Browser öffnet sich von selbst - hijack zum anschauen

#0
04.04.2007, 22:07
...neu hier

Beiträge: 1
#1 hallo mein browserfenster öffnet sich immer von alleine hier der hijack input:

Logfile of HijackThis v1.99.1
Scan saved at 21:58:26, on 04.04.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\taskmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Haiges\Desktop\hijack\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Microsoft Video Capture Controls] MSsrvs32.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Norton 2006] voices.exe
O4 - HKLM\..\Run: [Norton Security 2004] princo.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\RunServices: [Microsoft Video Capture Controls] MSsrvs32.exe
O4 - HKLM\..\RunServices: [Norton Security 2004] princo.exe
O4 - HKLM\..\RunServices: [Norton 2006] voices.exe
O4 - HKCU\..\Run: [Microsoft Video Capture Controls] MSsrvs32.exe
O4 - HKCU\..\Run: [Norton Security 2004] princo.exe
O4 - HKCU\..\Run: [Norton 2006] voices.exe

O4 - HKCU\..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.ez-tracks.com/downloader/cab/special/eztdl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: policies - C:\WINNT\system32\f4l0le3m1h.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINNT\services.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

und als 2. input die startupinfos vomn hijack:

StartupList report, 04.04.2007, 21:59:35
StartupList version: 1.52.2
Started from : C:\Dokumente und Einstellungen\Haiges\Desktop\hijack\HijackThis\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\taskmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Haiges\Desktop\hijack\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\Haiges\Startmenü\Programme\Autostart]
Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
Matrox Powerdesk = C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
Acronis True Image Monitor = C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
Acronis Scheduler2 Service = C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
NeroCheck = C:\WINNT\system32\\NeroCheck.exe
pdfFactory Dispatcher v2 = C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
Logitech Utility = Logi_MwX.Exe
QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime
OPSE reminder = "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
OpwareSE2 = "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
Microsoft Video Capture Controls = MSsrvs32.exe
BDMCon = "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
BDNewsAgent = "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
Norton 2006 = voices.exe
Norton Security 2004 = princo.exe

HTpatch = C:\WINNT\htpatch.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Video Capture Controls = MSsrvs32.exe
Norton Security 2004 = princo.exe
Norton 2006 = voices.exe


--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft Video Capture Controls = MSsrvs32.exe
Norton Security 2004 = princo.exe
Norton 2006 = voices.exe

Performance Center = C:\Programme\Ascentive\Performance Center\APCMain.exe -m
swg = C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Download Program Files:

[SupportSoft Script Runner Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\tgctlsr.dll
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

[{44990200-3C9D-426D-81DF-AAB636FA4345}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

[{4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D}]
CODEBASE = http://www.ez-tracks.com/downloader/cab/special/eztdl.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38091.1744097222

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINNT\system32\MBOERT2.DLL|||m

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 7.157 bytes
Report generated in 0,031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Hat jemand eine idee

mfg
Seitenanfang Seitenende
05.04.2007, 17:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo meder

hier ist nichts mehr zu reinigen - du musst formatieren ! - es wimmelt nur so von backdoors !
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »