Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojano 1175 (https://www.trojaner-board.de/16522-trojano-1175-a.html)

Aeroman 11.04.2005 10:26
Trojano 1175
 
Wer kann mir hierbei helfen, er will einfach nicht weggehen.

dartus 11.04.2005 10:36
Hallo Aeroman,

Deine Angaben sind sehr dürftig.
Welches AV-Prog hat wo diesen Fund festgestellt?

Poste bitte ein Hijackthis-Logfile
Anleitung
Persönliche Daten bitte unkenntlich machen

dartus

FancyAndy 11.04.2005 10:43
Ein Scnan mit eScan, ist evtl. auch ratsam. Das erhaltene Log nach dem Wort "Infected" absuchen, dann den Part, was wo und woeviel gefunden worte kopieren und hier hineinposten.
Hilft uns ungemein bei der Fehlersuche.

Wo du eScan herbekommst, steht in meiner Signatur ;)

Gruß
Andy :daumenhoc

Aeroman 11.04.2005 11:34
Also hier mal alles was ich gefunden habe.

Mon Apr 11 12:25:56 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Mon Apr 11 12:25:56 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\se !!!
Mon Apr 11 12:25:56 2005 => System found infected with se Spyware/Adware! Action taken: No Action Taken.
Mon Apr 11 12:25:56 2005 => File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 11 12:25:56 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\hsa !!!
Mon Apr 11 12:25:56 2005 => System found infected with hsa Spyware/Adware! Action taken: No Action Taken.
Mon Apr 11 12:25:56 2005 => File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 11 12:27:49 2005 => System found infected with WindUpdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Mon Apr 11 12:27:49 2005 => File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 11 12:27:56 2005 => File C:\WINDOWS\ckqut.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.

on Apr 11 12:27:59 2005 => File C:\WINDOWS\eptfm.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.

Aeroman 11.04.2005 11:42
hier nochmal irgendwie wird es mehr:

File C:\WINDOWS\system32\mszj32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "hsa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ckqut.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\eptfm.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mowwx.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\evhvj.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.

dartus 11.04.2005 11:46
Hallo Aeroman,

ein Scan iim normalen Modus ist nutzlos. Wechsel bitte in den abgesicherten Modus http://www.systemwiederherstellung-d...indows-xp.html und poste bitte vorher ein HJT-Logfile.

dartus

Aeroman 11.04.2005 13:22
hier nun das logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:20:00, on 11.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\mszj32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\SinEspias\no-spy.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSCNo.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Neuer Ordner (2)\1_99_1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvuhu.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvuhu.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xvuhu.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvuhu.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xvuhu.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvuhu.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xvuhu.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mszj32.exe] C:\WINDOWS\system32\mszj32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpionFrei] "C:\Programme\SinEspias\no-spy.exe" /autorun
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/474b0f55/enter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27f037ef...dxIE601_de.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/...LER_loader.exe
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} - http://www.euras.com/euras/activex2/euras.CAB
O18 - Protocol: ActLink - {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19