|
merkwürde startseite obwohl "about: blank" sein sollte hallo zusammen... hoffe ich bin hier richtig... wenn ich meinen ie starte sollte normalerweise keine seite angezeigt werden. leider ist es jetzt so, dass sich eine seite öffnet, in der adresszeile steht trotzdem abbout: blank, und "oben links" steht immer search for... und es öffnen sich immer fenster, welche mir erzählen wollen dass mein rechner infeziert ist... tztztz... wie bekomme ich das wieder hin?? danke schon mal im voraus.. lg ruby |
Poste ein HijackThis Logfile: kurze Beschreibung ausführliche Beschreibung Zitat:
|
Logfile of HijackThis v1.99.0 Scan saved at 18:54:26, on 19.01.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Personal Firewall\NISUM.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Norton Personal Firewall\ccPxySvc.exe D:\Programme\Norton AntiVirus\navapsvc.exe D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE D:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Programme\SmartSurfer2.3\SmartSurfer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Andrea\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FD51A743-BED4-4258-8D2D-4EF8DAA1117A} - C:\WINDOWS\System32\aplgal.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [NBJ] "D:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{0A405B87-60CB-43D3-A0EB-D5CAC9C01E18}: NameServer = 195.71.250.35 193.189.244.205 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A405B87-60CB-43D3-A0EB-D5CAC9C01E18}: NameServer = 195.71.250.35 193.189.244.205 O18 - Filter: text/html - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll O18 - Filter: text/plain - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe um himmels willen... da werd ich ja blind :crazy: |
@ruby1975 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) dein system ist marke scheunentor, also bitte sofort IE und system updaten. lasse diese datei C:\WINDOWS\System32\aplgal.dll hier online überprüfen http://virusscan.jotti.org/de das ergebnis posten wechsle danach in den abgesicherten modus und fixe mir HJT R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Andrea\LOKALE~1\Temp\sp.dll/sp.html O2 - BHO: (no name) - {FD51A743-BED4-4258-8D2D-4EF8DAA1117A} - C:\WINDOWS\System32\aplgal.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O18 - Filter: text/html - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll O18 - Filter: text/plain - {BAC4A4BF-456B-483C-86A6-2A19C5B98263} - C:\WINDOWS\System32\aplgal.dll lösche danach manuell C:\WINDOWS\System32\aplgal.dll C:\WINDOWS\web\related.htm neu booten, ein neues HJT logfile posten + die ergebnisse von jotti.org chaosman |
Service load: 0% 100% File: aplgal.dll Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) Packers detected: None AntiVir TR/StartPage.ix (0.15 seconds taken) Avast Win32:Startpage-006 (1.51 seconds taken) BitDefender No viruses found (0.74 seconds taken) ClamAV Trojan.Startpage-134 (0.45 seconds taken) Dr.Web No viruses found (0.54 seconds taken) F-Prot Antivirus No viruses found (0.11 seconds taken) Kaspersky Anti-Virus No viruses found (1.18 seconds taken) mks_vir No viruses found (0.22 seconds taken) NOD32 No viruses found (0.38 seconds taken) Norman Virus Control No viruses found (0.65 seconds taken) Statistics Last piece of malware found was Boxed.gen in install.exe, detected by: Scanner Malware name Time taken AntiVir Worm/Robobot 0.16 seconds Avast X 1.51 seconds BitDefender X 2.22 seconds ClamAV X 0.66 seconds Dr.Web Trojan.Proxy.106 0.98 seconds F-Prot Antivirus X 0.40 seconds Kaspersky Anti-Virus X 1.17 seconds mks_vir Trojan.Boxed.J19 0.36 seconds NOD32 Win32/Webus.C 0.68 seconds Norman Virus Control Boxed.gen 0.24 seconds Service statistics: 1918 files (1568 of those unique) have been uploaded & scanned since 17/01/2005, the day of the last database purge. 433 of those 1568 files contained a virus or any other form of malware. This page has been visited 3377 times in this time period. This service managed to spot 30 pieces of malware no vendor used knew about at the time of uploading. The service also warned against 255 suspicious files without any help from scanner results. However, 1 files reported to be OK were found out to be malware later (this is checked daily). As far as can be told, all this together makes this service 99.94% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism. No I am not sitting still! A new, better version of this service is being developed. If you have suggestions and/or comments, please send me them! Most popular malware: Rank Malware name Uploaded Last known filename 1 win32.hllw.mybot.based 18 times rbot2.exe 2 trojan.spy.agent.y 17 times inst_XJump_v0_1_.3.4_SE_GZP.exe 3 win32.hllw.tibic 10 times Macromedia_Flash_MX_v6.0_Crack_.exe 4 win32.hllw.forbot.based 9 times ntscan.exe 5 worm/robobot 9 times install.exe 6 trojan.unremote.a 8 times Aimbot.rar 7 worm/wurmark.d.2.1 8 times me_3.exe 8 tr/ciadoor.13.a 8 times _stub2.stb 9 trojan.downloader.stubby.c 7 times farmmext.exe 10 backdoor.win32.rbot.gen 7 times mood3.exe 11 tr/psw.ldpinch.jm1 6 times Rechnung0545-2199.pdf.exe 12 p2p-worm.win32.tibick.d 6 times svcnet.exe 13 worm/zusha.a 5 times rBt.exe 14 backdoor.win32.sdbot.gen 5 times msgfix.old 15 win32.hllw.agobot 4 times agobot2.exe na super... mal sehen ob ich das hinkriege was du da so geschrieben hast... danke schonmal... |
Logfile of HijackThis v1.99.0 Scan saved at 20:36:34, on 19.01.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Personal Firewall\NISUM.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Norton Personal Firewall\ccPxySvc.exe D:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE D:\Programme\Norton AntiVirus\SAVScan.exe C:\Dokumente und Einstellungen\Andrea\Desktop\troja\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [NBJ] "D:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe |
@ruby1975 dein problem fängt hier an Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) ich kann mich nur wiederholen dein system ist marke scheunentor, also bitte sofort IE und system updaten. btw, dein logfile schaut unauffällig aus chaosman |
bin ich grad dabei.... versuche mein bestes... soll ich danach noch einmal posten?? |
@ruby1975 nicht unbedingt, dein letztes logfile war ok :daumenhoc chaosman |
daaaaaankeeee..... *fallaufdieknie* |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:08 Uhr. |
Copyright ©2000-2024, Trojaner-Board