mein IE hängt sich ständig auf. |
||
---|---|---|
#0
| ||
11.01.2009, 00:03
...neu hier
Beiträge: 10 |
||
|
||
11.01.2009, 09:17
Moderator
Beiträge: 7805 |
#2
Hallo Shiva121,
Arbeite bitte die Punkte 2-5 aus http://board.protecus.de/t23188.htm ab und poste die Ergebnisse __________ MfG Ralf SEO-Spam Hunter |
|
|
||
11.01.2009, 13:31
...neu hier
Themenstarter Beiträge: 10 |
#3
Mein Problem besteht darin das sich der IE nur auf bestimmten Seiten immer wieder aufhängt...
Malwarebytes' Anti-Malware 1.32 Datenbank Version: 1642 Windows 5.1.2600 Service Pack 2 11.01.2009 13:36:11 mbam-log-2009-01-11 (13-36-11).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 55397 Laufzeit: 18 minute(s), 37 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Dieser Beitrag wurde am 11.01.2009 um 13:36 Uhr von Shiva121 editiert.
|
|
|
||
11.01.2009, 13:39
Moderator
Beiträge: 7805 |
#4
Schau, ob du den Mbam download.com Link aus obigen Link nutzen kannst. Denke daran, die Datei unter einem anderen Namen auf deinem Rechner zu speichern. Speichere es als msetup.exe o.ae. ab.
Sollte das nicht funktionieren, gebe unter Start Ausfuehren reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\TDSS\disallowed" ein und druecke enter. Versuche dann die Dinge herunterzuladen und zu starten. Du darfst nicht neu sarten, sonst wird der Reg Eintrag neu erstellt! __________ MfG Ralf SEO-Spam Hunter |
|
|
||
11.01.2009, 13:41
Moderator
Beiträge: 7805 |
#5
Achso, Combofix gibts auch testweise hier im Forum:
http://board.protecus.de/download.php?id=313710.Co-mboFix.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
||
11.01.2009, 14:15
...neu hier
Themenstarter Beiträge: 10 |
#6
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Gainward"="c:\windows\TBPanel.exe" [2002-07-22 1974272] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-04-01 98304] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-21 136600] "avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "FLMOFFICE4DMOUSE"="c:\programme\Browser Mouse\mouse32a.exe" [2007-06-20 360448] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-18 c:\windows\system32\NVATray.exe] "nwiz"="nwiz.exe" [2002-05-24 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "IncrediMail"=c:\programme\IncrediMail\bin\IncMail.exe /c "Magentic"=c:\progra~1\Magentic\bin\Magentic.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Device Detector"="c:\programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe" -autorun "InCD"=c:\programme\Ahead\InCD\InCD.exe "QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime "Share-to-Web Namespace Daemon"=c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "zzz_ImInstaller_Magentic"=c:\dokume~1\Britta\LOKALE~1\Temp\ImInstaller\Magentic\magentic_install[1].exe -startup -product Magentic -skip_dialog language [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Programme\\IncrediMail\\bin\\IncMail.exe"= "c:\\Programme\\IncrediMail\\bin\\ImApp.exe"= "c:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"= S2 PTUpdater;PAYBACK Toolbar Updater;c:\programme\PAYBACK\Toolbar\PTUpdater.exe [2007-09-28 158176] --- Other Services/Drivers In Memory --- *Deregistered* - AFD *Deregistered* - ALG *Deregistered* - AntiVirScheduler *Deregistered* - AntiVirService *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - avgio *Deregistered* - avgntflt *Deregistered* - avipbb *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - Cardex *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - ElbyCDIO *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - gusvc *Deregistered* - helpsvc *Deregistered* - HTTP *Deregistered* - ImapiService *Deregistered* - InCDfs *Deregistered* - InCDrec *Deregistered* - InCDsrv *Deregistered* - InCDsrvR *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - PTUpdater *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WmiApSrv *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aa2aa9e-71e7-11dd-ae85-0000cb6524f7}] \Shell\AutoRun\command - F:\setupSNK.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-ICQ - c:\programme\ICQ6\ICQ.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.freenet.de/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: RF - Formular ausfüllen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RF - Formular speichern - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: RF - Menü anpassen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RF - RoboForm-Leiste ein/aus - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader4.ocx O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab c:\windows\Downloaded Program Files\IPSUploader4.inf c:\programme\Java\jre1.5.0_11\bin\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader.ocx O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab c:\windows\Downloaded Program Files\IPSUploader.inf FF - ProfilePath - c:\dokumente und einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\zf4dyu2o.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - plugin: c:\programme\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 13:47:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-11 13:52:21 ComboFix-quarantined-files.txt 2009-01-11 12:51:36 Pre-Run: 12 Verzeichnis(se), 33.473.884.160 Bytes frei Post-Run: 12 Verzeichnis(se), 34,803,208,192 Bytes frei |
|
|
||
11.01.2009, 14:38
Moderator
Beiträge: 7805 |
||
|
||
11.01.2009, 14:41
...neu hier
Themenstarter Beiträge: 10 |
#8
das ist alles was ich erhalten habe als Log.
|
|
|
||
11.01.2009, 14:42
Moderator
Beiträge: 7805 |
||
|
||
11.01.2009, 15:55
...neu hier
Themenstarter Beiträge: 10 |
#10
omboFix 09-01-10.03 - Britta 2009-01-11 13:41:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.255.96 [GMT 1:00] Running from: c:\dokumente und einstellungen\Britta\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) * Created a new restore point [COLOR=RED]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\setup.inf c:\windows\system32\msrdo20.dll c:\windows\system32\rdocurs.dll . ((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 ))))))))))))))))))))))))))))))) . 2009-01-11 13:37 . 2009-01-11 13:38 <DIR> d----c--- C:\32788R22FWJFW 2009-01-11 13:15 . 2009-01-11 13:15 <DIR> d-------- c:\dokumente und einstellungen\Britta\Anwendungsdaten\Malwarebytes 2009-01-11 13:14 . 2009-01-11 13:14 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware 2009-01-11 13:14 . 2009-01-11 13:14 <DIR> d----c--- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-01-11 13:14 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-11 13:14 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-10 23:55 . 2009-01-10 23:55 <DIR> d-------- c:\programme\Trend Micro 2008-12-21 17:15 . 2008-12-21 17:12 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-21 17:10 . 2009-01-04 16:40 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-21 17:10 . 2008-12-21 17:10 1,409 --a------ c:\windows\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-11 12:07 --------- d-----w c:\dokumente und einstellungen\Britta\Anwendungsdaten\PAYBACK Toolbar 2009-01-11 09:54 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater 2009-01-10 21:23 --------- dc----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2009-01-07 22:35 --------- d-----w c:\programme\Google 2008-12-21 16:12 --------- d-----w c:\programme\Java 2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:37 665,088 ----a-w c:\windows\system32\wininet.dll 2002-08-29 12:00 94,800 --sh--w c:\windows\twain.dll 2004-08-03 22:57 50,688 --sh--w c:\windows\twain_32.dll 2004-08-03 22:57 1,028,096 --sh--w c:\windows\system32\mfc42.dll 2004-08-03 22:57 54,784 --sh--w c:\windows\system32\msvcirt.dll 2004-08-03 22:57 413,696 --sh--w c:\windows\system32\msvcp60.dll 2004-08-03 22:57 343,040 --sh--w c:\windows\system32\msvcrt.dll 2007-12-04 18:40 550,912 --sh--w c:\windows\system32\oleaut32.dll 2004-08-03 22:57 83,456 --sh--w c:\windows\system32\olepro32.dll 2004-08-03 22:58 12,288 --sh--w c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "LDM"="c:\programme\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-31 16384] "swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 68856] "MSMSGS"="c:\programme\Messenger\msmsgs.exe" [2004-10-13 1694208] "RoboForm"="c:\programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-28 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 35328] "LDM"="c:\programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2007-03-31 16384] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Gainward"="c:\windows\TBPanel.exe" [2002-07-22 1974272] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-04-01 98304] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-21 136600] "avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "FLMOFFICE4DMOUSE"="c:\programme\Browser Mouse\mouse32a.exe" [2007-06-20 360448] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-18 c:\windows\system32\NVATray.exe] "nwiz"="nwiz.exe" [2002-05-24 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "IncrediMail"=c:\programme\IncrediMail\bin\IncMail.exe /c "Magentic"=c:\progra~1\Magentic\bin\Magentic.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Device Detector"="c:\programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe" -autorun "InCD"=c:\programme\Ahead\InCD\InCD.exe "QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime "Share-to-Web Namespace Daemon"=c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "zzz_ImInstaller_Magentic"=c:\dokume~1\Britta\LOKALE~1\Temp\ImInstaller\Magentic\magentic_install[1].exe -startup -product Magentic -skip_dialog language [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Programme\\IncrediMail\\bin\\IncMail.exe"= "c:\\Programme\\IncrediMail\\bin\\ImApp.exe"= "c:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"= S2 PTUpdater;PAYBACK Toolbar Updater;c:\programme\PAYBACK\Toolbar\PTUpdater.exe [2007-09-28 158176] --- Other Services/Drivers In Memory --- *Deregistered* - AFD *Deregistered* - ALG *Deregistered* - AntiVirScheduler *Deregistered* - AntiVirService *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - avgio *Deregistered* - avgntflt *Deregistered* - avipbb *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - Cardex *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - ElbyCDIO *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - gusvc *Deregistered* - helpsvc *Deregistered* - HTTP *Deregistered* - ImapiService *Deregistered* - InCDfs *Deregistered* - InCDrec *Deregistered* - InCDsrv *Deregistered* - InCDsrvR *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - PTUpdater *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WmiApSrv *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aa2aa9e-71e7-11dd-ae85-0000cb6524f7}] \Shell\AutoRun\command - F:\setupSNK.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-ICQ - c:\programme\ICQ6\ICQ.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.freenet.de/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: RF - Formular ausfüllen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RF - Formular speichern - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: RF - Menü anpassen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RF - RoboForm-Leiste ein/aus - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader4.ocx O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab c:\windows\Downloaded Program Files\IPSUploader4.inf c:\programme\Java\jre1.5.0_11\bin\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader.ocx O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab c:\windows\Downloaded Program Files\IPSUploader.inf FF - ProfilePath - c:\dokumente und einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\zf4dyu2o.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - plugin: c:\programme\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 13:47:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-11 13:52:21 ComboFix-quarantined-files.txt 2009-01-11 12:51:36 Pre-Run: 12 Verzeichnis(se), 33.473.884.160 Bytes frei Post-Run: 12 Verzeichnis(se), 34,803,208,192 Bytes frei 253 --- E O F --- 2008-12-18 10:36:22 |
|
|
||
11.01.2009, 16:06
Moderator
Beiträge: 7805 |
#11
Wie sieht es derzeit aus mit deinem IE? Ich muss schauen, ob sich schon lohnt das SP3 aufzuspielen....
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
11.01.2009, 16:09
...neu hier
Themenstarter Beiträge: 10 |
#12
Wie meinst du das? Wie es mit ihm aussieht???
|
|
|
||
11.01.2009, 16:16
Moderator
Beiträge: 7805 |
||
|
||
11.01.2009, 16:29
...neu hier
Themenstarter Beiträge: 10 |
#14
Ja, leider, aber wie gesagt nur auf bestimmten seiten!! Woran liegt das denn???
|
|
|
||
11.01.2009, 16:35
Moderator
Beiträge: 7805 |
||
|
||
Kann mir vielleicht einer helfen. Würde mich echt drüber freuen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:31, on 11.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\TBPanel.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Browser Mouse\mouse32a.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programme\PAYBACK\Toolbar\PTUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\IncrediMail\bin\IMApp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\IncrediMail\bin\IncMail.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PAYBACK Toolbar Helper - {BCD62654-FC96-4D95-8BF2-9EB17DB750CF} - C:\Programme\PAYBACK\Toolbar\paybacktoolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PAYBACK Toolbar - {CE72F36A-F05D-4ECE-9912-96156ECE06AC} - C:\Programme\PAYBACK\Toolbar\paybacktoolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LDM] C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic] C:\DOKUME~1\Britta\LOKALE~1\Temp\ImInstaller\Magentic\magentic_install[1].exe -startup -product Magentic
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PAYBACK Toolbar Updater (PTUpdater) - Loyalty Partner GmbH - C:\Programme\PAYBACK\Toolbar\PTUpdater.exe