Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Internet Explorer Pop-Ups+deren Folgen

Internet Explorer Pop-Ups+deren Folgen


Plagegeister aller Art und deren Bekämpfung: Internet Explorer Pop-Ups+deren Folgen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.08.2007, 18:33   #1
RaT
 
Internet Explorer Pop-Ups+deren Folgen - Standard

Internet Explorer Pop-Ups+deren Folgen


Ich habe bereits mind. eine Stunde im Forum nach einen passenden Thema gesucht, habe aber nur ähnliche gefunden ein keins, dass mir recht weiterhelfen konnte.

Seit einiger Zeit öffnet sich dauernd mein IE6 mit Werbepop-ups (kennt man ja). Die Werbung ist für Antiviren/spam Programme die man kaufen soll. ca. alle 2 Minuten kommt ein neues Pop-up (auch wenn ich nicht online bin bzw. in einem LAN!). In der Taskleistete blinkte auch dauernd ein "!" auf, dass ähnlich aussah wie das Windows Update "!". Ich habe Norton (-,-) über den Windows ordner laufen lassen; nichts gefunden. VundoFix hat dann eine datei identifiziert (xmaepbhv.dll) und sie löschen können (glaube ich). Nachdem ich das gemacht habe kamen (bis jetzt) keine Pop-ups mehr und das "!" ist auch weg. Dafür gab es plötzlich auf meinem Desktop 2 Verknüpfungen (Live Safety Center und Online Security Guide) deren ZielORT der IE ist und Ziel(TYP) eine Internet adresse. Ganz wird sie nicht angezeigt nur [i]"h**p://htepo.com/cehpmoin/?cmp_hmrlid=1_1..." (ka ob das wichtig ist). Die Verknüpfungen kamen ganz von selbst und ich würde gerne wissen ob mein Rechner sauber ist. So ganz hat das ja nicht den Anschein :-/

Langer Text, kurzer Sinn. Wäre nett wenn ihr mir irgendwie helfen könntet.

HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 19:10:56, on 16.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\Programme\Norton AntiVirus\navapsvc.exe
G:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Cyberlink\Shared Files\RichVideo.exe
G:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
G:\Programme\SBAudigy LS\Surround Mixer\CTSysVol.exe
G:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
G:\Programme\Logitech\SetPoint\SetPoint.exe
G:\Programme\Opera\Opera.exe
C:\Programme\Java\jre1.5.0_11\bin\jucheck.exe
G:\Programme\WinRAR\WinRAR.exe
G:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://mail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [CTSysVol] G:\Programme\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] G:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ICQ Lite] "G:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] G:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - g:\Programme\Wecker6\WfWIEButton.dll
O9 - Extra 'Tools' menuitem: Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - g:\Programme\Wecker6\WfWIEButton.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176838979703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - G:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - G:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Alt 16.08.2007, 19:44   #2
BataAlexander
> MalwareDB
 
Internet Explorer Pop-Ups+deren Folgen - Standard

Internet Explorer Pop-Ups+deren Folgen


Führe Vundofix aus.
Zitat:
* Doppelklick VundoFix.exe
* Klicke "Scan" --> Vundo button.
* Nach dem Scannen, klicke den "Remove" Vundo button.
* Man wird nun gefragt, ob man "remove" will --> klicke YES
* Danach werden alle Desktop-Symbole verschwinden
* Dann wird man gefragt, ob der PC neustarten soll --> klicke OK.

C:\VundoFix Backups - löschen + Papierkorb leeren
Dann führe Combofix aus.
Zitat:
** schliesse alle Programme und Anwendungen
** Lade combofix
** doppelklick: combofix.exe
** schreibe "Y"
Poste die Logfiles beider Programme hier.

Bata
__________________
Alt 16.08.2007, 22:01   #3
RaT
 
Internet Explorer Pop-Ups+deren Folgen - Standard

Internet Explorer Pop-Ups+deren Folgen


Also der VundoFix hat nichts mehr gefunden. Und wo das Logfile von VundoFix ist weiß ich nicht.
Hier der Log von ComboFix:

ComboFix 07-08-14.4 - "NAME" 2007-08-16 22:48:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.727 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pmkhe.dll


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-16 22:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 20:30 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-08-16 20:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-08-16 20:30 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-08-16 20:30 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-08-16 20:30 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-16 20:30 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-08-16 20:30 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-08-16 20:30 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-16 20:30 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-16 20:30 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-08-16 20:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-08-16 20:30 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-08-16 20:30 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-16 20:30 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-08-16 20:30 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-08-16 20:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-08-16 20:30 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-08-16 20:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-08-16 20:30 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-08-16 20:30 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-08-16 20:30 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-16 20:29 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-16 18:57 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-08-16 18:54 <DIR> d-------- C:\VundoFix Backups
2007-08-16 16:17 131,680 --------- C:\WINDOWS\system32\xmaepbhv.dll
2007-08-16 16:12 43,542 --a------ C:\WINDOWS\system32\iifdaxy.dll
2007-08-14 19:53 <DIR> d-------- C:\Programme\MSXML 6.0
2007-08-14 00:29 <DIR> d-------- C:\DOKUME~1\NAME\ANWEND~1\Logitech
2007-08-14 00:28 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-08-14 00:26 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-08-14 00:26 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-08-14 00:26 52,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-08-14 00:26 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-08-14 00:26 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-07-27 11:09 <DIR> d-------- C:\DOKUME~1\NAME\ANWEND~1\InstallShield Installation Information
2007-07-26 17:22 <DIR> d-------- C:\DOKUME~1\NAME\ANWEND~1\Apple Computer
2007-07-26 17:21 <DIR> d-------- C:\Programme\iPod
2007-07-26 17:19 <DIR> d-------- C:\Programme\QuickTime
2007-07-26 17:19 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
2007-07-26 17:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-26 17:18 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-07-26 17:18 <DIR> d-------- C:\Programme\Apple Software Update
2007-07-26 17:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
2007-07-22 15:13 <DIR> d-------- C:\DOKUME~1\NAME\ANWEND~1\CyberLink
2007-07-22 15:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\CyberLink
2007-07-22 14:53 <DIR> d-------- C:\Programme\Cyberlink
2007-07-16 09:37 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-16 09:37 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-16 09:37 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-07-16 09:37 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-16 08:01 <DIR> d-------- C:\DOKUME~1\NAME\ANWEND~1\COWON
2007-07-16 07:59 <DIR> d-------- C:\Programme\Gemeinsame Dateien\COWON


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 15:42 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-08-14 00:26 --------- d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-07-25 20:14 --------- d-------- C:\DOKUME~1\NAME\ANWEND~1\Hamachi
2007-07-24 19:05 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-07-19 08:56 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 07:58 --------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-13 00:33 --------- d-------- C:\Programme\AOL 9.0
2007-07-10 18:02 --------- d-------- C:\Programme\MSXML 4.0
2007-07-07 18:18 --------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-07-07 08:21 --------- d-------- C:\Programme\Creative
2007-07-03 07:48 --------- d-------- C:\Programme\Gemeinsame Dateien\aol
2007-07-01 01:37 --------- d-------- C:\Programme\Gemeinsame Dateien\aolshare
2007-07-01 01:37 --------- d-------- C:\DOKUME~1\NAME\ANWEND~1\AOL
2007-07-01 01:36 --------- d-------- C:\Programme\Viewpoint
2007-07-01 01:36 --------- d-------- C:\Programme\Learn2.com
2007-07-01 01:36 --------- d-------- C:\Programme\Gemeinsame Dateien\Nullsoft
2007-07-01 01:36 --------- d-------- C:\DOKUME~1\NAME\ANWEND~1\You've Got Pictures Screensaver
2007-07-01 01:35 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-07-01 01:35 --------- d-------- C:\Programme\Real
2007-07-01 01:35 --------- d-------- C:\Programme\Gemeinsame Dateien\Real
2007-06-27 16:05 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:05 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:05 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:05 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:05 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:05 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:05 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:05 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:05 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:05 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:05 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:04 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:04 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:04 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:04 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:04 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:04 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:04 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:04 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:04 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 19:32 --------- d-------- C:\Programme\Vstplugins
2007-06-26 19:31 --------- d-------- C:\DOKUME~1\NAME\ANWEND~1\Sony
2007-06-26 19:31 --------- d-------- C:\DOKUME~1\NAME\ANWEND~1\Publish Providers
2007-06-26 19:08 --------- d-------- C:\Programme\Microsoft SQL Server
2007-06-26 08:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 15:14 --------- d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2007-06-17 15:14 --------- d-------- C:\Programme\AVSMedia
2007-06-13 15:21 1036288 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:21 1036288 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-17 13:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 13:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-16 17:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:11 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:11 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:11 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:11 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="G:\Programme\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-02 09:53]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"zBrowser Launcher"="G:\Programme\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15]
"ICQ Lite"="G:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2003-08-19 20:21]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2003-08-22 21:17]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"LDM"="G:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-14 00:28]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Logitech Desktop Messenger.lnk - G:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-14 00:28:30]
Logitech SetPoint.lnk - G:\Programme\Logitech\SetPoint\SetPoint.exe [2007-08-14 00:26:43]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"G:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"G:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
g:\Programme\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
G:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
g:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"G:\Programme\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
G:\Programme\Winamp\winampa.exe

R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
R3 P17;Creative SB Audigy LS;C:\WINDOWS\system32\drivers\P17.sys
S3 CEDRIVER50;CEDRIVER50;\??\g:\Programme\Cheat Engine\DBK32.sys
S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
S3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
S3 ShadowDefence;Shadow Defence;\??\C:\DOKUME~1\NAME\LOKALE~1\Temp\SDef.sys


Contents of the 'Scheduled Tasks' folder
2007-04-28 08:48:21 C:\WINDOWS\Tasks\Part 10.job
2007-08-16 20:52:40 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 22:51:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-16 22:54:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 22:54

--- E O F ---
__________________
Alt 17.08.2007, 00:13   #4
BataAlexander
> MalwareDB
 
Internet Explorer Pop-Ups+deren Folgen - Standard

Internet Explorer Pop-Ups+deren Folgen


Das Vundo Log liegt unter c:\vundoFix.txt

Lade Dir Avenger:

- Input script manually (anhaken)
- die "Lupe" rechts anklicken - View/edit script (wird sich öffnen)
- kopiere rein:
Zitat:
Folders to delete:
C:\VundoFix Backups

Files to delete:
C:\WINDOWS\system32\xmaepbhv.dll
C:\WINDOWS\system32\iifdaxy.dll
- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)
- Klicke die grüne Ampel
- das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten

Poste das Avenger Log, zusammen mit einem neuen HJT Log.

Bata

Alt 17.08.2007, 07:43   #5
RaT
 
Internet Explorer Pop-Ups+deren Folgen - Standard

Internet Explorer Pop-Ups+deren Folgen


So hier nochmal der VundoFix log (die xmaepbhv.dll scheint er doch nicht gelöscht zu haben):


VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 18:54:32 16.08.2007

Listing files found while scanning....

C:\WINDOWS\system32\xmaepbhv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xmaepbhv.dll
C:\WINDOWS\system32\xmaepbhv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xmaepbhv.dll
C:\WINDOWS\system32\xmaepbhv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 22:44:44 16.08.2007

Listing files found while scanning....

No infected files were found.


Avenger log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\abetcqjp

*******************

Script file located at: \??\C:\ulrtywrf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\VundoFix Backups deleted successfully.
File C:\WINDOWS\system32\xmaepbhv.dll deleted successfully.
File C:\WINDOWS\system32\iifdaxy.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 08:40:13, on 17.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\Programme\Norton AntiVirus\navapsvc.exe
G:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Cyberlink\Shared Files\RichVideo.exe
G:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
G:\Programme\SBAudigy LS\Surround Mixer\CTSysVol.exe
G:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
G:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
G:\Programme\Opera\Opera.exe
G:\Programme\ANTIVIRUSPROGRAMME\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://mail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTSysVol] G:\Programme\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] G:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ICQ Lite] "G:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] G:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] G:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - g:\Programme\Wecker6\WfWIEButton.dll
O9 - Extra 'Tools' menuitem: Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - g:\Programme\Wecker6\WfWIEButton.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176838979703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {11219217-9735-4D80-A331-95DCC7E6CC50} - G:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - G:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - G:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Danke für deine Hilfe =)

__________________
Mit freundlichen Grüßen,
RaT
Geändert von RaT (17.08.2007 um 07:45 Uhr) Grund: http --> h**p Ausbesserung vergessen

Antwort

Themen zu Internet Explorer Pop-Ups+deren Folgen
adobe, antivirus, bho, cyberlink, desktop, drivers, excel, explorer, internet, internet explorer, lan, löschen, nicht angezeigt, object, opera, ordner, pdf, pop-ups, programme, security, shockwave, software, symantec, system, taskleiste, von selbst, werbung, windows, windows xp, öffnet


« Kann keine Programme mehr öffnen (".INK) | java console »


Ähnliche Themen: Internet Explorer Pop-Ups+deren Folgen


  1. Windows 7 Internet Explorer langsam Internet Explorer reagiert lahm oder gar nicht
    Log-Analyse und Auswertung - 28.05.2014 (15)
  2. Prüft Norton Internet Security alle .EXE-Files vor deren Ausführung oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 27.09.2013 (7)
  3. Funshion (Software aus China) und deren Folgen: 457 Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 28.05.2012 (5)
  4. Probleme mit internet explorer: C:\Programm files\Internet Explorer\iexplorer.exe ist keine Win 32 A
    Log-Analyse und Auswertung - 19.09.2011 (1)
  5. Avast Web Schutz verhindert Internet-Zugang über Firefox/Internet Explorer
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2011 (7)
  6. Virenscanner und deren Komponente
    Antiviren-, Firewall- und andere Schutzprogramme - 14.11.2010 (22)
  7. Kann nur mit dem Internet Explorer ins Internet, Antivirenprogramm aktuallisiert sich nicht
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (11)
  8. Internet Explorer 2 x im Taskmanager und Internet-Explorer + System furchtbar langsam
    Log-Analyse und Auswertung - 24.09.2010 (7)
  9. Internet Explorer und Firefox kommen nicht ins Internet
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (71)
  10. Trojan.Pidief und seine (?) Folgen - explorer.exe startet nicht - direkte Abmeldung
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (1)
  11. Windows Internet Explorer bereitgestellt von 1&1 Internet AG
    Log-Analyse und Auswertung - 06.05.2009 (2)
  12. Explorer öffnet sich einfach mit nem Virenscan, folgen: expl + outlook sehr langsam
    Log-Analyse und Auswertung - 24.01.2009 (6)
  13. Internet Explorer hängt, Internet Probleme!
    Log-Analyse und Auswertung - 26.11.2008 (1)
  14. internet geht zäh, internet windows explorer spinnt
    Log-Analyse und Auswertung - 20.11.2008 (20)
  15. GData Internet Security 2007 und installiert und der Internet Explorer läuft nicht
    Antiviren-, Firewall- und andere Schutzprogramme - 25.01.2007 (1)
  16. iexplore.exe (NICHT Internet Explorer) versucht auf das Internet zuzugreifen!
    Plagegeister aller Art und deren Bekämpfung - 11.04.2006 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internet Explorer Pop-Ups+deren Folgen - Ich habe bereits mind. eine Stunde im Forum nach einen passenden Thema gesucht, habe aber nur ähnliche gefunden ein keins, dass mir recht weiterhelfen konnte. Seit einiger Zeit öffnet sich - Internet Explorer Pop-Ups+deren Folgen...
Archiv
Du betrachtest: Internet Explorer Pop-Ups+deren Folgen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130