Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe, Trojaner Start Page!!! (https://www.trojaner-board.de/13127-hilfe-trojaner-start-page.html)

abi75 01.02.2005 15:36
Hilfe, Trojaner Start Page!!!
 
Hallo,
wer kann mir helfen meinen Trojaner zu entfernen? :heulen:


Logfile of HijackThis v1.99.0
Scan saved at 14:59:32, on 01.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\CyberLink\PowerVCRII\Agent.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Date Manager\DateManager.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\PROGRA~1\FRNDSL\FRNDSL.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ABRAMO~1.ABR\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ABRAMO~1.ABR\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {B3FF77A0-8F3E-4E9A-B509-D87CA8EB45A9} - C:\WINDOWS\System32\hokclc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Broken Internet access because of LSP provider 'rpc32vm.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A02B668-F1E5-4D5D-BF1E-35DC60CD6A96}: NameServer = 194.97.173.124 194.97.173.125
O18 - Filter: text/html - {6F414289-CC9F-4131-837F-15FC8E83B3E3} - C:\WINDOWS\System32\hokclc.dll
O18 - Filter: text/plain - {6F414289-CC9F-4131-837F-15FC8E83B3E3} - C:\WINDOWS\System32\hokclc.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

chaosman 01.02.2005 21:10
@abi75
update dein system und IE
lade dir LSP-Fix download
lade dir spybot download
installiere spybot und update es.

wechsle in den abgesicherten modus und lasse spybot laufen.
fixe danach mit HJT
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ABRAMO~1.ABR\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\ABRAMO~1.ABR\LOKALE~1\Temp\sp.dll/sp.html
O2 - BHO: (no name) - {B3FF77A0-8F3E-4E9A-B509-D87CA8EB45A9} - C:\WINDOWS\System32\hokclc.dll
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter: text/html - {6F414289-CC9F-4131-837F-15FC8E83B3E3} - C:\WINDOWS\System32\hokclc.dll
O18 - Filter: text/plain - {6F414289-CC9F-4131-837F-15FC8E83B3E3} - C:\WINDOWS\System32\hokclc.dll
lösche danach manuell
C:\WINDOWS\System32\hokclc.dll
C:\WINDOWS\web\related.htm
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
lösche danach
C:\Programme\Gemeinsame Dateien\GMT
C:\Programme\Gemeinsame Dateien\CMEII
neu booten, neues HJT logfile posten

chaosman

abi75 01.02.2005 22:25
ich glaube ich habe meinen Trojaner los ;)

aber vorsichtshalber hier noch die neue logfile!

Logfile of HijackThis v1.99.0
Scan saved at 22:27:38, on 01.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\CyberLink\PowerVCRII\Agent.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FRNDSL\FRNDSL.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll


Merci und Cheerio

chaosman 01.02.2005 22:33
@abi75
dein logfile ist unauffällig, trotzdem mit escan noch überprüfen

download
anleitung
überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

scan dauert 1 stunde
chaosman

abi75 02.02.2005 19:51
Hallo, hier das Ergebnis des eScan:

muß es in zwei Teilen teilen.

Teil 1

Wed Feb 02 16:45:29 2005 => File C:\Dokumente und Einstellungen\Abramo Viggiani\Anwendungsdaten\cktvllstdrstd.dll infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.
Wed Feb 02 16:45:32 2005 => File C:\Dokumente und Einstellungen\Abramo Viggiani\Anwendungsdaten\crstvlyw.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.
Wed Feb 02 16:45:51 2005 => File C:\Dokumente und Einstellungen\Abramo Viggiani\Lokale Einstellungen\Temp\Rem6.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.
Wed Feb 02 16:45:51 2005 => File C:\Dokumente und Einstellungen\Abramo Viggiani\Lokale Einstellungen\Temp\RemA.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.
Wed Feb 02 16:45:51 2005 => File C:\Dokumente und Einstellungen\Abramo Viggiani\Lokale Einstellungen\Temp\RemBD3E.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:08:50 2005 => File C:\Dokumente und Einstellungen\Abramo Viggiani.ABRAMO-BBRF5WUY\Eigene Dateien\Lustiges\Hitze .exe infected by "not-virus:Joke.Win32.Melter" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\00604F2A.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\00841D03.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\02092157.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\025E64FA.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\026E36E8.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\02DD4A6E.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\032B3A17.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\038A7BAF.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\03C24572.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\043E00E9.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\046822BB.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\04B03E6C.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\05FD78FD.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\20CE6E9E.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2108625D.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\24CF6E36.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\24DF4024.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\25621871.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\25A0362D.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\298765E1.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2B7753BF.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2B8B06CC.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2B954D9F.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2D471DC1.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2EAE2835.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2F0615D4.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\2F410994.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3030028D.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\395C2598.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3976757C.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\39E551DF.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3AF46EB4.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3C106A9F.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3C315758.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3D7A67ED.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\475A590F.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\4E032CDE.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\4ED101FC.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\4ED42BF8.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\4F1249B4.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\4F2C6275.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5246742E.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.

abi75 02.02.2005 19:52
Teil 2:

Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5CEC6675.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\65CF26B0.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\65D57AA8.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\65D924A5.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\68515BEC.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\69397935.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\6D7E7239.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\6E2A137E.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\6E65073D.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\76645C70.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\7E38178A.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\7F962409.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:42:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\7FD441C5.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
Wed Feb 02 17:53:38 2005 => File C:\System Volume Information\_restore{52933216-AC6B-434B-B358-6E590D7250D9}\RP1\A0000038.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:25 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116358.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:26 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116359.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:26 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116360.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:26 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116361.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:26 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116362.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:26 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116363.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:27 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116364.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:27 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116365.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116423.exe infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116426.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116427.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116428.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116429.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116430.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116431.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116432.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:28 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116433.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:29 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116434.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:29 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116435.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:29 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116436.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:29 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116437.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:04:29 2005 => File C:\System Volume Information\_restore{91726419-9BD7-4152-906D-B79420CD8F69}\RP523\A0116441.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.ae" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:05:24 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:05:24 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:05:24 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:05:25 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:05:25 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:05:25 2005 => File C:\WINDOWS\Downloaded Program Files\rundlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.f" Virus. Action Taken: No Action Taken.
Wed Feb 02 19:19:51 2005 => Total Disinfected Files: 0

MfG Abi75

Cidre 02.02.2005 20:01
Hallo,

Systemwiederherstellung deaktivieren -> Norton AntiVirus Quarantäne Ordner und Temp Ordner leeren-> Neustart -> Systemwiederherstellung wieder aktivieren


Danach ->
- IE sicherer konfigurieren und nur noch für das Windows Update benutzen http://www.datenschutzzentrum.de/sel...sie/config.htm oder http://www.blafusel.de/ie.html
- Sichere und komfortablere Browser wie z.B. Mozilla oder Firefox verwenden http://www.mozilla.org

Ein neues Log-File posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131