Home » Viren, Trojaner & Malware Forum » FF und IE leiten auf andere Seiten um » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

FF und IE leiten auf andere Seiten um

25.12.2007, 12:49

c4pt4in

...neu hier

Beiträge: 6

#1 Hallo,

FF und IE leiten mich immer auf falsche Seiten weiter. Könnt ihr mir helfen?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:42, on 25.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
K:\HiJackThis202.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo310] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20071214
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 4491 bytes

25.12.2007, 14:09

virenfinder

Member

Beiträge: 3716

#2 1. stell deine ordneroptionen wie folgt ein:
arbeitsplatz öffnen,extras,ordneroptionen,ansicht
- dateinamenerweiterungen bei bekannten dateitypen ausblenden off
- inhalte von systemordnern einblenden on
- geschützte systemdateien ausblenden off
- versteckte dateien und ordner alle einblenden on
2. lad eine neue version von hijackthis instaliere sie und benenne die hijackthis.exe in hjt.com um, da sich malware vor der hijackthis.exe verstecken kann!
www.zdnet.de/downloads/prg/n/m/deGNNM-wc.html - 58k -
Erstelle und poste ein neues log!
3. lad combofix führe es nach anleitung aus schalte während des scans bitte antivir aus:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
bitte werend der reinigung mit combofix den guard sowie alle weiteren programme abschalten!
4. lad filelist.zip entpacke auf dem desktop
starte deinen pc neu klicke dann auf filelist.bat und poste von jedem verzeichniss die jeweils letzten 30 tage.
http://members.linzag.net/680262/filelist.zip

25.12.2007, 14:58

c4pt4in

...neu hier

Themenstarter

Beiträge: 6

#3 Wie kann ich "inhalte von systemordnern einblenden on" unter vista einstellen?

25.12.2007, 15:03

virenfinder

Member

Beiträge: 3716

#4 hi, leider habe ich kein vista... lass das also erstmal, bitte auch nicht die filelist machen die geht nciht.
da muss ich dir n neuen link suchen. den rest wie beschrieben abarbeiten danke

25.12.2007, 15:09

c4pt4in

...neu hier

Themenstarter

Beiträge: 6

#5 Hier der neue Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:13, on 25.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\hjt\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo310] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20071214
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 4899 bytes

25.12.2007, 15:16

virenfinder

Member

Beiträge: 3716

#6 dann noch combofix bitte

25.12.2007, 15:21

c4pt4in

...neu hier

Themenstarter

Beiträge: 6

#7 Hier combofix:

ComboFix 07-12-21.4 - Sven 2007-12-25 15:17:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1291 [GMT 1:00]
ausgeführt von:: K:\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2007-11-25 bis 2007-12-25 ))))))))))))))))))))))))))))))
.

2007-12-25 15:06 . 2007-12-25 15:06 <DIR> d-------- C:\Program Files\hjt
2007-12-25 11:18 . 2007-12-25 11:18 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-25 11:18 . 2007-12-25 11:18 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-25 11:18 . 2007-12-25 11:20 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2007-12-25 11:16 . 2007-12-25 11:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 10:47 . 2007-12-25 11:14 <DIR> d-------- C:\Users\Sven\AppData\Roaming\Lavasoft
2007-12-25 10:12 . 2007-12-25 10:14 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-25 10:12 . 2007-12-25 10:14 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-23 15:52 . 2007-12-25 11:34 258,816,395 --a------ C:\Windows\MEMORY.DMP
2007-12-23 14:01 . 2007-12-23 14:01 <DIR> d-------- C:\Program Files\Ubisoft
2007-12-22 10:19 . 2007-12-22 10:19 <DIR> d-------- C:\Users\All Users\Trymedia
2007-12-22 10:19 . 2007-12-22 10:19 <DIR> d-------- C:\ProgramData\Trymedia
2007-12-21 18:30 . 2007-12-21 18:30 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-21 18:30 . 2007-12-21 18:30 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-21 18:30 . 2007-12-21 18:30 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-21 18:30 . 2007-12-21 18:30 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-21 18:28 . 2007-12-21 18:28 3,505,848 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-21 18:28 . 2007-12-21 18:28 3,472,056 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-21 18:27 . 2007-12-21 18:27 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-16 14:06 . 2007-12-16 14:06 <DIR> d-------- C:\Users\All Users\CheckPoint
2007-12-16 14:06 . 2007-12-16 14:06 <DIR> d-------- C:\ProgramData\CheckPoint
2007-12-16 14:05 . 2007-12-25 11:34 350,468 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2007-12-16 14:05 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2007-12-16 14:04 . 2007-12-25 12:23 <DIR> d-------- C:\Windows\Internet Logs
2007-12-16 13:15 . 2007-12-16 13:15 <DIR> d-------- C:\Users\Sven\AppData\Roaming\Talkback
2007-12-16 13:15 . 2007-12-16 13:15 0 --a------ C:\Windows\nsreg.dat
2007-12-16 12:17 . 2003-06-18 17:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2007-12-16 12:17 . 2007-12-16 12:17 400 --a------ C:\Windows\ODBC.INI
2007-12-16 12:16 . 2007-12-16 12:16 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-16 12:13 . 2007-12-16 12:13 <DIR> d-------- C:\Windows\PCHEALTH
2007-12-16 12:13 . 2007-12-16 12:13 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-16 12:12 . 2007-12-16 12:12 <DIR> dr-h----- C:\MSOCache
2007-12-14 18:08 . 2007-12-14 18:08 <DIR> d-------- C:\Users\Sven\AppData\Roaming\Watchtower
2007-12-14 17:27 . 2007-12-14 17:27 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2007-12-14 17:27 . 2007-12-14 17:27 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2007-12-14 17:27 . 2007-12-14 17:27 53,080 --a------ C:\Windows\System32\wuauclt.exe
2007-12-14 17:27 . 2007-12-14 17:27 43,352 --a------ C:\Windows\System32\wups2.dll
2007-12-14 17:26 . 2007-12-14 17:26 549,720 --a------ C:\Windows\System32\wuapi.dll
2007-12-14 17:26 . 2007-12-14 17:26 163,000 --a------ C:\Windows\System32\wuwebv.dll
2007-12-14 17:26 . 2007-12-14 17:26 80,896 --a------ C:\Windows\System32\wudriver.dll
2007-12-14 17:26 . 2007-12-14 17:26 33,624 --a------ C:\Windows\System32\wups.dll
2007-12-14 17:26 . 2007-12-14 17:26 31,232 --a------ C:\Windows\System32\wuapp.exe
2007-12-14 16:47 . 2003-11-14 10:19 1,044,480 -ra------ C:\Windows\System32\Roboex32.dll
2007-12-14 16:47 . 2003-11-14 10:19 40,960 -ra------ C:\Windows\System32\wh2robo.dll
2007-12-14 16:44 . 2007-12-14 16:47 <DIR> d-------- C:\Program Files\Watchtower
2007-12-14 16:36 . 2007-12-14 16:36 <DIR> d--h----- C:\Program Files\Zenographics
2007-12-14 16:36 . 2007-12-14 16:36 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-14 15:50 . 2007-12-14 15:50 <DIR> d-------- C:\Users\Sven\AppData\Roaming\Apple Computer
2007-12-14 14:30 . 2007-12-14 14:30 <DIR> d-------- C:\Program Files\NETGEAR
2007-12-14 14:30 . 2005-08-08 08:48 221,184 --a------ C:\Windows\UninstallDialog.exe
2007-12-14 14:30 . 2005-08-08 09:27 221,184 --a------ C:\Windows\InstallDialog.exe
2007-12-14 14:03 . 2007-12-14 14:03 <DIR> d-------- C:\Program Files\IPIX
2007-12-14 14:03 . 2007-12-14 14:03 <DIR> d-------- C:\Program Files\Brockhaus Multimedia
2007-12-14 14:02 . 2007-12-14 14:02 <DIR> d-------- C:\Windows\System32\Macromed
2007-12-14 14:01 . 2007-12-14 14:01 <DIR> d-------- C:\Users\All Users\Apple Computer
2007-12-14 14:01 . 2007-12-14 14:01 <DIR> d-------- C:\ProgramData\Apple Computer
2007-12-14 14:01 . 2007-12-14 14:02 <DIR> d-------- C:\Program Files\QuickTime
2007-12-14 14:01 . 2007-12-14 14:01 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-14 13:59 . 2001-01-04 12:22 135,168 --a------ C:\Windows\System32\TXTUSER.EXE
2007-12-14 13:59 . 2000-07-24 15:33 61,440 --a------ C:\Windows\System32\lookmod.dll
2007-12-14 13:59 . 2000-07-24 15:35 45,056 --a------ C:\Windows\System32\patchmod.dll
2007-12-14 13:59 . 2000-07-24 15:29 45,056 --a------ C:\Windows\System32\hookmod.dll
2007-12-14 13:58 . 2007-12-14 13:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-12-14 13:58 . 2007-12-14 13:59 <DIR> d-------- C:\Program Files\Brockhaus
2007-12-14 13:49 . 2007-12-14 13:49 <DIR> d-------- C:\Users\All Users\fsc-reg
2007-12-14 13:49 . 2007-12-14 13:49 <DIR> d-------- C:\ProgramData\fsc-reg
2007-12-14 13:47 . 2007-12-14 13:47 <DIR> d-------- C:\Users\All Users\Nero
2007-12-14 13:47 . 2007-12-14 13:47 <DIR> d-------- C:\ProgramData\Nero
2007-12-14 13:47 . 2007-12-14 13:47 <DIR> d-------- C:\Program Files\Nero
2007-12-14 13:47 . 2007-12-14 13:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-14 13:44 . 2007-12-14 13:44 <DIR> dr------- C:\Users\Sven\Videos
2007-12-14 13:44 . 2007-12-14 13:44 <DIR> dr------- C:\Users\Sven\Searches
2007-12-14 13:44 . 2007-12-19 18:09 <DIR> dr------- C:\Users\Sven\Saved Games
2007-12-14 13:44 . 2007-12-25 14:24 <DIR> dr------- C:\Users\Sven\Pictures
2007-12-14 13:44 . 2007-12-24 22:45 <DIR> dr------- C:\Users\Sven\Music
2007-12-14 13:44 . 2007-12-14 13:44 <DIR> dr------- C:\Users\Sven\Links
2007-12-14 13:44 . 2007-12-14 13:44 <DIR> dr------- C:\Users\Sven\Downloads
2007-12-14 13:44 . 2007-12-25 12:35 <DIR> dr------- C:\Users\Sven\Documents
2007-12-14 13:44 . 2007-12-14 13:44 <DIR> dr------- C:\Users\Sven\Contacts
2007-12-14 13:44 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Sven\AppData\Roaming\Media Center Programs
2007-12-14 13:44 . 2007-12-14 13:44 <DIR> d--h----- C:\Users\Sven\AppData
2007-12-14 13:40 . 2007-12-14 13:40 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
2007-12-05 01:36 . 2007-12-05 02:25 <DIR> d-------- C:\TMP
2007-12-05 00:52 . 2007-12-14 13:36 <DIR> d-------- C:\Windows\Panther
2007-12-05 00:52 . 2007-12-05 00:52 <DIR> d--hs---- C:\Boot
2007-12-05 00:52 . 2006-11-08 14:23 102,912 --------- C:\Windows\System32\drivers\viamraid.sys
2007-12-05 00:52 . 2007-12-05 00:52 8,192 -ra-s---- C:\BOOTSECT.BAK
2007-12-05 00:51 . 2007-12-04 16:03 <DIR> d-------- C:\Windows\System32\Oem
2007-12-05 00:51 . 2007-07-02 16:17 364,544 --------- C:\Windows\System32\nvraiins.dll
2007-12-05 00:51 . 2007-07-02 16:17 364,544 --------- C:\Windows\System32\nvraidco.dll
2007-12-05 00:51 . 2007-07-12 15:35 305,176 --------- C:\Windows\System32\drivers\iaStor.sys
2007-12-05 00:51 . 2007-07-02 16:37 131,616 --------- C:\Windows\System32\drivers\nvrd32.sys
2007-12-05 00:51 . 2007-07-02 16:37 110,112 --------- C:\Windows\System32\drivers\nvstor32.sys
2007-12-05 00:51 . 2007-06-13 22:47 48,256 --------- C:\Windows\System32\drivers\jraid.sys
2007-12-05 00:46 . 2007-12-05 00:46 <DIR> d-------- C:\Windows.old
2007-12-04 16:23 . 2007-12-04 16:23 <DIR> d-------- C:\Program Files\Common Files\Fujitsu Siemens Computers
2007-12-04 16:20 . 2007-12-04 16:20 <DIR> d-------- C:\Users\All Users\Corel
2007-12-04 16:20 . 2007-12-04 16:20 <DIR> d-------- C:\Users\All Users\Borland
2007-12-04 16:20 . 2007-12-04 16:20 <DIR> d-------- C:\ProgramData\Corel
2007-12-04 16:20 . 2007-12-04 16:20 <DIR> d-------- C:\ProgramData\Borland

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 17:29 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-21 17:29 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-21 17:29 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-21 17:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-21 17:29 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-21 17:29 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-21 17:29 102,400 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-14 12:40 --------- d-sh--w C:\ProgramData\Vorlagen
2007-12-14 12:40 --------- d-sh--w C:\ProgramData\Startmenü
2007-12-14 12:40 --------- d-sh--w C:\ProgramData\Favoriten
2007-12-14 12:40 --------- d-sh--w C:\ProgramData\Dokumente
2007-12-14 12:40 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2007-12-14 12:40 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2007-12-04 15:04 --------- d-----w C:\Program Files\Windows Mail
2007-12-04 15:00 174 --sha-w C:\Program Files\desktop.ini
2007-11-03 00:01 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-03 00:01 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-03 00:01 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-03 00:01 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-03 00:01 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-03 00:01 23,552 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-03 00:01 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-03 00:01 194,048 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-03 00:00 112,640 ----a-w C:\Windows\System32\wiadss.dll
2007-11-02 23:59 584,704 ----a-w C:\Windows\System32\MSMPEG2VDEC.DLL
2007-11-02 23:59 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2007-11-02 23:59 23,552 ----a-w C:\Windows\System32\lpremove.exe
2007-11-02 23:59 176,640 ----a-w C:\Windows\System32\lpksetup.exe
2007-11-02 23:59 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2007-11-02 23:58 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-11-02 23:57 97,280 ----a-w C:\Windows\System32\shsetup.dll
2007-11-02 23:56 225,792 ----a-w C:\Windows\system32\drivers\udfs.sys
2007-11-02 23:55 60,928 ----a-w C:\Windows\System32\reg.exe
2007-11-02 23:55 53,760 ----a-w C:\Windows\System32\fdeploy.dll
2007-11-02 23:54 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2007-11-02 23:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-02 23:53 72,704 ----a-w C:\Windows\System32\secur32.dll
2007-11-02 23:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-02 23:53 7,680 ----a-w C:\Windows\System32\lsass.exe
2007-11-02 23:53 495,104 ----a-w C:\Windows\System32\kerberos.dll
2007-11-02 23:53 45,240 ----a-w C:\Windows\system32\drivers\pciidex.sys
2007-11-02 23:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-02 23:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-02 23:53 28,344 ----a-w C:\Windows\system32\drivers\msahci.sys
2007-11-02 23:53 21,688 ----a-w C:\Windows\system32\drivers\atapi.sys
2007-11-02 23:53 20,152 ----a-w C:\Windows\system32\drivers\viaide.sys
2007-11-02 23:53 19,128 ----a-w C:\Windows\system32\drivers\cmdide.sys
2007-11-02 23:53 18,104 ----a-w C:\Windows\system32\drivers\intelide.sys
2007-11-02 23:53 18,104 ----a-w C:\Windows\system32\drivers\amdide.sys
2007-11-02 23:53 17,592 ----a-w C:\Windows\system32\drivers\aliide.sys
2007-11-02 23:53 16,056 ----a-w C:\Windows\system32\drivers\pciide.sys
2007-11-02 23:53 110,264 ----a-w C:\Windows\system32\drivers\ataport.sys
2007-11-02 23:53 1,234,432 ----a-w C:\Windows\System32\lsasrv.dll
2007-11-02 23:52 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-02 23:52 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-02 23:52 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-02 23:52 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-02 23:52 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-02 23:52 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-11-02 23:52 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-02 23:52 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-02 23:52 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-02 23:52 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-02 23:52 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-02 23:52 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-02 23:52 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-02 23:51 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2007-11-02 23:51 162,816 ----a-w C:\Windows\System32\spoolss.dll
2007-11-02 23:50 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-11-02 23:50 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-11-02 23:50 6,656 ----a-w C:\Windows\System32\kbd106.dll
2007-11-02 23:50 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2007-11-02 23:50 35,512 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2007-11-02 23:50 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2007-11-02 23:49 563,200 ----a-w C:\Windows\System32\emdmgmt.dll
2007-11-02 23:49 290,816 ----a-w C:\Windows\system32\drivers\srv.sys
2007-11-02 23:49 135,864 ----a-w C:\Windows\system32\drivers\ecache.sys
2007-11-02 23:47 804,352 ----a-w C:\Windows\system32\drivers\tcpip.sys
2007-11-02 23:47 22,016 ----a-w C:\Windows\System32\netiougc.exe
2007-11-02 23:47 217,272 ----a-w C:\Windows\system32\drivers\netio.sys
2007-11-02 23:47 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2007-11-02 23:46 1,061,048 ----a-w C:\Windows\system32\drivers\ntfs.sys
2007-11-02 23:45 1,380,864 ----a-w C:\Windows\System32\Query.dll
2007-11-02 23:44 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2007-11-02 23:44 621,568 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-02 23:44 37,376 ----a-w C:\Windows\System32\cdd.dll
2007-11-02 23:44 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2007-11-02 23:43 387,584 ----a-w C:\Windows\system32\drivers\http.sys
2007-11-02 23:43 13,312 ----a-w C:\Windows\system32\drivers\sffdisk.sys
2007-11-02 23:43 12,288 ----a-w C:\Windows\system32\drivers\sffp_sd.sys
2007-11-02 23:43 12,288 ----a-w C:\Windows\system32\drivers\sffp_mmc.sys
2007-11-02 23:42 167,424 ----a-w C:\Windows\System32\ActionQueue.dll
2007-11-02 23:39 52,992 ----a-w C:\Windows\system32\drivers\stream.sys
2007-11-02 23:39 120,504 ----a-w C:\Windows\system32\drivers\Storport.sys
2007-11-02 23:38 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-11-02 23:36 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-02 23:36 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-02 23:36 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-02 23:36 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-02 23:36 69,632 ----a-w C:\Windows\System32\sendmail.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-11-08 14:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-02 23:49]
"NvSvc"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 12:35 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVKTray"="C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" [2007-04-02 13:49]
"QuickFinder Scheduler"="c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 23:21]
"recinfo310"="c:\RecInfo\RecInfo.exe" [2007-10-23 13:52]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"AS00_WN311B"="C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll

R2 AVKProxy;AVKProxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" [2007-05-03 09:04]
R2 AVKService;AVK Service;C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe [2007-04-02 13:20]
R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe [2007-04-02 12:09]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\Windows\system32\drivers\GDTdiIcpt.sys [2007-12-04 16:15]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 09:25]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
R3 GDMnIcpt;GDMnIcpt;C:\Windows\system32\drivers\MiniIcpt.sys [2007-12-04 16:15]
R3 HookCentre;HookCentre;C:\Windows\system32\drivers\HookCentre.sys [2007-12-04 16:15]
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-01 16:46]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 08:18]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 16:37]
S4 nvstor32;nvstor32;C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 16:37]
S4 viamraid;viamraid;C:\Windows\system32\drivers\viamraid.sys [2006-11-08 14:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum UxSms

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad03199c-aa40-11dc-8563-806e6f6e6963}]
\shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2007-12-14 13:13:23 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-24 20:59:22 C:\Windows\Tasks\User_Feed_Synchronization-{18B1E53B-671E-48C9-A684-C94D962A15A3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 15:19:22
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-25 15:19:51
.
2007-12-21 17:30:44 --- E O F ---

25.12.2007, 15:38

virenfinder

Member

Beiträge: 3716

#8 auf was für seiten wird umgeleitet?
ich sehe mir jetzt dein log an.

25.12.2007, 16:02

virenfinder

Member

Beiträge: 3716

#9 bitte lad counterspy update
lies die anleitung durch:
www.hijackthis-forum.de/showthread.php?t=14738 - 37k -
alles löschen, dies muss im abgesicherten modus geschehen bitte zwischen den einzelnen scanläufen neu starten, poste mir alle logs.

25.12.2007, 16:42

c4pt4in

...neu hier

Themenstarter

Beiträge: 6

#10 Wenn ich zum Beispiel auf gmx will lande ich bei google oder studinet.

25.12.2007, 16:52

virenfinder

Member

Beiträge: 3716

#11 hi, mache for counterspy noch folgendes:
lad CCleaner:
www.[url="http://www.ccleaner.de"]CCleaner[/url].de lasse ihn dein system follständig bereinigen
.
Achtung: bitte ohne yahoo toolbar instalieren
lasse ihn zusätzlich deine registry bereinigen
bitte gehe dann auf extras und uninstallist, erstelle diese und poste die hier

25.12.2007, 23:13

c4pt4in

...neu hier

Themenstarter

Beiträge: 6

#12 Hallo,

vielen Dank für deine Hilfe. Hat alles nicht geholfen. Ich werde den Rechner neuinstallieren. Aber danke nochmals

26.12.2007, 10:39

virenfinder

Member

Beiträge: 3716

#13 gut dann beachte aber die hinweise hier im forum und melde dich mit einem frischen hjt-log wieder evtl. können wir hinweise geben

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1