IE und Firefox öffnert ständig Pop-Up Werbung

loug · 15.06.2008, 14:28

Hallo erstmal,

bin neu hier und hoffe ihr könnt mir helfen

Wie in dem Titel zu sehen, ist mein Problem, dass sich bei mir der IE und Firefox immer von alleine öffnen und dass auch wenn ich nicht online bin.

Ich habe mein System bereits mit Avira 2008, Ad-Aware 2008 geprüft und ein Logfile auf der Homepage von HijackThis auswerten lassen, überall das gleiche, kein Virenfund.

Ich habe auch mit der Suchfunktion nach ähnlichen Threads gesucht, aber die die ich gefunden habe haben mich auch nicht weiter gebracht.
Falls ich etwas übersehen habe möchte ich mich endschuldigen

Mein Sytem ist Windows XP Pro SP2 und Firefox 2.0.0.14 und IE 7

Danke!

undoreal · 15.06.2008, 14:40

Hallo loug.

Poste bitte ein HijackThis log. Dann sehen wir weiter.

loug · 15.06.2008, 14:47

Hallo undoreal,

bitte, hier ist das Logfile

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA

[/edit]

undoreal · 15.06.2008, 15:18

Zitat:

Hoffe du kannst etwas damit anfagen

^^ hätte ich sonst danach gefragt?

Zitat:

Unable to get Internet Explorer version!

Hast du irgendwas mit deinem MS-internet-explorer angestellt?

Du hattest mal Norton auf dem Rechner oder?

-Deinstalliere bitte AdAware.

-Fixe bitte mit HijackThis folgende Einträge:

Zitat:

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

-Beseitige norton Spuren mit dem removal Tool

-Räume mit CCleaner auf.

-Suche mit SUPERAntiSpyware und Anti-Malware nach den Schädlingen.

loug · 15.06.2008, 16:43

Hallo undoreal,

danke erstmal für deine Tipps.

Habe alles so gemacht wie du es gesagt hast, auch in der Reihenfolge, aber das Problem besteht weiterhin.
Die Antivierenscanner haben mir zwar ein Programm names Zango angezeigt, habe dieses auch entfernt aber keine besserung.

Und ja, ich hatte den IE gestern gelöscht, weil ich ihn nur probeweise installiert hab, um zu sehen ob auch er das Problem hat, da ich aber Firefox bevorzuge musste er weichen.
Mfg

loug

undoreal · 15.06.2008, 20:49

Poste bitte alle entstandenen logs.

loug · 16.06.2008, 09:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:30, on 16.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\3D Virtual Desktop for Windows XP and Vista\Yodm3D.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer2.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Verknüpfung mit Yodm3D.lnk = C:\Program Files\3D Virtual Desktop for Windows XP and Vista\Yodm3D.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://w*w.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205422607729
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9760 bytes

loug · 16.06.2008, 17:52

könnte einer noch wissen, was das sein kann??

Bin langsam echt am Ende

Gruss

loug

undoreal · 16.06.2008, 22:22

Warum postest du denn die SUPERAntiSpyware und Anti-Malwarebytes logs nicht?

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Suche bitte wie in meiner Signatur beschrieben wird nach folgender Datei: lxdcserv.exe

Lade alle Treffer bei VT hoch und poste die Ergebnisse.

loug · 17.06.2008, 10:54

Hallo undoreal,

syr die anderen scans habe ich völlig verpeilt.

Der Scan von SUPERAntispyware

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 06/17/2008 at 00:00 AM

Application Version : 4.15.1000

Core Rules Database Version : 3482
Trace Rules Database Version: 1473

Scan type : Complete Scan
Total Scan Time : 00:32:10

Memory items scanned : 450
Memory threats detected : 0
Registry items scanned : 6719
Registry threats detected : 0
File items scanned : 22143
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\xxx\Cookies\xxx@doubleclick[1].txt
C:\Documents and Settings\xxx\Cookies\xxx@advertising[2].txt
C:\Documents and Settings\xxx\Cookies\xxx@atdmt[2].txt
C:\Documents and Settings\xxx\Cookies\xxx@tradedoubler[2].txt
C:\Documents and Settings\xxx\Cookies\xxx@mediaplex[1].txt
.atdmt.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
stats.redbit.info [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
partners.webmasterplan.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
partners.webmasterplan.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
partners.webmasterplan.com [ C:\Documents and Settings\xxxs\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
.webstats4u.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
login.tracking101.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
.tracking.quisma.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
tracking.quisma.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
tracking.quisma.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
pc game online x box at gametoplist.com [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]
adserver.71i.de [ C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\p9wbx1v0.default\cookies.txt ]

Adware.180solutions/Seekmo/Zango
C:\SYSTEM VOLUME INFORMATION\_RESTORE{988CFBDF-B1AF-48F5-8EDD-C263896DA9C6}\RP101\A0140490.DLL

Immer wenn ich mit Malwarebytes scannen will, kommt ein bluescreen und der PC fährt runter, obwohl genug Leistung vorhanden ist und keine Probleme mit der Hardware bestehen.

Komisch ist auch, wenn ich auf Infoseiten, wie trojaner-board und andere gehe, öffnet sich immer ein Pop-Up und verlangt ich solle Anti Spyware software runterladen, was ich natürlich nicht mache, aber dies ist nur eine Meldung, aber die anderen sind so ähnlich.

undoreal · 17.06.2008, 11:09

Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden.

Führe danach en Combofix Scan durch.

Versuche Anti-Malware im abgesicherten Modus laufen zu lassen.

loug · 17.06.2008, 11:17

Hallo undoreal,

hier ist die Logfile vom Combofix scan Teil 1

ComboFix 08-06-15.4 - Andreas 2008-06-17 12:01:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1464 [GMT 2:00]
Running from: C:\Documents and Settings\Andreas\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Deinstallieren.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url
C:\Documents and Settings\Andreas\Local Settings\Application Data\koahbi.dat
C:\Documents and Settings\Andreas\Local Settings\Application Data\koahbi.exe
C:\Documents and Settings\Andreas\Local Settings\Application Data\koahbi_nav.dat
C:\Documents and Settings\Andreas\Local Settings\Application Data\koahbi_navps.dat
C:\Documents and Settings\Andreas\Local Settings\Application Data\rvalptg.dat
C:\Documents and Settings\Andreas\Local Settings\Application Data\rvalptg_nav.dat
C:\Documents and Settings\Andreas\Local Settings\Application Data\rvalptg_navps.dat
c:\Documents and Settings\Andreas\Local Settings\Application Data\weoaiqey.dat
c:\documents and settings\andreas\local settings\application data\weoaiqey.exe
C:\Documents and Settings\Andreas\Local Settings\Application Data\weoaiqey_nav.dat
C:\Documents and Settings\Andreas\Local Settings\Application Data\weoaiqey_navps.dat
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Service_syssrv

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 23:22 . 2007-11-12 09:40 2,295 --a------ C:\WINDOWS\pcwRarHide.vbs
2008-06-16 22:52 . 2008-06-16 22:55 <DIR> d-------- C:\Program Files\Trillian
2008-06-16 22:47 . 2008-06-16 22:48 <DIR> d-------- C:\Program Files\Java
2008-06-16 04:06 . 2008-06-16 12:51 <DIR> d--hs---- C:\Boot
2008-06-16 04:06 . 2008-06-16 12:03 443,912 -rahs---- C:\bootmgr
2008-06-16 04:06 . 2008-06-16 04:06 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-06-15 18:21 . 2008-06-15 18:21 <DIR> d--hs---- C:\$RECYCLE.BIN
2008-06-15 18:19 . 2007-03-17 13:41 171,136 -rahs---- C:\grldr
2008-06-15 18:14 . 2008-06-16 04:06 367 -rahs---- C:\Boot.ini.saved
2008-06-15 17:18 . 2008-06-16 19:27 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-15 17:15 . 2008-06-15 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 17:15 . 2008-06-15 17:15 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\Malwarebytes
2008-06-15 17:15 . 2008-06-15 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 17:15 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-15 17:15 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-15 16:32 . 2008-06-15 16:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-15 16:32 . 2008-06-15 16:32 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\SUPERAntiSpyware.com
2008-06-15 16:32 . 2008-06-15 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 16:28 . 2008-06-15 16:28 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-15 16:27 . 2008-06-15 16:28 <DIR> d-------- C:\Program Files\CCleaner
2008-06-15 14:48 . 2008-06-15 14:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 14:48 . 2008-06-15 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 18:59 . 2008-06-13 18:59 <DIR> d--hs---- C:\found.001
2008-06-13 13:29 . 2008-06-13 13:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-13 13:29 . 2008-06-13 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-13 13:20 . 2008-06-13 13:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 14:44 . 2008-06-10 14:44 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\Steganos
2008-06-08 18:40 . 2008-06-08 18:40 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\concept design
2008-06-08 18:40 . 2006-05-21 16:15 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-06-08 18:40 . 2006-05-21 16:15 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-06-08 18:40 . 2006-05-21 16:15 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-06-08 18:40 . 2006-05-21 16:15 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-06-08 18:40 . 2006-05-21 16:15 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-06-08 18:40 . 2006-05-21 16:15 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-06-08 18:40 . 2006-05-21 16:15 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-06-08 14:01 . 2008-06-08 14:01 <DIR> d-a------ C:\Program Files\3D Virtual Desktop for Windows XP and Vista
2008-06-03 12:27 . 2008-06-03 13:00 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-06-03 12:27 . 2007-06-19 01:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-03 12:27 . 2008-05-15 11:30 208,896 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-06-03 12:27 . 2005-10-13 15:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-03 12:27 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-03 12:27 . 2000-10-01 21:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-03 12:27 . 2000-07-15 07:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-03 12:27 . 2004-03-09 02:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-03 12:27 . 1998-07-12 21:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-03 12:27 . 2005-09-28 03:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-06-03 12:27 . 1998-07-13 02:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-02 22:29 . 2008-06-02 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-02 21:49 . 2008-06-02 22:11 <DIR> d-------- C:\videooutput
2008-06-02 21:49 . 2008-06-02 21:49 <DIR> d-------- C:\Program Files\Smallvideosoft
2008-06-02 21:49 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-06-02 21:49 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-06-02 21:49 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-06-02 21:39 . 2008-06-02 21:39 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-02 20:59 . 2008-06-02 20:59 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\CoSoSys
2008-06-01 17:44 . 2008-06-01 17:44 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\CoreCodec
2008-06-01 17:43 . 2008-06-01 17:46 <DIR> d-------- C:\Program Files\CoreCodec
2008-06-01 14:16 . 2008-06-01 15:29 <DIR> d-------- C:\Program Files\Winamp
2008-05-30 23:03 . 2008-05-30 23:03 <DIR> d-------- C:\Program Files\Stardock
2008-05-29 16:58 . 2008-05-29 16:58 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\Apple Computer
2008-05-28 17:47 . 2008-06-02 21:17 <DIR> d-------- C:\Program Files\VirtualDJ
2008-05-28 17:42 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL
2008-05-28 16:23 . 2008-05-28 16:23 <DIR> d-------- C:\Program Files\Common Files\Steinberg
2008-05-28 16:21 . 2008-05-28 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Steinberg
2008-05-28 16:15 . 2008-05-28 16:15 <DIR> d-------- C:\Program Files\Steinberg
2008-05-28 15:03 . 2003-11-18 06:27 2,402,025 --a------ C:\WINDOWS\system32\dongle.dll
2008-05-28 13:31 . 2008-05-28 13:31 279 --a------ C:\WINDOWS\PowerReg.dat
2008-05-27 19:45 . 2008-05-28 16:23 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\Steinberg
2008-05-27 19:43 . 2008-05-28 16:16 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-27 19:43 . 2006-01-29 12:48 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-05-27 19:43 . 2006-01-29 12:48 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-27 19:43 . 2006-01-29 12:48 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-27 19:43 . 2006-01-29 12:48 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-27 19:43 . 2006-01-29 12:48 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-05-27 19:43 . 2007-12-30 23:01 35,328 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-27 19:43 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-05-27 19:43 . 2006-01-29 12:48 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-27 19:21 . 2008-05-27 19:21 <DIR> d-------- C:\Program Files\ALCATech
2008-05-27 19:11 . 2008-05-27 19:11 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\Pioneer
2008-05-27 19:10 . 2008-05-27 19:10 <DIR> d-------- C:\WINDOWS\system32\ipp20
2008-05-27 19:10 . 2008-05-27 19:10 <DIR> d-------- C:\Program Files\Pioneer
2008-05-22 15:59 . 2008-05-22 15:59 <DIR> d-------- C:\Documents and Settings\Andreas\mspformat
2008-05-22 15:59 . 2008-05-22 15:59 <DIR> d-------- C:\Documents and Settings\Andreas\msinst
2008-05-22 15:59 . 2008-05-22 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-22 14:56 . 2007-08-22 19:53 <DIR> d-------- C:\Documents and Settings\Andreas\installer
2008-05-22 14:56 . 2007-08-22 19:53 <DIR> d-------- C:\Documents and Settings\Andreas\battery
2008-05-19 22:04 . 2008-06-12 11:19 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-19 21:55 . 2008-05-22 15:59 <DIR> d-------- C:\Program Files\Hex-Editor MX
2008-05-19 21:50 . 2008-05-22 15:59 <DIR> d-------- C:\Program Files\WinHex

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 10:06 2,283,947 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-17 10:05 71,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-17 10:05 5,533,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 09:46 564,224 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-06-15 15:48 1,959,424 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-06-15 14:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 17:31 217,088 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-06-13 17:31 1,924,096 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-06-13 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 20:43 --------- d-----w C:\Program Files\lx_cats
2008-06-12 20:30 --------- d-----w C:\Program Files\SplitCam
2008-06-11 19:35 1,909,248 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-06-11 19:35 1,389,056 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-06-08 13:49 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-06-08 13:44 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-06-08 11:55 445,952 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-06-07 08:00 --------- d-----w C:\Program Files\CryptLoad_1.0.4
2008-06-02 20:12 1,869,312 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-06-02 20:12 1,001,984 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-06-01 14:30 --------- d-----w C:\Program Files\DeskLOk
2008-05-31 17:29 --------- d-----w C:\Documents and Settings\Andreas\Application Data\VMware
2008-05-30 04:55 224,256 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-05-27 18:49 --------- d-----w C:\Documents and Settings\Andreas\Application Data\LimeWire
2008-05-27 17:57 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-05-27 17:52 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-05-27 17:49 1,757,184 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-05-27 17:47 1,798,144 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-05-26 13:34 --------- d-----w C:\Program Files\MSECache
2008-05-25 19:35 --------- d-----w C:\Documents and Settings\Andreas\Application Data\BOM
2008-05-22 13:59 --------- d-----w C:\Program Files\TinyCAD
2008-05-22 13:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-22 13:59 --------- d-----w C:\Program Files\ExePW
2008-05-22 13:59 --------- d-----w C:\Documents and Settings\Andreas\Application Data\Launchy
2008-05-22 13:46 1,758,208 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-05-22 10:14 1,756,672 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-05-19 16:46 483,840 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-05-19 13:47 1,734,656 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-05-18 14:43 424,960 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-05-16 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-16 15:01 24,576 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-05-16 14:54 1,198,080 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-05-14 13:31 --------- d-----w C:\Program Files\FreshWebmaster
2008-05-13 07:36 2,761,728 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-05-12 11:23 --------- d-----w C:\Program Files\WinRail 9.0 Demo
2008-05-11 16:01 --------- d-----w C:\Program Files\ICQ6
2008-05-11 16:01 --------- d-----w C:\Documents and Settings\Andreas\Application Data\ICQ
2008-05-11 15:49 --------- d-----w C:\Program Files\VisualRoute 2008
2008-05-10 23:22 --------- d-----w C:\Documents and Settings\Andreas\Application Data\Ulead Systems
2008-05-10 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-10 22:45 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-10 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-05-10 22:44 --------- d-----w C:\Program Files\Windows Media Components
2008-05-10 22:44 --------- d-----w C:\Program Files\Ulead Systems
2008-05-10 22:44 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-05-10 21:23 --------- d-----w C:\Documents and Settings\Andreas\Application Data\Ahead
2008-05-10 21:00 --------- d-----w C:\Program Files\SWFPlayer
2008-05-09 12:50 --------- d-----w C:\Program Files\7-Zip
2008-05-09 11:23 --------- d-----w C:\Program Files\Duden
2008-05-07 18:38 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-07 18:21 --------- d-----w C:\Program Files\SlySoft
2008-05-07 18:13 --------- d-----w C:\Program Files\Zg cd extractor
2008-05-07 15:43 --------- d-----w C:\Program Files\Image-Line
2008-05-07 15:29 --------- d-----w C:\Documents and Settings\Andreas\Application Data\Deckadance
2008-05-07 15:27 --------- d-----w C:\Program Files\VstPlugins
2008-04-30 18:37 --------- d-----w C:\Program Files\OO Software
2008-04-30 17:06 --------- d-----w C:\Documents and Settings\Andreas\Application Data\TrueCrypt
2008-04-30 17:05 223,424 ----a-w C:\WINDOWS\system32\drivers\truecrypt.sys
2008-04-30 17:05 --------- d-----w C:\Program Files\TrueCrypt
2008-04-30 14:18 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-30 14:17 --------- d-----w C:\Program Files\Nero
2008-04-30 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-29 14:12 --------- d-----w C:\Program Files\Lexmark 1300 Series
2008-04-29 14:12 --------- d-----w C:\Program Files\Common Files\GBelectronics Shared
2008-04-29 14:12 --------- d-----w C:\Program Files\Astragon
2008-04-27 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\GBelectronics
2008-04-27 17:11 --------- d-----w C:\Program Files\S.A.D
2008-04-27 14:59 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-04-27 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-04-27 14:29 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-04-27 14:01 997,376 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-27 14:01 1,481,216 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-04-27 12:45 --------- d-----w C:\Documents and Settings\Andreas\Application Data\vlc
2008-04-27 12:44 --------- d-----w C:\Program Files\VideoLAN
2008-04-26 22:04 1,459,200 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-26 22:04 --------- d-----w C:\Program Files\TechSmith
2008-04-26 21:56 --------- d-----w C:\Program Files\Ontrack
2008-04-26 19:57 1,455,616 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-26 16:32 --------- d-----w C:\Program Files\VideoCAM Eye
2008-04-26 16:32 --------- d-----w C:\Program Files\Common Files\VCAMEye
2008-04-26 15:47 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-04-21 20:11 --------- d-----w C:\Program Files\VMware
2008-04-21 20:11 --------- d-----w C:\Program Files\Common Files\VMware
2008-04-21 18:53 --------- d-----w C:\Program Files\42 Bit Scanner
2008-04-19 19:55 --------- d-----w C:\Program Files\Yod'm 3D
2008-04-18 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-18 12:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 12:23 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-04-18 12:03 --------- d-----w C:\Program Files\Bonjour
2008-04-18 12:00 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-18 11:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
.

Code:

ATTFilter

<pre>
----a-w           291,928 2008-06-02 19:15:34  C:\Program Files\VirtualDJ\VideoEffects\PictureRotation v1.1 .exe
----a-w           291,928 2008-06-02 19:15:34  C:\Program Files\VirtualDJ\VideoEffects\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>

------- Sigcheck -------

loug · 17.06.2008, 11:18

Teil 2

2008-04-09 18:44 359040 a7da4ff905deae95fce8c758bf7a8f5e C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-09 18:44 359040 a7da4ff905deae95fce8c758bf7a8f5e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\oodishi]
@={14A94384-BBED-47ed-86C0-6BF63FD892D0}

[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2007-08-15 15:49 111872 --a------ C:\Program Files\OO Software\DiskImage\oodishi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 08:38 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 09:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 08:40 312240]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 17:50 262401]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-03-05 22:40 20480]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"C6501Sound"="c6501.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\
Verknpfung mit Yodm3D.lnk - C:\Program Files\3D Virtual Desktop for Windows XP and Vista\Yodm3D.exe [2008-06-08 14:01:43 2343936]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Andreas^Start Menu^Programs^Startup^Verknüpfung mit Yodm3D.lnk]
path=C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\Verknüpfung mit Yodm3D.lnk
backup=C:\WINDOWS\pss\Verknüpfung mit Yodm3D.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bash time]
C:\DOCUME~1\Andreas\APPLIC~1\SHIMLO~1\beepinside.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dog about manager team]
--a------ 2008-04-12 08:20 2394112 C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\rect clock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Duden Korrektor SysTray]
--a------ 2007-04-13 09:52 545760 C:\Program Files\Duden\Duden Korrektor\dktray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-10-23 00:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\koahbi]
c:\documents and settings\andreas\local settings\application data\koahbi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-05-11 00:03 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2004-06-10 13:48 286720 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-04-12 13:23 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-05-01 22:52 56112 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-05-01 22:52 68400 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"WinVNC4"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ose"=3 (0x3)
"LiveUpdate"=3 (0x3)
"gusvc"=2 (0x2)
"CGVPNCliSrvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Capture Device Service"=2 (0x2)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\WINDOWS\\system32\\lxdccoms.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19793:TCP"= 19793:TCP:BitComet 19793 TCP
"19793:UDP"= 19793:UDP:BitComet 19793 UDP
"6000:TCP"= 6000:TCP:BitComet 6000 TCP
"6000:UDP"= 6000:UDP:BitComet 6000 UDP
"5900:TCP"= 5900:TCP:BitComet 5900 TCP
"5900:UDP"= 5900:UDP:BitComet 5900 UDP

R0 oodisr;O&O DiskImage Snapshot/Restore Driver;C:\WINDOWS\system32\DRIVERS\oodisr.sys [2007-08-15 15:52]
R0 oodisrh;oodisrh;C:\WINDOWS\system32\DRIVERS\oodisrh.sys [2007-08-15 15:52]
R0 oodivd;O&O DiskImage Virtual Disk Driver;C:\WINDOWS\system32\DRIVERS\oodivd.sys [2007-08-15 15:52]
R0 oodivdh;oodivdh;C:\WINDOWS\system32\DRIVERS\oodivdh.sys [2007-08-15 15:52]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 12:10]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];C:\WINDOWS\system32\drivers\Sleen15.sys [2007-02-21 13:33]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-04-30 22:03]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-04-26 07:21]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 11:04]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-04-30 22:04]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-26 07:21]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-10 19:02]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 12:48]
S3 tap0901;TAP-Win32 Adapter V9;C:\WINDOWS\system32\DRIVERS\tap0901.sys [2007-04-26 00:53]
S4 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-02-05 12:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{501ba7c4-f111-11dc-938e-806d6172696f}]
\Shell\AutoRun\command - F:\Bin\Assetup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Andreas.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 12:07:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\OO Software\DiskImage\oodishi.dll
-> C:\Program Files\OO Software\DiskImage\oodishrs.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-17 12:14:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 10:14:36

Pre-Run: 49,211,351,040 bytes free
Post-Run: 49,204,527,104 bytes free

436

loug · 17.06.2008, 11:35

Hallo undoreal,

den scan mit Malwarebytes kann ich nicht im sicheren Modus durchführen, da ich auf einer anderen Partition Windows Vista installiert hab, und so nur in den Modus von Vista aber nicht mehr von XP komme.

Gruss

loug

undoreal · 18.06.2008, 06:08

Hast du denn noch Probleme?

Ich würde den Rechner mal einige Zeit laufen lassen und dann nochmal Combofix laufen lassen. Poste das log dann bitte hier.

15.06.2008, 14:40	#2
undoreal /// AVZ-Toolkit Guru	IE und Firefox öffnert ständig Pop-Up Werbung Hallo loug. Poste bitte ein HijackThis log. Dann sehen wir weiter. __________________ __________________

15.06.2008, 20:49	#6
undoreal /// AVZ-Toolkit Guru	IE und Firefox öffnert ständig Pop-Up Werbung Poste bitte alle entstandenen logs. __________________ --> IE und Firefox öffnert ständig Pop-Up Werbung

18.06.2008, 06:08	#15
undoreal /// AVZ-Toolkit Guru	IE und Firefox öffnert ständig Pop-Up Werbung Hast du denn noch Probleme? Ich würde den Rechner mal einige Zeit laufen lassen und dann nochmal Combofix laufen lassen. Poste das log dann bitte hier. __________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - Mit Sicherheit durch's Netz Trojaner Board Spenden Konto

IE und Firefox öffnert ständig Pop-Up Werbung

Plagegeister aller Art und deren Bekämpfung: IE und Firefox öffnert ständig Pop-Up Werbung