Trojaner-Board - Finde das Problem nicht, bitte HILFE

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Finde das Problem nicht, bitte HILFE (https://www.trojaner-board.de/16295-finde-problem-bitte-hilfe.html)

Finde das Problem nicht, bitte HILFE

Hi, in dem unten geposteten File habe ich alles was ich erkennen konnte gefixt, bekomme aber immer noch nach dem neustart des rechners diverse casinoseiten und viagraliferanten mit einem pop-up angezeigt, kann bitte mal jemand drüberschauen ob ich etwas übersehe??

Logfile of HijackThis v1.99.1
Scan saved at 08:47:37, on 06.04.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAMME\COMMON FILES\UPDATER\WUPDATER.EXE
C:\HPCOMPAN\cmpanion.exe
C:\WINDOWS\SYSTEM\ELITEDBS32.EXE
C:\PROGRAMME\NORTON UTILITIES\SYSDOC32.EXE
C:\HARDCOPY\HARDCOPY.EXE
C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\TOBIT INFOCENTER\DVREMIND.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programme\Copernic 2001 Plus\Search Bar.htm
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun :teufel2: schon gefixt
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TS-Anmeldung] \\Voigt-wts\netlogon\logon.bat
O4 - HKLM\..\Run: [Elodruck] \\Voigt-wts\netlogon\steinhardt.bat
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [updater] C:\Programme\Common files\updater\wupdater.exe :teufel2: schon gefixt
O4 - HKLM\..\Run: [Cmpanion] C:\HPCOMPAN\cmpanion.exe
O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEDBS32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Programme\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Verknüpfung mit Hardcopy.lnk = C:\Hardcopy\Hardcopy.exe
O4 - Startup: Tobit InfoCenter.LNK = C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE
O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Programme\Copernic 2001 Plus\Search Extension.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe
O9 - Extra 'Tools' menuitem: Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe
O9 - Extra button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm
O9 - Extra 'Tools' menuitem: Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Vertrieb
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 217.65.24.98

danke alex

@arche-22
ein neues logfile wäre besser.
lade escan
download
anleitung
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

chaosman

Hallo arche-22,

Zitat:

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun schon gefixt

Das ist nichts böses -->http://www.nickles.de/c/s/11-0009-254-2.htm

dartus

habe e-scan durchgefürt,

hat 50 vieren festgestellt, aber wenn ich im abgesicherten modus mit nortonantivirus scanne finde ich keinen einzigen, kann die downloadtrojaner und so also nicht bannen, wie kann ich vorgehen???

Hallo arche-22,

Zitat:

Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen

Dann geht es weiter.

dartus

hier die infiezierten files:

Wed Apr 06 10:16:56 2005 => Scanning File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE
Wed Apr 06 10:17:04 2005 => File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:04 2005 => Scanning File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE
Wed Apr 06 10:17:04 2005 => File C:\WINDOWS\SYSTEM\ELITEDBS32.EXE infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:16 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Wed Apr 06 10:17:16 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => System found infected with ElitebarBHO Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => System found infected with Favoriteman Spyware/Adware ({53F066F0-A4C0-4F46-83EB-2DFD03F938CF})! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "Favoriteman Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => System found infected with NetPal Spyware/Adware ({00000ef1-0786-4633-87c6-1aa7a44296da})! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => System found infected with NetPal Spyware/Adware ({ef100007-f409-426a-9e7c-cb211f2a9786})! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => System found infected with eUniverse Spyware/Adware ({5D60FF48-95BE-4956-B4C6-6BB168A70310})! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "eUniverse Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => Offending value found in HKCU\Software\180Solutions !!!
Wed Apr 06 10:17:17 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => Offending Folder C:\PROGRA~1\WEB_RE~1 present...
Wed Apr 06 10:17:17 2005 => System found infected with Web_Rebates Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "Web_Rebates Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => Offending Folder C:\WINDOWS\ELITET~1 present...
Wed Apr 06 10:17:17 2005 => System found infected with elitetoolbar Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "elitetoolbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\elitebar internet explorer toolbar !!!
Wed Apr 06 10:17:17 2005 => System found infected with elitebar internet explorer toolbar Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "elitebar internet explorer toolbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => Offending value found in HKCU\Software\lq !!!
Wed Apr 06 10:17:17 2005 => System found infected with lq Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "lq Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => Offending value found in HKCU\Software\VB and VBA Program Settings !!!
Wed Apr 06 10:17:17 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:17 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\DMO !!!
Wed Apr 06 10:17:17 2005 => System found infected with DMO Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 10:17:17 2005 => File System Found infected by "DMO Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:26 2005 => System found infected with TopMoxie Spyware/Adware (djtopr1150.exe)! Action taken: No Action Taken.
Wed Apr 06 10:17:26 2005 => File System Found infected by "TopMoxie Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:27 2005 => System found infected with TopMoxie Spyware/Adware (jkill.exe)! Action taken: No Action Taken.
Wed Apr 06 10:17:27 2005 => File System Found infected by "TopMoxie Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:31 2005 => System found infected with AdDestroyer Spyware/Adware (swrt01.dll)! Action taken: No Action Taken.
Wed Apr 06 10:17:31 2005 => File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:17:47 2005 => File C:\WINDOWS\autoload.exe tagged as not-a-virus:Tool.Win32.Autoloader. No Action Taken.

Wed Apr 06 10:17:54 2005 => Scanning File C:\WINDOWS\protector.exe
Wed Apr 06 10:17:55 2005 => File C:\WINDOWS\protector.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:29 2005 => Scanning File C:\WINDOWS\SYSTEM\msbb321.dll
Wed Apr 06 10:19:30 2005 => File C:\WINDOWS\SYSTEM\msbb321.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:35 2005 => Scanning File C:\WINDOWS\SYSTEM\ATPartners.dll
Wed Apr 06 10:19:35 2005 => File C:\WINDOWS\SYSTEM\ATPartners.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:35 2005 => Scanning File C:\WINDOWS\SYSTEM\in10b6s.dll
Wed Apr 06 10:19:36 2005 => File C:\WINDOWS\SYSTEM\in10b6s.dll infected by "Trojan-Dropper.Win32.Small.jz" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\K404SearchSetup_MS24.exe
Wed Apr 06 10:19:41 2005 => File C:\WINDOWS\SYSTEM\K404SearchSetup_MS24.exe infected by "not-a-virus:AdWare.ToolBar.404Search.a" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\setup_incred_2.exe
Wed Apr 06 10:19:41 2005 => File C:\WINDOWS\SYSTEM\setup_incred_2.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\SWRT01.dll
Wed Apr 06 10:19:41 2005 => File C:\WINDOWS\SYSTEM\SWRT01.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:41 2005 => Scanning File C:\WINDOWS\SYSTEM\SplWbr.dll
Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\SplWbr.dll infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\BO2809040510.exe
Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\BO2809040510.exe infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\WebRebates.exe
Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\WebRebates.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\MegasearchBarSetup.exe
Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\MegasearchBarSetup.exe infected by "Trojan-Downloader.NSIS.Gen" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\MegasearchBarSetup.dll
Wed Apr 06 10:19:42 2005 => File C:\WINDOWS\SYSTEM\MegasearchBarSetup.dll infected by "not-a-virus:AdWare.F1Organizer.n" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:42 2005 => Scanning File C:\WINDOWS\SYSTEM\shawn_1.dll
Wed Apr 06 10:19:43 2005 => File C:\WINDOWS\SYSTEM\shawn_1.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:43 2005 => Scanning File C:\WINDOWS\SYSTEM\eliteerror32.dat
Wed Apr 06 10:19:43 2005 => File C:\WINDOWS\SYSTEM\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:43 2005 => Scanning File C:\WINDOWS\SYSTEM\SHAgentNew.dll
Wed Apr 06 10:19:43 2005 => File C:\WINDOWS\SYSTEM\SHAgentNew.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:43 2005 => Scanning File C:\WINDOWS\SYSTEM\elitedoolsav.dat
Wed Apr 06 10:19:44 2005 => File C:\WINDOWS\SYSTEM\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.ae" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:44 2005 => Scanning File C:\WINDOWS\SYSTEM\elitedbs32.exe
Wed Apr 06 10:19:44 2005 => Scanning File C:\WINDOWS\SYSTEM\temperror32.dat
Wed Apr 06 10:19:44 2005 => File C:\WINDOWS\SYSTEM\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:19:52 2005 => Scanning File C:\WINDOWS\TEMP\~GL_361C.EXE
Wed Apr 06 10:19:52 2005 => File C:\WINDOWS\TEMP\~GL_361C.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Wed Apr 06 10:19:52 2005 => Scanning File C:\WINDOWS\TEMP\~GL_3958.EXE
Wed Apr 06 10:19:52 2005 => File C:\WINDOWS\TEMP\~GL_3958.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Wed Apr 06 10:20:13 2005 => Scanning File C:\WINDOWS\TEMP\404SearchUninstall.exe
Wed Apr 06 10:20:13 2005 => File C:\WINDOWS\TEMP\404SearchUninstall.exe infected by "not-a-virus:AdWare.ToolBar.404Search.d" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:20:13 2005 => Scanning File C:\WINDOWS\TEMP\djtopr1150.exe
Wed Apr 06 10:20:14 2005 => File C:\WINDOWS\TEMP\djtopr1150.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:20:14 2005 => Scanning File C:\WINDOWS\TEMP\GLB3130.TMP
Wed Apr 06 10:20:14 2005 => File C:\WINDOWS\TEMP\GLB3130.TMP infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:20:14 2005 => Scanning File C:\WINDOWS\TEMP\Del7323.TMP
Wed Apr 06 10:20:14 2005 => File C:\WINDOWS\TEMP\Del7323.TMP infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:20:22 2005 => Scanning File C:\WINDOWS\TEMP\suicidetb.exe
Wed Apr 06 10:20:22 2005 => File C:\WINDOWS\TEMP\suicidetb.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:20:22 2005 => Scanning File C:\WINDOWS\TEMP\~GL_2247.EXE
Wed Apr 06 10:20:22 2005 => File C:\WINDOWS\TEMP\~GL_2247.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Wed Apr 06 10:20:22 2005 => Scanning File C:\WINDOWS\TEMP\~GL_231F.EXE
Wed Apr 06 10:20:22 2005 => File C:\WINDOWS\TEMP\~GL_231F.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Wed Apr 06 10:22:03 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[1].exe
Wed Apr 06 10:22:03 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[1].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:22:06 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[2].exe
Wed Apr 06 10:22:06 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\81QVO5E3\sideb[2].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:22:11 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\CAEJK5A1.HTM
Wed Apr 06 10:22:11 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\CAEJK5A1.HTM infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:22:49 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\protector[1].exe
Wed Apr 06 10:22:49 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\SZAFOVSL\protector[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:23:34 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector_update[1].exe
Wed Apr 06 10:23:35 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector_update[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:23:36 2005 => Scanning File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector[1].exe
Wed Apr 06 10:23:37 2005 => File C:\WINDOWS\LOCALS~1\TEMPOR~1\CONTENT.IE5\0P2JCPEB\protector[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

Wed Apr 06 10:23:39 2005 => ***** Scanning complete. *****

Wed Apr 06 10:23:39 2005 => Total Objects Scanned: 7811
Wed Apr 06 10:23:39 2005 => Total Virus(es) Found: 52
Wed Apr 06 10:23:39 2005 => Total Disinfected Files: 0
Wed Apr 06 10:23:39 2005 => Total Files Renamed: 0
Wed Apr 06 10:23:39 2005 => Total Deleted Objects: 0
Wed Apr 06 10:23:39 2005 => Total Errors: 0
Wed Apr 06 10:23:39 2005 => Time Elapsed: 00:06:35
Wed Apr 06 10:23:39 2005 => Virus Database Date: 2005/04/04
Wed Apr 06 10:23:39 2005 => Virus Database Count: 124577

Wed Apr 06 10:23:39 2005 => Scan Completed.

danke für eure hilfe vorab)))

Hallo arche-22,

downloade Dir folgende Programme:
clearprog
Adaware SE
spybot S&D. Adaware und spybot installieren und updaten.

Starte "clearprog"--> Häckchen bei "Alles Löschen" und auf löschen klicken
(u.a. alle Temp-Ordner werden geleert)

Wechsel dann in den abgesicherten Modus http://www.trojaner-board.de/63335-w...s-starten.html

Folgende Dateien/Ordener manuell löschen:
(Falls noch nicht eingestellt: Öffne den Explorer-->Extras-->Ordneroptionen-->Ansicht-->Systendateien ausblenden "Häckchen weg“ und "Alle Dateien und Ordner Anzeigen" anklicken)

C:\WINDOWS\SYSTEM\ELITEDBS32.EXE
C:\PROGRA~1\WEB_RE~1
C:\WINDOWS\ELITET~1
C:\WINDOWS\autoload.exe
C:\WINDOWS\protector.exe
C:\WINDOWS\protector.exe
C:\WINDOWS\SYSTEM\msbb321.dll
C:\WINDOWS\SYSTEM\ATPartners.dll
C:\WINDOWS\SYSTEM\in10b6s.dll
C:\WINDOWS\SYSTEM\in10b6s.dll C:\WINDOWS\SYSTEM\K404SearchSetup_MS24.exe
C:\WINDOWS\SYSTEM\setup_incred_2.exe
C:\WINDOWS\SYSTEM\SWRT01.dll
C:\WINDOWS\SYSTEM\SplWbr.dll
C:\WINDOWS\SYSTEM\BO2809040510.exe
C:\WINDOWS\SYSTEM\WebRebates.exe
C:\WINDOWS\SYSTEM\MegasearchBarSetup.exe
C:\WINDOWS\SYSTEM\MegasearchBarSetup.dll
C:\WINDOWS\SYSTEM\shawn_1.dll
C:\WINDOWS\SYSTEM\eliteerror32.dat
C:\WINDOWS\SYSTEM\SHAgentNew.dll
C:\WINDOWS\SYSTEM\elitedoolsav.dat
C:\WINDOWS\SYSTEM\elitedbs32.exe
C:\WINDOWS\SYSTEM\temperror32.dat

Papierkorb leeren

Adaware und Spybot nacheinander scannen lassen und alle Funde löschen.

Neustart --> neues Logfile

dartus

so alles durch, hier der neue File nach der gesamten tour:

Logfile of HijackThis v1.99.1
Scan saved at 14:06:28, on 06.04.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\HPCOMPAN\cmpanion.exe
C:\PROGRAMME\NORTON UTILITIES\SYSDOC32.EXE
C:\HARDCOPY\HARDCOPY.EXE
C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\TOBIT INFOCENTER\DVREMIND.EXE
C:\WINDOWS\DESKTOP\VIREN\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programme\Copernic 2001 Plus\Search Bar.htm
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TS-Anmeldung] \\Voigt-wts\netlogon\logon.bat
O4 - HKLM\..\Run: [Elodruck] \\Voigt-wts\netlogon\steinhardt.bat
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Cmpanion] C:\HPCOMPAN\cmpanion.exe
O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEDBS32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Programme\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Verknüpfung mit Hardcopy.lnk = C:\Hardcopy\Hardcopy.exe
O4 - Startup: Tobit InfoCenter.LNK = C:\PROGRAMME\TOBIT INFOCENTER\DVWIN32.EXE
O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Programme\Copernic 2001 Plus\Search Extension.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe
O9 - Extra 'Tools' menuitem: Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe
O9 - Extra button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm
O9 - Extra 'Tools' menuitem: Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programme\Copernic 2001 Plus\Translate.htm
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Vertrieb
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 217.65.24.98

Hallo,

folgenden Eintrag noch mit HJT fixen:

O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEDBS32.EXE

Ansonsten sieht Dein Log unauffällig aus.

Kommen noch Popups?

dartus

keine pop-ups mehr, fixe den einen noch danke euch ganz dolle