Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Azesearch Toolbar

Azesearch Toolbar


Log-Analyse und Auswertung: Azesearch Toolbar

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 04.04.2005, 13:18   #1
Chris_cool
 
Azesearch Toolbar - Standard

Azesearch Toolbar


Hallo auf meinem pc hat sich vor ein paar tagen eine Toolbar installiert, die Azesearch heißt. Mein Google wird dadurch unbrauchbar und es erstellt immer neue ordner in Favoriten. Hier mein Hijack logfile.

Logfile of HijackThis v1.99.1
Scan saved at 14:13:25, on 04/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Programme\Conceptronic\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\winnt\System32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\Programme\Norton Internet Security\SymProxySvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\Programme\Norton Internet Security\NISSERV.EXE
C:\winnt\Explorer.EXE
C:\winnt\SOUNDMAN.EXE
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\winnt\system32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Norton Internet Security\IAMAPP.EXE
C:\WINNT\htpatch.exe
C:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\winnt\system32\rundll32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\winnt\system32\internat.exe
c:\progra~1\intern~1\iexplore.exe
C:\winnt\system32\LVComS.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Conceptronic\Bluetooth Software\BTTray.exe
C:\winnt\system32\rundll32.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\temp\ICQLite\ICQLite.exe
C:\Dokumente und Einstellungen\Isabel Alonso\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rmqgoqztcjwoatyjjz.com/d1...E3l2itkQfS.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\temp\ICQToolbar\toolbaru.dll
F3 - REG:win.ini: load=Ÿ?????????????
F3 - REG:win.ini: run=Ÿ?????????????
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O1 - Hosts: 69.50.166.13 www.cracks.am
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\winnt\system32\iasad.dll
O2 - BHO: (no name) - {1ED16B60-ED3D-393A-0BEC-AABFFA277106} - C:\DOKUME~1\ISABEL~1\ANWEND~1\HOLDBR~1\01 MFCD.exe
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (file missing)
O2 - BHO: (no name) - {EFF80427-F837-4B74-8834-BAF18E0553FD} - c:\PROGRA~2\System\Misc\kabh1.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\winnt\system32\azesearch2.ocx
O3 - Toolbar: AZE Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\winnt\system32\azesearch2.ocx
O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [P2P Networking] C:\winnt\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!!!AAAA-aaaagiochimkt] C:\DOKUME~1\ISABEL~1\ANWEND~1\GIOCHI~1.EXE /ns
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Winip] C:\winnt\winip.exe
O4 - HKLM\..\Run: [control] C:\winnt\MSN.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [bibmpeginsidethis] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILE 32 BIB MPEG\Enc Meet.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [media_stub] C:\Program Files\ebkrdr\stub.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Rundll32a] C:\winnt\system32\rundll32a.exe /run
O4 - HKCU\..\Run: [Beepsave] C:\DOKUME~1\ISABEL~1\ANWEND~1\TYPEMO~1\listthe.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\temp\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: KYESCAN.lnk = C:\PROGRA~1\ScannerU\KYESCAN.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Programme\Conceptronic\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\temp\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Conceptronic\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Horoscopo Tarot - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mcm-horoscopo\index.html (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\temp\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\temp\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\nosuch.mht!http://213.159.117.133/dl/adv157/x.chm::/load.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c338.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1E5592CB-8F5B-46F8-9EA6-65C01213808A} (InstaladorBetyByte Control) - http://www.cocacola.es/uploads/cab/i...orbetybyte.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3A7A0837-55B8-4FC8-8A09-80659413749F} (InstaladorEmpareja2 Control) - http://www.cocacola.es/uploads/cab/i...rempareja2.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.juegos-flash.com/ruboskizo2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialer...ecomendada.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) - http://www.accesoplugin.com/dialerca...DialerHTML.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.game-bereich.de/Insta...sAssistent.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37584D0E-DC05-4DEB-AFC5-29E34650669C}: NameServer = 194.179.1.101,194.179.1.100
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Conceptronic\Bluetooth Software\bin\btwdins.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Programme\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programme\Norton Internet Security\SymProxySvc.exe

Wenn ihr mir helfen konntet ware ich euch sehr dankbar
Chris

Alt 04.04.2005, 14:38   #2
dartus
 
Azesearch Toolbar - Standard

Azesearch Toolbar


Hallo Chris_cool,

führe bitte dies mal aus:
1. Downloade Dir escan und befolge genau diese Anleitung (Scan im ABGESICHERTEN MODUS dauert etwa eine Stunde, Optionen „All Local Drives“ und „Scan all Files“), http://www.systemwiederherstellung-d...indows-xp.html
2. starte nach dem Scan wieder in den normalen Modus,
3. öffne die Datei "mwav.log", klicke auf "bearbeiten" danach auf "suchen"
4. gebe dann "infected" ein,
5. suche weiter bei Treffern, markiere diese und kopiere sie ins Forum,
6. neben den Treffern auch das Gesamtergebnis (befindet sich ganz unter im Logfile) posten.

Beispiel:
Wed Feb 02 19:48:56 2005 => Total Files Scanned:
Wed Feb 02 19:48:56 2005 => Total Virus(es) Found:
.
.
.
.


dartus
__________________
Alt 04.04.2005, 17:06   #3
Chris_cool
 
Azesearch Toolbar - Standard

Azesearch Toolbar


Ich hab im abgesicherten Modus gescannt mit dem e-scan teil. Ich weiss nich was ich jetzt machen soll. Hat 2 Stunden gebraucht. Konnt ihr mir helfen
__________________
Alt 04.04.2005, 17:08   #4
chaosman
 
Azesearch Toolbar - Standard

Azesearch Toolbar


@Chris_cool
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."


chaosman
__________________
Bonus vir semper tiro

Alt 04.04.2005, 17:08   #5
Chris_cool
 
Azesearch Toolbar - Standard

Azesearch Toolbar


Das is das Ergebnis:
Mon Apr 04 17:52:49 2005 => Total Objects Scanned: 103523
Mon Apr 04 17:52:49 2005 => Total Virus(es) Found: 152
Mon Apr 04 17:52:49 2005 => Total Disinfected Files: 0
Mon Apr 04 17:52:49 2005 => Total Files Renamed: 0
Mon Apr 04 17:52:49 2005 => Total Deleted Objects: 0
Mon Apr 04 17:52:49 2005 => Total Errors: 16
Mon Apr 04 17:52:49 2005 => Time Elapsed: 01:44:13

Mon Apr 04 17:52:49 2005 => ***** Scanning complete. *****
Mon Apr 04 17:52:49 2005 => Virus Database Date: 2005/04/04
Mon Apr 04 17:52:49 2005 => Virus Database Count: 124577

Mon Apr 04 17:52:49 2005 => Scan Completed.


Alt 04.04.2005, 17:13   #6
Chris_cool
 
Azesearch Toolbar - Standard

Azesearch Toolbar


Infected:
Mon Apr 04 16:08:32 2005 => File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:08:37 2005 => File C:\winnt\system32\azesearch2.ocx infected by "not-a-virus:AdWare.ToolBar.Azesearch.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:08:38 2005 => File C:\winnt\system32\iasad.dll infected by "not-a-virus:AdWare.ToolBar.Azesearch.b" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\ISABEL~1\ANWEND~1\HOLDBR~1\01MFCD~1.EXE infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:08:38 2005 => File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.



Wie viele soll ich aufschreiben weils sind mehr als 100

Alt 04.04.2005, 17:14   #7
chaosman
 
Azesearch Toolbar - Standard

Azesearch Toolbar


@Chris_cool
Mon Apr 04 17:52:49 2005 => Total Virus(es) Found: 152
poste doch bitte alle ergebnisse

chaosman
__________________
Bonus vir semper tiro

Alt 04.04.2005, 17:20   #8
Chris_cool
 
Azesearch Toolbar - Standard

Azesearch Toolbar


Soll ich alles was im editor steht kopieren und einfugen? Wenn ich das mache bleibt die seite hangen.Sorry aber ich bin nich gut in pcs

Alt 04.04.2005, 17:24   #9
Gigamail
 
Azesearch Toolbar - Standard

Azesearch Toolbar


ganz einfach, schau

"öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."
und das höchstwahrscheinlich 152 mal
__________________
Gruß Gigamail

eScan-Anleitung und Download



Alt 04.04.2005, 17:44   #10
Chris_cool
 
Azesearch Toolbar - Standard

Azesearch Toolbar


Mon Apr 04 16:08:32 2005 => File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:08:37 2005 => File C:\winnt\system32\azesearch2.ocx infected by "not-a-virus:AdWare.ToolBar.Azesearch.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:08:38 2005 => File C:\winnt\system32\iasad.dll infected by "not-a-virus:AdWare.ToolBar.Azesearch.b" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\ISABEL~1\ANWEND~1\HOLDBR~1\01MFCD~1.EXE infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:08:38 2005 => File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:08:38 2005 => File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\ALLUSE~1\ANWEND~1\FILE32~1\ENCMEE~1.EXE infected by "not-a-virus:AdWare.Lop.p" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\ISABEL~1\ANWEND~1\TYPEMO~1\listthe.exe infected by "not-a-virus:AdWare.Lop.k" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:00 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Mon Apr 04 16:09:00 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => System found infected with ezula Spyware/Adware! Action taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => System found infected with FunWebProducts Spyware/Adware! Action taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => File System Found infected by "FunWebProducts Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => System found infected with mywebsearch Spyware/Adware! Action taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => File System Found infected by "mywebsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => System found infected with ncase Spyware/Adware! Action taken: No Action Taken.
Mon Apr 04 16:09:01 2005 => File System Found infected by "ncase Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:12 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Mon Apr 04 16:09:12 2005 => File System Found infected by "AltnetBDE Spyware/Adware" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:21 2005 => File C:\winnt\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:21 2005 => File C:\winnt\NDNuninstall6_38.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:22 2005 => File C:\winnt\purerspass[prp-10051,1].exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:09:23 2005 => File C:\winnt\NDNuninstall5_20.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:10:26 2005 => File C:\winnt\system32\calsdr.exe infected by "Trojan-Dropper.Win32.Small.ff" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:11:30 2005 => File C:\winnt\system32\calsdr.dll infected by "not-a-virus:AdWare.F1Organizer.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:11:31 2005 => File C:\winnt\system32\bs5-nt15v.exe infected by "not-a-virus:AdWare.BookedSpace.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:11:31 2005 => File C:\winnt\system32\bH.dll infected by "not-a-virus:AdWare.BiSpy.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:11:31 2005 => File C:\winnt\system32\SHAgentNew.dll infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:11:32 2005 => File C:\winnt\system32\BO2802040113.dll infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:11:32 2005 => File C:\winnt\system32\BO2804040128.exe infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:18:14 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.l" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:18:17 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\Belt.exe infected by "Trojan-Downloader.Win32.Stubby.a" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:19:13 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:20:07 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\ebpineij.exe infected by "not-a-virus:AdWare.Lop.k" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\oeowabww.exe infected by "Trojan-Downloader.Win32.Swizzor.cp" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:23:38 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\fb5d7e22.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:23:56 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\lzizdmpq.exe infected by "Trojan-Downloader.Win32.Swizzor.cp" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:27:35 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\fbc3ca9b.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\nmmvuwvx.exe infected by "not-a-virus:AdWare.Lop.k" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:27:59 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\faee8ce0.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:28:25 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\STB27.tmp infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:29:30 2005 => File C:\DOKUME~1\ISABEL~1\LOKALE~1\Temp\opiolfto.exe infected by "not-a-virus:AdWare.Lop.k" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\ISABEL~1\LOKALE~1\TEMPOR~1\Content.IE5\O163WPAZ\InstallationsAssistent[1].ocx infected by "Trojan-Downloader.Win32.Stardler.a" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:35:19 2005 => File C:\WINNT\system32\calsdr.exe infected by "Trojan-Dropper.Win32.Small.ff" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:36:36 2005 => File C:\WINNT\system32\calsdr.dll infected by "not-a-virus:AdWare.F1Organizer.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:36:37 2005 => File C:\WINNT\system32\bs5-nt15v.exe infected by "not-a-virus:AdWare.BookedSpace.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:36:38 2005 => File C:\WINNT\system32\bH.dll infected by "not-a-virus:AdWare.BiSpy.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:36:38 2005 => File C:\WINNT\system32\SHAgentNew.dll infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:36:38 2005 => File C:\WINNT\system32\BO2802040113.dll infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:36:38 2005 => File C:\WINNT\system32\BO2804040128.exe infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:40:13 2005 => File C:\WINNT\Downloaded Program Files\MediaAccX.dll infected by "not-a-virus:AdWare.WinAD.ah" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:40:14 2005 => File C:\WINNT\Downloaded Program Files\ruboskizo2.dll infected by "Trojan.Win32.Dialer.c" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:40:14 2005 => File C:\WINNT\Downloaded Program Files\InstallationsAssistent.ocx infected by "Trojan-Downloader.Win32.Stardler.a" Virus.
Mon Apr 04 16:40:14 2005 => File C:\WINNT\Downloaded Program Files\IberoDialerHTML.dll infected by "not-a-virus:PornWare.Dialer.IberoDial" Virus. Action Taken: No Action Taken.
Files\WebRecomendada.dll infected by "not-a-virus:Porn-Dialer.Win32.DialWeb" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:40:41 2005 => File C:\WINNT\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:40:50 2005 => File C:\WINNT\NDNuninstall6_38.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:40:51 2005 => File C:\WINNT\purerspass[prp-10051,1].exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:42:27 2005 => File C:\WINNT\NDNuninstall5_20.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:46:13 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILE 32 BIB MPEG\Dashinfo.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:46:14 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILE 32 BIB MPEG\View16.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:46:14 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILE 32 BIB MPEG\bend camp.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: No Action Taken
Mon Apr 04 16:46:14 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILE 32 BIB MPEG\First burn.exe infected by "not-a-virus:AdWare.Lop.j" Virus. Action Taken: No Action Taken.
Mon Apr 04 16:46:15 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILE 32 BIB MPEG\proxytons.exe infected by "not-a-virus:AdWare.Lop.j" Virus. Action Taken: No Action Taken.




Reicht das ich muss jetzt gehn

Alt 04.04.2005, 19:06   #11
chaosman
 
Azesearch Toolbar - Standard

Azesearch Toolbar


@Chris_cool

du hast leider diesen
http://labs.paretologic.com/spyware....e=Net%20Antrax
im system

deswegen kann ich dir nur raten dein system neuaufzusetzen
hier eine anleitung
http://www.trojaner-board.de/showpos...28&postcount=2

sry
chaosman
__________________
Bonus vir semper tiro

Antwort

Themen zu Azesearch Toolbar
adobe, antivirus, askbar, bho, desktop, dll, download, drivers, einstellungen, explorer, file missing, google, helfen, hijack, hijackthis, icqtoolbar, internet, internet explorer, internet security, nvidia, ordner, programme, registry, rundll, security, senden, skype.exe, software, symantec, system, temp, urlsearchhook, windows


« dumprep | Würmer trotz Formation!!!! »


Ähnliche Themen: Azesearch Toolbar


  1. Yahoo Toolbar drängelt vor, AVG Securtiy Toolbar nicht löschbar, Werbung poppt auf trotz Firewall
    Plagegeister aller Art und deren Bekämpfung - 23.09.2015 (31)
  2. mapsgalaxy toolbar und mindspark toolbar platform plugin stub - wie entfernen?
    Log-Analyse und Auswertung - 08.05.2013 (8)
  3. Entrusted Toolbar und DVDVideoSoftTB Toolbar lassen sich nicht deinstaliern
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (4)
  4. Hilfe AZESEARCH toolbar mit HiJack Log File
    Log-Analyse und Auswertung - 02.03.2006 (1)
  5. AZESEARCH in der Toolbar
    Log-Analyse und Auswertung - 02.09.2005 (13)
  6. AZESearch Toolbar beseitigen!??
    Log-Analyse und Auswertung - 25.07.2005 (1)
  7. nach Entfernung von Azesearch Toolbar....
    Plagegeister aller Art und deren Bekämpfung - 22.06.2005 (12)
  8. Hilfe, AZESEARCH TOOLBAR will nicht weg
    Log-Analyse und Auswertung - 15.05.2005 (10)
  9. Azesearch Toolbar
    Plagegeister aller Art und deren Bekämpfung - 29.04.2005 (4)
  10. AZESearch Toolbar entfernt; Kann jemand mal nen Auge drauf werfen?
    Log-Analyse und Auswertung - 24.04.2005 (2)
  11. azesearch toolbar mit AmoK DelayDel erwischt?
    Log-Analyse und Auswertung - 10.04.2005 (14)
  12. AZESEARCH Toolbar
    Log-Analyse und Auswertung - 23.03.2005 (2)
  13. Azesearch Toolbar hat sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 13.03.2005 (13)
  14. azesearch toolbar
    Log-Analyse und Auswertung - 11.03.2005 (8)
  15. AZESEARCH Toolbar nervt
    Log-Analyse und Auswertung - 24.02.2005 (4)
  16. AZESEARCH toolbar...
    Plagegeister aller Art und deren Bekämpfung - 20.02.2005 (1)
  17. Azesearch Toolbar?????
    Log-Analyse und Auswertung - 12.02.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Azesearch Toolbar - Hallo auf meinem pc hat sich vor ein paar tagen eine Toolbar installiert, die Azesearch heißt. Mein Google wird dadurch unbrauchbar und es erstellt immer neue ordner in Favoriten. Hier - Azesearch Toolbar...
Archiv
Du betrachtest: Azesearch Toolbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131