|
Trojan.Tooso.D Trojan.Tooso.D Wie wird man den wieder los? Hat damit schon jemand Erfahrungen gesammelt? |
|
Hier ist Logfile: Logfile of HijackThis v1.99.1 Scan saved at 16:13:36, on 02.03.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\BRMFRSMG.EXE C:\WINNT\Explorer.EXE C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Programme\Ahead\InCD\InCD.exe C:\WINNT\SYSTEM32\yaheh.exe C:\WINNT\system32\tomup.exe C:\WINNT\system32\msgfix.exe C:\WINNT\SYSTEM32\gosoxo.exe C:\WINNT\system32\coposu.exe C:\WINNT\system32\internat.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\WINNT\system32\tomup.exe C:\WINNT\system32\msgfix.exe C:\WINNT\system32\coposu.exe C:\Programme\ScanSoft\PaperPort\PopUp\SmartUI.exe C:\Programme\Plextor\PlexTool.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\ScanSoft\PaperPort\Pplinks.exe D:\kleine Helfer\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.catlist.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\blank.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINNT\system32\blank.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ifvvlv.t.muxa.cc/s.php?aid=420 (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ifvvlv.t.muxa.cc/s.php?aid=420 (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/portal R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINNT\system32\searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\blank.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINNT\system32\blank.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ifvvlv.t.muxa.cc/s.php?aid=420 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ifvvlv.t.muxa.cc/s.php?aid=420 (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ifvvlv.t.muxa.cc/h.php?aid=420 (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ifvvlv.t.muxa.cc/s.php?aid=420 (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ifvvlv.t.muxa.cc/s.php?aid=420 (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ifvvlv.t.muxa.cc/h.php?aid=420 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ifvvlv.t.muxa.cc/h.php?aid=420 (obfuscated) O1 - Hosts: 69.64.35.177 auto.search.msn.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AcctMgr] C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [qgqqft] C:\WINNT\SYSTEM32\yaheh.exe O4 - HKLM\..\Run: [sibawerix] tomup.exe O4 - HKLM\..\Run: [Configuration Loader] msgfix.exe O4 - HKLM\..\Run: [fqfeqajw] C:\WINNT\SYSTEM32\gosoxo.exe O4 - HKLM\..\Run: [hpilezele] coposu.exe O4 - HKLM\..\RunServices: [sibawerix] tomup.exe O4 - HKLM\..\RunServices: [Configuration Loader] msgfix.exe O4 - HKLM\..\RunServices: [hpilezele] coposu.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [quicken] C:\WINNT\waol.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [sibawerix] tomup.exe O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe O4 - HKCU\..\Run: [hpilezele] coposu.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Programme\ScanSoft\PaperPort\PopUp\SmartUI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PlexTools Professional.lnk = C:\Programme\Plextor\PlexTool.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE |
@andream du hast diesen im system http://www.sophos.de/virusinfo/analyses/w32sdbotgv.html C:\WINNT\system32\msgfix.exe der reicht leider schon aus um dich zu empfehlen das system neuaufzusetzen(formatC) dein system ist als kompromittiert zu betrachten http://www.mathematik.uni-marburg.de...ompromise.html hier eine anleitung zum neuaufsetzen http://www.trojaner-board.de/showpos...28&postcount=2 sry chaosman |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:56 Uhr. |
Copyright ©2000-2025, Trojaner-Board