Kann mir jemand bitte helfen ?! Wenn IE läuft, öffnet sich automatisch Werbung.. |
||
---|---|---|
#0
| ||
11.10.2008, 12:27
...neu hier
Beiträge: 2 |
||
|
||
11.10.2008, 14:59
Moderator
Beiträge: 5694 |
#2
>>
Cleaner anwenden: http://www.ccleaner.de/?protecus.de >> Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind) Zitat O4 - HKCU\..\Run: [geqpa] "c:\users\thomas\appdata\local\geqpa.exe" geqpaund wähle fix checked. Starte den Rechner neu. >> Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log: http://virus-protect.org/artikel/tools/malwarebytes.html >> wende combofix an + warnmeldung wegklicken + poste den report http://virus-protect.org/artikel/tools/combofix.html >> Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SpyBro in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. Gruss Swiss |
|
|
||
12.10.2008, 16:38
...neu hier
Themenstarter Beiträge: 2 |
#3
Habe mit Malwarebytes (span. Version) scannen lassen, wurde nichts gefunden.
Malwarebytes' Anti-Malware 1.28 Versión de la Base de Datos: 1259 Windows 6.0.6001 Service Pack 1 12/10/2008 16:33:52 mbam-log-2008-10-12 (16-33-52).txt Tipo de examen : Examen Completo (C:\|D:\|E:\|) Objetos examinados: 159221 Tiempo transcurrido: 2 hour(s), 15 minute(s), 36 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 0 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: (No se han detectado elementos maliciosos) Hier der Log von ComboFix: (((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Thomas\AppData\Local\geqpa.dat C:\Users\Thomas\AppData\Local\geqpa_nav.dat C:\Users\Thomas\AppData\Local\geqpa_navps.dat . (((((((((((((((((( Archivos creados desde 2008-09-12 - 2008-10-12 ))))))))))))))))))))))))))))))))) . 2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\Malwarebytes 2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-12 12:42 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-12 12:42 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-11 14:15 . 2008-10-11 14:15 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\Apple Computer 2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\Program Files\iTunes 2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\Program Files\iPod 2008-10-11 14:14 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2008-10-11 14:14 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2008-10-11 14:13 . 2008-10-11 14:13 <DIR> d-------- C:\Program Files\Bonjour 2008-10-11 12:17 . 2008-10-11 12:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-10-11 12:17 . 2008-10-11 12:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-10-11 12:14 . 2008-10-11 12:14 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\SUPERAntiSpyware.com 2008-10-11 12:14 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-11 12:13 . 2008-10-11 12:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-11 11:03 . 2008-10-11 11:03 <DIR> d-------- C:\Program Files\Yahoo! 2008-10-11 11:03 . 2008-10-11 11:04 <DIR> d-------- C:\Program Files\CCleaner 2008-10-10 08:40 . 2008-10-10 08:40 <DIR> d-------- C:\Users\All Users\Avg8 2008-10-10 08:40 . 2008-10-10 08:40 <DIR> d-------- C:\ProgramData\Avg8 2008-10-10 07:55 . 2008-10-10 07:55 <DIR> d-------- C:\Program Files\AVG 2008-10-09 21:54 . 2008-10-12 12:45 <DIR> d-------- C:\Users\All Users\Google Updater 2008-10-09 21:54 . 2008-10-12 12:45 <DIR> d-------- C:\ProgramData\Google Updater 2008-10-09 21:54 . 2008-10-09 21:55 <DIR> d-------- C:\Program Files\Norton Security Scan 2008-10-09 21:28 . 2008-10-10 04:30 <DIR> d-a------ C:\Users\All Users\TEMP 2008-10-09 21:28 . 2008-10-10 04:30 <DIR> d-a------ C:\ProgramData\TEMP 2008-10-06 00:46 . 2008-10-06 00:46 <DIR> d-------- C:\Program Files\Ares 2008-10-01 13:01 . 2008-10-01 13:01 32,000 --a------ C:\Windows\System32\drivers\usbaapl.sys 2008-09-25 22:59 . 2008-09-25 22:59 67,110,184 --a------ C:\Users\Thomas\iTunes8Setup.exe 2008-09-25 21:27 . 2008-10-11 14:14 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-09-25 21:27 . 2008-10-11 14:14 <DIR> d-------- C:\ProgramData\Apple Computer 2008-09-25 21:27 . 2008-09-25 21:28 <DIR> d-------- C:\Program Files\QuickTime 2008-09-25 21:27 . 2008-10-11 14:11 <DIR> d-------- C:\Program Files\Common Files\Apple . (((((((((((((((((((((((((((((((((((((( Reporte Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-12 14:06 --------- d-----w C:\Users\Thomas\AppData\Roaming\skypePM 2008-10-11 09:45 --------- d-----w C:\Program Files\IpodConverter 2008-10-11 08:06 --------- d-----w C:\Program Files\McAfee 2008-10-09 19:56 --------- d-----w C:\Program Files\Google 2008-10-08 19:56 --------- d-----w C:\Users\Thomas\AppData\Roaming\Skype 2008-09-25 21:40 --------- d-----w C:\ProgramData\Roxio 2008-09-09 22:19 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-05 17:25 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-09-05 17:25 --------- d-----w C:\Program Files\Common Files\Nokia 2008-09-05 17:24 --------- d-----w C:\Program Files\Nokia 2008-09-05 17:23 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-09-05 17:18 --------- d-----w C:\ProgramData\Installations 2008-09-02 18:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 07:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-29 07:54 --------- d-s---w C:\ProgramData\Memeo 2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-28 20:12 --------- d-----w C:\Program Files\Western Digital 2008-08-28 20:09 --------- d-----w C:\Program Files\Western Digital Technologies 2008-08-20 12:55 --------- d-----w C:\ProgramData\Apple 2008-08-20 12:55 --------- d-----w C:\Program Files\Apple Software Update 2008-08-20 08:01 --------- d-----w C:\Users\Thomas\AppData\Roaming\Nokia 2008-08-20 00:05 --------- d-----w C:\ProgramData\Sony Ericsson 2008-08-20 00:05 --------- d-----w C:\Program Files\Sony Ericsson 2008-08-19 22:36 --------- d-----w C:\Users\Thomas\AppData\Roaming\Sony 2008-08-19 22:36 --------- d-----w C:\ProgramData\Sony 2008-08-19 22:33 --------- d-----w C:\Program Files\Sony 2008-08-19 22:33 --------- d-----w C:\Program Files\Common Files\Sony Shared 2008-08-19 22:27 --------- d-----w C:\Users\Thomas\AppData\Roaming\Sony Setup 2008-08-19 22:27 --------- d-----w C:\Program Files\Sony Setup 2008-08-19 21:52 --------- d-----w C:\ProgramData\BVRP Software 2008-08-18 19:48 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-17 22:05 --------- d-----w C:\Program Files\Windows Mail 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-02 18:04 1,261,738 ----a-w C:\Users\Thomas\wrar371es.exe 2008-06-26 13:02 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2008-06-26 13:02 56 ---ha-w C:\ProgramData\ezsidmv.dat 2008-04-23 10:24 174 --sha-w C:\Program Files\desktop.ini 2008-04-22 19:37 308 ----a-w C:\Users\Thomas\AppData\Roaming\wklnhst.dat 2008-04-22 12:31 32 ----a-w C:\Users\All Users\ezsid.dat 2008-04-22 12:31 32 ----a-w C:\ProgramData\ezsid.dat 2008-04-16 07:44 76 --sh--r C:\Windows\CT4CET.bin . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224] "UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-04-16 77824] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 36864] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-16 1838592] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 17920] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 159744] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-05 40048] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-27 113664] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-16 50688] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{36C82B48-72B9-4B2C-A83C-9438AB0FFC6C}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exeell MediaDirect "{560479AE-71C0-4B65-8494-074DA06F867E}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{FB9EADEC-3B7D-45E1-A0BE-12984AE2FCF7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{D531D9ED-AB2C-4215-9CFA-535197E5BDCD}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{5F0BEF5C-FB60-4EE6-9ACD-2CACE2192565}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{73FA4492-133E-4F6B-A818-DAF771A491E2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{87C131BA-0D0D-44F0-B944-3CCDF65AAC52}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{95600DDC-C9AC-40EE-977B-9D6B35BAA7E1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{634995C8-470A-4D6E-B57D-F616F971BB28}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D88F6909-3D8F-4A21-A5FB-95FFC9C9910B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3B355462-6F56-4C47-85F6-81419243E539}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{81B1BCC3-CC6A-4B95-A62F-D86D1D3488C6}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2 "{BD83346E-34B7-4A2B-A467-1089B1203B69}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2 "TCP Query User{3D6A320D-F3A9-45D6-B62B-BDB70746B294}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{D101BCB5-3794-4362-A55C-AB0AFF63BA3E}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows "{79D726B5-0594-4EFE-A81F-1E7937AE10E2}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{14D9A340-85D3-47C5-BAF4-5ADCF09146F1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{AF0C5E61-653A-440D-B069-6D818739A481}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{E1E7EAD9-E270-4849-90D3-638F3F77F895}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728] R2 BcmSqlStartupSvc;Servicio de inicio de SQL Server para Business Contact Manager;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120] S3 stllssvr;stllssvr;C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff9896a-753c-11dd-b300-001d094e7372}] \shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenido de carpeta 'Tareas Programadas' 2008-04-16 C:\Windows\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-04-16 C:\Windows\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-10-09 C:\Windows\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-09-18 23:42] . . ------- Análisis Suplementario ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.es/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 -: {525019DF-8282-40DC-A0E0-13C076889F66} - hxxp://especiales.softonic.com/sinespias/installer.cab C:\Windows\Downloaded Program Files\installer.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-12 16:44:59 Windows 6.0.6001 Service Pack 1 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************************************** . Tiempo completado: 2008-10-12 16:46:18 ComboFix-quarantined-files.txt 2008-10-12 14:46:08 Pre-Run: 93.938.974.720 bytes libres Post-Run: 93,899,288,576 bytes libres 247 --- E O F --- 2008-09-09 22:22:38 Regestry Search: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 12/10/2008 17:04:17 for strings: ; 'spybro' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser] [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\RemoteConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\Signatures] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\\Program Files\\SpyBro\\unins000.exe"=dword:00000001 [HKEY_CURRENT_USER\Software\SpyBrowser] [HKEY_CURRENT_USER\Software\SpyBrowser\Antivirus] [HKEY_CURRENT_USER\Software\SpyBrowser\General] [HKEY_CURRENT_USER\Software\SpyBrowser\GuardOptions] [HKEY_CURRENT_USER\Software\SpyBrowser\GuardOptions\EnabledMonitors] [HKEY_CURRENT_USER\Software\SpyBrowser\Monitors] [HKEY_CURRENT_USER\Software\SpyBrowser\RemoteConfig] [HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions] [HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions\CustomScan] [HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions\SelectedFolders] [HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions\StartupCustomScan] [HKEY_CURRENT_USER\Software\SpyBrowser\Scheduler] [HKEY_CURRENT_USER\Software\SpyBrowser\Scheduler\CustomScan] [HKEY_CURRENT_USER\Software\SpyBrowser\Scheduler\Event 0] [HKEY_CURRENT_USER\Software\SpyBrowser\Startup] [HKEY_CURRENT_USER\Software\SpyBrowser\Statistics] [HKEY_CURRENT_USER\Software\SpyBrowser\WebScan] [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\SpyBrowser] ; End Of The Log... Vielen Dank Swiss, scheint alles wieder in Ordnung zu sein. Gruss, Thomas Dieser Beitrag wurde am 12.10.2008 um 17:08 Uhr von hoffmann2008 editiert.
|
|
|
||
12.10.2008, 19:28
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo hoffmann2008
«« Ausführen bei Vista : Windows Taste + R drücken Kopiere rein: Combofix /U - klicke "OK" «« Gehe in die Registry Start - Ausführen - regedit oben links - suche - gib ein SpyBrowser - lösche mit rechtsklick alles, was gefunden wird HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser HKEY_CURRENT_USER\Software\SpyBrowser HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\SpyBrowser [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\\Program Files\\SpyBro\\unins000.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
kann mir bitte jemand helfen, wenn der IE läuft, öffnet sich automatisch Werbung.
Stelle mal den Log von HiJagThis ein. Vielen Dank im Voraus für Eure Hilfe.
Mfg
Thomas
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:37, on 11/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Users\Thomas\AppData\Local\geqpa.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=0080416
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [geqpa] "c:\users\thomas\appdata\local\geqpa.exe" geqpa
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://especiales.softonic.com/sinespias/installer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12091 bytes