virus:NetTool.NukeNabber.21. No Action Taken.
File C:\_My Shared Folder\Photoshop plugin - Autofx Autoeye 2.0.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\_My Shared Folder\xenofex - Plug in Photoshop.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Programme\System-Tools\RFA\Rfa-Regpatch.exe infected by "Trojan.Win32.Small.cr" Virus. Action Taken: No Action Taken.

Entschuldige nochmal das ich mehrere threads aufgemacht habe

Cidre 15.01.2005 17:48
Lade den Total Commander und nimm folgende Einstellung vor:
Total Commander öffnen -> Konfigurieren -> Einstellungen -> Ansicht -> Haken setzen bei "Versteckte und Systemdateien anzeigen (nur für Experten)" -> OK

Navigiere im linken Fenster zum besagten Ordner oder zur Datei und lösche diese (markieren -> F8 -> JA).

Lösche alle von eScan beanstandeten Dateien ausser:
- File C:\_My Shared Folder\Photoshop plugin - Autofx Autoeye 2.0.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
- File C:\_My Shared Folder\xenofex - Plug in Photoshop.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131