Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   suchergebnisse (https://www.trojaner-board.de/12399-suchergebnisse.html)

wolferl 18.01.2005 23:54
suchergebnisse
 
egal welchen begriff ich in eine suchmaschine eingebe, die ersten 10 ergebnisse sind immer die selben... ich habe leider keine ahnung wie ich das beheben kann.
erbitte höflichst rat.
danke

cacatoa 19.01.2005 08:43
Hi,
welche Ergebnisse sind das; und poste mal ein HiJackThis -Logfile rein.

wolferl 19.01.2005 12:49
meisstens eine liste anderer suchmaschinen; oft:www.unlimitedhosting.co.nz

mein logfile:
Logfile of HijackThis v1.99.0
Scan saved at 12:45:26, on 19.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\iMesh\Client\iMeshClient.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

danke, dass du dich meiner annimmst!!!

cacatoa 19.01.2005 13:58
Bitte als erstes die Datei:
C:\WINDOWS\winsx.dll
online bei Jotti scannen und das Ergebnis (10 Zeilen) posten.
cacatoa

wolferl 19.01.2005 14:07
ich hoffe ich habe das richtig gemacht...

File: winsx.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX

AntiVir No viruses found (0.17 seconds taken)
Avast No viruses found (1.52 seconds taken)
BitDefender No viruses found (0.77 seconds taken)
ClamAV No viruses found (0.79 seconds taken)
Dr.Web No viruses found (1.10 seconds taken)
F-Prot Antivirus No viruses found (0.12 seconds taken)
Kaspersky Anti-Virus No viruses found (1.13 seconds taken)
mks_vir No viruses found (0.42 seconds taken)
NOD32 No viruses found (0.78 seconds taken)
Norman Virus Control No viruses found (0.19 seconds taken)


vielen dank

cacatoa 19.01.2005 14:11
Dann mach bitte folgendes:
Lade Dir den eScan herunter (Beachte die Anleitung) und lass ihn im abgesicherten Modus laufen (dauert ca. 1 Stunde.) Danach neu booten und das Ergebnis posten (Öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.)
cacatoa

wolferl 20.01.2005 19:56
File C:\WINDOWS\eqinpev.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\uxeecgh.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\system32\fastvideoplayer.dll infected by "Trojan-Downloader.Win32.Dyfuca.dn" Virus

File C:\WINDOWS\system32\jhflddgj.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\DOKUME~1\wolf\LOKALE~1\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\0XUR81AR\tbd_web[1].htm infected by "Exploit.CodeBaseExec" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\41AFG9Q3\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\41AFG9Q3\msits[1].exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\DG318QB6\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\KX2RKXQR\ipreg32[1].cab infected by "Trojan-Downloader.Win32.Domcom.a" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\LN7BLDSE\loaderadv156[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\LVSEX2HX\loaderadv157[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\DOKUME~1\wolf\LOKALE~1\TEMPOR~1\Content.IE5\W5YFOL6B\update[1].exe infected by "Trojan-Downloader.Win32.Agent.fs" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0XUR81AR\tbd_web[1].htm infected by "Exploit.CodeBaseExec" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\41AFG9Q3\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\41AFG9Q3\msits[1].exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DG318QB6\count1[1].jar infected by "Trojan.Java.Needy.c" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KX2RKXQR\ipreg32[1].cab infected by "Trojan-Downloader.Win32.Domcom.a" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LN7BLDSE\loaderadv156[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LVSEX2HX\loaderadv157[1].jar infected by "Trojan.Java.ClassLoader.h" Virus

File C:\Dokumente und Einstellungen\wolf\Lokale Einstellungen\Temporary Internet Files\Content.IE5\W5YFOL6B\update[1].exe infected by "Trojan-Downloader.Win32.Agent.fs" Virus

File C:\Program Files\Altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\adm4005.exe infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\Program Files\Altnet\Points Manager\sysdetect.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\curing_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\deleting_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_files.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_files_02.html
Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_object.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\moving_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\remove_infected_macros.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\renaming_an_infected_file_after_a_scan.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\send_infected_files_only.html

Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\viewing_details_about_an_infected_file.html

File C:\Programme\Gemeinsame Dateien\rtlsnqoc\alfouoae\dfdncoeq.exe infected by "not-a-virus:AdWare.Gator.a" Virus

File C:\Programme\Gemeinsame Dateien\rtlsnqoc\rmaosbsacu\uqdlcnruo.exe infected by "not-a-virus:AdWare.Gator.a" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010334.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010337.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010338.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010339.dll infected by "not-a-virus:AdWare.Gator.5017" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010340.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010343.exe infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010366.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010367.exe infected by "not-a-virus:AdWare.Gator.6034" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010368.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010369.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010370.dll infected by "not-a-virus:AdWare.Gator.3124" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010371.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010372.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010373.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010374.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010377.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010378.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010382.dll infected by "not-a-virus:AdWare.Aureate" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010384.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP92\A0010385.dll infected by "not-a-virus:AdWare.Gator.6041" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP94\A0011282.exe infected by "Trojan.Win32.StartPage.qp" Virus

15:48:35 File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP94\A0011283.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\System Volume Information\_restore{4B3C2B70-D81F-4475-A29F-AA7CF176A979}\RP94\A0011284.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\Downloaded Program Files\update.exe infected by "Trojan-Downloader.Win32.Agent.fs" Virus

File C:\WINDOWS\eqinpev.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\system32\fastvideoplayer.dll infected by "Trojan-Downloader.Win32.Dyfuca.dn" Virus

File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.a" Virus

File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus

File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus

File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus

File C:\WINDOWS\uehbica.exe infected by "Trojan.Win32.StartPage.qp" Virus

File C:\WINDOWS\uxeecgh.exe infected by "Trojan.Win32.StartPage.qp" Virus

cacatoa 20.01.2005 20:23
Hi, wolferl,
lade Dir clearprog 1.4.1 final runter, mache alle häkchen bei IE und Windows und clicke auf Löschen. Wenn fertig, beenden.
Dann sind alle temporary internet files... und temp files gelöscht.
Dann Systemwiederherstellung ausschalten, Rechner ausschalten, rechner anschalten, Systemwiederherstellung wieder an, dann sind die "System volume information\restore weg.
Den Rest der bleibt, erst mal im abgesicherten Modus manuell löschen.
Dann neues Logfile posten.
cacatoa

wolferl 20.01.2005 22:09
Logfile of HijackThis v1.99.0
Scan saved at 22:08:33, on 20.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Internet Explorer\iexplore.exe

cacatoa 20.01.2005 22:10
Hi, wolferl,
bitte das komplette Logfile, im normalen Modus erstellt, posten.
cacatoa

wolferl 20.01.2005 22:14
sorry, hab den rest irgendwie übersehen...

Logfile of HijackThis v1.99.0
Scan saved at 22:08:33, on 20.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

cacatoa 20.01.2005 22:23
Schau in Deine Privaten Nachrichten.

wolferl 21.01.2005 17:32
Logfile of HijackThis v1.99.0
Scan saved at 22:08:33, on 20.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

cacatoa 21.01.2005 18:02
Hi, wolf,
bitte die folgenden mit HJT im abgesicherten modus fixen:
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)

Dann folgende Datei manuell löschen:
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

Es sei denn Du hast P2P absichtlich, dann lassen und auch die O16.

Trotz des eScan bitte die folgenden 2 Dateien mal bei Jotti online scannen lassen:
C:\WINDOWS\System32\DSMANA~1.DLL
C:\WINDOWS\winsx.dll

Bitte berichte über das (10-zeilige) Ergebnis.
Nach dem Fixen neues Logfile posten.
cacatoa

cacatoa 21.01.2005 18:14
@ wolf:
Wenn Jotti nicht funktioniert, dann vorerst mal den nehmen.
cacatoa

wolferl 21.01.2005 18:17
hallo!!
hier ist mal das logfile nach dem fixen!
bei jotti war ich noch nicht... bekome momentan keine verbindung...!

Logfile of HijackThis v1.99.0
Scan saved at 18:15:38, on 21.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kurier.at/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

cacatoa 21.01.2005 18:20
Hi, wolf,
ich komm ebenfalls momentan nicht rein. Warten wir halt damit ein bißchen.
Aber:
Kennst du das:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kurier.at/
Ist jetzt ganz neu, vorher noch nicht gesehen.
cacatoa

wolferl 21.01.2005 18:25
jaja... nur meine startpage :)

kapersky sagt die files sind OK, aber ich probiers trotzdem apäter bei jotti, oder?

nochwas: es hat sich gerade ein pop up geöffnet von:htttp//adu.qck.cc -your system infected-microsoft internet explorer... habs im task manager beendet... ist das beunruhigend? kommt mir irgendwie komisch vor...

gruss wofl

cacatoa 21.01.2005 18:28
Genau wegen sowas hätt ich gerne die DAteien bei Jotti gescannt.
Also bitte weiter versuchen.
cacatoa

wolferl 21.01.2005 18:29
wird gemacht!!!!!!
danke!

cacatoa 21.01.2005 18:53
@ wolferl:
Aber den IE benutzen, das taugt sowieso nichts!
Lade Dir doch mal den firefox oder/und opera 7.54 runter.
Superleicht installiert, besser und sicherer als IE (den nur noch zum Windows-update nehmen, das geht nicht ohne).
cacatoa

wolferl 21.01.2005 20:08
jotti ist wieder da!!!

File: dsmanager.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected:
UPX

AntiVir
No viruses found (0.15 seconds taken)
Avast
No viruses found (1.51 seconds taken)
BitDefender
No viruses found (0.38 seconds taken)
ClamAV
No viruses found (0.41 seconds taken)
Dr.Web
No viruses found (0.54 seconds taken)
F-Prot Antivirus
No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus
No viruses found (0.65 seconds taken)
mks_vir
No viruses found (0.24 seconds taken)
NOD32
No viruses found (0.41 seconds taken)
Norman Virus Control
No viruses found (0.13 seconds taken)


File: winsx.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected:
UPX

AntiVir
No viruses found (0.15 seconds taken)
Avast
No viruses found (1.51 seconds taken)
BitDefender
No viruses found (0.46 seconds taken)
ClamAV
No viruses found (0.41 seconds taken)
Dr.Web
No viruses found (0.60 seconds taken)
F-Prot Antivirus
No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus
No viruses found (0.67 seconds taken)
mks_vir
No viruses found (0.24 seconds taken)
NOD32
No viruses found (0.44 seconds taken)
Norman Virus Control
No viruses found (0.13 seconds taken)

cacatoa 21.01.2005 20:12
O.K.,
damit ist bewiesen, es dürfte nichts tragisches sein; gehört aber weg.
Deshalb im abgesciherten Modus fixen:
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
und dann die beiden Dateien manuell löschen.
Dann nochmal neues Logfile posten und es sollte gut sein.
cacatoa

wolferl 21.01.2005 20:26
durch das fixen waren die dateien bereits gelöscht.. daher kein manuelles löschen mehr möglich. ich habe noch winsx.inf, die kann ich auch löschen oder?

Logfile of HijackThis v1.99.0
Scan saved at 20:22:41, on 21.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\USBStorage\USBDetector.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\wolf\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kurier.at/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

cacatoa 21.01.2005 20:32
Hau sie weg.
Der Rest ist jetzt o.k., haste jut jemacht :daumenhoc
Und lies Dich durchs Forum, damit wir Dich hier nicht mehr als Hilfesuchenden sondern als Helfer sehen... ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131