| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Neuaufsetzen des Systems unregelmäßig falsche SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.03.2008, 01:49
| #1 |
 |  Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten Hi! Habe heute XP neuinstalliert, mit allen Updates usw. welche bei der Installation schon installliert wurden. Nun habe ich das Problem das in unregelmäßigen Abständen falsche Seiten geöffnet werden, oftmals mit Beschimpfungen oder einfach nur Seiten welche ich nicht kenne oder in meiner Lesezeichenleiste sind... Ich hab schonmal ein Log erstellt mit HiJack: Code:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 01:39:27, on 10.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\G DATA AntiVirus\AVK\AVKService.exe C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\WINDOWS\Explorer.EXE C:\Programme\G DATA AntiVirus\AVKTray\AVKTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Razer\Copperhead\razerhid.exe C:\Programme\Cherry\KeyMan\KeyMan.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Cherry\CDI\cdi.exe C:\Programme\Razer\Copperhead\razertra.exe C:\Programme\Razer\Copperhead\razerofa.exe C:\Programme\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://update.microsoft.com/microsoftupdate O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA AntiVirus\Webfilter\AVKWebIE.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA AntiVirus\Webfilter\AVKWebIE.dll O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirus\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Copperhead] C:\Programme\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [CherryKeyMan] "C:\Programme\Cherry\KeyMan\KeyMan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirus\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\cdi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe mfg eMd |
|
11.03.2008, 19:48
| #3 | ||
| | Nach Neuaufsetzen des Systems unregelmäßig falsche SeitenZitat:
Code:
ATTFilter ---RVAXO.exe Updated: 2008-03-11---first run---
Uninstallers:
Files found:
Folders Found:
Hosts-file was reset, If you use a custom hosts file please replace it...
--------------RVAXO.exe last run---------------
Not deleted items:
--------------RVAXO.exe finished----------------
Zitat:
hoffe es gibt weiter tipps oder hilfen  mfg eMd |
|
12.03.2008, 00:14
| #4 |
  | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten Hallo, was hat bei Combofix nicht funktioniert ? Es wäre wirklich hilfreich, wenn du das Log posten könntest...vrsuche es mal im abgesicherten Modus. dann wende Comboscan an + poste die 2 Logs, die erstellt werden ComboScan - Deckards System Scanner
__________________ MfG Sabina Geändert von Sabina (12.03.2008 um 00:14 Uhr) Grund: aenderung |
|
12.03.2008, 17:15
| #5 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten Combofix Code:
ATTFilter ComboFix 08-03-10.1 - Administrator 2008-03-12 16:59:25.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1807 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\BENUTZER\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((( Dateien erstellt von 2008-02-12 bis 2008-03-12 ))))))))))))))))))))))))))))))
.
2008-03-12 06:46 . 2008-03-12 06:46 <DIR> d-------- C:\Temp\msohtmlclip1
2008-03-12 06:46 . 2008-03-12 06:46 <DIR> d-------- C:\Temp\msohtmlclip
2008-03-12 06:27 . 2008-03-12 06:27 <DIR> d-------- C:\WINDOWS\Sun
2008-03-12 06:27 . 2008-03-12 06:28 <DIR> d-------- C:\Temp\hsperfdata_BENUTZER
2008-03-12 06:23 . 2008-03-12 06:23 <DIR> d-------- C:\Temp\_avast4_
2008-03-12 06:11 . 2008-03-12 06:11 <DIR> d-------- C:\Temp\WPDNSE
2008-03-11 19:43 . 2008-03-11 19:47 <DIR> d--h----- C:\Temp\~ymwtvqp.tmp
2008-03-11 19:43 . 2008-03-11 19:43 <DIR> d-------- C:\Deckard
2008-03-11 19:30 . 2008-03-11 19:30 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-03-11 19:30 . 2008-03-11 19:31 <DIR> d-------- C:\RVAXO
2008-03-11 19:30 . 2008-03-11 19:30 <DIR> d-------- C:\Programme\microsoft frontpage
2008-03-11 19:29 . 2008-03-11 14:54 731,863 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-03-11 19:29 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-03-11 19:19 . 2008-03-11 19:19 <DIR> d-------- C:\Programme\Security Task Manager
2008-03-11 19:19 . 2008-03-11 19:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2008-03-11 15:08 . 2008-03-12 06:40 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten\U3
2008-03-10 19:57 . 2008-03-10 19:58 <DIR> d-------- C:\Programme\CCleaner
2008-03-10 16:20 . 2004-10-18 17:17 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten\Lavasoft
2008-03-10 16:11 . 2008-03-11 06:23 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\ntsvcfg
2008-03-10 06:42 . 2008-03-10 06:44 <DIR> d-------- C:\Programme\Trojan Remover
2008-03-10 06:42 . 2008-03-10 06:42 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten\Simply Super Software
2008-03-10 06:42 . 2008-03-10 06:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
2008-03-10 06:42 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-03-10 06:42 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-03-10 06:42 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-03-10 06:42 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-03-10 06:42 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-03-10 00:52 . 2008-03-12 16:53 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten\uTorrent
2008-03-10 00:50 . 2008-03-10 00:52 <DIR> d-------- C:\Programme\uTorrent
2008-03-10 00:39 . 2008-03-10 00:39 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten\MOBackup
2008-03-10 00:29 . 2008-03-12 16:50 <DIR> d-------- C:\Programme\MOBackup
2008-03-10 00:29 . 2008-02-22 09:45 113,664 --a------ C:\WINDOWS\mobackup.EXE
2008-03-10 00:29 . 2008-03-10 00:29 1,673 -r------- C:\WINDOWS\MOBackup-DatensicherungfürOutlook_Uninstall.in
2008-03-10 00:21 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-10 00:19 . 2008-03-12 16:52 <DIR> d-------- C:\Programme\Trillian
2008-03-10 00:18 . 2008-03-10 00:18 <DIR> d-------- C:\Programme\Microsoft Works
2008-03-10 00:16 . 2008-03-10 00:16 <DIR> d-------- C:\Programme\Microsoft.NET
2008-03-10 00:13 . 2008-03-10 00:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-10 00:12 . 2008-03-10 00:12 <DIR> dr-h----- C:\MSOCache
2008-03-10 00:12 . 2008-03-12 16:55 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-03-09 23:55 . 2008-03-09 23:55 <DIR> d-------- C:\Programme\DAEMON Tools Lite
2008-03-09 23:54 . 2008-03-09 23:54 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten\DAEMON Tools
2008-03-09 23:52 . 2008-03-09 23:52 <DIR> d-------- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten\Cherry
2008-03-09 23:45 . 2008-03-09 20:14 <DIR> d--h----- C:\Dokumente und Einstellungen\BENUTZER\Vorlagen
2008-03-09 23:45 . 2008-03-09 20:07 <DIR> dr------- C:\Dokumente und Einstellungen\BENUTZER\Startmenü
2008-03-09 23:45 . 2008-03-09 20:07 <DIR> d--h----- C:\Dokumente und Einstellungen\BENUTZER\Netzwerkumgebung
2008-03-09 23:45 . 2008-03-10 01:14 <DIR> d--h----- C:\Dokumente und Einstellungen\BENUTZER\Lokale Einstellungen
2008-03-09 23:45 . 2008-03-09 23:52 <DIR> dr------- C:\Dokumente und Einstellungen\BENUTZER\Favoriten
2008-03-09 23:45 . 2008-03-12 15:49 <DIR> dr------- C:\Dokumente und Einstellungen\BENUTZER\Eigene Dateien
2008-03-09 23:45 . 2008-03-09 20:07 <DIR> d--h----- C:\Dokumente und Einstellungen\BENUTZER\Druckumgebung
2008-03-09 23:45 . 2008-03-12 06:27 <DIR> dr-h----- C:\Dokumente und Einstellungen\BENUTZER\Anwendungsdaten
2008-03-09 23:45 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-09 23:40 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-03-09 23:39 . 2008-03-09 23:39 <DIR> d-------- C:\Programme\Realtek AC97
2008-03-09 23:39 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-03-09 23:39 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-03-09 23:39 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-03-09 23:39 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-03-09 23:39 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-03-09 23:39 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-03-09 23:39 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-09 23:39 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-03-09 23:36 . 2008-03-09 23:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-03-09 23:31 . 2008-03-09 23:31 999 --a------ C:\WINDOWS\mozver.dat
2008-03-09 23:27 . 2008-03-09 23:27 <DIR> d-------- C:\Programme\VideoLAN
2008-03-09 23:26 . 2008-03-09 23:26 <DIR> d-------- C:\Programme\Google
2008-03-09 23:26 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-09 23:26 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-09 23:25 . 2008-03-11 18:37 <DIR> d-------- C:\Programme\Picasa2
2008-03-09 23:24 . 2008-03-09 23:24 <DIR> d-------- C:\Programme\Winamp
2008-03-09 23:24 . 2008-03-11 06:54 95 --a------ C:\WINDOWS\winamp.ini
2008-03-09 23:22 . 2008-03-09 23:22 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools
2008-03-09 23:22 . 2008-03-09 23:22 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-09 23:20 . 2008-03-09 23:20 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Cherry
2008-03-09 23:20 . 2008-03-09 23:20 <DIR> d-------- C:\Programme\Cherry
2008-03-09 23:16 . 2008-03-09 23:16 <DIR> d-------- C:\Programme\Razer
2008-03-09 23:16 . 2005-11-10 09:15 69,632 --a------ C:\WINDOWS\system32\copperhd.cpl
2008-03-09 23:16 . 2005-12-21 11:23 14,592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2008-03-09 23:16 . 2005-11-02 10:54 11,596 --a------ C:\WINDOWS\system32\drivers\copperhd.sys
2008-03-09 22:59 . 2008-03-09 22:59 <DIR> d-------- C:\Programme\Canon
2008-03-09 22:55 . 2005-06-23 22:17 352,256 --a------ C:\WINDOWS\system32\CNQL1213.DLL
2008-03-09 22:55 . 2005-02-28 13:20 57,344 --a------ C:\WINDOWS\system32\CNQU110.DLL
2008-03-09 22:53 . 2004-02-03 05:00 107,008 --a------ C:\WINDOWS\system32\CNMLM58.DLL
2008-03-09 22:53 . 2003-05-13 09:50 73,728 --a------ C:\WINDOWS\system32\CNMCP58.exe
2008-03-09 22:53 . 2004-02-03 05:00 6,656 --a------ C:\WINDOWS\system32\CNMVS58.DLL
2008-03-09 22:41 . 2008-03-09 22:42 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-09 22:40 . 2008-03-09 22:40 <DIR> d-------- C:\WINDOWS\nview
2008-03-09 22:40 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-09 22:40 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-09 22:39 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-09 22:38 . 2008-03-09 22:38 <DIR> d-------- C:\NVIDIA
2008-03-09 22:26 . 2008-03-09 22:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-09 22:24 . 2008-03-09 22:37 <DIR> d-------- C:\Programme\Mozilla Firefox 3 Beta 3
2008-03-09 22:16 . 2008-03-09 22:24 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3
2008-03-09 21:04 . 2008-03-09 20:27 1,064 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-03-09 21:01 . 2008-03-09 21:01 <DIR> d-------- C:\Programme\Marvell
2008-03-09 21:00 . 2008-03-09 21:00 <DIR> d-------- C:\Programme\Intel
2008-03-08 11:33 . 2008-03-08 11:33 69,168 --a------ C:\WINDOWS\system32\drivers\si3112.sys
2008-03-08 11:30 . 2008-03-08 11:30 1,800,192 --a------ C:\WINDOWS\system32\hmtcdres.dll
2008-03-08 11:29 . 2008-03-08 11:29 1,968,640 --a------ C:\WINDOWS\system32\webfldrs.msi
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 22:39 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-09 21:39 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-03-09 19:55 41,928 ----a-w C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2008-03-09 19:54 47,184 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-03-09 19:54 31,432 ----a-w C:\WINDOWS\system32\drivers\HookCentre.sys
2008-03-09 19:54 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2008-03-09 19:53 --------- d-----w C:\Programme\Gemeinsame Dateien\G DATA
2008-03-09 19:53 --------- d-----w C:\Programme\G DATA AntiVirus
2008-03-09 19:52 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
2008-03-09 19:26 --------- d-----w C:\Programme\Microsoft Silverlight
2008-03-09 19:25 --------- d-----w C:\Programme\Java
2008-03-09 19:25 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-03-09 19:23 --------- d-----w C:\Programme\Reference Assemblies
2008-03-09 19:23 --------- d-----w C:\Programme\MSBuild
2008-03-09 19:18 --------- d-----w C:\Programme\Online-Dienste
2008-03-09 19:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-03-09 19:15 --------- d-----w C:\Programme\Windows Media Connect 2
2008-03-08 10:37 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll
2008-03-08 10:32 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-03-08 10:31 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2008-03-08 10:30 96,792 ----a-w C:\WINDOWS\system32\basecsp.dll
2008-03-08 10:29 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-03-08 10:28 989,696 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-03-08 10:27 92,160 ----a-w C:\WINDOWS\system32\ntprint.dll
2008-03-08 10:26 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
2008-03-08 10:25 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
2008-03-08 10:24 96,384 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
2008-03-08 10:24 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-03-08 10:24 59,392 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-03-08 10:24 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
2008-03-08 10:24 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-03-08 10:24 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-03-08 10:24 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-03-08 10:24 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
2008-03-08 10:24 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-08 10:24 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
2007-12-24 23:27 2,746,368 ----a-w C:\WINDOWS\system32\winntbbu.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DAEMON Tools Lite 4.12.1 Setup"="C:\Dokumente und Einstellungen\Administrator\Desktop\daemon4121-lite.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="C:\Programme\G DATA AntiVirus\AVKTray\AVKTray.exe" [2007-08-14 12:15 603720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Copperhead"="C:\Programme\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"CherryKeyMan"="C:\Programme\Cherry\KeyMan\KeyMan.exe" [2007-11-28 15:32 237620]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"TrojanScanner"="C:\Programme\Trojan Remover\Trjscan.exe" [2008-02-29 18:31 866384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-08 11:31 124928 C:\WINDOWS\system32\advpack.dll]
"IE7"="advpack.dll" [2008-03-08 11:31 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
C:\Dokumente und Einstellungen\BENUTZER\Startmen\Programme\Autostart\
Trillian.lnk - C:\Programme\Trillian\trillian.exe [2007-12-11 1222144]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Trillian\\trillian.exe"=
"C:\\Programme\\uTorrent\\utorrent.exe"=
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2008-03-08 11:33]
R3 Ch2kUSB;Cherry USB Treiber für CDI;C:\WINDOWS\system32\drivers\Ch2kUSB.sys [2007-08-23 07:29]
R3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 10:54]
S1 DumpDrv;Crash Dump Driver;C:\WINDOWS\system32\drivers\DumpDrv.sys [2008-03-08 11:30]
S2 AVKProxy;G DATA AntiVirus Proxy;"C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2007-08-15 08:50]
S2 AVKService;AVK Service;C:\Programme\G DATA AntiVirus\AVK\AVKService.exe [2007-04-02 13:20]
S2 AVKWCtl;AVK Wächter;C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe [2007-07-16 23:45]
S2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2008-03-09 20:55]
S3 Cherry Device Interface;Cherry Device Interface;C:\Programme\Cherry\CDI\cdi.exe [2007-09-27 14:49]
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-03-09 20:54]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-03-09 20:54]
S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe [2004-08-03 23:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20bf49cf-ee13-11dc-8a32-806d6172696f}]
\Shell\AutoRun\command - J:\MTDVD.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 17:01:33
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-12 17:02:19
.
2008-03-12 15:55:19 --- E O F ---
|
|
12.03.2008, 17:19
| #6 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten [CODE]DSS Code:
ATTFilter Deckard's System Scanner v20071014.68 Run by Administrator on 2008-03-12 17:04:22 Computer is in Safe Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; computer is in safe mode. -- Last 5 Restore Point(s) -- 19: 2008-03-12 15:53:55 UTC - RP19 - Software Distribution Service 3.0 18: 2008-03-11 18:44:04 UTC - RP18 - Deckard's System Scanner Restore Point 17: 2008-03-11 17:01:23 UTC - RP17 - Systemprüfpunkt 16: 2008-03-10 15:12:21 UTC - RP16 - svc2kxp.cmd created restore point 15: 2008-03-10 00:50:10 UTC - RP15 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-03-09 19:29:23 UTC - RP1 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-03-12 17:04:56 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.20733) Boot mode: Safe mode Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\BENUTZER\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA AntiVirus\Webfilter\AvkWebIE.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA AntiVirus\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirus\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Copperhead] C:\Programme\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [CherryKeyMan] "C:\Programme\Cherry\KeyMan\KeyMan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe O4 - HKCU\..\RunOnce: [DAEMON Tools Lite 4.12.1 Setup] "C:\Dokumente und Einstellungen\Administrator\Desktop\daemon4121-lite.exe" O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirus\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\cdi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5056 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) -------------------- backup-20080311-152112-824 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20080311-152112-938 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20080311-152113-111 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe backup-20080311-152113-266 O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) backup-20080311-152113-421 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe backup-20080311-152113-687 O11 - Options group: [INTERNATIONAL] International* -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 Cherry Device Interface - c:\programme\cherry\cdi\cdi.exe <Not Verified; Cherry, Auerbach Germany, www.cherry.de; CDI Module> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: ISSCBTA Device ID: USB\VID_1131&PID_1001\5&160F4E1&0&2 Manufacturer: Name: ISSCBTA PNP Device ID: USB\VID_1131&PID_1001\5&160F4E1&0&2 Service: -- Files created between 2008-02-12 and 2008-03-12 ----------------------------- 2008-03-12 17:02:24 0 d-------- C:\Temp 2008-03-12 16:58:41 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-12 16:58:41 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-12 16:58:41 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-12 16:58:41 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-12 06:27:27 0 d-------- C:\WINDOWS\Sun 2008-03-11 19:30:47 0 d-------- C:\RVAXO 2008-03-11 19:30:42 0 d-------- C:\WINDOWS\system32\xircom 2008-03-11 19:30:41 0 d-------- C:\Programme\microsoft frontpage 2008-03-11 19:29:36 731863 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-03-11 19:29:36 69632 --a------ C:\WINDOWS\system32\remove.exe 2008-03-11 19:19:16 0 d-------- C:\Programme\Security Task Manager 2008-03-10 19:57:59 0 d-------- C:\Programme\CCleaner 2008-03-10 16:14:35 0 d-------- C:\WINDOWS\pss 2008-03-10 06:42:13 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-03-10 06:42:13 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-03-10 06:42:13 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2008-03-10 06:42:13 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-03-10 06:42:13 75264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-03-10 06:42:10 0 d-------- C:\Programme\Trojan Remover 2008-03-10 00:50:33 0 d-------- C:\Programme\uTorrent 2008-03-10 00:29:36 113664 --a------ C:\WINDOWS\mobackup.EXE <Not Verified; Mirko Böer; Setup> 2008-03-10 00:29:30 0 d-------- C:\Programme\MOBackup 2008-03-10 00:19:08 0 d-------- C:\Programme\Trillian 2008-03-10 00:18:28 0 d-------- C:\Programme\Microsoft Works 2008-03-10 00:16:55 0 d-------- C:\Programme\Microsoft.NET 2008-03-10 00:13:14 0 d-------- C:\WINDOWS\SHELLNEW 2008-03-10 00:12:08 0 dr-h----- C:\MSOCache 2008-03-09 23:55:07 0 d-------- C:\Programme\DAEMON Tools Lite 2008-03-09 23:40:30 49152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-03-09 23:39:28 0 d-------- C:\Programme\Realtek AC97 2008-03-09 23:39:24 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool> 2008-03-09 23:36:41 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe 2008-03-09 23:31:54 999 --a------ C:\WINDOWS\mozver.dat 2008-03-09 23:27:29 0 d-------- C:\Programme\VideoLAN 2008-03-09 23:26:10 0 d-------- C:\Programme\Google 2008-03-09 23:25:54 0 d-------- C:\Programme\Picasa2 2008-03-09 23:24:16 0 d-------- C:\Programme\Winamp 2008-03-09 23:22:19 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-09 23:20:19 0 d-------- C:\Programme\Gemeinsame Dateien\Cherry 2008-03-09 23:20:18 0 d-------- C:\Programme\Cherry 2008-03-09 23:16:45 14592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys <Not Verified; Motorola; > 2008-03-09 23:16:37 0 d-------- C:\Programme\Razer 2008-03-09 22:59:44 0 d-------- C:\Programme\Canon 2008-03-09 22:55:57 0 d--h----- C:\CanoScan 2008-03-09 22:53:32 73728 --a------ C:\WINDOWS\system32\CNMCP58.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer> 2008-03-09 22:53:20 0 d--h----- C:\BJPrinter 2008-03-09 22:40:28 0 d-------- C:\WINDOWS\nview 2008-03-09 22:38:01 0 d-------- C:\NVIDIA 2008-03-09 22:26:06 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-09 22:24:53 0 d-------- C:\Programme\Mozilla Firefox 3 Beta 3 2008-03-09 21:01:40 0 d-------- C:\Programme\Marvell 2008-03-09 21:00:25 0 d-------- C:\Programme\Intel 2008-03-09 20:59:36 0 d-------- C:\WINDOWS 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\WinSxS 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Web 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\twain_32 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\wins 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\winrm 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\wbem 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\usmt 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\spool 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\ShellExt 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\Setup 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\ras 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\PreInstall 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\oobe 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\npp 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\mui 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\Macromed 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\inetsrv 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\IME 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\icsxml 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\ias 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\export 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\drivers 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\dhcp 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\de-de 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\de 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\config 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\3076 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\2052 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1054 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1042 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1041 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1037 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1033 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1031 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1028 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system32\1025 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\system 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\security 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Resources 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\repair 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Provisioning 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\PeerNet 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\pchealth 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Offline Web Pages 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\NLDRV 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\network diagnostic 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\mui 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\msapps 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\msagent 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Media 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\l2schemas 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\java 2008-03-09 20:59:36 0 d--h----- C:\WINDOWS\inf 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\ime 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Help 2008-03-09 20:59:36 0 dr--s---- C:\WINDOWS\Fonts 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\ehome 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Driver Cache 2008-03-09 20:59:36 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Debug 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Cursors 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Connection Wizard 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\Config 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\AppPatch 2008-03-09 20:59:36 0 d-------- C:\WINDOWS\addins 2008-03-09 20:58:11 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-03-09 20:57:49 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield 2008-03-09 20:57:36 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-03-09 20:53:05 0 d-------- C:\Programme\Gemeinsame Dateien\G DATA 2008-03-09 20:53:05 0 d-------- C:\Programme\G DATA AntiVirus 2008-03-09 20:53:02 0 d--h----- C:\Programme\InstallShield Installation Information 2008-03-09 20:39:24 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-03-09 20:27:59 0 d-------- C:\WINDOWS\Prefetch 2008-03-09 20:26:27 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-03-09 20:26:23 0 d-------- C:\Programme\Microsoft Silverlight 2008-03-09 20:25:56 413696 -----n--- C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-03-09 20:25:55 722192 -----n--- C:\WINDOWS\system32\vb40032.dll <Not Verified; Microsoft Corporation; Visual Basic 4.0> 2008-03-09 20:25:55 110592 -----n--- C:\WINDOWS\system32\openal32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2008-03-09 20:25:55 94208 -----n--- C:\WINDOWS\system32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32> 2008-03-09 20:25:55 119808 -----n--- C:\WINDOWS\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2008-03-09 20:25:55 2789468 -----n--- C:\WINDOWS\system32\libmmd.dll <Not Verified; Intel Corporation; Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler> 2008-03-09 20:25:55 101888 -----n--- C:\WINDOWS\system32\libintl3.dll <Not Verified; GNU <www.gnu.org>; GetText> 2008-03-09 20:25:55 898048 -----n--- C:\WINDOWS\system32\libiconv2.dll <Not Verified; GNU <www.gnu.org>; LibIconv> 2008-03-09 20:25:55 394752 -----n--- C:\WINDOWS\system32\cygwinb19.dll 2008-03-09 20:25:55 1873811 -----n--- C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin> 2008-03-09 20:25:55 398416 -----n--- C:\WINDOWS\system\vbrun300.dll <Not Verified; Microsoft Corporation; Visual Basic 3.0> 2008-03-09 20:25:55 356992 -----n--- C:\WINDOWS\system\vbrun200.dll <Not Verified; Microsoft Corporation; Visual Basic 2.0> 2008-03-09 20:25:55 271264 -----n--- C:\WINDOWS\system\vbrun100.dll 2008-03-09 20:25:55 935632 -----n--- C:\WINDOWS\system\vb40016.dll <Not Verified; Microsoft Corporation; Visual Basic 4.0> 2008-03-09 20:25:55 32768 -----n--- C:\WINDOWS\system\PLUGIN.DLL <Not Verified; Adobe Systems, Inc.; Adobe Photoshop> 2008-03-09 20:25:55 210944 -----n--- C:\WINDOWS\system\MSVCRT10.DLL 2008-03-09 20:25:06 0 d-------- C:\Programme\Java 2008-03-09 20:25:06 0 d-------- C:\Programme\Gemeinsame Dateien\Java 2008-03-09 20:23:56 0 d-------- C:\WINDOWS\system32\URTTEMP 2008-03-09 20:23:09 0 d-------- C:\WINDOWS\system32\XPSViewer 2008-03-09 20:23:09 0 d-------- C:\Programme\MSBuild 2008-03-09 20:23:07 0 d-------- C:\Programme\Reference Assemblies 2008-03-09 20:22:54 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-03-09 20:22:45 276992 -----n--- C:\WINDOWS\system32\WMPhoto.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-03-09 20:22:45 352256 -----n--- C:\WINDOWS\system32\WindowsCodecsExt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-03-09 20:22:45 716288 -----n--- C:\WINDOWS\system32\WindowsCodecs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-03-09 20:22:45 412160 -----n--- C:\WINDOWS\system32\photometadatahandler.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-03-09 20:20:11 0 -rahs---- C:\MSDOS.SYS 2008-03-09 20:20:11 0 -rahs---- C:\IO.SYS 2008-03-09 20:20:11 0 --a------ C:\CONFIG.SYS 2008-03-09 20:20:11 0 --a------ C:\AUTOEXEC.BAT 2008-03-09 20:19:53 0 d-------- C:\WINDOWS\system32\dllcache 2008-03-09 20:19:49 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-03-09 20:18:21 0 d--h----- C:\Programme\WindowsUpdate 2008-03-09 20:18:17 0 d-------- C:\Programme\Online-Dienste 2008-03-09 20:17:55 0 d-------- C:\WINDOWS\system32\DirectX 2008-03-09 20:17:14 0 d-------- C:\Programme\Gemeinsame Dateien\Dienste 2008-03-09 20:17:11 0 d---s---- C:\WINDOWS\Tasks 2008-03-09 20:17:10 0 d-------- C:\Programme\Gemeinsame Dateien\MSSoap 2008-03-09 20:17:06 0 d-------- C:\WINDOWS\srchasst 2008-03-09 20:16:55 0 d-------- C:\Programme\Movie Maker 2008-03-09 20:16:42 0 d-------- C:\WINDOWS\system32\Restore 2008-03-09 20:15:43 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-03-09 20:15:26 0 d-------- C:\WINDOWS\Registration 2008-03-09 20:15:19 0 d-------- C:\Programme\Online Services 2008-03-09 20:14:58 0 d-------- C:\Programme\Windows Media Connect 2 2008-03-09 20:14:56 0 d-------- C:\Programme\Messenger 2008-03-09 20:14:52 0 d-------- C:\Programme\MSN Gaming Zone 2008-03-09 20:14:06 0 d-------- C:\Programme\Windows NT 2008-03-09 20:14:01 0 d-------- C:\WINDOWS\system32\MsDtc 2008-03-09 20:13:58 0 d-------- C:\WINDOWS\system32\Com 2008-03-09 20:08:33 0 d--hs---- C:\WINDOWS\Installer 2008-03-09 20:08:32 0 d-------- C:\Programme\Gemeinsame Dateien\ODBC 2008-03-09 20:08:29 0 d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines 2008-03-09 20:08:28 0 dr------- C:\Programme 2008-03-09 20:08:28 0 d-------- C:\Programme\Gemeinsame Dateien 2008-03-09 20:05:56 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-03-09 20:05:56 0 d-------- C:\WINDOWS\system32\CatRoot 2008-03-09 20:05:19 0 d-------- C:\Dokumente und Einstellungen 2008-03-09 20:05:18 0 d--hs---- C:\System Volume Information 2008-03-08 11:32:52 219136 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®> 2008-03-08 11:32:52 142336 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®> 2008-03-08 11:30:35 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-03-08 11:30:35 4672 --a------ C:\WINDOWS\system\wowpost.exe <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-03-08 11:30:31 5600 --a------ C:\WINDOWS\system\winaspi.dll <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-03-08 11:30:17 95744 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2008-03-08 11:30:16 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2> 2008-03-08 11:30:08 1800192 --a------ C:\WINDOWS\system32\hmtcdres.dll <Not Verified; ; HighMAT-Assistent zum Schreiben von CDs> 2008-03-08 11:30:06 394240 --a------ C:\WINDOWS\system32\hmtcd.dll <Not Verified; ; HighMAT CD Writing Wizard> 2008-03-08 11:30:03 8192 --a------ C:\WINDOWS\system32\fixccs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-03-08 11:30:00 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-03-08 11:29:39 384512 --a------ C:\WINDOWS\system32\wzcdlg.dll <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®> 2008-03-08 11:27:14 701440 --a------ C:\WINDOWS\system32\msxml2.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 2.0 SP 3> 2008-03-08 11:27:10 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-03-08 11:26:13 98304 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> |
|
12.03.2008, 17:20
| #7 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche SeitenCode:
ATTFilter
-- Find3M Report ---------------------------------------------------------------
2008-03-10 00:27:36 462434 --a------ C:\WINDOWS\system32\perfh007.dat
2008-03-10 00:27:36 85882 --a------ C:\WINDOWS\system32\perfc007.dat
2008-03-09 23:22:02 0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools
2008-03-09 23:11:22 0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR
2008-03-09 22:26:05 0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
2008-03-09 22:24:03 0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3
2008-03-09 20:52:12 0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
2008-03-09 20:28:46 0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
2008-03-09 20:07:53 62 --ahs---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\desktop.ini
2007-12-25 00:27:22 2746368 --a------ C:\WINDOWS\system32\winntbbu.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="C:\Programme\G DATA AntiVirus\AVKTray\AVKTray.exe" [14.08.2007 12:15]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05.12.2007 01:41]
"nwiz"="nwiz.exe" [05.12.2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05.12.2007 01:41]
"Copperhead"="C:\Programme\Razer\Copperhead\razerhid.exe" [25.11.2005 10:53]
"CherryKeyMan"="C:\Programme\Cherry\KeyMan\KeyMan.exe" [28.11.2007 15:32]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"SoundMan"="SOUNDMAN.EXE" [16.04.2007 15:28 C:\WINDOWS\soundman.exe]
"TrojanScanner"="C:\Programme\Trojan Remover\Trjscan.exe" [29.02.2008 18:31]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DAEMON Tools Lite 4.12.1 Setup"="C:\Dokumente und Einstellungen\Administrator\Desktop\daemon4121-lite.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"IE7"=rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM WINRM
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20bf49cf-ee13-11dc-8a32-806d6172696f}]
AutoRun\command- J:\MTDVD.EXE
-- End of Deckard's System Scanner: finished at 2008-03-12 17:07:03 ------------
mfg eMd PS: danke das du dich um mich kümmerst  |
|
12.03.2008, 18:46
| #8 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten ich finde nichts........... 1. scanne mit bitdefender + poste den report hier Online Virenscanner 2. wende AVZ an (laut Anleitung) + poste den Report AVZ Antiviral Toolkit auf der Seite von AVZ findest du auch eine Anleitung, wie man den Hosts überprüft (rechts) ..mache das bitte und poste, was dort enthalten ist.
__________________ MfG Sabina |
|
13.03.2008, 11:57
| #9 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten Bitdefender Code:
ATTFilter <HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Wed, Mar 12, 2008 - 22:11:45</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">02:27:39</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">830136</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5064</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">26281</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">132998</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">986957</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">41</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
</table>
<p> </p>
</body>
</html>
Code:
ATTFilter AVZ Antiviral Toolkit log; AVZ version is 4.29
Scanning started at 13.3.2008 06:39:04
Database loaded: signatures - 153404, NN profile(s) - 2, microprograms of healing - 55, signature database released 13.03.2008 00:09
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 69898
Heuristic analyzer mode: Medium heuristics level
Healing mode: enabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
System Recovery: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083120)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A120
KiST = 804E26A8 (284)
Function NtClose (19) intercepted (805678C9->B74C322C), hook C:\WINDOWS\system32\drivers\HookCentre.sys
Function NtCreateKey (29) intercepted (8056F339->B74C3E7C), hook C:\WINDOWS\system32\drivers\HookCentre.sys
Function NtDeleteKey (3F) intercepted (805956D6->B74C3F98), hook C:\WINDOWS\system32\drivers\HookCentre.sys
Function NtDeleteValueKey (41) intercepted (805940AC->B74C3FBA), hook C:\WINDOWS\system32\drivers\HookCentre.sys
Function NtEnumerateKey (47) intercepted (8056FA40->F74F7CA2), hook splb.sys
Function NtEnumerateValueKey (49) intercepted (8057CD29->F74F8030), hook splb.sys
Function NtOpenKey (77) intercepted (8056887B->B74C3EFC), hook C:\WINDOWS\system32\drivers\HookCentre.sys
Function NtOpenProcess (7A) intercepted (80574B7B->B74C3184), hook C:\WINDOWS\system32\drivers\HookCentre.sys
Function NtQueryKey (A0) intercepted (8056F749->F74F8108), hook splb.sys
Function NtQueryValueKey (B1) intercepted (8056BC93->F74F7F88), hook splb.sys
Function NtSetValueKey (F7) intercepted (80575B02->B74C3F6A), hook C:\WINDOWS\system32\drivers\HookCentre.sys
Functions checked: 284, intercepted: 11, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: the extended monitoring driver (AVZPM) is not installed
2. Scanning memory
Number of processes found: 34
Number of modules loaded: 369
Memory checking - complete
3. Scanning disks
Direct reading C:\Temp\fla5CD.tmp
Direct reading C:\WINDOWS\system32\drivers\sptd.sys
Direct reading E:\5916fef40d134d357549\admparse.dll
Direct reading E:\5916fef40d134d357549\advpack.dll
Direct reading E:\5916fef40d134d357549\browseui.dll
Direct reading E:\5916fef40d134d357549\corpol.dll
Direct reading E:\5916fef40d134d357549\custsat.dll
Direct reading E:\5916fef40d134d357549\dxtmsft.dll
Direct reading E:\5916fef40d134d357549\dxtrans.dll
Direct reading E:\5916fef40d134d357549\extmgr.dll
Direct reading E:\5916fef40d134d357549\feeddisc.wav
Direct reading E:\5916fef40d134d357549\hmmapi.dll
Direct reading E:\5916fef40d134d357549\icardie.dll
Direct reading E:\5916fef40d134d357549\ie4uinit.exe
Direct reading E:\5916fef40d134d357549\ieakeng.dll
Direct reading E:\5916fef40d134d357549\ieakmmc.chm
Direct reading E:\5916fef40d134d357549\ieaksie.dll
Direct reading E:\5916fef40d134d357549\ieakui.dll
Direct reading E:\5916fef40d134d357549\ieapfltr.dll
Direct reading E:\5916fef40d134d357549\iedkcs32.dll
Direct reading E:\5916fef40d134d357549\iedw.exe
Direct reading E:\5916fef40d134d357549\ieencode.dll
Direct reading E:\5916fef40d134d357549\ieeula.chm
Direct reading E:\5916fef40d134d357549\ieframe.dll
Direct reading E:\5916fef40d134d357549\iepeers.dll
Direct reading E:\5916fef40d134d357549\ieproxy.dll
Direct reading E:\5916fef40d134d357549\iernonce.dll
Direct reading E:\5916fef40d134d357549\iertutil.dll
Direct reading E:\5916fef40d134d357549\iesetup.dll
Direct reading E:\5916fef40d134d357549\iesupp.chm
Direct reading E:\5916fef40d134d357549\ieudinit.exe
Direct reading E:\5916fef40d134d357549\ieui.dll
Direct reading E:\5916fef40d134d357549\ieuinit.inf
Direct reading E:\5916fef40d134d357549\iexplore.chm
Direct reading E:\5916fef40d134d357549\iexplore.exe
Direct reading E:\5916fef40d134d357549\imgutil.dll
Direct reading E:\5916fef40d134d357549\inetcpl.cpl
Direct reading E:\5916fef40d134d357549\infobar.wav
Direct reading E:\5916fef40d134d357549\inseng.dll
Direct reading E:\5916fef40d134d357549\jscript.dll
Direct reading E:\5916fef40d134d357549\jsproxy.dll
Direct reading E:\5916fef40d134d357549\licmgr10.dll
Direct reading E:\5916fef40d134d357549\msfeeds.dll
Direct reading E:\5916fef40d134d357549\msfeedsbs.dll
Direct reading E:\5916fef40d134d357549\msfeedssync.exe
Direct reading E:\5916fef40d134d357549\mshta.exe
Direct reading E:\5916fef40d134d357549\mshtml.dll
Direct reading E:\5916fef40d134d357549\mshtmled.dll
Direct reading E:\5916fef40d134d357549\mshtmler.dll
Direct reading E:\5916fef40d134d357549\msls31.dll
Direct reading E:\5916fef40d134d357549\msrating.dll
Direct reading E:\5916fef40d134d357549\mstime.dll
Direct reading E:\5916fef40d134d357549\occache.dll
Direct reading E:\5916fef40d134d357549\pngfilt.dll
Direct reading E:\5916fef40d134d357549\popupblk.wav
Direct reading E:\5916fef40d134d357549\shdocvw.dll
Direct reading E:\5916fef40d134d357549\shlwapi.dll
Direct reading E:\5916fef40d134d357549\spmsg.dll
Direct reading E:\5916fef40d134d357549\spuninst.exe
Direct reading E:\5916fef40d134d357549\spupdsvc.exe
Direct reading E:\5916fef40d134d357549\tdc.ocx
Direct reading E:\5916fef40d134d357549\update\idndl.exe
Direct reading E:\5916fef40d134d357549\update\iecustom.dll
Direct reading E:\5916fef40d134d357549\update\iereseticons.exe
Direct reading E:\5916fef40d134d357549\update\iesetup.exe
Direct reading E:\5916fef40d134d357549\update\legitlibm.dll
Direct reading E:\5916fef40d134d357549\update\nlsdl.exe
Direct reading E:\5916fef40d134d357549\update\update.exe
Direct reading E:\5916fef40d134d357549\update\update.inf
Direct reading E:\5916fef40d134d357549\update\updspapi.dll
Direct reading E:\5916fef40d134d357549\update\xmllitesetup.exe
Direct reading E:\5916fef40d134d357549\url.dll
Direct reading E:\5916fef40d134d357549\urlmon.dll
Direct reading E:\5916fef40d134d357549\vbscript.dll
Direct reading E:\5916fef40d134d357549\vgx.dll
Direct reading E:\5916fef40d134d357549\webcheck.dll
Direct reading E:\5916fef40d134d357549\winfxdocobj.exe
Direct reading E:\5916fef40d134d357549\wininet.dll
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Programme\Trillian\events.dll --> Suspicion for a Keylogger or Trojan DLL
C:\Programme\Trillian\events.dll>>> Behavioral analysis:
Behaviour typical for keyloggers not detected
File quarantined succesfully (C:\Programme\Trillian\events.dll)
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed RemoteRegistry (Remote-Registrierung)
>> Services: potentially dangerous service allowed TermService (Terminaldienste)
>> Services: potentially dangerous service allowed SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed Schedule (Taskplaner)
>> Services: potentially dangerous service allowed mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking complete
9. Troubleshooting wizard
Checking complete
Files scanned: 69436, extracted from archives: 55861, malicious programs found 0, suspicions - 0
Scanning finished at 13.3.2008 07:11:58
Time of scanning: 00:32:55
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
|
|
13.03.2008, 14:42
| #11 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten also die hosts ist auch ok... ich hatte gesehen, das die mdm.exe aus meinem ersten log nicht im richtigen ordner seien soll, also hab ich den machine debug manager deaktiviert gehabt. bisher hatte ich keine falschen weiterleitungen mehr, ab wann kann ich mir denn sicher sein auch wieder online banking nutzen zu können ohne gefahr? Code:
ATTFilter SDFix: Version 1.156
Run by Administrator on Do 13.03.2008 at 14:32
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 14:37:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ab,f6,6f,0d,49,5b,9f,e4,f6,eb,14,5d,c8,d0,83,29,dc,c0,df,72,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,29,61,8d,81,e6,ea,3b,9b,c9,fc,2f,5b,97,69,31,09,1f,..
"khjeh"=hex:30,95,fd,22,33,7e,d6,94,2a,85,9c,53,8c,b3,31,01,95,20,3b,1c,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,ee,70,e0,88,86,4c,5e,6d,f8,6f,8c,9b,4b,d8,7c,44,f2,33,d9,41,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ab,f6,6f,0d,49,5b,9f,e4,f6,eb,14,5d,c8,d0,83,29,dc,c0,df,72,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,29,61,8d,81,e6,ea,3b,9b,c9,fc,2f,5b,97,69,31,09,1f,..
"khjeh"=hex:30,95,fd,22,33,7e,d6,94,2a,85,9c,53,8c,b3,31,01,95,20,3b,1c,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,ee,70,e0,88,86,4c,5e,6d,f8,6f,8c,9b,4b,d8,7c,44,f2,33,d9,41,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programme\\Trillian\\trillian.exe"="C:\\Programme\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Programme\\uTorrent\\utorrent.exe"="C:\\Programme\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 9 Mar 2008 6,104,632 A..H. --- "C:\Programme\Picasa2\setup.exe"
Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2B.tmp"
Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT2E.tmp"
Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2A.tmp"
Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d9afc485ff57441ce14a08241df89e8\BIT30.tmp"
Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad2d37be81d37204b0a12680c06ffd51\BIT2D.tmp"
Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT2F.tmp"
Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed6c7531380802fe7c2504f3909edb19\BIT2C.tmp"
Finished!
eMd |
|
13.03.2008, 16:03
| #12 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten Hallo, nun, den Ursprung der Weiterleitungen haben wir nicht gefunden, wahrscheinlich hat eines der Proggies hat es rausgeholt. Der Rechner ist wieder sauber, doch wirkliche Sicherheit bringt nur...wieder alles platt machen und keine Backup-Dateien verwenden.  du kannst noch einen Scan machen mit sysclean Sysclean von Trendmicro poste bitte den Report
__________________ MfG Sabina |
|
15.03.2008, 10:42
| #13 |
| | Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten also ich hab den scan auch nochmal gemacht, hat aber wiedermal rein gar nix gefunden... also ich denke das problem ist erledigt,habe keine falschen weiterleitungen mehr oder ähnliches... vielleicht lag es an dem machine debug manager, welcher nicht aus dem richtigen verzeichnis aus gestartet wurde? naja, ich werd erstmal weiter beobachten danke nochmal für deine hilfe,dadurch war ich nicht ganz so am verzweifeln mfg eMd |
|
| Themen zu Nach Neuaufsetzen des Systems unregelmäßig falsche Seiten |
| adobe, antivirus, bho, dll, explorer, falsche seite, firefox, g data, google, helfen, hijack, hijackthis, installation, internet, internet explorer, logfile, mozilla, mozilla firefox, nvidia, pdf, problem, programme, rundll, seiten, seiten geöffnet, software, system, updates, windows, windows xp |
Linear-Darstellung
