ie7 öffnet ständig unerwünschte fenster

bailarin · 29.01.2008, 20:05

Hallo,

ich habe seit paar Tagen das Problem,dass wenn ich im Internet surfe (benutze Firefox als Browser) ständig neue Fenster im IE7 aufgerufen werden. Ich habe schon versucht das Problem mit diversen Programmen gegen Viren, Spy and Adware zu lösen,leider bis jetzt erfolglos. Also wende ich mich an euch als letzte Hoffnung!

Hier ist mein HJT Log-File:
Logfile of HijackThis v1.99.1
Scan saved at 19:16:49, on 29.1.2008 ?.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sunbelt Software\CounterSpy\CounterSpy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Ich bedanke mich für die Hilfe im Voraus!!!

**Sunny** · 29.01.2008, 21:11

Hallo bailarin und Willkommen!

Arbeite zunächst diese Punkte ab, damit wir einen besseren Überblick und mehr Informationen zu deinem System bekommen:

Anleitung SmitfraudFix:

Lade dir dieses Tool -> SmitfraudFix
-Starte es dann und lass das System durchsuchen. (Option 1)
-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans

ComboFix

-Lade dir das Tool hier herunter -> KLICK
-Starte nun die combofix.exe, bestätige mit (Y)es, lass die Bereinigung durchlaufen
und kopiere nun den Text ab, und füge ihn in deinen Beitrag im Board ein!

bailarin · 29.01.2008, 23:22

Hallo,

vielen Dank erstmal für die schnelle Antwort.

Anbei die 2 Egebnisse:
- smitfraudfix
SmitFraudFix v2.277

Scan done at 22:56:03,04, 29.01.2008 ?.
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\**

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\**\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\**\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E43C7C1-087D-409C-97A8-EE3A1BA9DC8C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E43C7C1-087D-409C-97A8-EE3A1BA9DC8C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1E43C7C1-087D-409C-97A8-EE3A1BA9DC8C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------------------------------------------------------------------------
-Combofix
ComboFix 08-01-30.1 - ** 2008-01-29 23:04:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.471 [GMT 1:00]
Running from: C:\Documents and Settings\**\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msxfcg32.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-29 22:56 . 2008-01-29 22:56 1,484 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-29 22:55 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-29 22:55 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-29 22:55 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-29 22:55 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-29 22:55 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-29 22:55 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 23:53 . 2008-01-30 23:06 58,883 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-28 23:26 . 2008-01-28 23:26 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-01-28 23:26 . 2008-01-28 23:26 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-28 22:46 . 2008-01-28 22:46 <DIR> d-------- C:\Documents and Settings\**\Application Data\Sunbelt Software
2008-01-28 17:26 . 2008-01-28 17:33 <DIR> d-------- C:\Documents and Settings\**\Application Data\Lavasoft
2008-01-26 14:48 . 2008-01-26 14:48 <DIR> d-------- C:\WINDOWS\Sun
2008-01-25 11:29 . 2008-01-25 11:29 <DIR> d-------- C:\Program Files\Skype
2008-01-25 11:29 . 2008-01-25 11:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-25 11:29 . 2008-01-25 20:32 <DIR> d-------- C:\Documents and Settings\**\Application Data\Skype
2008-01-23 18:26 . 2008-01-23 18:26 <DIR> d-------- C:\Program Files\MSECache
2008-01-22 23:51 . 2008-01-26 18:29 292 --a------ C:\WINDOWS\wininit.ini
2008-01-22 23:16 . 2008-01-22 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-22 19:42 . 2008-01-23 17:45 <DIR> d-------- C:\Program Files\Anti-AD Guard 2.1 Pro
2008-01-22 19:42 . 2008-01-23 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anti-AD Guard 2
2008-01-20 16:35 . 2008-01-22 19:57 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-18 14:52 . 2008-01-18 14:52 8,992 --a------ C:\WINDOWS\system32\kbdbph.dll
2008-01-18 13:22 . 2008-01-18 13:29 36 -r-h----- C:\WINDOWS\sued.dat
2008-01-18 13:13 . 2008-01-24 11:54 <DIR> d-------- C:\Program Files\PopupPopper
2008-01-18 13:13 . 2002-02-15 15:02 1,326,080 --a------ C:\WINDOWS\system32\vcl60.bpl
2008-01-18 13:13 . 2002-02-15 15:02 676,352 --a------ C:\WINDOWS\system32\rtl60.bpl
2008-01-18 13:13 . 2001-05-21 23:00 213,504 --a------ C:\WINDOWS\system32\vclx60.bpl
2008-01-18 13:07 . 2008-01-18 13:07 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-18 13:07 . 2008-01-26 22:47 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-01-18 13:07 . 2008-01-18 13:07 <DIR> d-------- C:\Documents and Settings\**\Application Data\SuperAdBlocker.com
2008-01-18 12:53 . 2008-01-18 13:38 <DIR> d-------- C:\Program Files\IE Doctor
2008-01-18 12:39 . 2008-01-18 12:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-17 23:00 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-17 20:45 . 2008-01-17 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-17 18:55 . 2008-01-28 17:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-17 18:55 . 2008-01-18 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 18:41 . 2008-01-17 18:41 <DIR> d-------- C:\Documents and Settings\**\Application Data\CyberLink
2008-01-17 18:38 . 2008-01-17 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-16 21:30 . 2008-01-16 21:30 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-16 21:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-16 18:53 . 2008-01-16 19:08 <DIR> d-------- C:\Program Files\The KMPlayer
2008-01-16 18:26 . 2008-01-16 18:26 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-15 23:57 . 2008-01-15 23:57 <DIR> d-------- C:\Documents and Settings\`**\fontconfig
2008-01-15 23:25 . 2008-01-15 23:25 <DIR> d-------- C:\Documents and Settings\**\Application Data\vlc
2008-01-15 22:06 . 2008-01-15 22:06 86,144 --a------ C:\WINDOWS\system32\drivers\partmgrr.sys
2008-01-15 21:10 . 2008-01-15 21:10 <DIR> d-------- C:\Program Files\CyberLink
2008-01-15 20:36 . 2008-01-15 20:36 <DIR> d-------- C:\Program Files\Azureus
2008-01-15 18:44 . 2007-04-09 12:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-15 18:44 . 2008-01-15 18:51 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-15 18:43 . 2008-01-15 18:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-15 18:43 . 2008-01-15 18:43 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-15 18:42 . 2008-01-15 18:43 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-15 18:41 . 2008-01-15 18:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-15 18:35 . 2008-01-15 18:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-15 18:35 . 2008-01-15 18:35 <DIR> d-------- C:\Documents and Settings\**\Application Data\DAEMON Tools
2008-01-15 18:32 . 2008-01-15 18:32 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-15 17:42 . 2008-01-15 17:42 <DIR> d-------- C:\Documents and Settings\**\Application Data\Nero
2008-01-15 17:40 . 2008-01-15 17:40 <DIR> d-------- C:\Program Files\Nero
2008-01-15 17:40 . 2008-01-15 17:41 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-15 17:40 . 2008-01-15 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-14 22:32 . 2008-01-14 22:32 <DIR> d-------- C:\Documents and Settings\**\Application Data\Comodo
2008-01-14 22:32 . 2008-01-14 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-14 22:29 . 2008-01-17 17:03 <DIR> d-------- C:\Program Files\Comodo
2008-01-14 21:49 . 2008-01-14 21:52 <DIR> d-------- C:\Documents and Settings\**\Application Data\ICQ
2008-01-14 21:48 . 2008-01-14 21:53 <DIR> d-------- C:\Program Files\ICQ6
2008-01-14 21:14 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-14 19:29 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-13 20:20 . 2008-01-13 20:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-13 20:20 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-13 20:20 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-13 20:20 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-13 20:18 . 2008-01-13 20:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-13 20:18 . 2008-01-13 20:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-13 19:55 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-13 19:53 . 2008-01-25 11:30 <DIR> d-------- C:\Documents and Settings\**\Application Data\skypePM
2008-01-13 19:53 . 2008-01-13 19:53 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-13 19:50 . 2008-01-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-13 19:37 . 2008-01-13 19:37 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2008-01-13 19:36 . 2008-01-13 19:36 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-01-13 19:36 . 2008-01-13 19:38 <DIR> d-------- C:\Program Files\AlienGUIse
2008-01-13 19:36 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-01-13 19:36 . 2008-01-13 19:36 56 --a------ C:\WINDOWS\wb.ini
2008-01-13 19:26 . 2008-01-13 19:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-13 19:24 . 2008-01-17 17:11 <DIR> d-------- C:\Documents and Settings\**\Application Data\AVG7
2008-01-13 19:24 . 2008-01-13 19:24 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-13 19:23 . 2008-01-17 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-13 19:17 . 2008-01-13 19:17 <DIR> d--hs---- C:\Documents and Settings\**\UserData
2008-01-13 19:14 . 2008-01-17 23:00 <DIR> d-------- C:\Documents and Settings\**\Application Data\Azureus
2008-01-13 19:14 . 2008-01-13 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-13 19:11 . 2008-01-13 19:11 <DIR> d-------- C:\Program Files\FreePDF_XP
2008-01-13 19:11 . 2008-01-25 17:58 <DIR> d-------- C:\Documents and Settings\All Users\FreePDF
2008-01-13 19:11 . 2005-01-06 18:33 119,152 --a------ C:\WINDOWS\system32\redmon.hlp
2008-01-13 19:11 . 2005-01-06 18:33 116,224 --a------ C:\WINDOWS\system32\redmonnt.dll
2008-01-13 19:11 . 2005-01-06 18:33 45,056 --a------ C:\WINDOWS\system32\unredmon.exe
2008-01-13 19:10 . 2008-01-13 19:11 <DIR> d-------- C:\Program Files\gs
2008-01-13 19:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-13 19:08 . 2008-01-15 21:23 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-13 19:07 . 2008-01-16 19:47 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-13 19:05 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 20:31 --------- d-----w C:\Program Files\Java
2008-01-13 18:45 --------- d-----w C:\Program Files\Intel
2008-01-13 17:53 --------- d-----w C:\Program Files\Common Files\Java
2008-01-13 17:49 --------- d-----w C:\Program Files\Dell
2008-01-13 17:49 --------- d-----w C:\Documents and Settings\**\Application Data\InstallShield
2008-01-13 17:42 --------- d-----w C:\Program Files\WIDCOMM
2008-01-13 17:38 --------- d-----w C:\Program Files\Broadcom
2008-01-13 17:37 --------- d-----w C:\Program Files\Synaptics
2008-01-13 17:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-13 17:36 --------- d-----w C:\Program Files\DIFX
2008-01-13 17:33 --------- d-----w C:\Program Files\CONEXANT
2008-01-13 17:32 --------- d-----w C:\Program Files\SigmaTel
2008-01-13 16:35 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-13 16:31 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2008-01-19 12:36 1564672]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 11:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2008-01-19 12:36 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 partmgrr;partmgrr;C:\WINDOWS\system32\drivers\partmgrr.sys [2008-01-15 22:06]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 10:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 15:02]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 16:19:26 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-29 17:27:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:07:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
.
**************************************************************************
.
Completion time: 2008-01-30 23:08:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 22:08:27
.
2008-01-25 09:55:47 --- E O F ---

Na,dann hoffe ich es hilft weiter!

Danke!

bailarin · 30.01.2008, 20:38

Hallo,

bitte um Überprüfung der letzten 2 Ergebnisse,da ich sie nicht interpretieren kann und ich weiss nicht was zu tun ist.

Bitte helfen!!!
Es macht kein Spass zu surfen,da sich ständig leere Fenster im IE öffnen.

Danke!!!

ie7 öffnet ständig unerwünschte fenster

Log-Analyse und Auswertung: ie7 öffnet ständig unerwünschte fenster