Trojaner? Problm mit Norton Anti Virus!

#1 Moin, moin,

es wäre nett wenn irgend jemand Nettes mir helfen könnte...

[url]SYMPTOME:[/url]
- Ab und zu startet der IE mit irgend ein Casionspiel
- Norton Anti Virus will ständig irgend welche Dateien überprüfen. Norton findet auch nie Gefahren, will die Überprüfung aber alle 10 Sekunden machen.

[url]Folgende Aussage macht Norton:[/url]
Es wurde ein verdächtiges Sicherheitsrisiko erkannt.
Risiko Name: Spyware.Apropos.C
Die Datei die geprüft wird heisst: Tsudatex.exe und soll im System32 Ordner sein. Da finde ich die Datei aber nicht.

[url]SYSTEM:[/url]
- Laptop
- AMD Turion
- 1.79 GHz
- 1 GB RAM
- Windows XP Home Edition
- Service Pack 2
- Norton Anti Virus 2004 (Immer Upgedatet)
- Hatte IE bin jetzt auf Firefox umgestiegen

[url]WAS HABE ICH BEREITS GETAN:[/url]
- Habe wie im Forum beschrieben verschiedenste Programme benutzt darunter:
- Ad-Aware 6 angewendet
- Spyboot Search & Destroy angewendet
- eScan
- Zwei Logfile von HijackThis v1.99.1 erstellt
- Eine Online Auswerten lassen
- Die Zweite siehe unten

[url]PROBLEM:[/url]
Mache gerade Praxissemster im Ausland. Habe deshalb nicht die passende Software hier um meinen Rechner komplett neu aufzuspielen.

[url]Logfile of HijackThis v1.99.1[/url]
Scan saved at 9:54:18 PM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\HiJackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://www.olb.de/olb_fb3_1806/plugin/AXFOAM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126185907718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C:\Programme\Autodesk\Inventor Professional 9\bin\HSPCLPRO10.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Vy1HYW5n\command.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe



Danke

#2 Nutzte bitte Blacklight http://www.f-secure.com/blacklight/try.shtml

Lade es herunter, entpacke es in einen extra Ordner, starte es, waehle folgendes, erst " i acept the agreement", dann "scan", warte bis es den Rechner geprueft hat, dann "next" und "exit". Es befindet sich nun eine TXT Datei in dem Ordner, in dem sich auch Blacklight befindet, post es bitte hier.
__________
MfG Ralf
SEO-Spam Hunter

#3 Hi,
danke für die schnelle Antwort...

Ich habe nur den ersten Teil gepostet. Weil es ansonsten viel zu lang wäre.
Ich hoffe esgenügt, falls nicht kann ich die TXT- Datei auf meine Homepage zum runterladen packen.


10/31/05 07:21:22 [Info]: BlackLight Engine 1.0.24 initialized
10/31/05 07:21:22 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/31/05 07:21:23 [Note]: 4019 4
10/31/05 07:21:23 [Note]: 4005 0
10/31/05 07:21:44 [Note]: 4006 0
10/31/05 07:21:44 [Note]: 4011 3132
10/31/05 07:21:44 [Note]: 4018 3164
10/31/05 07:21:44 [Info]: Hidden process: C:\PROGRAMME\ITUWLAN\WMNVIDEO.EXE
10/31/05 07:21:44 [Note]: 4018 3172
10/31/05 07:21:44 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\TSUCATEX.EXE
10/31/05 07:21:44 [Note]: FSRAW library version 1.7.1013
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\ace.dll
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\AI_25-10-2005.log
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\AI_26-10-2005.log
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\AI_27-10-2005.log
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\AI_28-10-2005.log
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\AI_29-10-2005.log
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\AI_30-10-2005.log
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\AI_31-10-2005.log
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_4358ca02_000632ea
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_4358dabe_0002625a
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_4358ff29_0004c4b4
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_435914c8_000af79e
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_435916da_00022551
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_435b59af_00081b32
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_435b80e0_000c65d4
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_435e6788_000d59f8
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_435faf3c_000501bd
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_4361bb81_00029f63
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_4362642c_00094c5f
10/31/05 07:21:46 [Note]: 4002 0
10/31/05 07:21:46 [Note]: 4003 1
10/31/05 07:21:46 [Note]: 10002 3
10/31/05 07:21:46 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000029_43640439_00098968
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000035_435a5936_0009c671
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00000035_435c9735_000d1cef
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004823_435916db_0008d24d
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004823_4359c1b9_000aba95
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004908_435b496a_000d59f8
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\0000491c_435b6bbe_000cdfe6
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\0000491c_435be074_000d9701
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\0000491c_43610392_000d1cef
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\0000491c_436206a4_000f0537
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\0000491c_43640943_000f0537
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004944_435a1b7f_000cdfe6
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004944_435bec05_00094c5f
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004944_4360b650_00029f63
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004944_436108b2_000baeb9
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004944_4362210f_000b34a7
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\00004944_436482b8_000af79e
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1
10/31/05 07:21:47 [Note]: 10002 3
10/31/05 07:21:47 [Info]: Hidden file: C:\Programme\Ituwlan\Cache\0000494a_435a5927_000d59f8
10/31/05 07:21:47 [Note]: 4002 0
10/31/05 07:21:47 [Note]: 4003 1

#4 Das ganze Verzeichniss C:\Programme\Ituwlan scheint versteckt zu werden, darum "rename" bitte erstmal folgende Dateien:
C:\WINDOWS\SYSTEM32\TSUCATEX.EXE
C:\PROGRAMME\ITUWLAN\WMNVIDEO.EXE

Starte den Rechner dann bitte neu starten und die umbenannten ateien bitte an virus@protecus.de schicken (Sie heissen dann C:\PROGRAMME\ITUWLAN\WMNVIDEO.EXE.ren
C:\WINDOWS\SYSTEM32\TSUCATEX.EXE.ren

Ein neues Blacklight und hijackthis log ist auch noetig.
__________
MfG Ralf
SEO-Spam Hunter

#5 Hi,
tut mir leid ich bin mir nicht sicher was du mit "rename" meinst. Soll ich sie umbenennen? Ich finde die Dateien nicht...

Oder soll ich ein Programm dafüt nutzen?

Danke

#6 Entschuldige, ja, nutze Blacklight dafuer, du kannst nach dem scan die Datei, die du umbenennen willst im Ergebnisfenster anhaken und dann unten den Button Rename druecken. Du brauchst erstmal nur die beiden obigen exe Dateien umbenennen.
__________
MfG Ralf
SEO-Spam Hunter

#7 Hi,

habe "rename" durchgeführt. Danach habe ich den PC neugestartet. Habe die Dateien trotzdem nicht gefunden.
Habe danach mein System im Abgesicherten Modus hochgefahren. Dann konnte ich die Dateien "ausschneiden". Sie habe jetzt nicht die Endung EXE.ren, soll ich siew trotzdem an virus@protecus.de??

Habe jetzt schon Hijack und BlackLight wieder gemacht:

H I J A C K:
ogfile of HijackThis v1.99.1
Scan saved at 8:35:34 AM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\W-Gang\Desktop\Neuer Ordner\blbeta.exe
C:\Programme\HiJackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://www.olb.de/olb_fb3_1806/plugin/AXFOAM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126185907718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C:\Programme\Autodesk\Inventor Professional 9\bin\HSPCLPRO10.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Vy1HYW5n\command.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

B L A C K L I G H T:
10/31/05 08:34:42 [Info]: BlackLight Engine 1.0.24 initialized
10/31/05 08:34:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/31/05 08:34:42 [Note]: 4019 4
10/31/05 08:34:42 [Note]: 4005 0
10/31/05 08:35:03 [Note]: 4006 0
10/31/05 08:35:03 [Note]: 4011 288
10/31/05 08:35:04 [Note]: FSRAW library version 1.7.1013
10/31/05 08:39:38 [Note]: 4007

#8 sieht schon besser aus. Schicke die Dateien bitte incl. der C:\Programme\Ituwlan\ace.dll
__________
MfG Ralf
SEO-Spam Hunter