Instantsearch popups..bin ich Allein??

#1 Moin Moin

Habe auf meinem Arbeitsrechner lästige Popups der Sorte Viagra Strippoker etc...
Tauchen sporadisch auf. Habe Hijackthis schon drüber laufen lassen..nix außergewöhnliches gefunden.Alle möglichen Tips hier aus´m Forum durchgegangen
hat aba alles nix gebracht....(i mom läuft escan mal sehen was der so ans tageslicht bringt)....trotzdem tauchen die Dinger immer noch auf.....mein cheffe fragt schon was ich denn da für dolle Dinger auffm Bildschirm habe.....

Weiss einer Rat???

THX Schimmel

#2 Hallo, lade dir das Tool AdAware, Spybot und CWShredder und scan damit
dein PC. Vor dem Start aber unbedingt das update von AdAware, Spybot und CWShredder laden. Anschließend starte dein Antivirenprogramm.
Danach lade dir HijackThis, stelle es in einen seperaten Ordner und starte
das Programm. Die dabei erzeugte Logfile bitte speichern und hier posten.

Rolfs

#3 So, Alles geregelt... AntiVir : negativ , CW : Negativ , SD : Negativ , AdAware : negativ bis auf zwei tracking cookies , gelöscht

Hier der aktuelle Log von HiJack



Logfile of HijackThis v1.99.1
Scan saved at 08:51:03, on 31.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ANYCOM\Blue USB-100\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ANYCOM\Blue USB-100\BTTray.exe
C:\Programme\ISDNWatch\Iwatch.exe
C:\Programme\Windows Communicator\Communicator.exe
C:\Programme\Hardcopy\hardcopy.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Windows Communicator\CommunicatorServer9x.exe
C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Lotz\Desktop\Spytools\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Schimmels Internet Explorer
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Startup: ISDNWatch Filter.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\ISDNWatch\Iwatch.exe
O4 - Global Startup: Windows Communicator.lnk = C:\Programme\Windows Communicator\Communicator.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07fffc7e94dbc0da6405/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093953715125
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\ANYCOM\Blue USB-100\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe

zeigt unter autoauswertung nix böses an!

Gruß Schimmel

#4 C:\WINDOWS\NCLAUNCH.EXe

C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

Lass bitte mal diese beiden Dateien hier online prüfen:
http://www.kaspersky.com/de/remoteviruschk.html

Rolfs

#5 Beide i.O. nix gefunden



Schimmel

#6 Kommen dieses Popups noch?

#7 jo...immer noch sporadisch


bin aber gerade im abgesichertem Modus mit eScan nochmal unterwegs...poste dann..wenns soweit is!!!



So..habe mal mit eScan durchgeforstet..folgendes wurde gefunden:


File C:\Programme\AVPersonal\INFECTED\A0169749.EXE.VIR
File C:\Programme\AVPersonal\INFECTED\HELPER.EXE.VIR
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP240\A0126037.exe infected by "not-a-virus:AdWare.WebRebates.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP240\A0126038.exe infected by "not-a-virus:AdWare.WebRebates.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP240\A0126037.exe infected by "not-a-virus:AdWare.WebRebates.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP240\A0126038.exe infected by "not-a-virus:AdWare.WebRebates.b" Virus. Action Ta.ken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP247\A0133170.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP248\A0134147.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP255\A0146633.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP255\A0146634.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP263\A0150927.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP264\A0150966.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP264\A0151011.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP264\A0151042.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP265\A0151055.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP265\A0151097.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP265\A0152097.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP265\A0153097.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP270\A0154178.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP271\A0155178.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP272\A0155305.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP274\A0156129.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP275\A0157131.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP275\A0158128.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP275\A0159128.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP275\A0160128.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP275\A0160248.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP281\A0160348.dll infected by "not-a-virus:AdWare.ToolBar.MaidBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP281\A0160349.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP281\A0160353.exe infected by "Trojan.Win32.Favadd.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP281\A0160356.exe infected by "Trojan.Win32.Small.dn" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP281\A0161342.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP287\A0161477.dll infected by "not-a-virus:AdWare.ToolBar.MaidBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP290\A0161789.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP295\A0162809.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP295\A0162844.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP295\A0162940.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP296\A0162966.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP296\A0162980.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP296\A0163000.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP296\A0163023.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP297\A0163038.exe infected by "Trojan.Win32.Small.dn" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP297\A0163052.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP299\A0163171.exe infected by "Trojan.Win32.Favadd.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP300\A0163226.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP300\A0163238.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP301\A0163271.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP303\A0163368.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP303\A0163394.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP304\A0163404.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP324\A0163972.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP336\A0167257.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP337\A0167479.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP338\A0167539.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP339\A0167596.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP340\A0167624.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP340\A0167632.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP341\A0167678.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP341\A0168678.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP342\A0168710.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP345\A0168820.exe infected by "Trojan-Downloader.Win32.Zlob.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP345\A0168821.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File D:\dolphinfree.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File D:\StyleXPThemes\31777.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File D:\StyleXPThemes\78815.exe infected by "Virus.Win32.Parite.b" Virus. Action Taken: No Action Taken.
File D:\Systemprogramme\GDiVX1.9.9.5.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with VX2 Spyware/Adware ({0E5CBF21-D15F-11D0-8301-00AA005B4383})! Action taken: No Action Taken.
System found infected with 180Solutions Spyware/Adware ({30d02401-6a81-11d0-8274-00c04fd5ae38})! Action taken: No Action Taken.
System found infected with VX2 Spyware/Adware ({0E5CBF21-D15F-11D0-8301-00AA005B4383})! Action taken: No Action Taken.
Scanning File C:\Programme\AVPersonal\INFECTED\A0169749.EXE.VIR
File C:\Programme\AVPersonal\INFECTED\A0169749.EXE.VIR infected by "Trojan-Clicker.Win32.Agent.cr" Virus. Action Taken: No Action Taken.
File C:\Programme\AVPersonal\INFECTED\HELPER.EXE.VIR infected by "Trojan-Clicker.Win32.Agent.cr" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP240\A0126037.exe infected by "not-a-virus:AdWare.WebRebates.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{72BC8F17-2CC8-475A-BC8A-00C9F24893EB}\RP240\A0126038.exe infected by "not-a-virus:AdWare.WebRebates.b" Virus. Action Taken: No Action Taken.


Gruß Schimmel

#8 hallo ich hab seit einpaar wochen das gleiche problem...ich bekomme etwa jede 20min. pop-up werbung. ich hab mein pc schon mit antivi und spybot durchsucht...nix gefunden!

vorm laden sieht man noch das es von www.instantsearch.cc kommt.

#9 Bei ist es genau das gleiche immer wieder lässtige pop ups bekomme sie auch nicht weg.....habe schon ne Thread dazu...

dann bin ich ja nicht alleine mit diesem prob

#10 Überprüft bitte euren PC auf Malware mit:
dem Tool AdAware, Spybot und CWShredder und scan damit
dein PC. Vor dem Start aber unbedingt das update von AdAware, Spybot und CWShredder laden. Anschließend starte dein Antivirenprogramm.
Danach lade dir HijackThis, stelle es in einen seperaten Ordner und starte
das Programm. Die dabei erzeugte Logfile bitte speichern und hier posten.

Rolfs

#11 Es ist zum Mäusemelken.....

@rolfs

alles getan ...das resultat steht oben!

Was kann ich , können wir als nächstes tun??


Gruß Schimmel

#12 Schimmel, du solltest eine neue Logfile von HijackThis posten.

Der Log von escan ist dazu nicht geeignet.

#13 Jo Rolfs..kein Prob,

Hier der aktuelle Log:



Logfile of HijackThis v1.99.1
Scan saved at 10:18:02, on 05.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ANYCOM\Blue USB-100\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ANYCOM\Blue USB-100\BTTray.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ISDNWatch\Iwatch.exe
C:\Programme\Windows Communicator\Communicator.exe
C:\Programme\Hardcopy\hardcopy.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Windows Communicator\CommunicatorServer9x.exe
C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Lotz\Desktop\Spytools\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Schimmels Internet Explorer
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Startup: ISDNWatch Filter.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\ISDNWatch\Iwatch.exe
O4 - Global Startup: Windows Communicator.lnk = C:\Programme\Windows Communicator\Communicator.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093953715125
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\ANYCOM\Blue USB-100\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe

#14 Vielleicht hilft Shoot The Messenger http://www.grc.com/stm/ShootTheMessenger.htm
__________
MfG Argus

#15 Hallo Schimmel, bei der Auswertung mit
http://www.hijackthis.de/
werden u. a. auch unbekannte Dateien angezeigt.
Diese unbekannten solltest du mal überprüfen ob du die kennst.

Bei der Auswertung hast du 3 Dateien die zwar als gut gekennzeichnet sind
wo aber ganz rechts ein Hinweis erscheint mit:
Evtl. böse weil sie nicht im richtigen Verzeichnis stehen
so wie diese z. B.
C:\Programme\ANYCOM\Blue USB-100\BTTray.exe

Die solltest du auch überprüfen und zwar hier:
http://www.kaspersky.com/de/remoteviruschk.html