hallo zusammen... hoffe ich bin hier richtig...
wenn ich meinen ie starte sollte normalerweise keine seite angezeigt werden. leider ist es jetzt so, dass sich eine seite öffnet, in der adresszeile steht trotzdem abbout: blank, und "oben links" steht immer search for... und es öffnen sich immer fenster, welche mir erzählen wollen dass mein rechner infeziert ist... tztztz... wie bekomme ich das wieder hin?? danke schon mal im voraus..
lg
ruby

Poste ein HijackThis Logfile:
kurze Beschreibung
ausführliche Beschreibung

Zitat:

... und es öffnen sich immer fenster, welche mir erzählen wollen dass mein rechner infeziert ist

..und die haben sogar recht

Logfile of HijackThis v1.99.0
Scan saved at 18:54:26, on 19.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Personal Firewall\ccPxySvc.exe
D:\Programme\Norton AntiVirus\navapsvc.exe
D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\SmartSurfer2.3\SmartSurfer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Andrea\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FD51A743-BED4-4258-8D2D-4EF8DAA1117A} - C:\WINDOWS\System32\aplgal.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [NBJ] "D:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A405B87-60CB-43D3-A0EB-D5CAC9C01E18}: NameServer = 195.71.250.35 193.189.244.205
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A405B87-60CB-43D3-A0EB-D5CAC9C01E18}: NameServer = 195.71.250.35 193.189.244.205
O18 - Filter: text/html - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll
O18 - Filter: text/plain - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe

um himmels willen... da werd ich ja blind

@ruby1975
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
dein system ist marke scheunentor, also bitte sofort IE und system updaten.
lasse diese datei C:\WINDOWS\System32\aplgal.dll
hier online überprüfen http://virusscan.jotti.org/de
das ergebnis posten
wechsle danach in den abgesicherten modus und fixe mir HJT
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html
O2 - BHO: (no name) - {FD51A743-BED4-4258-8D2D-4EF8DAA1117A} - C:\WINDOWS\System32\aplgal.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter: text/html - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll
O18 - Filter: text/plain - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll
lösche danach manuell
C:\WINDOWS\System32\aplgal.dll
C:\WINDOWS\web\related.htm
neu booten, ein neues HJT logfile posten + die ergebnisse von jotti.org
chaosman

Service load: 0% 100%

File: aplgal.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
Packers detected: None

AntiVir TR/StartPage.ix (0.15 seconds taken)
Avast Win32:Startpage-006 (1.51 seconds taken)
BitDefender No viruses found (0.74 seconds taken)
ClamAV Trojan.Startpage-134 (0.45 seconds taken)
Dr.Web No viruses found (0.54 seconds taken)
F-Prot Antivirus No viruses found (0.11 seconds taken)
Kaspersky Anti-Virus No viruses found (1.18 seconds taken)
mks_vir No viruses found (0.22 seconds taken)
NOD32 No viruses found (0.38 seconds taken)
Norman Virus Control No viruses found (0.65 seconds taken)

Statistics
Last piece of malware found was Boxed.gen in install.exe, detected by:

Scanner Malware name Time taken
AntiVir Worm/Robobot 0.16 seconds
Avast X 1.51 seconds
BitDefender X 2.22 seconds
ClamAV X 0.66 seconds
Dr.Web Trojan.Proxy.106 0.98 seconds
F-Prot Antivirus X 0.40 seconds
Kaspersky Anti-Virus X 1.17 seconds
mks_vir Trojan.Boxed.J19 0.36 seconds
NOD32 Win32/Webus.C 0.68 seconds
Norman Virus Control Boxed.gen 0.24 seconds



Service statistics:

1918 files (1568 of those unique) have been uploaded & scanned since 17/01/2005, the day of the last database purge.
433 of those 1568 files contained a virus or any other form of malware.
This page has been visited 3377 times in this time period.
This service managed to spot 30 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 255 suspicious files without any help from scanner results.
However, 1 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.94% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.

No I am not sitting still! A new, better version of this service is being developed.
If you have suggestions and/or comments, please send me them!
Most popular malware:

Rank Malware name Uploaded Last known filename
1 win32.hllw.mybot.based 18 times rbot2.exe
2 trojan.spy.agent.y 17 times inst_XJump_v0_1_.3.4_SE_GZP.exe
3 win32.hllw.tibic 10 times Macromedia_Flash_MX_v6.0_Crack_.exe
4 win32.hllw.forbot.based 9 times ntscan.exe
5 worm/robobot 9 times install.exe
6 trojan.unremote.a 8 times Aimbot.rar
7 worm/wurmark.d.2.1 8 times me_3.exe
8 tr/ciadoor.13.a 8 times _stub2.stb
9 trojan.downloader.stubby.c 7 times farmmext.exe
10 backdoor.win32.rbot.gen 7 times mood3.exe
11 tr/psw.ldpinch.jm1 6 times Rechnung0545-2199.pdf.exe
12 p2p-worm.win32.tibick.d 6 times svcnet.exe
13 worm/zusha.a 5 times rBt.exe
14 backdoor.win32.sdbot.gen 5 times msgfix.old
15 win32.hllw.agobot 4 times agobot2.exe


na super... mal sehen ob ich das hinkriege was du da so geschrieben hast... danke schonmal...

Logfile of HijackThis v1.99.0
Scan saved at 20:36:34, on 19.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Personal Firewall\ccPxySvc.exe
D:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\Programme\Norton AntiVirus\SAVScan.exe
C:\Dokumente und Einstellungen\Andrea\Desktop\troja\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [NBJ] "D:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe

@ruby1975
dein problem fängt hier an
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
ich kann mich nur wiederholen
dein system ist marke scheunentor, also bitte sofort IE und system updaten.
btw, dein logfile schaut unauffällig aus

chaosman

bin ich grad dabei.... versuche mein bestes...
soll ich danach noch einmal posten??

@ruby1975

nicht unbedingt, dein letztes logfile war ok
chaosman

daaaaaankeeee..... *fallaufdieknie*