Habe schon wieder ein Problem mit einem Trojaner!!!

Auf meinem zweiten PC, Windows XP ist ein Trojaner TR/StartPa.Du.dll/1. der macht mir immer mein AntiVir auf und ich versuche die Datei zu löschen, was aber nicht geht.

Kann mir irgendjemand helfen????

Meine Logfile kommt sofort!!!

Schon einmal vielen Dank für die schnelle Hilfe!!!


Holly2004

Hatten wir das nicht grade schonmal?

Hijackthis:
http://computercops.biz/zx/Merijn/hijackthis.zip
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Bebilderte Kurzanleitung

Danke schön für die schnelle Hilfe! Ja das Prob. besteht schon mal im Forum, weiß aber nicht ob es bei Win2000 und XP die gleiche Prob-behebung ist. Deßhalb der neue Eintrag!

Logfile of HijackThis v1.99.1
Scan saved at 16:39:22, on 23.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\KODAK\KODAK Bildübertragungssoftware\PTSsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\WINDOWS\ierj32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\FRITZ!\FriWeb32.exe
C:\KMaestro\Key_g.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntpy32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Dokumente und Einstellungen\seppi\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrsup.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrsup.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mrsup.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrsup.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrsup.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrsup.dll/sp.html#10001
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {2B53A317-958D-46F6-0C2E-7F2716C713AF} - C:\WINDOWS\crqb32.dll
O2 - BHO: Class - {DF98A72A-B4D8-094F-2CBB-5429FBB28737} - C:\WINDOWS\apiwn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [routcnf] C:\Programme\Telekom\Eumex 504PC USB\routcnf.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [ierj32.exe] C:\WINDOWS\ierj32.exe
O4 - HKLM\..\RunOnce: [ntpy32.exe] C:\WINDOWS\system32\ntpy32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - Startup: FRITZ!web.lnk = C:\Programme\FRITZ!\FriWeb32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.180.155/5/s1//q.chm::/file.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD21CCDE-5DD0-4B3F-8B4D-F7414C2460F6}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mfcoq.exe (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Programme\KODAK\KODAK Bildübertragungssoftware\PTSsvc.exe

Arbeite das hier ab:

Hijacker about:blank - se.dll\sp.html
http://www.trojaner-info.de/anleitungen ... blank.html

Hallo habe das Prog. ausgeführt, hat meiner Meinung nach nix gebracht.

Hier die Log:



(24.11.05 21:09:53) SPSeHjFix started v1.1.2
(24.11.05 21:09:53) OS: WinXP (5.1.2600)
(24.11.05 21:09:53) Language: deutsch
(24.11.05 21:09:53) Win-Path: C:\WINDOWS
(24.11.05 21:09:53) System-Path: C:\WINDOWS\System32
(24.11.05 21:09:53) Temp-Path: C:\DOKUME~1\seppi\LOKALE~1\Temp\
(24.11.05 21:10:17) Disinfection started
(24.11.05 21:10:17) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:17) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:17) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:17) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\mrsup.dll/sp.html#10001
(24.11.05 21:10:17) Stealth-String not found
(24.11.05 21:10:17) No locked Files to delete. End without Reboot
(24.11.05 21:10:23) Disinfection started
(24.11.05 21:10:23) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:23) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:23) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:23) Bad IE-pages: (none)
(24.11.05 21:10:23) Stealth-String not found
(24.11.05 21:10:23) No locked Files to delete. End without Reboot
(24.11.05 21:10:24) Disinfection started
(24.11.05 21:10:24) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:24) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:24) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:24) Bad IE-pages: (none)
(24.11.05 21:10:24) Stealth-String not found
(24.11.05 21:10:24) No locked Files to delete. End without Reboot
(24.11.05 21:10:24) Disinfection started
(24.11.05 21:10:24) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:24) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:24) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:24) Bad IE-pages: (none)
(24.11.05 21:10:24) Stealth-String not found
(24.11.05 21:10:24) No locked Files to delete. End without Reboot
(24.11.05 21:10:25) Disinfection started
(24.11.05 21:10:25) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) Bad IE-pages: (none)
(24.11.05 21:10:25) Stealth-String not found
(24.11.05 21:10:25) No locked Files to delete. End without Reboot
(24.11.05 21:10:25) Disinfection started
(24.11.05 21:10:25) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) Bad IE-pages: (none)
(24.11.05 21:10:25) Stealth-String not found
(24.11.05 21:10:25) No locked Files to delete. End without Reboot
(24.11.05 21:10:25) Disinfection started
(24.11.05 21:10:25) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) Bad IE-pages: (none)
(24.11.05 21:10:25) Stealth-String not found
(24.11.05 21:10:25) No locked Files to delete. End without Reboot
(24.11.05 21:10:25) Disinfection started
(24.11.05 21:10:25) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:25) Bad IE-pages: (none)
(24.11.05 21:10:25) Stealth-String not found
(24.11.05 21:10:25) No locked Files to delete. End without Reboot
(24.11.05 21:10:26) Disinfection started
(24.11.05 21:10:26) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:26) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:26) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:26) Bad IE-pages: (none)
(24.11.05 21:10:26) Stealth-String not found
(24.11.05 21:10:26) No locked Files to delete. End without Reboot
(24.11.05 21:10:26) Disinfection started
(24.11.05 21:10:26) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:26) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:26) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:26) Bad IE-pages: (none)
(24.11.05 21:10:26) Stealth-String not found
(24.11.05 21:10:26) No locked Files to delete. End without Reboot
(24.11.05 21:10:26) Disinfection started
(24.11.05 21:10:26) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:10:26) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:26) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:26) Bad IE-pages: (none)
(24.11.05 21:10:26) Stealth-String not found
(24.11.05 21:10:26) No locked Files to delete. End without Reboot


(24.11.05 21:10:31) SPSeHjFix started v1.1.2
(24.11.05 21:10:31) OS: WinXP (5.1.2600)
(24.11.05 21:10:31) Language: deutsch
(24.11.05 21:10:31) Win-Path: C:\WINDOWS
(24.11.05 21:10:31) System-Path: C:\WINDOWS\System32
(24.11.05 21:10:31) Temp-Path: C:\DOKUME~1\seppi\LOKALE~1\Temp\
(24.11.05 21:10:33) Disinfection started
(24.11.05 21:10:33) Bad-Dll(IEP): (not found)
(24.11.05 21:10:33) Bad-Dll(IEP) in BHO: (not found)
(24.11.05 21:10:33) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:33) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:10:33) Bad IE-pages: (none)
(24.11.05 21:10:33) Stealth-String not found
(24.11.05 21:10:33) Not infected->END


(24.11.05 21:11:57) SPSeHjFix started v1.1.2
(24.11.05 21:11:57) OS: WinXP (5.1.2600)
(24.11.05 21:11:57) Language: deutsch
(24.11.05 21:11:57) Win-Path: C:\WINDOWS
(24.11.05 21:11:57) System-Path: C:\WINDOWS\System32
(24.11.05 21:11:57) Temp-Path: C:\DOKUME~1\seppi\LOKALE~1\Temp\
(24.11.05 21:11:58) Disinfection started
(24.11.05 21:11:58) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:11:58) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:11:58) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:11:58) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\mrsup.dll/sp.html#10001
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\mrsup.dll/sp.html#10001
(24.11.05 21:11:58) Stealth-String not found
(24.11.05 21:11:58) No locked Files to delete. End without Reboot
(24.11.05 21:12:00) Disinfection started
(24.11.05 21:12:00) Bad-Dll(IEP): c:\windows\mrsup.dll
(24.11.05 21:12:00) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:12:00) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:12:00) Bad IE-pages: (none)
(24.11.05 21:12:00) Stealth-String not found
(24.11.05 21:12:00) No locked Files to delete. End without Reboot


(24.11.05 21:12:27) SPSeHjFix started v1.1.2
(24.11.05 21:12:27) OS: WinXP (5.1.2600)
(24.11.05 21:12:27) Language: deutsch
(24.11.05 21:12:27) Win-Path: C:\WINDOWS
(24.11.05 21:12:27) System-Path: C:\WINDOWS\System32
(24.11.05 21:12:27) Temp-Path: C:\DOKUME~1\seppi\LOKALE~1\Temp\
(24.11.05 21:12:29) Disinfection started
(24.11.05 21:12:29) Bad-Dll(IEP): (not found)
(24.11.05 21:12:29) Bad-Dll(IEP) in BHO: (not found)
(24.11.05 21:12:29) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:12:29) UBF: 4 - UBB: 2 - UBR: 12
(24.11.05 21:12:29) Bad IE-pages: (none)
(24.11.05 21:12:29) Stealth-String not found
(24.11.05 21:12:29) Not infected->END

Das Prog. hat meinen PC auch nicht heruntergefahren und neu gestartet. War das Richtig???????

Das hatte schon so seine richtigkeit. Und das war erst ein Kleiner Teil. Diese Verseuchung ist außerdem nicht zu unteraschätzen...

Ich mache dir das nach der Schule

//~~EdiT~~\\

Ich brauche dazu ein neues Hijack-This-Log