HILFE!!! Internet Explorer!!!

derlenny · 19.07.2007, 08:07

hi, ich habe das problem, dass sich der internet explorer ständig von allein öffnet...manchmal mit Werbung, manchmal leer..
ich kenne mich noch nicht so aus, also bitte einzelne schritte beschreiben.
hier das logfile:
Logfile of HijackThis v1.99.1
Scan saved at 09:00:07, on 19.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\PowerDVD\PDVDServ.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\G-series Software\LCDMon.exe
E:\G-series Software\LGDCore.exe
D:\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
D:\QuickTime\qttask.exe
D:\BearShare\BearShare.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
E:\G-series Software\Applets\LCDPop3\LCDPOP3.exe
E:\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
E:\G-series Software\Applets\LCDMedia.exe
D:\Steam\Steam.exe
E:\G-series Software\Applets\LCDClock.exe
C:\PROGRA~1\WNSXS~1\rundll32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DOKUME~1\Lennart\LOKALE~1\Temp\Rar$EX00.390\HijackThis.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl] D:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LCDMon] "E:\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "E:\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "D:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpuk.dll,startup
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Diad] "C:\PROGRA~1\WNSXS~1\rundll32.exe" -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?ff6299d159084b87b4421a38e25ce0e5
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?ff6299d159084b87b4421a38e25ce0e5
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6ICQ6\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.schuelervz.net/photouploader/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe

bitte meldet euch schnell...

Rene-gad · 19.07.2007, 08:23

@derlenny
Bitte die DateiC:\PROGRA~1\WNSXS~1\rundll32.exe bei www.virustotal.com auswerten, Scanprotokoll hier posten (Markieren-Kopieren-Einfügen).
PS: Bereite dich seelisch zum Neuaufsetzen des Systems vor, da das nicht das einzige Problem ist.

derlenny · 19.07.2007, 09:22

Antivirus Version Last Update Result
AhnLab-V3 2007.7.18.0 2007.07.19 Win-Trojan/Purityscan.72704.G
AntiVir 7.4.0.44 2007.07.19 TR/Dldr.PurityScan.EJ
Authentium 4.93.8 2007.07.19 W32/Trojan.APCY
Avast 4.7.997.0 2007.07.18 Win32:Purityscan-Q
AVG 7.5.0.476 2007.07.18 Downloader.Generic4.RGB
BitDefender 7.2 2007.07.19 Adware.Purityscan.BH
CAT-QuickHeal 9.00 2007.07.18 TrojanDownloader.PurityScan.e
ClamAV devel-20070416 2007.07.19 no virus found
DrWeb 4.33 2007.07.19 no virus found
eSafe 7.0.15.0 2007.07.17 Spyware.Purityscan
eTrust-Vet 30.8.3793 2007.07.18 Win32/Clspring!generic
Ewido 4.0 2007.07.18 Downloader.PurityScan.ej
FileAdvisor 1 2007.07.19 no virus found
Fortinet 2.91.0.0 2007.07.19 W32/EV!tr.dldr
F-Prot 4.3.2.48 2007.07.19 W32/Trojan.APCY
F-Secure 6.70.13030.0 2007.07.19 Trojan-Downloader.Win32.PurityScan.ej
Ikarus T3.1.1.8 2007.07.19 Trojan-Downloader.Win32.PurityScan.ej
Kaspersky 4.0.2.24 2007.07.19 Trojan-Downloader.Win32.PurityScan.ej
McAfee 5077 2007.07.18 Downloader-EV
Microsoft 1.2704 2007.07.19 Adware:Win32/ClickSpring
NOD32v2 2405 2007.07.18 Win32/TrojanDownloader.PurityScan
Norman 5.80.02 2007.07.18 no virus found
Panda 9.0.0.4 2007.07.19 Adware/PurityScan
Sophos 4.19.0 2007.07.17 ClickSpring
Sunbelt 2.2.907.0 2007.07.19 ClickSpring.PuritySCAN
Symantec 10 2007.07.19 Adware.Purityscan
TheHacker 6.1.7.149 2007.07.18 no virus found
VBA32 3.12.2.1 2007.07.19 Trojan-Downloader.Win32.PurityScan.ej
VirusBuster 4.3.26:9 2007.07.19 Trojan.DL.PurityScan.GJ
Webwasher-Gateway 6.0.1 2007.07.19 Trojan.Dldr.PurityScan.EJ
Aditional information
File size: 72704 bytes
MD5: 05ffc97c83e79ad96ac1b08b62539726
SHA1: 2fd26a5a6d44a1b92a4b957fae9c551d480c86a8
packers: UPX
packers: UPX
packers: UPX
packers: UPX
Sunbelt info: PurityScan is an ad supported program that scans the user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.
hier ist es!

derlenny · 29.07.2007, 12:56

system erschossen

und neu aufgesetzt trotzdem danke

HILFE!!! Internet Explorer!!!

Log-Analyse und Auswertung: HILFE!!! Internet Explorer!!!