Explorer öffnet automatisch Werbung

#0
15.03.2009, 17:54
...neu hier

Beiträge: 2
#1 Hi an alle, ich hab das Thema hier schon gefunden und es steht, dass man den Log in einem Sicherheitsforum eröffnen soll. Ok ich versuch das jetzt mit dem Combofix und melde mich dann hier wieder.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:57, on 15.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Alice\Signup\AliceCnn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DA2F98-7724-4B9C-B9C5-69552CDA263D}: NameServer = 62.109.123.6 213.191.92.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDA8D359-1F05-49B8-8A32-77D7A1DB15B1}: NameServer = 213.191.92.82,213.191.92.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{40DA2F98-7724-4B9C-B9C5-69552CDA263D}: NameServer = 62.109.123.6 213.191.92.87
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 11473 bytes


hab irgendwie nicht richtig einen plan wie ich hier anständig im forum poste ich hoffe ihr verzeiht mir



und hier der letzte punkt

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Agere Systems HDA Modem
Alice-Installationsdateien entfernen
Alphaload Software 4.1.7
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B14
Ashampoo WinOptimizer 2009 Advanced
ATI Uninstaller
Audio 180%
AVIcodec (remove only)
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bonjour
Broadcom NetXtreme Ethernet Controller
bwin Poker (remove only)
ccc-Branding
Credential Manager for HP ProtectTools
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ESU for Microsoft Vista
Favorit
Free Registry Cleaner for Vista 1.0
Full Tilt Poker
Google Toolbar for Internet Explorer
Google Updater
Hervorhebe-Funktion (Windows Live Toolbar)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP BIOS Configuration for ProtectTools
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.20 F2
HP Update
HP User Guides 0064
HP Wireless Assistant
InterVideo DVD Check
InterVideo WinDVD
iPod for Windows 2005-09-23
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
king.com (remove only)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (German) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.7)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Premium
neroxml
Pacific Poker
PDF Complete
QuickPar 0.9
QuickTime
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
SoundMAX
Spyware Doctor 6.0
ST Wiederherstellungs- & Sicherungsprogramme
Synaptics Pointing Device Driver
Titan Poker
TuneUp Utilities 2008
TVUPlayer 2.4.1.0
Universal Document Converter
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Vista Default Settings
Windows Live Anmelde-Assistent
Windows Live Favorites für Windows Live Toolbar
Windows Live Fotogalerie
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
Windows Live Writer
WinHex
WinRAR
Yahoo! Install Manager
Yahoo! Toolbar
Zuma Deluxe RA

bitte bitte verzeihung , dass ich nicht wusste wie ich meine logs richtig einfüge hoffe ihr blickt noch durch.

Tausend Dank ;)

ok punkt 2 hab ich auch gemacht Datenträgerbereinigung und hier Punkt 3 noch
Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1852
Windows 6.0.6001 Service Pack 1

15.03.2009 20:22:58
mbam-log-2009-03-15 (20-22-58).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 62777
Laufzeit: 4 minute(s), 46 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Dieser Beitrag wurde am 15.03.2009 um 20:25 Uhr von happyd editiert.
Seitenanfang Seitenende
15.03.2009, 18:12
Member

Beiträge: 3716
#2 Hallo, genau abarbeiten, logs posten:
http://board.protecus.de/t23187.htm
Seitenanfang Seitenende
15.03.2009, 18:33
...neu hier

Themenstarter

Beiträge: 2
#3 ComboFix 09-03-14.01 - Dijana 2009-03-15 18:03:45.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1031.18.1407.643 [GMT 1:00]
ausgeführt von:: c:\users\Dijana\Desktop\ComboFix.exe
.
[color=purple]Die folgenden Dateien wurden während des Laufs deaktiviert:[/color]
c:\windows\system32\APSHook.dll


(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Dijana\AppData\Local\ssyyqyy.dat
c:\users\Dijana\AppData\Local\ssyyqyy.exe
c:\users\Dijana\AppData\Local\ssyyqyy_nav.dat
c:\users\Dijana\AppData\Local\ssyyqyy_navps.dat
F:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2009-02-15 bis 2009-03-15 ))))))))))))))))))))))))))))))
.

2009-03-11 08:25 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:25 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 08:25 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:25 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:25 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:25 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-07 15:36 . 2009-03-07 15:36 <DIR> d-------- c:\users\All Users\TVU Networks
2009-03-07 15:36 . 2009-03-07 15:36 <DIR> d-------- c:\programdata\TVU Networks
2009-03-07 15:35 . 2009-03-07 15:35 <DIR> d-------- c:\program files\TVUPlayer
2009-03-05 20:53 . 2009-03-05 20:53 <DIR> d-------- c:\users\All Users\Avira
2009-03-05 20:53 . 2009-03-05 20:53 <DIR> d-------- c:\programdata\Avira
2009-03-04 18:15 . 2009-03-04 18:15 <DIR> d-------- c:\program files\Free Registry Cleaner for Vista
2009-03-04 18:11 . 2009-03-04 18:11 25,099 --a------ c:\windows\System32\TuneUpDefragService_20090304-171128.dmp
2009-03-04 17:56 . 2009-03-04 17:56 25,099 --a------ c:\windows\System32\TuneUpDefragService_20090304-165659.dmp
2009-03-04 16:52 . 2009-03-04 16:52 25,099 --a------ c:\windows\System32\TuneUpDefragService_20090304-155217.dmp
2009-03-04 16:32 . 2009-03-04 16:32 <DIR> d-------- c:\users\Dijana\AppData\Roaming\TuneUp Software
2009-03-04 16:32 . 2009-03-04 16:32 307,968 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-03-04 16:32 . 2008-02-27 13:15 28,416 --a------ c:\windows\System32\uxtuneup.dll
2009-03-04 16:32 . 2008-02-27 13:15 16,640 --a------ c:\windows\System32\authuitu.dll
2009-03-04 16:31 . 2009-03-04 16:31 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-03-04 16:31 . 2009-03-04 16:31 <DIR> d-------- c:\programdata\TuneUp Software
2009-03-04 16:31 . 2009-03-04 16:32 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2009-03-04 16:30 . 2009-03-04 16:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 17:14 --------- d---a-w c:\programdata\TEMP
2009-03-14 22:29 --------- d-----w c:\programdata\Google Updater
2009-03-13 07:28 --------- d-----w c:\program files\Spyware Doctor
2009-03-11 16:13 --------- d-----w c:\program files\Windows Mail
2009-03-11 08:41 --------- d-----w c:\programdata\Microsoft Help
2009-03-05 19:47 --------- d-----w c:\program files\Hewlett-Packard
2009-02-09 15:26 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-09 15:26 --------- d-----w c:\program files\iTunes
2009-02-09 15:26 --------- d-----w c:\program files\iPod
2009-02-09 15:26 --------- d-----w c:\program files\Common Files\Apple
2009-02-09 15:24 --------- d-----w c:\program files\QuickTime
2009-02-04 09:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 09:00 --------- d-----w c:\users\Dijana\AppData\Roaming\Samsung
2009-02-04 08:43 --------- d-----w c:\programdata\Roxio
2009-02-04 08:43 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-04 08:42 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-04 08:32 --------- d-----w c:\program files\Roxio
2009-02-04 08:31 --------- d-----w c:\program files\Paint.NET
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2008-12-20 21:31 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-06-09 14:48 174 --sha-w c:\program files\desktop.ini
2007-12-14 12:12 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-14 12:12 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-14 12:12 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-11-01 20:16 22 --sha-w c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-11-03 1168264]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-09-20 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CognizanceTS"=rundll32.exe c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A811193F-D4CA-4BBA-A299-DBA473982096}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6BF4D0AB-6A74-49A2-89A2-9BFC63FBB1F7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7EBA6419-D7B9-4D98-949E-8A0FE866834F}c:\\users\\dijana\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\dijana\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{C376C33A-135B-4CBE-8223-9ECE5FDF38AA}c:\\users\\dijana\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\dijana\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"{46E9307C-0AAB-4F52-9ACE-FBCEDA6A48D0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B2475A4C-1142-479C-A8F7-B0082CAD8AB6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{064B120D-CF3A-4D60-8722-D81A9412D71C}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{2E3B9E50-BC49-45EB-96EF-A48C984E2D32}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{ED1A9FCD-A263-46A7-B917-920C89F0A6A3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1131B665-328F-4D1F-AB3B-9E2750D3DB02}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{759332E5-19BE-40A9-A791-EFCEBCB040E1}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{ECD4EA30-3952-4E74-B6E2-4D82B93D5542}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-06-30 179712]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNMp50.sys [2006-11-28 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\System32\drivers\PDNSp50.sys [2006-11-28 27072]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mchInjDrv
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e45e850-6772-11dc-9380-806e6f6e6963}]
\shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler START.HTM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2009-03-04 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 09:58]

2008-04-04 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{457D364B-FA27-4292-B6E6-710D4D690DCA}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-ssyyqyy - c:\users\dijana\appdata\local\ssyyqyy.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/
mStart Page = hxxp://alice.aol.de
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {EDA8D359-1F05-49B8-8A32-77D7A1DB15B1} = 213.191.92.82,213.191.92.84
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Dijana\AppData\Roaming\Mozilla\Firefox\Profiles\zwzkn75n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 18:13:57
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(648)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(2740)
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-03-15 18:21:46 - PC wurde neu gestartet [Dijana]
ComboFix-quarantined-files.txt 2009-03-15 17:21:12

Vor Suchlauf: 8,228,073,472 Bytes frei
Nach Suchlauf: 7,882,059,776 Bytes frei

257 --- E O F --- 2009-03-12 18:46:14
Seitenanfang Seitenende
15.03.2009, 19:53
Member

Beiträge: 3716
#4 der rest fehlt noch ;-)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »