Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   wie bekomme ich den Dialer / Trojaner wieder weg? (https://www.trojaner-board.de/14243-bekomme-dialer-trojaner-weg.html)

Pferdenoni 21.02.2005 13:46
wie bekomme ich den Dialer / Trojaner wieder weg?
 
Habe seit gestern 20.02.2005 Folgendes Problem:

Immer wenn ich den IE starte erscheint : about:blank
Und es erscheint
Quick Web Search



viagra |xanax| phentermine |online pharmacy| carisoprodol |hydrocodone| valium |cialis| fioricet
texas holdem |party poker| roulette |online gambling| blackjack |slots| casino | adult games
webhosting |domain registration| bonus server | voice mail | work at home
adult movies |personal photos| sex dating |free online dating| xxx dvd |asian sex| fetish
rv finance |visa platinum| merchant account | mortgage
spyware |adware| popup blocker |firewall| soft



wie bekomme ich das wieder weg?




Logfile of HijackThis v1.99.1
Scan saved at 13:39:27, on 21.02.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\EZBUTTON\CP51NBTN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMME\EZBUTTON\CPHKCNT.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\TOSMEM.EXE
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMME\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAMME\MSN APPS\UPDATER\01.02.3000.1001\DE\MSNAPPAU.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.644\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\SFCMAN32.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arcor-ip.de:80
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.web.de"); (C:\Programme\Netscape\Users\swidero\prefs.js)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMME\MSN APPS\MSN TOOLBAR\01.02.3000.1001\DE\MSNTB.DLL
O2 - BHO: (no name) - {53BE443D-66A1-4444-99B2-8DFBB0361034} - C:\WINDOWS\SYSTEM\SFCMAN32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMME\MSN APPS\MSN TOOLBAR\01.02.3000.1001\DE\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CP51NBtn] C:\PROGRA~1\EZBUTTON\CP51NBtn.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TosMem] tosmem.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Programme\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Programme\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAMME\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .avi: C:\PROGRAMME\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .swf: C:\PROGRAMME\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .mid: C:\PROGRAMME\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www7.pc-sicherheit.web.de/ols/fscax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.84.244.29:81/activex/AxisCamControl.cab
O18 - Filter: text/html - {56EA2D8E-2ACA-4719-929C-1991CE9F9342} - C:\WINDOWS\SYSTEM\SFCMAN32.DLL
O18 - Filter: text/plain - {56EA2D8E-2ACA-4719-929C-1991CE9F9342} - C:\WINDOWS\SYSTEM\SFCMAN32.DLL

wer kann helfen?
danke

Gigamail 21.02.2005 14:45
Hi,

scanne Dein system mit eScan, siehe Beschreibung unten

Erstelle für den eScan einen neuen Ordner (=Verzeichnis) "bases" auf "c:\". Lade den eScan runter, entpacke ihn mit einem Zip-Programm in diesen neuen Ordner. Beachte dazu die Anleitung . Update den eScan online (siehe Anleitung) und führe ihn offline im abgesicherten Modus aus. Der eScan braucht ca 1 Stunde. Die gefundenen Viren werden von hand gelöscht. Wir geben am Forum Anleitung dazu.
(Shadowdance zitiert)

--> Teile uns bitte mit: wieviel Viren auf Deinem Rechner gefunden wurden - es sieht so aus:

=> Total Files Scanned:
=> Total Virus(es) Found:
=> Total Disinfected Files:
=> Total Files Renamed:
=> Total Deleted Files:
=> Total Errors:
=> Time Elapsed:
=> Virus Database Date:
=> Virus Database Count:
=>Total Number of Files Scanned:
=>Total Number of Virus(es) Found:
***** Scanning complete. *****

--> Wie die Viren heißen, möchten wir auch wissen: "öffne die mwav.log (oder die mwXface.log) -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Cidre zitiert)

http://www.cosgan.net/images/smilie/froehlich/c030.gif

Pferdenoni 21.02.2005 16:16
erst mal Danke
hier die auswertung

Mon Feb 21 15:57:28 2005 => Total Files Scanned: 3911
Mon Feb 21 15:57:28 2005 => Total Virus(es) Found: 8
Mon Feb 21 15:57:28 2005 => Total Disinfected Files: 0
Mon Feb 21 15:57:28 2005 => Total Files Renamed: 0
Mon Feb 21 15:57:28 2005 => Total Deleted Files: 0
Mon Feb 21 15:57:28 2005 => Total Errors: 0
Mon Feb 21 15:57:28 2005 => Time Elapsed: 00:07:33

Mon Feb 21 15:57:28 2005 => ***** Scanning complete. *****
Mon Feb 21 15:57:28 2005 => Virus Database Date: 2005/02/14
Mon Feb 21 15:57:28 2005 => Virus Database Count: 118236

Mon Feb 21 15:57:28 2005 => Scan Completed.


Mon Feb 21 15:51:17 2005 => File C:\WINDOWS\SYSTEM\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:51:18 2005 => File C:\WINDOWS\SYSTEM\truettf.exe infected by "not-a-virus:AdWare.Msnagent.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:51:18 2005 => File C:\WINDOWS\SYSTEM\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:08 2005 => File C:\_RESTORE\ARCHIVE\FS3.CAB infected by "Trojan-Dropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:09 2005 => File C:\_RESTORE\ARCHIVE\FS6.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:14 2005 => File C:\_RESTORE\ARCHIVE\FS9.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:16 2005 => File C:\_RESTORE\ARCHIVE\FS10.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
Mon Feb 21 15:53:21 2005 => File C:\_RESTORE\ARCHIVE\FS2.CAB infected by "Trojan.Win32.Dialer.gd" Virus. Action Taken: No Action Taken.

Gigamail 21.02.2005 16:23
Zitat:
Mon Feb 21 15:57:28 2005 => Time Elapsed: 00:07:33
Du hast entweder nicht im abgesicherten Modus gescannt, oder der Scan All Flies war nicht aktiviert. Normal dauert der eScan ca. 1 Stunde
versuch es noch mal ;)

Pferdenoni 21.02.2005 23:00
So jetzt aber komplet

Mon Feb 21 22:44:25 2005 => ***** Scanning complete. *****
Mon Feb 21 22:44:25 2005 => Total Files Scanned: 38552
Mon Feb 21 22:44:25 2005 => Total Virus(es) Found: 11
Mon Feb 21 22:44:25 2005 => Total Disinfected Files: 0
Mon Feb 21 22:44:25 2005 => Total Files Renamed: 0
Mon Feb 21 22:44:25 2005 => Total Deleted Files: 0
Mon Feb 21 22:44:25 2005 => Total Errors: 3
Mon Feb 21 22:44:25 2005 => Time Elapsed: 00:57:47
Mon Feb 21 22:44:25 2005 => Virus Database Date: 2005/02/14
Mon Feb 21 22:44:25 2005 => Virus Database Count: 118236

Mon Feb 21 22:44:25 2005 => Scan Completed.

Mon Feb 21 22:47:01 2005 => Virus Database Date: 2005/02/14
Mon Feb 21 22:47:01 2005 => Virus Database Count: 118236
Mon Feb 21 22:47:21 2005 => AV Library Unloaded (3)...


File C:\WINDOWS\SYSTEM\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\truettf.exe infected by "not-a-virus:AdWare.Msnagent.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS3.CAB infected by "Trojan-Dropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS6.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS9.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS10.CAB infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS2.CAB infected by "Trojan.Win32.Dialer.gd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\connmie.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\truettf.exe infected by "not-a-virus:AdWare.Msnagent.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\dxconf.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131