IE 7 öffnet von alleine neue Fenster mit Werbung |
||
---|---|---|
#0
| ||
14.02.2008, 15:58
...neu hier
Beiträge: 3 |
||
|
||
14.02.2008, 17:24
Moderator
Beiträge: 5694 |
||
|
||
14.02.2008, 18:26
...neu hier
Themenstarter Beiträge: 3 |
#3
Habe ich gemacht !
ComboFix 08-02-14.3 - 2008-02-14 17:27:38.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.715 [GMT 1:00] ausgeführt von:: C:\Users\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . * Resident AV is active (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\ \AppData\Local\gxjcld.dat C:\Users\ \AppData\Local\gxjcld.exe C:\Users\ \AppData\Local\gxjcld_nav.dat C:\Users\ \AppData\Local\gxjcld_navps.dat C:\Windows\system32\FTPx.dll C:\Windows\system32\MabryObj.dll C:\Windows\system32\x64 . ((((((((((((((((((((((( Dateien erstellt von 2008-01-14 bis 2008-02-14 )))))))))))))))))))))))))))))) . 2008-02-14 17:09 . 2008-02-14 17:12 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-02-14 17:09 . 2008-02-14 17:12 <DIR> d-------- C:\ProgramData\Lavasoft 2008-02-14 17:09 . 2008-02-14 17:09 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-14 17:08 . 2008-02-14 17:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-14 17:04 . 2008-02-14 17:07 <DIR> d-------- C:\Users\ t\AppData\Roaming\Lavasoft 2008-02-14 11:50 . 2008-02-14 11:50 <DIR> d-------- C:\Users\ t\AppData\Roaming\PC Tools 2008-02-14 11:50 . 2008-02-14 14:36 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-14 11:50 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys 2008-02-14 11:50 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys 2008-02-14 11:50 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys 2008-02-14 11:50 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys 2008-02-14 11:41 . 2008-02-14 12:26 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-02-14 11:41 . 2008-02-14 12:26 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-02-14 11:41 . 2008-02-14 12:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-14 11:22 . 2008-02-14 17:13 <DIR> d-a------ C:\Users\All Users\TEMP 2008-02-14 11:22 . 2008-02-14 17:13 <DIR> d-a------ C:\ProgramData\TEMP 2008-02-14 09:08 . 2008-02-14 09:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-14 00:42 . 2008-02-14 00:42 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-14 00:42 . 2008-02-14 00:42 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-14 00:37 . 2008-02-14 00:37 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-14 00:37 . 2008-02-14 00:37 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-02-14 00:37 . 2008-02-14 00:37 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-02-14 00:37 . 2008-02-14 00:37 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-02-14 00:37 . 2008-02-14 00:37 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-02-14 00:37 . 2008-02-14 00:37 25,656 --a------ C:\Windows\System32\drivers\msahci.sys 2008-02-14 00:37 . 2008-02-14 00:37 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-02-14 00:37 . 2008-02-14 00:37 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-02-14 00:35 . 2008-02-14 00:35 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-02-14 00:35 . 2008-02-14 00:35 216,632 --a------ C:\Windows\System32\drivers\netio.sys 2008-02-14 00:35 . 2008-02-14 00:35 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-02-14 00:35 . 2008-02-14 00:35 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-02-14 00:35 . 2008-02-14 00:35 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-02-14 00:34 . 2008-02-14 00:34 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 00:34 . 2008-02-14 00:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-09 17:49 . 2008-02-09 17:49 <DIR> d-------- C:\Program Files\Windows Live 2008-02-04 22:01 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl 2008-02-04 21:59 . 2008-02-04 22:01 <DIR> d-------- C:\Program Files\Java 2008-02-04 21:58 . 2008-02-04 21:58 <DIR> d-------- C:\Program Files\Common Files\Java 2008-01-24 15:06 . 2008-01-25 08:56 <DIR> d-------- C:\Program Files\profiSUBMIT 2008-01-24 15:06 . 2008-01-24 15:06 <DIR> d-------- C:\Program Files\mresreg 2008-01-15 13:28 . 2006-07-01 04:25 151,552 --a------ C:\Windows\System32\w2dzip32.dll 2008-01-15 13:15 . 2008-01-15 13:15 110,304 --a------ C:\Windows\System32\drivers\ACEDRV09.sys 2008-01-15 13:13 . 2008-01-15 13:13 <DIR> d-------- C:\Program Files\DATA BECKER 2008-01-14 18:46 . 2008-01-14 18:46 <DIR> d-------- C:\Windows\System32\config\systemprofile\{ef416408-a156-4184-ab61-e2fdf27246f5} 2008-01-14 18:44 . 2008-01-14 18:44 <DIR> d-------- C:\Windows\System32\config\systemprofile\{be4fce72-245e-4f8e-8ffa-c3a6d32d75f6} 2008-01-14 18:42 . 2006-01-04 09:12 77,824 --a------ C:\Windows\System32\HPZIDS01.dll 2008-01-14 18:42 . 2006-02-09 15:45 38,400 --a------ C:\Windows\System32\hpz3l054.dll 2008-01-14 18:41 . 2006-02-01 01:48 282,624 --a------ C:\Windows\System32\HPZc3212.dll 2008-01-14 18:41 . 2006-02-01 01:48 21,568 --a------ C:\Windows\System32\drivers\HPZius12.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-14 16:33 3,407,872 --sha-w C:\Users\ t\NTUSER.DAT 2008-02-14 16:33 3,407,872 --sha-w C:\Users\ t\NTUSER.DAT 2008-02-14 16:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2008-02-14 16:07 --------- d-----w C:\Users\ t\AppData\Roaming\Lavasoft 2008-02-14 15:38 --------- d-----w C:\Users\ t\AppData\Roaming\Skype 2008-02-14 15:06 --------- d-----w C:\Users\ t\AppData\Roaming\skypePM 2008-02-14 13:17 --------- d-----w C:\ProgramData\FLEXnet 2008-02-14 11:57 --------- d-----w C:\ProgramData\Symantec 2008-02-14 11:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-14 10:50 --------- d-----w C:\Users\ t\AppData\Roaming\PC Tools 2008-02-14 10:49 --------- d-----w C:\ProgramData\Google Updater 2008-02-13 23:40 943,800 ----a-w C:\Windows\System32\winload.exe 2008-02-13 23:40 905,400 ----a-w C:\Windows\System32\winresume.exe 2008-02-13 23:40 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-13 23:40 613,888 ----a-w C:\Windows\System32\wpd_ci.dll 2008-02-13 23:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-13 23:40 595,456 ----a-w C:\Windows\System32\schedsvc.dll 2008-02-13 23:40 558,080 ----a-w C:\Windows\System32\oleaut32.dll 2008-02-13 23:40 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-02-13 23:40 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-02-13 23:40 39,424 ----a-w C:\Windows\System32\lodctr.exe 2008-02-13 23:40 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-02-13 23:40 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-02-13 23:40 35,328 ----a-w C:\Windows\System32\dispci.dll 2008-02-13 23:40 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-02-13 23:40 32,256 ----a-w C:\Windows\System32\unlodctr.exe 2008-02-13 23:40 260,096 ----a-w C:\Windows\System32\dpx.dll 2008-02-13 23:40 23,552 ----a-w C:\Windows\System32\nshhttp.dll 2008-02-13 23:40 224,824 ----a-w C:\Windows\System32\clfs.sys 2008-02-13 23:40 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll 2008-02-13 23:40 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-02-13 23:40 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll 2008-02-13 23:40 17,408 ----a-w C:\Windows\System32\prflbmsg.dll 2008-02-13 23:40 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-02-13 23:40 12,800 ----a-w C:\Windows\System32\batt.dll 2008-02-13 23:40 115,200 ----a-w C:\Windows\System32\loadperf.dll 2008-02-13 23:40 101,888 ----a-w C:\Windows\System32\drvinst.exe 2008-02-13 23:40 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-02-13 23:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 23:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 23:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 23:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 23:27 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 23:27 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 23:27 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 23:27 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-13 17:00 --------- d-----w C:\Users\ t\AppData\Roaming\Adobe 2008-02-13 16:17 --------- d-----w C:\Program Files\StarMoney 6.0 2008-02-13 07:43 --------- d-----w C:\Users\ t\AppData\Roaming\FileZilla 2008-02-09 16:58 --------- d-s---w C:\Users\ t\AppData\Roaming\Microsoft 2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-01-10 12:13 --------- d-----w C:\Program Files\Windows Mail 2008-01-10 12:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-10 12:09 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-10 12:09 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-10 12:09 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-01 13:45 --------- d-----w C:\Users\ t\AppData\Roaming\CyberLink 2007-12-31 14:37 0 ----a-w C:\Users\ t\AppData\Roaming\wklnhst.dat 2007-12-31 13:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-31 07:32 101,376 ----a-w C:\Windows\system32\drivers\ACEDRV07.sys 2007-12-30 18:36 --------- d-----w C:\Program Files\Norton Internet Security 2007-12-29 16:51 --------- d-----w C:\Program Files\HTML Studio 2007-12-29 16:50 --------- d-----w C:\Program Files\FileZilla Client 2007-12-29 14:44 --------- d-----w C:\ProgramData\CyberLink 2007-12-29 14:37 --------- d-----w C:\Users\ t\AppData\Roaming\Google 2007-12-29 13:39 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-29 13:36 --------- d-----w C:\Program Files\Common Files\Control Panels 2007-12-29 13:34 --------- d-----w C:\ProgramData\ALM 2007-12-29 13:06 --------- d-----w C:\Program Files\Bonjour 2007-12-29 13:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-12-29 12:49 --------- d-----w C:\Program Files\Google 2007-12-29 12:00 --------- d-----w C:\Program Files\Microsoft.NET 2007-12-29 11:46 --------- d-----w C:\Program Files\Ashampoo 2007-12-29 11:41 --------- d-----w C:\Program Files\Acer GameZone 2007-12-29 11:36 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-29 11:36 --------- d-----w C:\Program Files\Microsoft Works 2007-12-29 11:32 --------- d-----w C:\Program Files\Yahoo! 2007-12-29 11:20 32 ----a-w C:\Users\All Users\ezsid.dat 2007-12-29 11:20 32 ----a-w C:\ProgramData\ezsid.dat 2007-12-29 11:19 --------- d-----w C:\ProgramData\Skype 2007-12-29 11:19 --------- d-----w C:\Program Files\Skype 2007-12-29 11:19 --------- d-----w C:\Program Files\Common Files\Skype 2007-12-29 11:07 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-29 11:01 174 --sha-w C:\Program Files\desktop.ini 2007-12-29 10:56 --------- d-----w C:\Program Files\Windows Calendar 2007-12-29 10:54 8,192 ----a-w C:\Windows\System32\riched32.dll 2007-12-29 10:54 77,824 ----a-w C:\Windows\System32\rascfg.dll 2007-12-29 10:54 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys 2007-12-29 10:54 694,784 ----a-w C:\Windows\System32\localspl.dll 2007-12-29 10:54 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2007-12-29 10:54 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys 2007-12-29 10:54 52,736 ----a-w C:\Windows\System32\rasdiag.dll 2007-12-29 10:54 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys 2007-12-29 10:54 384,000 ----a-w C:\Windows\System32\netcfgx.dll 2007-12-29 10:54 36,864 ----a-w C:\Windows\System32\cdd.dll 2007-12-29 10:54 33,280 ----a-w C:\Windows\System32\traffic.dll 2007-12-29 10:54 32,768 ----a-w C:\Windows\System32\rasmxs.dll 2007-12-29 10:54 286,208 ----a-w C:\Windows\System32\ipnathlp.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 13:49 68856] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 17:42 1006264] "ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 05:39 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 05:36 22696] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 06:51 768520] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744] "eRecoveryService"="" [] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-27 18:13:29 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34] R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 14:27] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080212.002\IDSvix86.sys [2007-12-04 17:51] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51] R2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2008-01-15 13:15] R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05] R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 21:15] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-12-11 01:32] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55] S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09] *Newly Created Service* - COMHOST . Inhalt des "geplante Tasks" Ordners "2008-02-08 19:57:28 C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - t.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: "2008-02-13 16:21:04 C:\Windows\Tasks\User_Feed_Synchronization-{A0580601-06FA-4A1E-A012-E84D0591E7DE}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 17:33:02 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-02-14 17:34:24 ComboFix-quarantined-files.txt 2008-02-14 16:34:19 . 2008-02-14 08:23:30 --- E O F --- |
|
|
||
14.02.2008, 23:09
Ehrenmitglied
Beiträge: 1441 |
#4
Hallo ab-lübeck
scanne mit Windows Live Free Scan - PC safety scan http://virus-protect.org/onlinescan.html + poste hier den scanreport __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
17.02.2008, 11:03
...neu hier
Themenstarter Beiträge: 3 |
#5
Combofix hat den Rotz entfernt, alle anderen Virenscanner haben das NICHT gefunden, ein kollege hat sich auf meinem Laptop im Büro diesen WEBMEDIAPLAYER installiert !! Ob das daher gekommen ist?
Seit Combofix ist jedenfalls das problem jedenfalls nicht mehr aufgetreten. Danke |
|
|
||
mein IE 7 öffnet selbstständig alle paar minuten eine neue seite auf, woran liegt das.
Logfile of HijackThis v1.99.1
Scan saved at 15:45:49, on 14.02.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Users\ANDREB~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\ t\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Norten findet nichts, Spyware Doktor findet immer wieder einen Dialer der angeblich aber gelöscht sein soll.
Vielen Dank für Antworten