29. März 2024, 03:23:27 Uhr

wwwcoolsearch

Begonnen von gingi, 27. Januar 2006, 10:37:51 Uhr

⏪ vorheriges - nächstes ⏩

0 Mitglieder und 1 Gast betrachten dieses Thema.

gingi

Hallo

Ich hab mir auf einer Seite dieses müsahme ding vom wwwcoolsearch eingefangen. Ich hab schon einige dateine aus dem Logfile gefixt aber noch nicht alle erwischt. Im Moment öffnet sich der Firefox von zeit zu Zeit aber er zeigt nur eine Blank Page an.

herzlichen Dank

hier mein Logfile

Logfile of HijackThis v1.99.1
Scan saved at 10:37:18, on 27.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\PROGRA~1\GEMEIN~1\rimz\rimzm.exe
C:\PROGRA~1\GEMEIN~1\rimz\rimza.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Rainlendar\Rainlendar.exe
C:\Programme\HPQ\SHARED\HPQWMI.exe
E:\FHBB\netty_study\netty_study_2_2.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
E:\download\TI92Plus\Vti.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Mathsoft\Mathcad 11\mathcad.exe
C:\DOKUME~1\M1398~1.BAU\LOKALE~1\Temp\~f1d055.tmp
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\M1398~1.BAU\LOKALE~1\Temp\Rar$EX00.110\HijackThis.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [rimz] C:\PROGRA~1\GEMEIN~1\rimz\rimzm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Rainlendar.lnk = C:\Programme\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C:\Programme\Autodesk\Inventor Professional 9\bin\HSPCLPRO10.dll
O20 - AppInit_DLLs: ASAPHook
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\l28mlcl11fq.dll
O20 - Winlogon Notify: OneCard - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programme\HPQ\SHARED\HPQWMI.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe


tyco

Deaktiviere die Systemwiederherstellung und starte im abgesicherten Modus (F8):

Lösche diese Datei:

C:\WINDOWS\system32\l28mlcl11fq.dll

Vor einem Neustart solltest Du den Papierkorb leeren und die Systemwiederherstellung erst dann wieder aktivieren wenn alles wieder läuft.
Bitte keine Supportanfragen per PM stellen.

gingi

Ich kann diese Datei nicht mehr finden in meinem Log file.

es sieht jetzt so aus

Logfile of HijackThis v1.99.1
Scan saved at 11:57:46, on 27.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\PROGRA~1\GEMEIN~1\rimz\rimzm.exe
C:\PROGRA~1\GEMEIN~1\rimz\rimza.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Rainlendar\Rainlendar.exe
C:\Programme\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\M.Baumann\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [rimz] C:\PROGRA~1\GEMEIN~1\rimz\rimzm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Rainlendar.lnk = C:\Programme\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C:\Programme\Autodesk\Inventor Professional 9\bin\HSPCLPRO10.dll
O20 - AppInit_DLLs: ASAPHook
O20 - Winlogon Notify: OneCard - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\p8p60i7se8.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programme\HPQ\SHARED\HPQWMI.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe


gandal

Jetzt heißt sie O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\p8p60i7se8.dll
Da läuft noch ein Dienst, ein Autostart oder die Systemwiederherstellung.
         
Real Programmers code in binary

tyco

Das ist ein Look2Me Trojan. Der ist nicht so ganz einfach zu entfernen.

Probiere es einmal mit dem Look2Me Remover (http://www.simplytech.it/L2MRemover/index_de.htm).
Bitte keine Supportanfragen per PM stellen.

gingi

Danke
hat mit Look2Me Remover. funktioniert

alhasnaoui

hi,

habe auch bei mir das selbe Problem mit wwwcoolsearch!bitte hilft mir!


Logfile of HijackThis v1.99.1
Scan saved at 19:48:48, on 27.02.2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\ipow32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\download\Athan\Athan.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iPod\bin\iPodService.exe
D:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
D:\Programme\Skype\Phone\Skype.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\adduo32.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
c:\programme\softwin\bitdefender free edition\bdmcon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
D:\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ceeqq.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ceeqq.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ceeqq.dll/sp.html#53142%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5658F52F-8D6F-1513-6EDC-56AA6C8F8F76} - (no file)
O2 - BHO: (no name) - {5F2480E5-41C5-F1D2-7B6F-5DF83C9B61F6} - (no file)
O2 - BHO: Class - {63FDEF1C-0EE1-D79E-9B02-5C38E90AF168} - C:\WINDOWS\system32\atluk.dll
O2 - BHO: (no name) - {7AE4D2AE-F833-FAF2-883B-2CAECF0E5E96} - (no file)
O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - (no file)
O2 - BHO: (no name) - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - (no file)
O2 - BHO: (no name) - {A9B63F00-46F6-794A-3935-C204BC7E0785} - (no file)
O2 - BHO: (no name) - {D23166CF-6072-71EA-2EDB-6FE0AE95942D} - (no file)
O2 - BHO: (no name) - {D49FD607-A2D9-6ED1-FD46-17458B02B006} - (no file)
O2 - BHO: (no name) - {E0AC7400-1EA6-C463-066F-95C75DCB877D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "D:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [Athan] D:\download\Athan\Athan.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamWizard] C:\Programme\Gemeinsame Dateien\Logitech\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [msjn32.exe] C:\WINDOWS\msjn32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [d3uk32.exe] C:\WINDOWS\d3uk32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [apidl32.exe] C:\WINDOWS\system32\apidl32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Anti-Virus-Pro] "d:\Programme\Anti-Virus-Pro\App.exe" hide
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109796221406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6A8DAB-3323-4AF1-AA1F-2A4D29AA1DBE}: NameServer = 212.105.193.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

gandal

28. Februar 2006, 13:30:18 Uhr #7 Letzte Bearbeitung: 28. Februar 2006, 13:36:04 Uhr von gandal
Dein system könnte auf jeden Fall ein paar Updates gebrauchen.

Was ist das ?
C:\WINDOWS\system32\adduo32.exe

Systemwiederherstellung deaktivieren (nicht vergessen dann wieder zu aktivieren)

Im abgesicherten Modus fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ceeqq.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aluox.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ceeqq.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ceeqq.dll/sp.html#53142%resultposition.net
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5658F52F-8D6F-1513-6EDC-56AA6C8F8F76} - (no file)
O2 - BHO: (no name) - {5F2480E5-41C5-F1D2-7B6F-5DF83C9B61F6} - (no file)
O2 - BHO: Class - {63FDEF1C-0EE1-D79E-9B02-5C38E90AF168} - C:\WINDOWS\system32\atluk.dll
O2 - BHO: (no name) - {7AE4D2AE-F833-FAF2-883B-2CAECF0E5E96} - (no file)
O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - (no file)
O2 - BHO: (no name) - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - (no file)
O2 - BHO: (no name) - {A9B63F00-46F6-794A-3935-C204BC7E0785} - (no file)
O2 - BHO: (no name) - {D23166CF-6072-71EA-2EDB-6FE0AE95942D} - (no file)
O2 - BHO: (no name) - {D49FD607-A2D9-6ED1-FD46-17458B02B006} - (no file)
O2 - BHO: (no name) - {E0AC7400-1EA6-C463-066F-95C75DCB877D} - (no file)

O4 - HKLM\..\Run: [msjn32.exe] C:\WINDOWS\msjn32.exe
O4 - HKLM\..\Run: [d3uk32.exe] C:\WINDOWS\d3uk32.exe
O4 - HKLM\..\Run: [apidl32.exe] C:\WINDOWS\system32\apidl32.exe

Das kenn ich nicht.
Du hast jedenfalls schon genug AV-Programme laufen (eins genügt normal). Am Besten auch fixen.
O4 - HKCU\..\Run: [Anti-Virus-Pro] "d:\Programme\Anti-Virus-Pro\App.exe" hide


Im Anschluß solltest Du dann noch einen Onlinescanner verwenden
http://www.hwe-forum.de/index.php/topic,14842.0.html
         
Real Programmers code in binary

alhasnaoui

habe nicht alle Datein gefunden

es sieht jetzt so aus

Logfile of HijackThis v1.99.1
Scan saved at 13:44:41, on 28.02.2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Softwin\BitDefender Free Edition\bdmcon.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
D:\Programme\Skype\Phone\Skype.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\iPod\bin\iPodService.exe
D:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
D:\download\Athan\Athan\Athan.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sysld.exe
C:\WINDOWS\system32\adduo32.exe
D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
D:\download\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5658F52F-8D6F-1513-6EDC-56AA6C8F8F76} - (no file)
O2 - BHO: (no name) - {5F2480E5-41C5-F1D2-7B6F-5DF83C9B61F6} - (no file)
O2 - BHO: (no name) - {63FDEF1C-0EE1-D79E-9B02-5C38E90AF168} - (no file)
O2 - BHO: (no name) - {7AE4D2AE-F833-FAF2-883B-2CAECF0E5E96} - (no file)
O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - (no file)
O2 - BHO: (no name) - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - (no file)
O2 - BHO: (no name) - {A9B63F00-46F6-794A-3935-C204BC7E0785} - (no file)
O2 - BHO: (no name) - {D23166CF-6072-71EA-2EDB-6FE0AE95942D} - (no file)
O2 - BHO: (no name) - {D49FD607-A2D9-6ED1-FD46-17458B02B006} - (no file)
O2 - BHO: (no name) - {E0AC7400-1EA6-C463-066F-95C75DCB877D} - (no file)
O2 - BHO: Class - {FB2B91F2-20FB-CDCE-D34A-E50E5910E44F} - C:\WINDOWS\system32\javasr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamWizard] C:\Programme\Gemeinsame Dateien\Logitech\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [gcasServ] "D:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Athan] D:\download\Athan\Athan\Athan.exe
O4 - HKLM\..\Run: [msjn32.exe] C:\WINDOWS\msjn32.exe
O4 - HKLM\..\Run: [d3uk32.exe] C:\WINDOWS\d3uk32.exe
O4 - HKLM\..\Run: [apidl32.exe] C:\WINDOWS\system32\apidl32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Anti-Virus-Pro] "d:\Programme\Anti-Virus-Pro\App.exe" hide
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109796221406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6A8DAB-3323-4AF1-AA1F-2A4D29AA1DBE}: NameServer = 212.105.193.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe





gandal

Was sind folgende Programme ?
- C:\WINDOWS\system32\sysld.exe
- C:\WINDOWS\system32\adduo32.exe

Da hast Du aber nicht viel gefixed. Wenn Sie im LOG erscheinen, kann man sie auch fixen.
         
Real Programmers code in binary