|
Log-Analyse und Auswertung: Finde das Problem nicht, bitte HILFEWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.04.2005, 08:55 | #1 |
| Finde das Problem nicht, bitte HILFE Hi, in dem unten geposteten File habe ich alles was ich erkennen konnte gefixt, bekomme aber immer noch nach dem neustart des rechners diverse casinoseiten und viagraliferanten mit einem pop-up angezeigt, kann bitte mal jemand drüberschauen ob ich etwas übersehe?? Logfile of HijackThis v1.99.1 Scan saved at 08:47:37, on 06.04.05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\ATI2EVXX.EXE C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATIPTAXX.EXE C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE C:\PROGRAMME\COMMON FILES\UPDATER\WUPDATER.EXE C:\HPCOMPAN\cmpanion.exe C:\WINDOWS\SYSTEM\ELITEDBS32.EXE C:\PROGRAMME\NORTON UTILITIES\SYSDOC32.EXE C:\HARDCOPY\HARDCOPY.EXE C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMME\TOBIT INFOCENTER\DVREMIND.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programme\Copernic 2001 Plus\Search Bar.htm O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun schon gefixt O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [TS-Anmeldung] \\Voigt-wts\netlogon\logon.bat O4 - HKLM\..\Run: [Elodruck] \\Voigt-wts\netlogon\steinhardt.bat O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [updater] C:\Programme\Common files\updater\wupdater.exe schon gefixt O4 - HKLM\..\Run: [Cmpanion] C:\HPCOMPAN\cmpanion.exe O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEDBS32.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Startup: Norton System Doctor.lnk = C:\Programme\Norton Utilities\SYSDOC32.EXE O4 - Startup: Verknüpfung mit Hardcopy.lnk = C:\Hardcopy\Hardcopy.exe O4 - Startup: Tobit InfoCenter.LNK = C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Programme\Copernic 2001 Plus\Search Extension.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe O9 - Extra 'Tools' menuitem: Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe O9 - Extra button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm O9 - Extra 'Tools' menuitem: Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Vertrieb O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 217.65.24.98 danke alex |
06.04.2005, 09:00 | #2 |
| Finde das Problem nicht, bitte HILFE @arche-22
__________________ein neues logfile wäre besser. lade escan download anleitung EscanErgebnis Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." chaosman
__________________ |
06.04.2005, 09:27 | #3 | |
| Finde das Problem nicht, bitte HILFE Hallo arche-22,
__________________Zitat:
dartus |
06.04.2005, 10:01 | #4 |
| Finde das Problem nicht, bitte HILFE habe e-scan durchgefürt, hat 50 vieren festgestellt, aber wenn ich im abgesicherten modus mit nortonantivirus scanne finde ich keinen einzigen, kann die downloadtrojaner und so also nicht bannen, wie kann ich vorgehen??? |
06.04.2005, 10:15 | #5 | |
| Finde das Problem nicht, bitte HILFE Hallo arche-22, Zitat:
dartus |
06.04.2005, 10:47 | #6 |
| Finde das Problem nicht, bitte HILFE hier die infiezierten files: Wed Apr 06 10:16:56 2005 => Scanning File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE Wed Apr 06 10:17:04 2005 => File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:04 2005 => Scanning File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE Wed Apr 06 10:17:04 2005 => File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:16 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Wed Apr 06 10:17:16 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => System found infected with ElitebarBHO Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "Favoriteman Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => System found infected with NetPal Spyware/Adware ({00000ef1-0786-4633-87c6-1aa7a44296da})! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => System found infected with NetPal Spyware/Adware ({ef100007-f409-426a-9e7c-cb211f2a9786})! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "eUniverse Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => Offending value found in HKCU\Software\180Solutions !!! Wed Apr 06 10:17:17 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => Offending Folder C:\PROGRA~1\WEB_RE~1 present... Wed Apr 06 10:17:17 2005 => System found infected with Web_Rebates Spyware/Adware! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "Web_Rebates Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => Offending Folder C:\WINDOWS\ELITET~1 present... Wed Apr 06 10:17:17 2005 => System found infected with elitetoolbar Spyware/Adware! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "elitetoolbar Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\elitebar internet explorer toolbar !!! Wed Apr 06 10:17:17 2005 => System found infected with elitebar internet explorer toolbar Spyware/Adware! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "elitebar internet explorer toolbar Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => Offending value found in HKCU\Software\lq !!! Wed Apr 06 10:17:17 2005 => System found infected with lq Spyware/Adware! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "lq Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => Offending value found in HKCU\Software\VB and VBA Program Settings !!! Wed Apr 06 10:17:17 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:17 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\DMO !!! Wed Apr 06 10:17:17 2005 => System found infected with DMO Spyware/Adware! Action taken: No Action Taken. Wed Apr 06 10:17:17 2005 => File System Found infected by "DMO Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:26 2005 => System found infected with TopMoxie Spyware/Adware (djtopr1150.exe)! Action taken: No Action Taken. Wed Apr 06 10:17:26 2005 => File System Found infected by "TopMoxie Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:27 2005 => System found infected with TopMoxie Spyware/Adware (jkill.exe)! Action taken: No Action Taken. Wed Apr 06 10:17:27 2005 => File System Found infected by "TopMoxie Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:31 2005 => System found infected with AdDestroyer Spyware/Adware (swrt01.dll)! Action taken: No Action Taken. Wed Apr 06 10:17:31 2005 => File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Apr 06 10:17:47 2005 => File C:\WINDOWS\autoload.exe tagged as not-a-virus:Tool.Win32.Autoloader. No Action Taken. Wed Apr 06 10:17:54 2005 => Scanning File C:\WINDOWS\protector.exe Wed Apr 06 10:17:55 2005 => File C:\WINDOWS\protector.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:29 2005 => Scanning File C:\WINDOWS\SYSTEM\msbb321.dll Wed Apr 06 10:19:30 2005 => File C:\WINDOWS\SYSTEM\msbb321.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:35 2005 => Scanning File C:\WINDOWS\SYSTEM\ATPartners.dll Wed Apr 06 10:19:35 2005 => File C:\WINDOWS\SYSTEM\ATPartners.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:35 2005 => Scanning File C:\WINDOWS\SYSTEM\in10b6s.dll Wed Apr 06 10:19:36 2005 => File C:\WINDOWS\SYSTEM\in10b6s.dll infected by "Trojan-Dropper.Win32.Small.jz" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\K404SearchSetup_MS24.exe Wed Apr 06 10:19:41 2005 => File C:\WINDOWS\SYSTEM\K404SearchSetup_MS24.exe infected by "not-a-virus:AdWare.ToolBar.404Search.a" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\setup_incred_2.exe Wed Apr 06 10:19:41 2005 => File C:\WINDOWS\SYSTEM\setup_incred_2.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\SWRT01.dll Wed Apr 06 10:19:41 2005 => File C:\WINDOWS\SYSTEM\SWRT01.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\SplWbr.dll Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\SplWbr.dll infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\BO2809040510.exe Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\BO2809040510.exe infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\WebRebates.exe Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\WebRebates.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\MegasearchBarSetup.exe Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\MegasearchBarSetup.dll Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\MegasearchBarSetup.dll infected by "not-a-virus:AdWare.F1Organizer.n" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\shawn_1.dll Wed Apr 06 10:19:43 2005 => File C:\WINDOWS\SYSTEM\shawn_1.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:43 2005 => Scanning File C:\WINDOWS\SYSTEM\eliteerror32.dat Wed Apr 06 10:19:43 2005 => File C:\WINDOWS\SYSTEM\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:43 2005 => Scanning File C:\WINDOWS\SYSTEM\SHAgentNew.dll Wed Apr 06 10:19:43 2005 => File C:\WINDOWS\SYSTEM\SHAgentNew.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:43 2005 => Scanning File C:\WINDOWS\SYSTEM\elitedoolsav.dat Wed Apr 06 10:19:44 2005 => File C:\WINDOWS\SYSTEM\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.ae" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:44 2005 => Scanning File C:\WINDOWS\SYSTEM\elitedbs32.exe Wed Apr 06 10:19:44 2005 => Scanning File C:\WINDOWS\SYSTEM\temperror32.dat Wed Apr 06 10:19:44 2005 => File C:\WINDOWS\SYSTEM\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:19:52 2005 => Scanning File C:\WINDOWS\TEMP\~GL_361C.EXE Wed Apr 06 10:19:52 2005 => File C:\WINDOWS\TEMP\~GL_361C.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Wed Apr 06 10:19:52 2005 => Scanning File C:\WINDOWS\TEMP\~GL_3958.EXE Wed Apr 06 10:19:52 2005 => File C:\WINDOWS\TEMP\~GL_3958.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Wed Apr 06 10:20:13 2005 => Scanning File C:\WINDOWS\TEMP\404SearchUninstall.exe Wed Apr 06 10:20:13 2005 => File C:\WINDOWS\TEMP\404SearchUninstall.exe infected by "not-a-virus:AdWare.ToolBar.404Search.d" Virus. Action Taken: No Action Taken. Wed Apr 06 10:20:13 2005 => Scanning File C:\WINDOWS\TEMP\djtopr1150.exe Wed Apr 06 10:20:14 2005 => File C:\WINDOWS\TEMP\djtopr1150.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken. Wed Apr 06 10:20:14 2005 => Scanning File C:\WINDOWS\TEMP\GLB3130.TMP Wed Apr 06 10:20:14 2005 => File C:\WINDOWS\TEMP\GLB3130.TMP infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken. Wed Apr 06 10:20:14 2005 => Scanning File C:\WINDOWS\TEMP\Del7323.TMP Wed Apr 06 10:20:14 2005 => File C:\WINDOWS\TEMP\Del7323.TMP infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. Wed Apr 06 10:20:22 2005 => Scanning File C:\WINDOWS\TEMP\suicidetb.exe Wed Apr 06 10:20:22 2005 => File C:\WINDOWS\TEMP\suicidetb.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken. Wed Apr 06 10:20:22 2005 => Scanning File C:\WINDOWS\TEMP\~GL_2247.EXE Wed Apr 06 10:20:22 2005 => File C:\WINDOWS\TEMP\~GL_2247.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Wed Apr 06 10:20:22 2005 => Scanning File C:\WINDOWS\TEMP\~GL_231F.EXE Wed Apr 06 10:20:22 2005 => File C:\WINDOWS\TEMP\~GL_231F.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Wed Apr 06 10:22:03 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[1].exe Wed Apr 06 10:22:03 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[1].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken. Wed Apr 06 10:22:06 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[2].exe Wed Apr 06 10:22:06 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[2].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken. Wed Apr 06 10:22:11 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\CAEJK5A1.HTM Wed Apr 06 10:22:11 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\CAEJK5A1.HTM infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. Wed Apr 06 10:22:49 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\protector[1].exe Wed Apr 06 10:22:49 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\protector[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:23:34 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector_update[1].exe Wed Apr 06 10:23:35 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector_update[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:23:36 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector[1].exe Wed Apr 06 10:23:37 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken. Wed Apr 06 10:23:39 2005 => ***** Scanning complete. ***** Wed Apr 06 10:23:39 2005 => Total Objects Scanned: 7811 Wed Apr 06 10:23:39 2005 => Total Virus(es) Found: 52 Wed Apr 06 10:23:39 2005 => Total Disinfected Files: 0 Wed Apr 06 10:23:39 2005 => Total Files Renamed: 0 Wed Apr 06 10:23:39 2005 => Total Deleted Objects: 0 Wed Apr 06 10:23:39 2005 => Total Errors: 0 Wed Apr 06 10:23:39 2005 => Time Elapsed: 00:06:35 Wed Apr 06 10:23:39 2005 => Virus Database Date: 2005/04/04 Wed Apr 06 10:23:39 2005 => Virus Database Count: 124577 Wed Apr 06 10:23:39 2005 => Scan Completed. danke für eure hilfe vorab))) |
06.04.2005, 11:10 | #7 |
| Finde das Problem nicht, bitte HILFE Hallo arche-22, downloade Dir folgende Programme: clearprog Adaware SE spybot S&D. Adaware und spybot installieren und updaten. Starte "clearprog"--> Häckchen bei "Alles Löschen" und auf löschen klicken (u.a. alle Temp-Ordner werden geleert) Wechsel dann in den abgesicherten Modus http://www.trojaner-board.de/63335-w...s-starten.html Folgende Dateien/Ordener manuell löschen: (Falls noch nicht eingestellt: Öffne den Explorer-->Extras-->Ordneroptionen-->Ansicht-->Systendateien ausblenden "Häckchen weg“ und "Alle Dateien und Ordner Anzeigen" anklicken) C:\WINDOWS\SYSTEM\ELITEDBS32.EXE C:\PROGRA~1\WEB_RE~1 C:\WINDOWS\ELITET~1 C:\WINDOWS\autoload.exe C:\WINDOWS\protector.exe C:\WINDOWS\protector.exe C:\WINDOWS\SYSTEM\msbb321.dll C:\WINDOWS\SYSTEM\ATPartners.dll C:\WINDOWS\SYSTEM\in10b6s.dll C:\WINDOWS\SYSTEM\in10b6s.dll C:\WINDOWS\SYSTEM\K404SearchSetup_MS24.exe C:\WINDOWS\SYSTEM\setup_incred_2.exe C:\WINDOWS\SYSTEM\SWRT01.dll C:\WINDOWS\SYSTEM\SplWbr.dll C:\WINDOWS\SYSTEM\BO2809040510.exe C:\WINDOWS\SYSTEM\WebRebates.exe C:\WINDOWS\SYSTEM\MegasearchBarSetup.exe C:\WINDOWS\SYSTEM\MegasearchBarSetup.dll C:\WINDOWS\SYSTEM\shawn_1.dll C:\WINDOWS\SYSTEM\eliteerror32.dat C:\WINDOWS\SYSTEM\SHAgentNew.dll C:\WINDOWS\SYSTEM\elitedoolsav.dat C:\WINDOWS\SYSTEM\elitedbs32.exe C:\WINDOWS\SYSTEM\temperror32.dat Papierkorb leeren Adaware und Spybot nacheinander scannen lassen und alle Funde löschen. Neustart --> neues Logfile dartus |
06.04.2005, 13:14 | #8 |
| Finde das Problem nicht, bitte HILFE so alles durch, hier der neue File nach der gesamten tour: Logfile of HijackThis v1.99.1 Scan saved at 14:06:28, on 06.04.05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\ATI2EVXX.EXE C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATIPTAXX.EXE C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE C:\HPCOMPAN\cmpanion.exe C:\PROGRAMME\NORTON UTILITIES\SYSDOC32.EXE C:\HARDCOPY\HARDCOPY.EXE C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMME\TOBIT INFOCENTER\DVREMIND.EXE C:\WINDOWS\DESKTOP\VIREN\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programme\Copernic 2001 Plus\Search Bar.htm O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [TS-Anmeldung] \\Voigt-wts\netlogon\logon.bat O4 - HKLM\..\Run: [Elodruck] \\Voigt-wts\netlogon\steinhardt.bat O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Cmpanion] C:\HPCOMPAN\cmpanion.exe O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEDBS32.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Startup: Norton System Doctor.lnk = C:\Programme\Norton Utilities\SYSDOC32.EXE O4 - Startup: Verknüpfung mit Hardcopy.lnk = C:\Hardcopy\Hardcopy.exe O4 - Startup: Tobit InfoCenter.LNK = C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Programme\Copernic 2001 Plus\Search Extension.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe O9 - Extra 'Tools' menuitem: Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe O9 - Extra button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm O9 - Extra 'Tools' menuitem: Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Vertrieb O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 217.65.24.98 |
06.04.2005, 13:22 | #9 |
| Finde das Problem nicht, bitte HILFE Hallo, folgenden Eintrag noch mit HJT fixen: O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEDBS32.EXE Ansonsten sieht Dein Log unauffällig aus. Kommen noch Popups? dartus |
06.04.2005, 13:58 | #10 |
| Finde das Problem nicht, bitte HILFE keine pop-ups mehr, fixe den einen noch danke euch ganz dolle |
Themen zu Finde das Problem nicht, bitte HILFE |
antivirus, button, desktop, diverse, explorer, file, hijack, hijackthis, internet, internet explorer, microsoft, neustart, pop-up, problem, programme, registry, rundll, rundll32.exe, security, software, starten, suche, symantec, system, windows |