Home » Viren, Trojaner & Malware Forum » Trojaner StartPa.du.dll.1 hartnäckig » Themenansicht

Trojaner StartPa.du.dll.1 hartnäckig
#0
17.10.2005, 22:27
Matt Kirby
...neu hier

Beiträge: 1
#1 Hallo zusammen,

es geht um den etwas veralteten und leider mit Trojanern befallenen Rechner meines Vaters. Das Betriebssystem ist Windows98. SpyBot meldet den Trojaner StartPa.du.dll.1. Ich habe versucht diesen mit HiJackThis und KillBox zu entfernen, er hat sich aber nach Neustart immer wieder neuinstalliert. AntiVir meldete zusätzlich "Klez", gab aber an diesen entfernt zu haben.

Das aktuelle Log-File von HijackThis sieht so aus:

Logfile of HijackThis v1.98.2
Scan saved at 14:37:52, on 13.10.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\Winmodem.101\wmexe.exe
C:\WINDOWS\SYSTEM\SYSXK32.EXE
C:\WINDOWS\SDKTQ.EXE
C:\WINDOWS\SYSTEM\IPBH.EXE
C:\WINDOWS\SYSTEM\ADDXC32.EXE
C:\WINDOWS\SDKQC.EXE
C:\WINDOWS\NETDH32.EXE
C:\WINDOWS\MSMK.EXE
C:\WINDOWS\NETWB.EXE
C:\WINDOWS\WINPM.EXE
C:\WINDOWS\SYSTEM\JAVAVU32.EXE
C:\WINDOWS\SYSTEM\D3DQ32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SDKJT.EXE
C:\WINDOWS\CRNA.EXE
C:\WINDOWS\CRUG.EXE
C:\WINDOWS\APPID32.EXE
C:\WINDOWS\SYSTEM\MFCCU32.EXE
C:\WINDOWS\ATLJR32.EXE
C:\WINDOWS\MFCZI32.EXE
C:\WINDOWS\APIHE32.EXE
C:\WINDOWS\SYSTEM\NTHR.EXE
C:\WINDOWS\SYSTEM\JAVAHF.EXE
C:\WINDOWS\SYSTEM\MFCXV.EXE
C:\WINDOWS\SYSTEM\CRLH.EXE
C:\WINDOWS\SYSSE.EXE
C:\WINDOWS\SYSTEM\D3JW32.EXE
C:\WINDOWS\SYSTEM\NETWL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WINTL32.EXE
C:\WINDOWS\SYSTEM\SYSCJ.EXE
C:\WINDOWS\D3FH32.EXE
C:\WINDOWS\JAVAMF.EXE
C:\WINDOWS\SYSTEM\D3LS.EXE
C:\WINDOWS\MFCID32.EXE
C:\WINDOWS\SDKKF32.EXE
C:\WINDOWS\APPVK32.EXE
C:\WINDOWS\IEHM32.EXE
C:\WINDOWS\NTMS.EXE
C:\WINDOWS\SYSTEM\NETBJ32.EXE
C:\WINDOWS\NTJI32.EXE
C:\WINDOWS\SYSTEM\SDKZO32.EXE
C:\WINDOWS\SYSTEM\IECO.EXE
C:\WINDOWS\SYSJT32.EXE
C:\WINDOWS\SYSTEM\NTXT.EXE
C:\WINDOWS\SYSTEM\IPJB.EXE
C:\WINDOWS\IPWM32.EXE
C:\WINDOWS\ATLTW32.EXE
C:\WINDOWS\SYSTEM\CRYG32.EXE
C:\WINDOWS\SYSTEM\SDKIB.EXE
C:\WINDOWS\ADDEB32.EXE
C:\WINDOWS\SYSMX.EXE
C:\WINDOWS\D3RG.EXE
C:\WINDOWS\APPYY32.EXE
C:\WINDOWS\APIQQ32.EXE
C:\WINDOWS\SYSTEM\ADDMP.EXE
C:\WINDOWS\IPSA.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\APPLB.EXE
C:\PROGRAMME\AVPERSONAL\AVSCHED32.EXE
C:\PROGRAMME\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\WINDOWS\TWAIN_32\C6U14K\WATCH.EXE
C:\PROGRAMME\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
C:\PROGRAMME\D\D-INFO\DINFOSTARTER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\APIQQ32.EXE
C:\WINDOWS\SYSTEM\CRLH.EXE
C:\WINDOWS\SYSTEM\ADDXC32.EXE
C:\WINDOWS\SYSTEM\SDKZO32.EXE
C:\WINDOWS\SYSTEM\SYSXK32.EXE
C:\WINDOWS\APPYY32.EXE
C:\WINDOWS\SYSTEM\NTXT.EXE
C:\WINDOWS\D3FH32.EXE
C:\WINDOWS\SYSSE.EXE
C:\WINDOWS\SYSTEM\NETBJ32.EXE
C:\WINDOWS\SDKKF32.EXE
C:\WINDOWS\SYSTEM\NETWL32.EXE
C:\WINDOWS\NTJI32.EXE
C:\WINDOWS\DESKTOP\NEUER ORDNER\HJT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yxgum.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yxgum.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yxgum.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yxgum.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yxgum.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yxgum.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yxgum.dll/sp.html#37049
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {B46BD484-7071-F0EF-F47D-A3DA3A0F33C2} - C:\WINDOWS\SYSTEM\CRTX32.DLL
O2 - BHO: Class - {F4A7346E-368F-97F3-D0E1-04041CAF1A3E} - C:\WINDOWS\SYSTEM\MFCOT32.DLL
O2 - BHO: Class - {8A3702AE-375F-72C9-4CF2-CD064BED729F} - C:\WINDOWS\SYSTEM\D3NO32.DLL
O2 - BHO: Class - {0313D293-F8C5-AF26-E8D6-0687874060FB} - C:\WINDOWS\ADDTZ32.DLL
O2 - BHO: Class - {DC8B0938-5FED-2CB4-7F25-40FB2AA50A25} - C:\WINDOWS\NETKM32.DLL
O2 - BHO: Class - {35B5588D-F5F0-2823-78EF-03676F6C97E2} - C:\WINDOWS\SYSTEM\CRVI.DLL
O2 - BHO: Class - {C0209690-DBDA-0E71-33D1-D3B9F9A012CA} - C:\WINDOWS\SYSTEM\MFCGN.DLL
O2 - BHO: Class - {C6A396F7-B7E9-1A0B-64D9-182A03BD77AC} - C:\WINDOWS\SYSTEM\IEFV32.DLL
O2 - BHO: Class - {25A0CAC3-1209-21C6-3E92-81CC5DEB3061} - C:\WINDOWS\MSDM.DLL
O2 - BHO: Class - {9B9E2367-5E4E-0A00-7B79-5E8D27628521} - C:\WINDOWS\SYSTEM\IPED32.DLL
O2 - BHO: Class - {63205DF7-E69F-C6A7-B29B-5EAE5A02155F} - C:\WINDOWS\SYSTEM\NETQI32.DLL
O2 - BHO: Class - {5B62544E-05AF-B100-00DE-15E62026EB55} - C:\WINDOWS\SYSTEM\ADDVD.DLL
O2 - BHO: Class - {88C70A95-F55A-4D19-7FC6-957DBE0DFA3D} - C:\WINDOWS\SYSTEM\ADDYU.DLL
O2 - BHO: Class - {5E5DBFEE-5C17-CE66-1F25-F001EBA4E915} - C:\WINDOWS\CRZD32.DLL
O2 - BHO: Class - {315397E1-2F75-F176-4C18-ED9C483D3FF6} - C:\WINDOWS\CRNS32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [APPLB.EXE] C:\WINDOWS\SYSTEM\APPLB.EXE
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAMME\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Winmodem] Winmodem.101\wmexe.exe
O4 - HKLM\..\RunServices: [APIEV32.EXE] C:\WINDOWS\SYSTEM\APIEV32.EXE /s
O4 - HKLM\..\RunServices: [CROS32.EXE] C:\WINDOWS\SYSTEM\CROS32.EXE /s
O4 - HKLM\..\RunServices: [APIRF.EXE] C:\WINDOWS\SYSTEM\APIRF.EXE /s
O4 - HKLM\..\RunServices: [IEWM32.EXE] C:\WINDOWS\SYSTEM\IEWM32.EXE /s
O4 - HKLM\..\RunServices: [IEXE.EXE] C:\WINDOWS\IEXE.EXE /s
O4 - HKLM\..\RunServices: [IEGZ.EXE] C:\WINDOWS\SYSTEM\IEGZ.EXE /s
O4 - HKLM\..\RunServices: [MSZQ.EXE] C:\WINDOWS\MSZQ.EXE /s
O4 - HKLM\..\RunServices: [MSVN.EXE] C:\WINDOWS\SYSTEM\MSVN.EXE /s
O4 - HKLM\..\RunServices: [APIBG.EXE] C:\WINDOWS\APIBG.EXE /s
O4 - HKLM\..\RunServices: [IEMM.EXE] C:\WINDOWS\SYSTEM\IEMM.EXE /s
O4 - HKLM\..\RunServices: [SYSXK32.EXE] C:\WINDOWS\SYSTEM\SYSXK32.EXE /s
O4 - HKLM\..\RunServices: [SDKTQ.EXE] C:\WINDOWS\SDKTQ.EXE /s
O4 - HKLM\..\RunServices: [IPBH.EXE] C:\WINDOWS\SYSTEM\IPBH.EXE /s
O4 - HKLM\..\RunServices: [ADDXC32.EXE] C:\WINDOWS\SYSTEM\ADDXC32.EXE /s
O4 - HKLM\..\RunServices: [SDKQC.EXE] C:\WINDOWS\SDKQC.EXE /s
O4 - HKLM\..\RunServices: [NETDH32.EXE] C:\WINDOWS\NETDH32.EXE /s
O4 - HKLM\..\RunServices: [MSMK.EXE] C:\WINDOWS\MSMK.EXE /s
O4 - HKLM\..\RunServices: [NETWB.EXE] C:\WINDOWS\NETWB.EXE /s
O4 - HKLM\..\RunServices: [WINPM.EXE] C:\WINDOWS\WINPM.EXE /s
O4 - HKLM\..\RunServices: [JAVAVU32.EXE] C:\WINDOWS\SYSTEM\JAVAVU32.EXE /s
O4 - HKLM\..\RunServices: [D3DQ32.EXE] C:\WINDOWS\SYSTEM\D3DQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKJT.EXE] C:\WINDOWS\SYSTEM\SDKJT.EXE /s
O4 - HKLM\..\RunServices: [CRNA.EXE] C:\WINDOWS\CRNA.EXE /s
O4 - HKLM\..\RunServices: [CRUG.EXE] C:\WINDOWS\CRUG.EXE /s
O4 - HKLM\..\RunServices: [APPID32.EXE] C:\WINDOWS\APPID32.EXE /s
O4 - HKLM\..\RunServices: [MFCCU32.EXE] C:\WINDOWS\SYSTEM\MFCCU32.EXE /s
O4 - HKLM\..\RunServices: [ATLJR32.EXE] C:\WINDOWS\ATLJR32.EXE /s
O4 - HKLM\..\RunServices: [MFCZI32.EXE] C:\WINDOWS\MFCZI32.EXE /s
O4 - HKLM\..\RunServices: [APIHE32.EXE] C:\WINDOWS\APIHE32.EXE /s
O4 - HKLM\..\RunServices: [NTHR.EXE] C:\WINDOWS\SYSTEM\NTHR.EXE /s
O4 - HKLM\..\RunServices: [JAVAHF.EXE] C:\WINDOWS\SYSTEM\JAVAHF.EXE /s
O4 - HKLM\..\RunServices: [MFCXV.EXE] C:\WINDOWS\SYSTEM\MFCXV.EXE /s
O4 - HKLM\..\RunServices: [CRLH.EXE] C:\WINDOWS\SYSTEM\CRLH.EXE /s
O4 - HKLM\..\RunServices: [SYSSE.EXE] C:\WINDOWS\SYSSE.EXE /s
O4 - HKLM\..\RunServices: [D3JW32.EXE] C:\WINDOWS\SYSTEM\D3JW32.EXE /s
O4 - HKLM\..\RunServices: [NETWL32.EXE] C:\WINDOWS\SYSTEM\NETWL32.EXE /s
O4 - HKLM\..\RunServices: [WINTL32.EXE] C:\WINDOWS\WINTL32.EXE /s
O4 - HKLM\..\RunServices: [SYSCJ.EXE] C:\WINDOWS\SYSTEM\SYSCJ.EXE /s
O4 - HKLM\..\RunServices: [D3FH32.EXE] C:\WINDOWS\D3FH32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMF.EXE] C:\WINDOWS\JAVAMF.EXE /s
O4 - HKLM\..\RunServices: [D3LS.EXE] C:\WINDOWS\SYSTEM\D3LS.EXE /s
O4 - HKLM\..\RunServices: [MFCID32.EXE] C:\WINDOWS\MFCID32.EXE /s
O4 - HKLM\..\RunServices: [SDKKF32.EXE] C:\WINDOWS\SDKKF32.EXE /s
O4 - HKLM\..\RunServices: [APPVK32.EXE] C:\WINDOWS\APPVK32.EXE /s
O4 - HKLM\..\RunServices: [IEHM32.EXE] C:\WINDOWS\IEHM32.EXE /s
O4 - HKLM\..\RunServices: [NTMS.EXE] C:\WINDOWS\NTMS.EXE /s
O4 - HKLM\..\RunServices: [NETBJ32.EXE] C:\WINDOWS\SYSTEM\NETBJ32.EXE /s
O4 - HKLM\..\RunServices: [NTJI32.EXE] C:\WINDOWS\NTJI32.EXE /s
O4 - HKLM\..\RunServices: [SDKZO32.EXE] C:\WINDOWS\SYSTEM\SDKZO32.EXE /s
O4 - HKLM\..\RunServices: [IECO.EXE] C:\WINDOWS\SYSTEM\IECO.EXE /s
O4 - HKLM\..\RunServices: [SYSJT32.EXE] C:\WINDOWS\SYSJT32.EXE /s
O4 - HKLM\..\RunServices: [NTXT.EXE] C:\WINDOWS\SYSTEM\NTXT.EXE /s
O4 - HKLM\..\RunServices: [IPJB.EXE] C:\WINDOWS\SYSTEM\IPJB.EXE /s
O4 - HKLM\..\RunServices: [IPWM32.EXE] C:\WINDOWS\IPWM32.EXE /s
O4 - HKLM\..\RunServices: [ATLTW32.EXE] C:\WINDOWS\ATLTW32.EXE /s
O4 - HKLM\..\RunServices: [CRYG32.EXE] C:\WINDOWS\SYSTEM\CRYG32.EXE /s
O4 - HKLM\..\RunServices: [SDKIB.EXE] C:\WINDOWS\SYSTEM\SDKIB.EXE /s
O4 - HKLM\..\RunServices: [ADDEB32.EXE] C:\WINDOWS\ADDEB32.EXE /s
O4 - HKLM\..\RunServices: [SYSMX.EXE] C:\WINDOWS\SYSMX.EXE /s
O4 - HKLM\..\RunServices: [D3RG.EXE] C:\WINDOWS\D3RG.EXE /s
O4 - HKLM\..\RunServices: [APPYY32.EXE] C:\WINDOWS\APPYY32.EXE /s
O4 - HKLM\..\RunServices: [APIQQ32.EXE] C:\WINDOWS\APIQQ32.EXE /s
O4 - HKLM\..\RunServices: [ADDMP.EXE] C:\WINDOWS\SYSTEM\ADDMP.EXE /s
O4 - HKLM\..\RunServices: [IPSA.EXE] C:\WINDOWS\IPSA.EXE /s
O4 - Startup: Reminder-hpc41001.lnk = C:\Programme\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\C6U14K\WATCH.EXE
O4 - Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Startup: D-Info Starter.lnk = C:\Programme\D\D-Info\dinfostarter.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://cellaphone.net/helps/079057/iehelp.chm::/win.exe

Wäre nett, wenn mir jemand helfen könnte. Vielen Dank.
Seitenanfang Seitenende
17.10.2005, 22:45
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Mein Rat,Installiere neu,also format c:
__________
MfG Argus
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1