Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem mit "popunder adsrevenue" und ähnlichem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.02.2008, 11:41   #1
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Hallo zusammen!

Nach längerer Zeit als passiver Leser werde ich heute aktiv und wende mich mit meinem Problem an euch.
Wie ich gelesen habe, haben andere ein ähnliches Problem, aber leider war da nie eine passende Lösung für meinen Fall dabei.

Erstmal zu meiner Lage. Von Zeit zu Zeit öffnet sich ein IE Fenster ohne Webadresse, was aber zur folge hat, das meine eigentlich gerade geöffnete Seite dann auf irgendeine Werbeseite geleitet wird. Couponhit oder Direktrabatte sind zwei von denen, die mein Virenscanner, Avira Premium Security Suite als HTML/Infected.Web.Page in die Quarantäne verschoben hat.

Divere Einsätze von Adaware, AVG Antispyware, SUPER Anti Spyware und Spybot brachten nicht den gewünschten erfolg.

Als ich dann von HijackThis hörte hatte ich auch den angewendt und online auswerten lassen und alles schädliche beheben lassen. Vielleicht findet hier aber jemand noch den Stein der Weißen?

Ich poste nun meine aktuelle Hijack "Liste"...

Und vielleicht auch noch vorweg... Ich bezeichne mich selbst als "Halb-DAU", daher bitte nicht zu kompliziert schreiben.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37, on 2008-02-29
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\aol\1200149733\ee\aolsoftware.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\3gp Player\3gpPlayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\QIP\qip.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [3gp Player] "C:\Program Files\3gp Player\3gpPlayer.exe" hmw
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk.disabled
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: Dienst-Manager.lnk.disabled
O4 - Global Startup: MotionSD STUDIO - Autostart SD Browser -.lnk.disabled
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 13868 bytes

Alt 29.02.2008, 13:34   #2
undoreal
/// AVZ-Toolkit Guru
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Hallo Madeye.

Zitat:
auswerten lassen und alles schädliche beheben lassen
Das ist meist keine sehr gute Idee da wir nun nicht mehr sehen was dort nicht sauber war..
Kannst du uns bitte posten was du gefixt hast.?. Wenn HJT in einem eigen Ordner liegt solltest du die Einträge über die Backup-Funktion finden..
__________________

__________________

Alt 29.02.2008, 13:43   #3
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Das ist dann natürlich blöde

Ich habe ein "R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info"
"O2 - BHO: NCO 2.0 IE BHO - {602ADBOE-4AFF-4217-8AA1-95DAC4DFA408} - (no file)"
"O3 -Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)"

Kann man auch sehen was ich mit Spybot entfernt habe?
__________________

Alt 29.02.2008, 14:29   #4
undoreal
/// AVZ-Toolkit Guru
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



O.k.

Spybot sollte ein Log erstellt haben. Dies kannst du uns auch noch zukommen lassen..
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 29.02.2008, 14:40   #5
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Dann fange ich mal an damit...

12.02.2008 13:39:43 Erlaubt (based on user decision) value "Shockwave Updater" (new data: "") gelöscht in System Startup user entry!
12.02.2008 13:39:58 Erlaubt (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") hinzugefügt in Session manager!
12.02.2008 13:40:27 Erlaubt (based on user decision) value "ExcludeFromKnownDlls" (new data: "") hinzugefügt in Session manager!
12.02.2008 13:40:48 Erlaubt (based on user decision) value "Shockwave Updater" (new data: ""C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe" -Update -1020023 -iexplore.exe7.0") hinzugefügt in System Startup user entry!
12.02.2008 13:59:46 Erlaubt (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Dominik\AppData\Local\Temp\IXP000.TMP\"") hinzugefügt in System Startup global entry!
12.02.2008 13:59:49 Erlaubt (based on user decision) value "wextract_cleanup0" (new data: "") gelöscht in System Startup global entry!
12.02.2008 15:56:08 Erlaubt (based on user decision) value "Shockwave Updater" (new data: "") gelöscht in System Startup user entry!
12.02.2008 15:58:22 Erlaubt (based on user decision) value "SpybotSD TeaTimer" (new data: "") gelöscht in System Startup user entry!
12.02.2008 15:58:24 Erlaubt (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") gelöscht in Browser Helper Object!
12.02.2008 16:02:42 Erlaubt (based on user decision) value "InstallShieldSetup" (new data: "C:\PROGRA~1\INSTAL~1\{48BB8~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{48BB8~1\reboot.ini -l0x0007") hinzugefügt in System Startup global entry!



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-02-14 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-02-13 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-02-13 Includes\DialerC.sbi
2008-02-13 Includes\HeavyDuty.sbi
2008-02-13 Includes\Hijackers.sbi
2008-02-13 Includes\HijackersC.sbi
2008-02-13 Includes\Keyloggers.sbi
2008-02-13 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-02-13 Includes\Malware.sbi
2008-02-13 Includes\MalwareC.sbi
2007-10-24 Includes\PUPS.sbi
2008-02-13 Includes\PUPSC.sbi
2008-02-13 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-02-13 Includes\SecurityC.sbi
2008-02-13 Includes\Spybots.sbi
2008-02-13 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-02-13 Includes\Trojans.sbi
2008-02-13 Includes\TrojansC.sbi
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, !AVG Anti-Spyware (DISABLED)
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, Acrobat Assistant 7.0 (DISABLED)
command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: FBD06A45DB2D543EFD932768029EC5F2

Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: E28D00EC675F5F5A5A0555E7A4523A6E

Located: HK_LM:Run, avgnt (DISABLED)
command: "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
file: C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938

Located: HK_LM:Run, DpAgent (DISABLED)
command: C:\Program Files\DigitalPersona\Bin\dpagent.exe
file: C:\Program Files\DigitalPersona\Bin\dpagent.exe
size: 671744
MD5: 09DC37198C663E9C4415F9251730CCDD

Located: HK_LM:Run, HostManager (DISABLED)
command: C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3

Located: HK_LM:Run, HP Software Update (DISABLED)
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A

Located: HK_LM:Run, hpWirelessAssistant (DISABLED)
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 480560
MD5: CB4EE42EE2D33A58EFD48C276B683663

Located: HK_LM:Run, IAAnotif (DISABLED)
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 174616
MD5: FBC211A75FE4C2DEAA10B130728D376D

Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvSvc (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, OnScreenDisplay (DISABLED)
command: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
file: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
size: 554320
MD5: 2CF59B201A59D0FF5534089F76297559

Located: HK_LM:Run, QlbCtrl (DISABLED)
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 202032
MD5: AEF50C71530B415AFA40E1D478BEFCCC

Located: HK_LM:Run, QPService (DISABLED)
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 181544
MD5: CF41C54529021D0E393BD149FEE4F03E

Located: HK_LM:Run, SMSERIAL (DISABLED)
command: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
file: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
size: 634880
MD5: 4BBE1550C346FCE2D4927BF6EACD3CF7

Located: HK_LM:Run, snpstd (DISABLED)
command: C:\Windows\vsnpstd.exe
file: C:\Windows\vsnpstd.exe
size: 40960
MD5: F14BD811617D3485EF3A8B6BFF880024

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, SynTPStart (DISABLED)
command: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
file: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
size: 102400
MD5: A3418E4D4A5EE636D44922DC2567FA18

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F

Located: HK_LM:Run, TrayServer (DISABLED)
command: C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe
file: C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe
size: 90112
MD5: B38C0DBE8D2F5BE8B2E6E065213A96BE

Located: HK_LM:Run, UCam_Menu (DISABLED)
command: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
file: C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 3B17B052F4E14F9C318E421D74B80E1B

Located: HK_LM:Run, WAWifiMessage (DISABLED)
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 311296
MD5: B8AF02700299CD308046BB9339165813

Located: HK_LM:Run, WinampAgent (DISABLED)
command: "C:\Program Files\Winamp\winampa.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Windows Defender (DISABLED)
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77

Located: HK_LM:Run, Windows Mobile Device Center (DISABLED)
command: %windir%\WindowsMobile\wmdc.exe
file: C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: .DEFAULT...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: S-1-5-19...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: S-1-5-20...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, 3gp Player (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: "C:\Program Files\3gp Player\3gpPlayer.exe" hmw
file: C:\Program Files\3gp Player\3gpPlayer.exe
size: 634368
MD5: 8838600222E73EEC7D6B73875D9E890B

Located: HK_CU:Run, ehTray.exe (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A

Located: HK_CU:Run, ISUSPM (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
file: C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
size: 222128
MD5: 1AF1360E070BD8EA402F793EF6FBAAEB

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, WMPNSCFG (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: S-1-5-18...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (allgemein), Adobe Acrobat Speed Launcher.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
file: C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
size: 25214
MD5: D6294D59171AC375CD142003566AA89E

Located: Startup (allgemein), BTTray.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 7C6F44557A55CE933D7063162FE92FB2

Located: Startup (allgemein), Dienst-Manager.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474

Located: Startup (allgemein), MotionSD STUDIO - Autostart SD Browser -.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
file: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
size: 67216
MD5: 06591F942D1C2BDEF4E76BE174ACA429

Located: Startup (Benutzer), OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk (DISABLED)
where: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101784
MD5: 24F5015DEB7C744DDF34CD786B6FA03F


Hoffe dass dort alles aufgelistet ist. Ich hatte auch auf anraten von Spybot einen Eintrag aus dem Startup entfernt, danach (wieder erst danach...) aber gelesen ich hätte mir die Datei aufschreiben sollen um sie manuell zu entfernen... Man merkt den DAU... .o(


Alt 29.02.2008, 14:42   #6
undoreal
/// AVZ-Toolkit Guru
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



O.k. pass auf.

Damit ich mir einen Überblick über dein System versschaffen kann arbeite mal bitte folgendes ab:




1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken.

2) Deinstalliere Java über die Systemsteuerung.

3) Blacklight bitte laufen lassen und das log posten..

4) Lasse Silentrunners laufen und poste die logFiles..

5) Folge dieser Anleitung.

6) Run Combofix. Poste den erscheinenden Text.

7) Überprüfe dein System mit SASW.

8) Durchsuche mit dem Kaspersky Online Scanner dein System.

9) Räume mit cCleaner auf ( die Registry musst du mehrmals durchsuchen und bereinigen lassen).

10) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).
Hinweis zum iClean Bericht:Kürze im log bitte die 032 und 033 redirected Einträge. (Diese wurden von Spybot erstellt.)

11) Danach machst du einen eScan nach Anleitung in meiner Signatur und postest das log.

__________________
--> Problem mit "popunder adsrevenue" und ähnlichem

Alt 29.02.2008, 14:44   #7
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



OK! Ich arbeite mich dann mal durch. Danke soweit schonmal! .o)

Alt 29.02.2008, 15:11   #8
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



4.
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"ISUSPM" = ""C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler" ["Macrovision Corporation"]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"3gp Player" = ""C:\Program Files\3gp Player\3gpPlayer.exe" hmw" [empty string]
"Uniblue RegistryBooster 2" = "c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [file not found]
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]
"AOL Fast Start" = ""C:\Program Files\AOL 9.0 VR\AOL.EXE" -b" ["AOL, LLC."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Mobile Device Center" = "%windir%\WindowsMobile\wmdc.exe" [MS]
"Windows Defender" = "%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [MS]
"WAWifiMessage" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" ["Hewlett-Packard Development Company, L.P."]
"UCam_Menu" = ""C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"" ["CyberLink Corp."]
"TrayServer" = "C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe" ["MAGIX AG"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]
"snpstd" = "C:\Windows\vsnpstd.exe" [empty string]
"SMSERIAL" = "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" ["Motorola Inc."]
"QPService" = ""C:\Program Files\HP\QuickPlay\QPService.exe"" ["CyberLink Corp."]
"QlbCtrl" = "%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" [" Hewlett-Packard Development Company, L.P."]
"OnScreenDisplay" = "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [" Hewlett-Packard Development Company, L.P."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"]
"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" ["Hewlett-Packard Development Company, L.P."]
"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"HostManager" = "C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe" ["America Online, Inc."]
"DpAgent" = "C:\Program Files\DigitalPersona\Bin\dpagent.exe" ["DigitalPersona, Inc."]
"avgnt" = ""C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min" ["Avira GmbH"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher"
-> {HKLM...CLSID} = "AOL Toolbar Launcher"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll" ["AOL LLC"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL" [MS]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll" ["Avira GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{E31004D1-A431-41B8-826F-E902F9D95C81}" = "Windows DreamScene"
-> {HKLM...CLSID} = "Windows DreamScene"
\InProcServer32\(Default) = "C:\Windows\System32\DreamScene.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WinUHA\SHELLW~1.DLL" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
Convert\(Default) = "{9f95ca1a-e80e-4c0f-acd1-4c9b7900b982}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft DirectX SDK (November 2007)\Utilities\Bin\x86\TxView.DLL" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WinUHA\SHELLW~1.DLL" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\scrnsave.scr" [MS]


Startup items in "Dominik" & "All Users" startup folders:
---------------------------------------------------------

C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
<<!>> "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.disabled" [null data]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
<<!>> "Adobe Acrobat Speed Launcher.lnk.disabled" [null data]
<<!>> "BTTray.lnk.disabled" [null data]
<<!>> "Dienst-Manager.lnk.disabled" [null data]
<<!>> "MotionSD STUDIO - Autostart SD Browser -.lnk.disabled" [null data]

Alt 29.02.2008, 15:12   #9
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
avsda.dll ["Avira GmbH"], 01 - 02, 28
%SystemRoot%\system32\mswsock.dll [MS], 03 - 27


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{DE9C389F-3316-41A7-809B-AA305ED9D922}"
-> {HKLM...CLSID} = "AOL Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll" ["AOL LLC"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "An OneNote senden"
"MenuText" = "An OneNote s&enden"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll" [MS]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-222"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-223"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS]

{3369AF0D-62E9-4BDA-8103-B4C75499B578}\
"ButtonText" = "AOL Toolbar"
"CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}"
-> {HKLM...CLSID} = "AOL Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll" ["AOL LLC"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Anwendungsverwaltung, AppMgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appmgmts.dll" [MS]}
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"]
Automatische WLAN-Konfiguration, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
Avira Premium Security Suite Firewall, AntiVirFirewallService, ""C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe"" ["Avira GmbH"]
Avira Premium Security Suite Guard, AntiVirService, ""C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe"" ["Avira GmbH"]
Avira Premium Security Suite MailGuard, AntiVirMailService, ""C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe"" ["Avira GmbH"]
Avira Premium Security Suite MailGuard Hilfsdienst, AVEService, ""C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe"" ["Avira GmbH"]
Avira Premium Security Suite Planer, AntiVirScheduler, ""C:\Program Files\Avira\Avira Premium Security Suite\sched.exe"" ["Avira GmbH"]
Avira Premium Security Suite WebGuard, antivirwebservice, ""C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE"" ["Avira GmbH"]
B's Recorder GOLD Library General Service, bgsvcgen, ""C:\Windows\System32\bgsvcgen.exe"" ["B.H.A Corporation"]
Biometric Authentication Service, DpHost, "C:\Program Files\DigitalPersona\Bin\DpHostW.exe" ["DigitalPersona, Inc."]
Bluetooth-Unterstützungsdienst, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
CNG-Schlüsselisolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
Extensible Authentication-Protokoll, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
HP Health Check Service, HP Health Check Service, ""c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" [null data]
hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ["Intel Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
MSSQL$MICROSOFTSMLBIZ, MSSQL$MICROSOFTSMLBIZ, ""C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ" [file not found]
QuickPlay Background Capture Service (QBCS), QPCapSvc, ""C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe"" [empty string]
QuickPlay Task Scheduler (QTS), QPSched, ""C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe"" [empty string]
Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Media Player-Netzwerkfreigabedienst, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
Windows Mobile-2003-based device connectivity, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]}
Windows Mobile-based device connectivity, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]}
Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\Windows\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2008-02-29 15:07:28)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 49 seconds, including 18 seconds for message boxes)

Musste es auf 2mal machen...

Bei 3. wurde nichts gefunden, daher kein Log?!

Alt 15.03.2008, 19:44   #10
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Habe neue Indizien... Der "Spyware Doctor" hat einen Eintrag in der Registry gefunden der ihn stört.
"...\enum\root\legacy_catchme\..."
Doch gelingt es mir nicht ihn zu entfernen. Kann es daran liegen? Auch im abgesichertem Modus will Regedit das nicht löschen...

Alt 15.03.2008, 20:06   #11
myrtille
/// TB-Ausbilder
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Sorry für die Stille, aber ich bin in diesem Fall echt überfragt. Auch weil ich mich mit Vista noch nicht wirklich auskenne.

Der gefundene Treiber dürfte "legal" sein. Catchme wurde mit Navilog installiert und ist Rootkitscanner.

Wenn du den Eintrag löschen willst, solltest du einfach Navilog über Start->Systemsteuerung->Software->Navilog->entfernen/deinstallieren
löschen.
Dabei sollte auch Catchme deinstalliert werden.

Hast du dir mal die genaue uhrzeit notiert und nach dieser gegooglet? Vielleicht bist du ja nicht der einzige, der solche Probleme hat und vielleicht waren andere fündiger.

lg ymrtille

Alt 15.03.2008, 20:52   #12
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Dann bedanke ich mich einfach mal für die Hilfe.

Ich denke ich werde nun das machen, was immer hilft... System von Tag 1 wiederherstellen. Mal schauen ob ich das schaffe ohne es danach zu bereuen. Aber nun eine CPU-Auslastung von über 60% im Leerlauf ist nicht ok...

Alt 15.03.2008, 21:08   #13
myrtille
/// TB-Ausbilder
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Nee, 60% sollte nicht der Normalfall sein.

Wenn du allerdings rausfindet, wer da deine CPU frisst, dann hast du vielleicht auch den Bösewicht, der dich mit Popups bewirft.

lg myrtille

Alt 16.03.2008, 14:27   #14
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



Rufe morgen mal bei Microsoft an. Als ich mein Vista upgraden konnte wurden auch Schriftzeichenprobleme vernichtet, nur will er mich nun nicht mehr updaten lassen... Mal nachfragen wie das geht, vielleicht ist dann alles gut, und ich kann hier den Stein der Weissen verkünden. :aplaus:

Alt 24.03.2008, 07:54   #15
Madeye
 
Problem mit "popunder adsrevenue" und ähnlichem - Standard

Problem mit "popunder adsrevenue" und ähnlichem



So...
Nun ist der Bösewicht gefunden.
Nach langem Test über "msconfig" wurde der "3gp-player" and Übeltäter entlarvt. Sobald ich dieses Programm im Startmenü aktiviert hatte, sind die Popups wieder erschienen.
Hoffe durch dieses Fund mich für die Hilfe bedankt zu haben.
Und noch einen ernstgemeinten Tipp von mir.
Wenn euer Windows erst seit 90 Tagen auf dem Rechner ist, dann ruhig den Microsoft-Hilfedient in Anspruch nehmen. Kostet "nur" den Anruf, aber die rufen auch zurück und dann hat man echt die billigste Variante.

Antwort

Themen zu Problem mit "popunder adsrevenue" und ähnlichem
ad-aware, adobe, antispyware, auswerten, avg, avgnt, avgnt.exe, avira, bho, defender, explorer, fast start, hijack, hijackthis, ie fenster, internet, internet explorer, magix, menu.exe, monitor, problem, programdata, quara, rundll, scan, security, security suite, senden, software, studio, super, superantispyware, system, vista, windows, windows defender, windows sidebar, öffnet




Ähnliche Themen: Problem mit "popunder adsrevenue" und ähnlichem


  1. Problem beim Öffnen aller Programme ("Ungültiges Bild -..*.dll."st entweder..")
    Log-Analyse und Auswertung - 09.02.2015 (11)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Herzlichen Dank "Schrauber" - "Problem mit der Gruppenrichtlinie" blockiert" gelöst
    Lob, Kritik und Wünsche - 11.12.2014 (0)
  4. Drathlosnetzwerkadapter seit letzter Zeit "im Arsch". Problembehandlung "behebt" Problem dann immer?
    Netzwerk und Hardware - 18.09.2014 (4)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Rootkit "FlashUpdateService" von Avast! gefunden, zweiter Fund mit ähnlichem Namen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (9)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. Malware Problem "Savenow", "Superfish" etc.
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (30)
  9. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  10. "rundll-Problem" und "USB-Gerät wird nicht erkannt....." - bin am verzweifeln!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (48)
  11. Bildschirm dunkel und Fehlermeldung "Kritischer Fehler der Festplatte" , " Problem mit Sata Festplat
    Log-Analyse und Auswertung - 23.08.2011 (4)
  12. Win XP Start " Net Reactor 10 Fenster"danach "Firefox Problem 2 Fenster" danach "Blue Screen"
    Log-Analyse und Auswertung - 09.07.2011 (3)
  13. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  14. Rogue-Malware "EASY SCAN" alias "HDD Low" Problem beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (9)
  15. Problem mit "TR/TDss.AE.22" und "TR/Crypt.XPACK.Gen"
    Mülltonne - 16.12.2008 (0)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Problem mit "popunder adsrevenue" und ähnlichem - Hallo zusammen! Nach längerer Zeit als passiver Leser werde ich heute aktiv und wende mich mit meinem Problem an euch. Wie ich gelesen habe, haben andere ein ähnliches Problem, aber - Problem mit "popunder adsrevenue" und ähnlichem...
Archiv
Du betrachtest: Problem mit "popunder adsrevenue" und ähnlichem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.