Home » Spyware & Browser Hijacker Support Forum » Internet Explorer öffnet sich von selbst mit Werbung !!! » Themenansicht
Internet Explorer öffnet sich von selbst mit Werbung !!! |
||
|---|---|---|
| #0
| ||
|
07.11.2008, 12:13
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
07.11.2008, 14:42
Moderator
Beiträge: 5694 |
#2
Also die Dateinamen tönen schon nach Keylogger....
>> Lass folgende Dateien bei www.virustotal.com/de prüfen und poste das Ergebnis: C:\Windows\keylogbyme.exe C:\Users\Jürgen\AppData\Local\zlfbl.exe >> Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind) Zitat R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)und wähle fix checked. Starte den Rechner neu. >> Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log: (Vor der Anwendung Update nicht vergessen) http://virus-protect.org/artikel/tools/malwarebytes.html >> Wende Combofix an und poste das Log: http://www.virus-protect.org/artikel/tools/combofix.html Gruss Swiss |
|
|
|
|
|
|
07.11.2008, 15:52
...neu hier
Themenstarter Beiträge: 2 |
#3
Hat leider sehr lange gedauert, bis die Laufwerke gescannt wurden, aber jetzt habe ich alles nach Anleitung gemacht...
Hier sind die nächsten Logs... Malwarebytes' Anti-Malware 1.30 Datenbank Version: 1371 Windows 6.0.6000 07.11.2008 18:19:52 mbam-log-2008-11-07 (18-19-52).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 238186 Laufzeit: 2 hour(s), 11 minute(s), 12 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Keygen NEW.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Nero\AutoPlay\Docs\nero_keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Windows\keylogbyme.exe (Trojan.TinyKeylogger) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer (Rogue.WebMediaPlayer) -> Delete on reboot. --------------------------------------------------------------------------- ComboFix 08-11-06.01 - Jürgen 2008-11-07 18:39:56.1 - NTFSx86 ausgeführt von:: C:\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url c:\users\Jürgen\AppData\Local\zlfbl.dat c:\users\Jürgen\AppData\Local\zlfbl.exe c:\users\Jürgen\AppData\Local\zlfbl_nav.dat c:\users\Jürgen\AppData\Local\zlfbl_navps.dat c:\users\Jürgen\AppData\Roaming\inst.exe c:\windows\system32\BReWErS.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-10-07 bis 2008-11-07 )))))))))))))))))))))))))))))) . 2008-11-07 18:37 . 2008-11-07 18:37 3,043,965 -ra------ C:\ComboFix.exe 2008-11-07 16:06 . 2008-11-07 16:06 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Malwarebytes 2008-11-07 16:06 . 2008-11-07 16:06 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-07 16:06 . 2008-11-07 16:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-07 16:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-07 16:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-07 16:05 . 2008-11-07 16:05 2,372,472 --a------ C:\mbam-setup.exe 2008-11-07 12:50 . 2008-11-07 12:52 <DIR> d-------- C:\Nero 2008-11-07 10:27 . 2008-11-07 11:29 <DIR> d-------- c:\programdata\Spybot - Search & Destroy 2008-11-07 10:27 . 2008-11-07 10:40 <DIR> d-------- c:\program files\Spybot 2008-11-07 10:24 . 2008-11-07 10:24 15,083,520 --a------ C:\spybotsd160.exe 2008-11-07 10:09 . 2008-11-07 10:09 <DIR> d-------- c:\program files\Trend Micro 2008-11-07 10:09 . 2008-11-07 10:09 812,344 --a------ C:\HJTInstall.exe 2008-11-07 09:46 . 2008-11-07 09:46 18,944 --a------ c:\windows\stsvc.dll 2008-11-05 16:44 . 2008-11-05 16:44 17,657 --a------ C:\M261714.pdf 2008-11-04 18:29 . 2008-11-04 18:29 <DIR> d-------- c:\programdata\wmp 2008-11-04 14:12 . 2008-11-04 14:12 259,896 --a------ C:\Beratungsprotokoll.pdf 2008-11-04 14:10 . 2008-11-04 14:10 10,120 --a------ C:\kuendigung.pdf 2008-11-04 14:09 . 2008-11-04 14:09 236,241 --a------ C:\Huk24 Informationsblatt.pdf 2008-11-04 14:09 . 2008-11-04 14:09 9,785 --a------ C:\Huk24 KFZ-Vereinbarung.pdf 2008-11-04 13:41 . 2008-11-04 13:41 259,896 --a------ C:\Huk24.pdf 2008-11-04 10:22 . 2008-11-04 10:22 <DIR> d-------- c:\program files\Common Files\PCSuite 2008-11-03 22:55 . 2008-11-02 17:05 5,380,179 --a------ C:\09 - Bushido feat. Karel Gott - Für Immer Jung.mp3 2008-11-03 13:23 . 2008-11-03 13:22 31,532 --a------ C:\36c5_1.jpg 2008-11-03 11:25 . 2008-11-03 11:25 9,091,259 --a------ C:\dhl_versandhelfer.zip 2008-11-02 15:59 . 2008-11-02 15:59 <DIR> d-------- c:\windows\uninstall\PC-Spielautomaten 2008-11-02 15:59 . 2008-11-02 15:59 <DIR> d-------- c:\windows\uninstall 2008-11-01 21:18 . 2008-11-01 21:18 <DIR> dr-h----- c:\users\Jürgen\AppData\Roaming\SecuROM 2008-11-01 21:18 . 2008-11-01 21:18 107,888 --a------ c:\windows\System32\CmdLineExt.dll 2008-11-01 21:12 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll 2008-10-31 14:13 . 2008-11-05 18:04 <DIR> d-------- c:\program files\Preispiraten6 2008-10-31 14:03 . 2008-10-31 14:03 9,307,400 --a------ C:\preispiraten6installer_complete.exe 2008-10-24 20:14 . 2008-10-24 20:14 26,088,381 --a------ C:\Bon Jovi You Give Love A Bad Name.wmv 2008-10-24 20:07 . 2008-10-24 20:08 27,013,247 --a------ C:\runaway bon jovi.wmv 2008-10-24 20:03 . 2008-10-24 20:04 28,981,325 --a------ C:\bon jovilivin on a prayer.wmv 2008-10-24 19:49 . 2008-10-24 19:50 40,834,755 --a------ C:\Manowar Warriors Of The World Unite AMV By PsYh0.wmv 2008-10-24 19:36 . 2008-10-24 19:37 24,398,931 --a------ C:\Lulu Lewe Crush on you High Quality Video.wmv 2008-10-24 11:25 . 2008-10-24 11:25 15,192,075 --a------ C:\Azad Alles LÃgen.wmv 2008-10-24 10:56 . 2008-10-24 10:57 19,169,621 --a------ C:\Schnuffel HÃschenparty.wmv 2008-10-24 10:50 . 2008-10-24 10:51 19,221,355 --a------ C:\Duffy Warwick Avenue Official Video.wmv 2008-10-24 10:47 . 2008-10-24 10:48 18,795,377 --a------ C:\Maria Mena All This Time PickMeUp Song.wmv 2008-10-24 10:43 . 2008-10-24 10:44 26,049,957 --a------ C:\Scooter vs Status Quo Jump That Rock Whatever You Want HQ.wmv 2008-10-24 10:38 . 2008-10-24 10:38 15,678,817 --a------ C:\Rosenstolz Gib mir Sonne.wmv 2008-10-24 10:36 . 2008-10-24 10:36 14,328,531 --a------ C:\Sido Herz Official Video HQ aggro tv.wmv 2008-10-24 10:33 . 2008-10-24 10:34 30,549,469 --a------ C:\Silbermond Das Beste.wmv 2008-10-24 10:31 . 2008-10-24 10:31 18,718,997 --a------ C:\IchIch STARK.wmv 2008-10-24 10:27 . 2008-10-24 10:28 26,369,993 --a------ C:\Ich amp Ich So soll es bleiben.wmv 2008-10-24 10:22 . 2008-10-24 10:22 21,019,335 --a------ C:\September Cry For You OFFICIAL UK Video DOWNLOAD NOW.wmv 2008-10-24 10:17 . 2008-10-24 10:18 23,070,637 --a------ C:\Sarah Connor Under My Skin.wmv 2008-10-24 10:13 . 2008-10-24 10:13 22,392,195 --a------ C:\Katy Perry I Kissed A Girl Official Music Video.wmv 2008-10-24 10:10 . 2008-10-24 10:11 25,150,745 --a------ C:\Pink So What Official Music Video HQ.wmv 2008-10-24 10:08 . 2008-10-24 10:08 19,361,759 --a------ C:\Amy Macdonald This Is The Life Official Music Video.wmv 2008-10-24 09:55 . 2008-10-24 09:55 24,475,815 --a------ C:\Rihanna Disturbia.wmv 2008-10-24 09:49 . 2008-10-24 09:50 24,203,497 --a------ C:\Gabriella Cilmi Sweet About Me.wmv 2008-10-24 09:42 . 2008-10-24 09:43 <DIR> d-------- c:\program files\ClipGrab 2008-10-23 19:16 . 2008-10-23 19:16 <DIR> d-------- c:\program files\VistaCodecPack 2008-10-23 19:15 . 2008-10-23 19:15 <DIR> d-------- c:\programdata\VistaCodecs 2008-10-22 16:18 . 2008-10-22 16:18 <DIR> d-------- c:\program files\JoWooD 2008-10-22 15:36 . 2008-10-22 15:44 <DIR> d-------- c:\program files\AnyDVD 2008-10-22 15:34 . 2008-10-22 15:42 <DIR> d-------- c:\program files\CloneDVD2 2008-10-22 15:32 . 2008-11-06 11:51 <DIR> d-------- c:\program files\DVDFab 5 2008-10-21 15:28 . 2008-10-21 15:28 112,320 --a------ c:\windows\connect.exe 2008-10-21 14:34 . 2008-03-05 14:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll 2008-10-21 14:34 . 2007-07-19 17:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll 2008-10-21 11:48 . 2003-01-26 12:41 40,960 --a------ c:\windows\System32\ssubtmr6.dll 2008-10-21 11:48 . 2007-08-31 17:36 36,864 --a------ c:\windows\System32\trayicon_handler.ocx 2008-10-16 13:18 . 2008-10-16 13:18 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Video DVD Maker FREE 2008-10-15 21:25 . 2008-10-29 23:00 1,980,416 --a------ C:\Fallenbrunnen Seite 2.pub 2008-10-15 21:12 . 2008-10-15 21:12 99,904 --a------ c:\windows\System32\drivers\AnyDVD.sys 2008-10-09 17:11 . 2008-10-09 17:11 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-09 17:11 . 2008-10-09 17:11 <DIR> d-------- c:\program files\iTunes 2008-10-09 17:11 . 2008-10-09 17:11 <DIR> d-------- c:\program files\iPod 2008-10-08 20:43 . 2008-10-08 20:43 4,184,203 --a------ C:\Haubenlift_Mazda_MX5.pdf . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 17:44 6,029,312 ----a-w c:\users\Jürgen\ntuser.dat 2008-11-07 17:44 6,029,312 ----a-w c:\users\Jürgen\ntuser.dat 2008-11-07 15:06 --------- d-----w c:\users\Jürgen\AppData\Roaming\Malwarebytes 2008-11-07 12:15 --------- d-----w c:\users\Jürgen\AppData\Roaming\uTorrent 2008-11-07 09:31 --------- d-----w c:\program files\Common Files\Adobe 2008-11-06 22:33 --------- d-----w c:\users\Jürgen\AppData\Roaming\temp 2008-11-06 11:12 --------- d-----w c:\programdata\DVD Shrink 2008-11-06 10:35 --------- d-----w c:\users\Jürgen\AppData\Roaming\Vso 2008-11-04 09:22 --------- d-----w c:\programdata\Installations 2008-11-04 09:22 --------- d-----w c:\program files\Nokia 2008-11-04 09:22 --------- d-----w c:\program files\Common Files\Nokia 2008-11-01 20:18 --------- d--h--r c:\users\Jürgen\AppData\Roaming\SecuROM 2008-10-31 13:14 --------- d-----w c:\users\Jürgen\AppData\Roaming\metaspinner net GmbH 2008-10-23 08:28 --------- d-----w c:\program files\Napster 2008-10-22 14:45 --------- d-----w c:\programdata\SlySoft 2008-10-21 17:40 --------- d-----w c:\program files\D-Info 2008 2008-10-21 13:40 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-16 12:18 --------- d-----w c:\users\Jürgen\AppData\Roaming\Video DVD Maker FREE 2008-10-16 11:38 --------- d-----w c:\program files\DVD Ripper Platinum 5 2008-10-13 17:13 --------- d-----w c:\program files\Movie Store 4 2008-10-13 10:23 --------- d-----w c:\users\Jürgen\AppData\Roaming\Tunebite 2008-10-13 07:44 --------- d-----w c:\program files\Common Files\aol 2008-10-09 16:11 --------- d-----w c:\programdata\Apple Computer 2008-10-06 17:30 --------- d-----w c:\programdata\NVIDIA 2008-10-06 17:19 --------- d-----w c:\program files\Microsoft Games 2008-10-05 13:20 5,352,963 ----a-w C:\WVDSetup.exe 2008-09-29 14:39 --------- d-----w c:\program files\D-Info Rückwärts 2008 2008-09-29 14:37 --------- d-----w c:\program files\Rawdump2.1 2008-09-25 17:16 --------- d-----w c:\users\Jürgen\AppData\Roaming\Roxio 2008-09-24 08:11 --------- d-----w c:\program files\ICQ6 2008-09-22 18:05 285,184 ----a-w c:\windows\Patience.exe 2008-09-22 18:05 --------- d-----w c:\users\Jürgen\AppData\Roaming\Secret Systems 2008-09-22 18:05 --------- d-----w c:\users\Jürgen\AppData\Roaming\Mozilla 2008-09-22 16:48 3,390,851 ----a-w C:\UpdateStar23_Web_GER.zip 2008-09-18 14:07 7,914,252 ----a-w C:\pm2009_setup.exe 2008-09-17 17:00 --------- d-----w c:\programdata\STAMPIT 2008-09-16 16:28 --------- d-----w c:\programdata\Napster 2008-09-16 16:14 --------- d-----w c:\program files\Common Files\Napster Shared 2008-09-12 12:54 --------- d-----w c:\users\Jürgen\AppData\Roaming\Snapfish 2008-09-10 17:27 --------- d-----w c:\program files\Bonjour 2008-09-10 17:26 --------- d-----w c:\program files\QuickTime 2008-09-10 17:26 --------- d-----w c:\program files\Common Files\Apple 2008-09-09 09:32 --------- d-----w c:\program files\Turbo Lister2 2008-09-07 12:36 1,399,242 ----a-w C:\Starterpack.zip 2008-09-07 11:00 --------- d-----w c:\users\Jürgen\AppData\Roaming\KlebezettelNG 2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-08-28 08:50 30,720 ----a-w c:\windows\System32\soundschemes2.exe 2008-08-26 19:05 17,790 ----a-w C:\reiseliste.zip 2008-08-25 17:18 361,216 ----a-w c:\windows\System32\TuneUpDefragService.exe 2008-08-25 14:36 319,291 ----a-w C:\ksvr2final.exe 2008-08-24 17:49 16,844,629 ----a-w C:\FFSetup145.zip 2008-08-23 09:13 6,289,190 ----a-w C:\clipgrab-2.0-beta2.exe 2008-08-19 15:49 3,845,920 ----a-w C:\mmgrex_setup_0_9_3_0u.zip 2008-08-17 10:33 678,408 ----a-w c:\windows\System32\gpprefcl.dll 2008-08-09 06:30 1,007,616 ----a-w c:\windows\System32\VSFilter.dll 2008-07-19 11:48 22,328 ----a-w c:\users\Jürgen\AppData\Roaming\PnkBstrK.sys 2008-07-09 17:32 174 --sha-w c:\program files\desktop.ini 2008-03-23 20:19 94,208 ----a-w c:\users\Jürgen\AppData\Roaming\ezplay.sys 2008-03-21 11:01 47,360 ----a-w c:\users\Jürgen\AppData\Roaming\pcouffin.sys 2007-04-11 11:12 2,279,464 ----a-w c:\program files\PcSetup.exe 2008-04-04 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040420080405\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-20 1232896] "euroat.exe"="c:\program files\Eurozeichen\euroat.exe" [2001-11-28 170496] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2008-03-12 4608] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-12-17 3810544] "ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304] "AnyDVD"="c:\program files\AnyDVD\AnyDVDtray.exe" [2008-10-22 2223040] "AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2007-11-28 237620] "GrooveMonitor"="c:\program files\Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 31016] "CloneCDTray"="c:\program files\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "HostManager"="c:\program files\Common Files\AOL\1212739155\ee\AOLSoftware.exe" [2006-09-26 50736] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-12 323216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "CTHelper"="CTHELPER.EXE" [2008-02-20 c:\windows\System32\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 c:\windows\System32\CTXFIHLP.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\users\Jrgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ WISO Bewerbung-Reminder.lnk - c:\program files\Bewerbung 2008\KCReminder.exe [2007-11-29 1236480] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-24 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2357750999-1669424538-2167796974-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{569F23AE-FAF6-42D2-A613-1A203298512D}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In "{7476FFFA-9DB3-4317-93AC-D54AD96BA4A6}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In "{B3ED5159-D757-4B68-AD88-909C175616E7}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In "{ABE70989-4C11-46FD-BE4D-169C0A888DAD}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In "{D16A31DD-6563-4E07-82C5-7FD58ABB193C}"= UDP:c:\program files\Common Files\aol\1206045389\ee\aolsoftware.exe:AOL Shared Components "{87CAD8C9-4FD0-4037-8651-E9D7169B53A5}"= TCP:c:\program files\Common Files\aol\1206045389\ee\aolsoftware.exe:AOL Shared Components "{BFBC88BD-E82E-456C-8F4A-6DA1DEB21226}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{E9EC9B4E-5391-41A3-8084-E7E1AD00B46F}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{DA5C7AAE-C8CC-40A1-8F58-E9C2995E2460}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{BAE9BB23-E9B2-4C8D-AEDD-7505D3D36194}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{A423B32D-06FC-4B9F-92A3-16A5CB91EAD1}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{2C2C0FD3-F8DF-419A-8313-D2538B7A809A}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{B73DB6AC-9CBD-444F-9F7D-C0D11514CCA9}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{1F254EE0-6F08-47D5-A47A-AA652CE25B39}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "TCP Query User{5FBADCBD-0B4A-4A8A-BCF1-7B384DAC4E85}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{EA495FF9-48E8-43CB-955F-0018FE6ED984}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{AF15983A-9E74-4916-8CDD-19178000A041}c:\\users\\jürgen\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{8C4D300B-921B-4144-968C-785958C7FF87}c:\\users\\jürgen\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{A00F4527-EB4F-451D-8503-AB21C1DD64E4}c:\\program files\\nero\\nero 7\\core\\nero.exe"= UDP:c:\program files\nero\nero 7\core\nero.exe:Nero Express "UDP Query User{7AE2F6C4-298B-4415-BECA-E2266F177BCD}c:\\program files\\nero\\nero 7\\core\\nero.exe"= TCP:c:\program files\nero\nero 7\core\nero.exe:Nero Express "TCP Query User{52DD4076-F984-415E-932A-A39E2FAE5CE1}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar "UDP Query User{57FCC6A0-EA20-4566-BE75-46A9A2E906F8}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar "{EF9AF03D-60A2-4D9F-96BE-C7E345AFB6FB}"= UDP:c:\program files\Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove "{2216D9EB-A9AC-4ABA-894D-8F831BD6D8A6}"= TCP:c:\program files\Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove "{676B640E-C6CE-4271-8347-332464C1A1EE}"= UDP:c:\program files\Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A63D5146-5CBD-473D-A76C-886B558CD003}"= TCP:c:\program files\Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{8409A09C-AC15-472B-8A44-8469F9C95DF0}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{6165AA3E-89C7-4A98-B724-05B41C70EDF5}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "TCP Query User{8B6FA9D9-E48E-4BB4-A321-B3CDFCD4E5AC}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{F755E126-C4AA-451A-9DC9-C8676F4E170E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "{A412A1E2-A642-4B48-8F76-6A58B1D23700}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{3E06562D-1F83-4735-A854-A8244CA037A9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{1C78E7D9-00BB-47EB-B9EC-888CDA093899}"= UDP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper "{6B5F3A23-0FA7-47D7-AAE8-8AF09618B6A2}"= TCP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper "TCP Query User{28496B9E-3F3B-4B28-850D-5BAAAD1E7F83}e:\\call of duty 1\\codmp.exe"= UDP:e:\call of duty 1\codmp.exe:CoDMP "UDP Query User{ED6376A8-677F-4710-BEAD-320DAFE8BD40}e:\\call of duty 1\\codmp.exe"= TCP:e:\call of duty 1\codmp.exe:CoDMP "TCP Query User{4A056CF2-3CCE-4E4D-B932-F8C97C09448A}e:\\call of duty 2\\cod2mp_s.exe"= UDP:e:\call of duty 2\cod2mp_s.exe:CoD2MP_s "UDP Query User{3B3D1494-8B72-42BC-80BD-544FDDA3A49C}e:\\call of duty 2\\cod2mp_s.exe"= TCP:e:\call of duty 2\cod2mp_s.exe:CoD2MP_s "{0B1AFA5E-A0EA-4C1B-A3A6-4BCB85F75DEA}"= UDP:c:\program files\Common Files\aol\1212660368\ee\aolsoftware.exe:AOL Shared Components "{030887AF-2F99-4FA4-947A-E16292F77E43}"= TCP:c:\program files\Common Files\aol\1212660368\ee\aolsoftware.exe:AOL Shared Components "{EF1E6B32-D571-457B-B452-68C34DDD4469}"= UDP:c:\program files\Common Files\aol\1212739155\ee\aolsoftware.exe:AOL Shared Components "{4BAE35D2-0EBD-4C55-931D-0A77D4F7159F}"= TCP:c:\program files\Common Files\aol\1212739155\ee\aolsoftware.exe:AOL Shared Components "{FFC76AF4-5FFB-45A1-8DAE-D451C7D395D1}"= UDP:c:\windows\System32\PnkBstrA.exe  nkBstrA"{5216EBB9-A11C-4A79-BAD9-B809F2452A46}"= TCP:c:\windows\System32\PnkBstrA.exe nkBstrA"{7251D2EB-E074-4B0C-945E-92D877887EF3}"= UDP:c:\windows\System32\PnkBstrB.exe nkBstrB"{A78B9B40-33B0-4723-A54D-531ADEF022CC}"= TCP:c:\windows\System32\PnkBstrB.exe nkBstrB"{6E929A21-0523-4CAB-9C26-57F06671B0C6}"= UDP:e:\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{7A9D8006-1B6E-4590-97CE-EA5A2E8DA8DD}"= TCP:e:\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{47DB9B76-F07C-4303-8950-0B6BAB9F6D5B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{B7A4C387-7344-4751-8DDB-8F194FE54343}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{5E727A34-F032-4988-81D2-AEB80AF92D4A}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{60665A05-DFAB-464D-80B9-1D96B1B71870}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{EEC76B6D-C6BC-4362-9031-EB70CE60D994}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{EF5F207E-4093-4100-BFF0-D81DA4835C08}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{43C80720-2A52-4696-8E02-2E108CA46B25}c:\\users\\jürgen\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\jürgen\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe "UDP Query User{EB384146-6C12-444B-99E2-3041ED2CEC2A}c:\\users\\jürgen\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\jürgen\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe "{08045C5C-AEFC-48A4-8FD6-793E088937AB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{7DD1A706-0CB2-43EC-95A4-AB4BF5BC86D8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{C5854F9A-F10D-41BD-B396-EC8C8C5E264D}e:\\program files\\call of duty 1\\codmp.exe"= UDP:e:\program files\call of duty 1\codmp.exe:CoDMP "UDP Query User{768F87E2-73CC-42E9-B441-FA524E74E450}e:\\program files\\call of duty 1\\codmp.exe"= TCP:e:\program files\call of duty 1\codmp.exe:CoDMP "TCP Query User{1282C9A6-CC90-4273-969D-281C7E12F979}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime "UDP Query User{D7A51678-B12F-4155-9031-6734760C29E5}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime "TCP Query User{8F9EC661-AD28-4552-9244-ADDF15E3F4E5}c:\\program files\\klebezettel ng\\klebez.exe"= UDP:c:\program files\klebezettel ng\klebez.exe:Elektronische Haftnotizen für Windows "UDP Query User{7D77CAF0-0E23-471A-81F7-A0F9875A9695}c:\\program files\\klebezettel ng\\klebez.exe"= TCP:c:\program files\klebezettel ng\klebez.exe:Elektronische Haftnotizen für Windows "{001A889C-F57E-4E2F-877E-30B8E08666C1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{0BBB8954-1E2A-4B98-B949-18C0717029D1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{8288C3C8-C5E3-4092-9FBE-0FFA2BF9020D}"= UDP:c:\program files\Word Password Recovery\WordPasswordRecovery.exe:Word Password Recovery "{BDF32922-F964-47B0-A722-9625A19EBF08}"= TCP:c:\program files\Word Password Recovery\WordPasswordRecovery.exe:Word Password Recovery "{AE1315E3-7AF3-4AF2-9AD0-D92E2D3D9A05}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A0465488-F8BB-4F99-B621-FD80FC12720A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{EA29A5C2-9CA6-47FA-BCD5-FA388DE7D581}c:\\program files\\utorrent\\finish\\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\\sof3.exe"= UDP:c:\program files\utorrent\finish\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\sof3.exe:sof3 "UDP Query User{4989775B-06BB-449F-9825-6B37DED47FA0}c:\\program files\\utorrent\\finish\\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\\sof3.exe"= TCP:c:\program files\utorrent\finish\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\sof3.exe:sof3 "TCP Query User{A1A927A7-2FE5-4F8F-902E-93DAAD91D657}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{3098BB04-2504-494F-A992-AD9761E63DAD}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "{80A27C65-92EC-431F-9A76-F716D4ACC1CD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{11B09A05-5F1D-4500-AF23-F9F55539068E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{8550C3BB-C86B-458F-8F07-D6B310B346B4}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{EA1EDFDB-7D9A-4929-BC1F-5D11C7EE8F05}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2008-04-24 110304] R2 CTAudSvcService;Creative Audio Service;c:\program files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2008-07-07 809296] R2 UxTuneUp;TuneUp Designerweiterung;c:\windows\System32\svchost.exe [2006-11-02 22016] R3 Ch2kUSB;Cherry USB Treiber für CDI;c:\windows\system32\drivers\Ch2kUSB.sys [2007-08-23 112512] R3 Cherry Device Interface;Cherry Device Interface;c:\program files\Cherry\CDI\cdi.exe [2007-09-27 585774] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2008-02-25 1172504] S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-03-20 240128] S3 Ch2kPS2;Cherry PS/2 Tastatur Treiber (CDI);c:\windows\system32\DRIVERS\Ch2kPS2.sys [2007-08-22 130816] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-05-17 79360] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;c:\windows\System32\TuneUpDefragService.exe [2008-08-25 361216] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Inhalt des "geplante Tasks" Ordners 2008-11-07 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-01 16:22] . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-zlfbl - c:\users\jürgen\appdata\local\zlfbl.exe HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe . ------- Zusätzlicher Suchlauf ------- . R0 -: HKCU-Main,Start Page = hxxp://alice.aol.de R0 -: HKLM-Main,Start Page = hxxp://alice.aol.de O8 -: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html O8 -: &Preispiratensuche nach markiertem Text - c:\\Program Files\\Preispiraten6\\preispiraten.html O8 -: Nach Microsoft E&xel exportieren - c:\progra~1\OFFICE~1\Office12\EXCEL.EXE/3000 O9 -: {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home O9 -: {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de O9 -: {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home - O9 -: {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de - O17 -: HKLM\CCS\Interface\{5F85B1E6-AA72-402B-B484-BFA2877643E5}: NameServer = 213.191.74.11 213.191.92.82 O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab c:\windows\Downloaded Program Files\SysReqLab3.osd c:\windows\Downloaded Program Files\sysreqlab3.dll O16 -: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab c:\windows\Downloaded Program Files\IfolorUploader.inf c:\windows\Downloaded Program Files\IfolorUploader.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-07 18:44:57 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-11-07 18:47:08 ComboFix-quarantined-files.txt 2008-11-07 17:47:04 Vor Suchlauf: 28 Verzeichnis(se), 66.123.669.504 Bytes frei Nach Suchlauf: 28 Verzeichnis(se), 66,088,628,224 Bytes frei 355 --- E O F --- 2008-10-06 17:25:27 bin auf eure Hilfe angewiesen und hoffe ihr könnt mir helfen... Vielen Dank !!!! ------------------------------------------------------------------------------------------------------------------------------------------------------ Hallo Swiss, Also ich habe nach Anleitung alles so gemacht wie du mir geschrieben hast und ich habe festgestellt nach einen Neustart ist die Werbung weg, also wieder alles so wie vorher... VIELEN DANK... Du hast mich vor einer Neuinstallation gerettet... DANKE, ihr seit wirklich die besten.... Dieser Beitrag wurde am 07.11.2008 um 21:37 Uhr von Ice-Age editiert.
|
|
|
|
|
|
|
08.11.2008, 11:30
Member
Beiträge: 3716 |
#4
hallo,
wer keygens verwendet, muss halt damit rechnen... prüfe in zukunft dateien, bei denen du dir nicht sicher bist bei virus total. verwende navilog nach anleitung oposte beide logs. Achtung! bitte auf navilog.exe mit rechtsklick und als administrator ausführen. http://virus-protect.org/artikel/tools/navilog.html |
|
|
|
|
|
|
08.11.2008, 14:22
Moderator
Beiträge: 5694 |
#5
Zudem was Virenfinder gepostet hat mache noch folgendes:
>> Combofix entfernen: Windows Taste + R drücken Kopiere rein: Combofix /U - klicke "OK" (oder, wenn es nicht funktioniert: C:\QooBox löschen) >> Lade bitte SDfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint http://virus-protect.org/artikel/tools/sdfix.html >> Arbeite datfindbat ab - poste von jedem log nur die Daten der letzten drei monate: http://www.virus-protect.org/datfindbat.html |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich bitte dringend um Hilfe...
Ich habe Windows Vista und wie bei den anderen öffnet sich Windows Explorer alle 3 - 4 Minuten von selbst mit Werbung....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:40, on 07.11.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Cherry\KeyMan\KeyMan.exe
C:\Program Files\Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\aol\1212739155\ee\aolsoftware.exe
C:\Program Files\Napster\napster.exe
C:\Windows\keylogbyme.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Eurozeichen\euroat.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Users\Jürgen\AppData\Local\zlfbl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212739155\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Patience] "Patience" = "%Windir%\Patience.exe"
O4 - HKLM\..\Run: [keylogbyme] "keylogbyme" = "%Windir%\keylogbyme.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [euroat.exe] C:\Program Files\Eurozeichen\euroat.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [zlfbl] "c:\users\jürgen\appdata\local\zlfbl.exe" zlfbl
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: WISO Bewerbung-Reminder.lnk = C:\Program Files\Bewerbung 2008\KCReminder.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.de/SnapfishActivia.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F85B1E6-AA72-402B-B484-BFA2877643E5}: NameServer = 213.191.74.19 62.109.123.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 14200 bytes