|
Log-Analyse und Auswertung: Hilfe!!! IE öffnet dauernd Werbung!!!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.10.2008, 15:45 | #1 |
| Hilfe!!! IE öffnet dauernd Werbung!!! Hi, seit kurzem öffnet mein IE andauernd solche Werbeseiten mit irgendwelchen Angeboten, habe schon div. scans laufen lassen...ohne Erfolg. Ich hoffe ihr könnt mir helfen, ich bin am verzweifeln hier mein log-file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:34, on 09.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\HiYo\bin\HiYo.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\MESSEN~1\Msmsgs.exe C:\Programme\Yahoo!\Messenger\YahooMessenger.exe C:\Programme\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\ARCORO~1\AOButler.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Windows Live\Messenger\usnsvc.exe C:\Programme\Azureus\Azureus.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E6UFTQ6E\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.arcor.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {24C1EA9C-6F9B-4BF3-8872-BB0F9E5C0105} - C:\WINDOWS\system32\vtUmMdCr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: {d33a0183-ab05-e2b8-1784-00569d494d1b} - {b1d494d9-6500-4871-8b2e-50ba3810a33d} - C:\WINDOWS\system32\adtrjb.dll O2 - BHO: (no name) - {DB168623-E118-40AE-A183-090E901FF770} - C:\WINDOWS\system32\mlJBQHXO.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\svchost.exe 1 O4 - HKLM\..\Run: [HiYo] C:\Programme\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [788df1a9] rundll32.exe "C:\WINDOWS\system32\ybpgtvld.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Arcor Online] C:\PROGRA~1\ARCORO~1\Arcor.exe /inst_typ:2 /kunden_typ:bestand O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1223466456 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{66B10B68-943F-4F72-B3EC-525716A0D257}: NameServer = 195.50.140.178 195.50.140.114 O20 - AppInit_DLLs: adtrjb.dll O20 - Winlogon Notify: vtUmMdCr - C:\WINDOWS\SYSTEM32\vtUmMdCr.dll O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 8287 bytes |
09.10.2008, 16:21 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe!!! IE öffnet dauernd Werbung!!! Hallo und
__________________Dein Logfile sieht echt übel aus. Acker diese Punkte für weitere Analysen ab: 1.) Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen: Code:
ATTFilter C:\Programme\HiYo\bin\HiYo.exe C:\WINDOWS\system32\vtUmMdCr.dll C:\WINDOWS\system32\adtrjb.dll C:\WINDOWS\system32\mlJBQHXO.dll C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\svchost.exe C:\WINDOWS\system32\ybpgtvld.dll 3.) Führe dieses MBR-Tool aus und poste die Ausgabe 4.) Blacklight und Malwarebytes Antimalware ausführen und Logfiles posten 5.) Führe Silentrunners nach dieser Anleitung aus und poste das Logfile (mit Codetags umschlossen), falls es zu groß sein sollte kannst Du es (gezippt) bei file-upload.net hochladen und hier verlinken. 6.) ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so: HTML-Code: [code] Hier das Logfile rein! [/code]
Diese listing.txt z.B. bei File-Upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist. 8.) Poste ein neues Hijackthis Logfile, nimm dazu diese umbenannte hijackthis.exe - editiere die Links und privaten Infos!!
__________________ |
09.10.2008, 16:30 | #3 |
| Hilfe!!! IE öffnet dauernd Werbung!!! Das ist erst mal HiYo.exe
__________________Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.10.0 2008.10.09 - AntiVir 7.8.1.34 2008.10.09 - Authentium 5.1.0.4 2008.10.09 - Avast 4.8.1248.0 2008.10.09 - AVG 8.0.0.161 2008.10.09 - BitDefender 7.2 2008.10.09 - CAT-QuickHeal 9.50 2008.10.08 - ClamAV 0.93.1 2008.10.09 - DrWeb 4.44.0.09170 2008.10.09 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6137 2008.10.09 - Ewido 4.0 2008.10.09 - F-Prot 4.4.4.56 2008.10.08 - F-Secure 8.0.14332.0 2008.10.09 - Fortinet 3.113.0.0 2008.10.09 - GData 19 2008.10.09 - Ikarus T3.1.1.34.0 2008.10.09 - K7AntiVirus 7.10.489 2008.10.09 - Kaspersky 7.0.0.125 2008.10.09 - McAfee 5401 2008.10.09 - Microsoft 1.4005 2008.10.09 - NOD32 3507 2008.10.09 - Norman 5.80.02 2008.10.08 - Panda 9.0.0.4 2008.10.09 - PCTools 4.4.2.0 2008.10.09 - Rising 20.65.32.00 2008.10.09 - SecureWeb-Gateway 6.7.6 2008.10.09 - Sophos 4.34.0 2008.10.09 - Sunbelt 3.1.1708.1 2008.10.09 - Symantec 10 2008.10.09 - TheHacker 6.3.1.0.103 2008.10.07 - TrendMicro 8.700.0.1004 2008.10.09 - VBA32 3.12.8.6 2008.10.09 - ViRobot 2008.10.9.1414 2008.10.09 - VirusBuster 4.5.11.0 2008.10.09 - weitere Informationen File size: 300336 bytes MD5...: 822b1cc5f5359dd7aa67781dcf37d6da SHA1..: 142e5e4e5a7885ac2c1e57723b3ccba3ed20b7e6 SHA256: e97506f0e317b41f82c17c2a0958ae0f855ef9c684198f86f7414908b89cd898 SHA512: 0a17b28a1fc24061be3f7f26f975dd862809a4a72c87893e7d3d383d70427cf8 faa9ff38def17130df1c03c1c0c6f975265df6c695264159591725a1876182a1 PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x410e68 timedatestamp.....: 0x48da1e89 (Wed Sep 24 11:03:37 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x132fb 0x14000 5.91 4aca3211acd342b3ef793492f4925d3d .rdata 0x15000 0xc574 0xd000 4.82 d9fd718884291a5324f604e4e199b638 .data 0x22000 0xd64 0x1000 2.19 3f7d94d896db18b3c920a0b702c20dc0 .rsrc 0x23000 0x24c28 0x25000 5.72 85c8859d3d5e946c660e07823b43b6d6 ( 15 imports ) > HiYoUtils.dll: __1CSync@@QAE@XZ, __0CSync@@QAE@PAVCCritSec@@H@Z, _GetVersionInfo@@YAXPB_W0PA_WH@Z, _GetInstallationFolder@CSystemInfo@@QAE_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@V23@@Z, _INSTANCE@CSystemInfo@@SAPAV1@XZ, __0CCritSec@@QAE@XZ, _OpenInstallSuccessPage@CMessyWeb@@QAEXXZ, _INSTANCE@CMessyWeb@@SAPAV1@XZ, _TreminateProcess@CSystemInfo@@QAEHK@Z, _Close@CRegistryKey@@QAEJXZ, _ms_pThis@CFileLogger@@2PAV1@A, _Log@CFileLogger@@QAAXKPB_WHPA_WZZ, _SetTarget@CWin32ThreadSyncWnd@@QAEXPAVIWin32ThreadSyncWndTarget@@@Z, _SetTimer@CWin32ThreadSyncWnd@@QAEXII@Z, __0CWin32ThreadSyncWnd@@QAE@XZ, _KillTimer@CWin32ThreadSyncWnd@@QAEXI@Z, _IsUserAdmin@@YAHXZ, __1CCritSec@@QAE@XZ, _SetValue@CRegistryKey@@SGJPAUHKEY__@@PB_W11@Z, _QueryDWORDValue@CRegistryKey@@QAEJPB_WAAK@Z, _GetCurrentTimeInHours@@YAKXZ, __0CRegistryKey@@QAE@XZ, _Open@CRegistryKey@@QAEJPAUHKEY__@@PB_WK@Z, _QueryStringValue@CRegistryKey@@QAEJPB_WPA_WPAK@Z, __1CRegistryKey@@QAE@XZ, __1CWin32ThreadSyncWnd@@UAE@XZ, _DeleteDirectory@@YA_NPB_W_N@Z, _GetWindowsVersion@@YA_NAAK0@Z, _CreatePath@@YAHPB_W@Z, _SetDWORDValue@CRegistryKey@@QAEJPB_WK@Z, _Create@CRegistryKey@@QAEJPAUHKEY__@@PB_WPA_WKKPAU_SECURITY_ATTRIBUTES@@PAK@Z, _GetProcessID@CSystemInfo@@QAEKV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z > IMHttpComm.dll: __0CImWinInetRequest@@QAE@PAVCImWinInetSession@@PAX@Z, _OnRedirect@CImWinInetRequest@@MAEXAAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@@Z, _OnBytesReceived@CImWinInetRequest@@MAEXK@Z, _OnDestroy@CImWinInetRequest@@MAEXXZ, __1CImWinInetRequest@@UAE@XZ, __0CImWinInetSession@@QAE@HABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@@Z, __1CImWinInetSession@@UAE@XZ, _OnHeadersAvailable@CImWinInetRequest@@MAEXXZ > AppServerCommunication.dll: _SendWebAd@CWebAdsManager@@QAEXV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _INSTANCE@CSettingsManager@@SAPAV1@XZ, _Init@CSettingsManager@@QAE_NXZ, _Instance@CAppServerCommMgr@@SAPAV1@XZ, _Init@CAppServerCommMgr@@QAEXPAVCImWinInetSession@@PAVIMsyContentManagerTarget@@PAVIAutoUpdateSubscriber@@22PAVIMessyHookerTarget@@@Z, __0CExecuteInstaller@@QAE@V_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@PAUHWND__@@H@Z, _Execute@CExecuteInstaller@@QAEXXZ, _Init@CWebAdsParams@@QAEXXZ, _GetReportRunMSN@CWebAdsParams@@QAEHW4ReportType@@@Z, _SetReportRunMSN@CWebAdsParams@@QAEXW4ReportType@@H@Z, _INSTANCE@CAutoUpdateMgr@@SAPAV1@XZ, _CanBeDeleted@CAutoUpdateMgr@@QAEHXZ, __0CWebAdsParams@@QAE@XZ, _GetReportCluster@CWebAdsParams@@QAE_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@W4ReportType@@@Z, _GetReportGUID@CWebAdsParams@@QAE_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@W4ReportType@@@Z, _GetReportBrVerID@CWebAdsParams@@QAE_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@W4ReportType@@@Z, _GetReportBrAcceptLang@CWebAdsParams@@QAE_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@W4ReportType@@@Z, _GetReportBrCountry@CWebAdsParams@@QAE_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@W4ReportType@@@Z, __0CWebAdsManager@@QAE@V_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@0000PAVCImWinInetSession@@@Z, __1CWebAdsParams@@QAE@XZ, __1CWebAdsManager@@QAE@XZ, _Stop@CAppServerCommMgr@@QAEXXZ > MFC80U.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > MSVCR80.dll: __set_app_type, _encode_pointer, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _wcmdln, _XcptFilter, _exit, _cexit, __wgetmainargs, _amsg_exit, memcpy, wcscpy_s, _localtime64_s, __CxxFrameHandler3, wcsncpy, wcsrchr, memset, _unlock, __dllonexit, _lock, _onexit, _decode_pointer, _terminate@@YAXXZ, _invoke_watson, _controlfp_s, __type_info_dtor_internal_method@type_info@@QAEXXZ, wcsftime, _time64, fseek, fgetc, fputc, _wfopen, feof, fgetws, fputws, fclose, _wtol, _mktime64, _purecall, __argc, __wargv, exit, _beginthreadex, swscanf_s, _what@exception@std@@UBEPBDXZ, __0exception@std@@QAE@XZ, __1exception@std@@UAE@XZ, _wsplitpath, _wtoi, _CxxThrowException, _except_handler4_common, _crt_debugger_hook > KERNEL32.dll: DeleteFileW, GetLastError, SetLastError, GetProcAddress, GetModuleHandleW, LoadLibraryW, OutputDebugStringW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetPrivateProfileIntW, GetPrivateProfileStringW, GetCurrentProcess, CreateProcessW, Sleep, OpenMutexW, ReleaseMutex, UnmapViewOfFile, VirtualQuery, MapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetTempPathW, ExpandEnvironmentStringsW, MoveFileExW, GetTempFileNameW, lstrlenW, InterlockedCompareExchange, GetStartupInfoW, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, CopyFileW, CreateDirectoryW, GetEnvironmentVariableW, SetEvent, FreeLibrary, ResetEvent, WaitForSingleObject, CreateEventW, ResumeThread, SetThreadPriority, CreateMutexW, GetVersionExW, GetLocalTime, GetTickCount, LocalFree, FormatMessageW, MoveFileW, CloseHandle, CreateFileW, GetFileAttributesW, SetFileAttributesW, InterlockedExchange, RemoveDirectoryW, CreateEventA, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, GetPrivateProfileSectionNamesW > USER32.dll: LoadIconW, SendMessageW, LoadBitmapW, GetClientRect, GetWindowRect, KillTimer, GetWindowPlacement, FindWindowW, IsWindow, wsprintfW, SetTimer, MessageBoxW, EnableWindow > GDI32.dll: GetStockObject, CreateFontW, CreateSolidBrush, GetObjectW > ADVAPI32.dll: RegDeleteKeyW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegEnumValueW, RegQueryValueExW, RegEnumKeyExW, RegSetValueExW, RegNotifyChangeKeyValue, CreateProcessAsUserW, SetTokenInformation, GetLengthSid, ConvertStringSidToSidW, DuplicateTokenEx, OpenProcessToken, SetSecurityInfo, GetSecurityDescriptorSacl, ConvertStringSecurityDescriptorToSecurityDescriptorW > SHELL32.dll: SHGetSpecialFolderLocation, SHGetMalloc, ShellExecuteExW, ShellExecuteW, SHGetSpecialFolderPathW, SHGetPathFromIDListW > SHLWAPI.dll: SHCopyKeyW, PathFileExistsW, PathAddBackslashW > ole32.dll: CoCreateGuid, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance > OLEAUT32.dll: - > MSVCP80.dll: __1_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, _find@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z, __$_H_WU_$char_traits@_W@std@@V_$allocator@_W@1@@std@@YA_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@0@ABV10@PB_W@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@ABV01@@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@PB_W@Z > WININET.dll: InternetGetConnectedState, InternetGetCookieW, InternetSetCookieW ( 0 exports ) Und hier vtummdcr.dll Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.10.0 2008.10.09 - AntiVir 7.8.1.34 2008.10.09 - Authentium 5.1.0.4 2008.10.09 - Avast 4.8.1248.0 2008.10.09 - AVG 8.0.0.161 2008.10.09 - BitDefender 7.2 2008.10.09 - CAT-QuickHeal 9.50 2008.10.08 - ClamAV 0.93.1 2008.10.09 - DrWeb 4.44.0.09170 2008.10.09 - eSafe 7.0.17.0 2008.10.08 Suspicious File eTrust-Vet 31.6.6137 2008.10.09 - Ewido 4.0 2008.10.09 - F-Prot 4.4.4.56 2008.10.08 - F-Secure 8.0.14332.0 2008.10.09 Vundo.gen230 Fortinet 3.113.0.0 2008.10.09 - GData 19 2008.10.09 - Ikarus T3.1.1.34.0 2008.10.09 - K7AntiVirus 7.10.489 2008.10.09 - Kaspersky 7.0.0.125 2008.10.09 - McAfee 5401 2008.10.09 - Microsoft 1.4005 2008.10.09 - NOD32 3507 2008.10.09 - Norman 5.80.02 2008.10.08 Vundo.gen230 Panda 9.0.0.4 2008.10.09 - PCTools 4.4.2.0 2008.10.09 - Prevx1 V2 2008.10.09 - Rising 20.65.32.00 2008.10.09 Suspicious.Trojan.Win32.Agent.b SecureWeb-Gateway 6.7.6 2008.10.09 Trojan.LooksLike.Vundo Sophos 4.34.0 2008.10.09 - Sunbelt 3.1.1708.1 2008.10.09 - Symantec 10 2008.10.09 - TheHacker 6.3.1.0.103 2008.10.07 - TrendMicro 8.700.0.1004 2008.10.09 - VBA32 3.12.8.6 2008.10.09 - ViRobot 2008.10.9.1414 2008.10.09 - VirusBuster 4.5.11.0 2008.10.09 - weitere Informationen File size: 25600 bytes MD5...: dfe56307ec3effc930c9f93b0eb89b45 SHA1..: f5c7fed2c9852f892c10cc5907d5e842d9536d63 SHA256: 8fd5bb8c92894c62685458ee659cdf914a0d743212b9b15bf59f4929af640ec4 SHA512: 8f041ade298709d1024ea33370168073993d98b8b323cd947a036ba5e98d9c32 7bd99b8b899d41d81de2f78f1edc60b16637155f4ed9585fbe5b4c84d0ea6a79 PEiD..: - TrID..: File type identification Win32 Executable Generic (38.5%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1001167a timedatestamp.....: 0x482389e4 (Thu May 08 23:16:52 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1000 0x200 7.62 430b3df3538a692a991dad687d87729c .rdata 0x2000 0x1000 0x200 7.62 6f982ef2321210bb1e66f8ccb73bb79f .data 0x3000 0xd000 0x4400 7.99 6431ed0e148eaa7498105ed372d120ba .data 0x10000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .pdata 0x11000 0x2000 0x1400 6.07 580e96bcd660e8222a627cadc828a9a8 .rsrc 0x13000 0x1000 0x400 1.84 c82f2732e7f62bc72269775250cbe974 ( 3 imports ) > GDI32.dll: StartDocA, CreateRoundRectRgn > KERNEL32.dll: ExitProcess, GetModuleHandleA, CreateFileA > comdlg32.dll: ChooseColorA ( 0 exports ) und hier adtrjb.dll Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.10.0 2008.10.09 - AntiVir 7.8.1.34 2008.10.09 - Authentium 5.1.0.4 2008.10.09 - Avast 4.8.1248.0 2008.10.09 - AVG 8.0.0.161 2008.10.09 Generic11.ATTV BitDefender 7.2 2008.10.09 - CAT-QuickHeal 9.50 2008.10.08 - ClamAV 0.93.1 2008.10.09 - DrWeb 4.44.0.09170 2008.10.09 - eSafe 7.0.17.0 2008.10.08 Suspicious File eTrust-Vet 31.6.6137 2008.10.09 - Ewido 4.0 2008.10.09 - F-Prot 4.4.4.56 2008.10.08 - F-Secure 8.0.14332.0 2008.10.09 Vundo.EUF Fortinet 3.113.0.0 2008.10.09 - GData 19 2008.10.09 - Ikarus T3.1.1.34.0 2008.10.09 - K7AntiVirus 7.10.489 2008.10.09 - Kaspersky 7.0.0.125 2008.10.09 - McAfee 5401 2008.10.09 Vundo.gen.k Microsoft 1.4005 2008.10.09 - NOD32 3507 2008.10.09 - Norman 5.80.02 2008.10.08 Vundo.EUF Panda 9.0.0.4 2008.10.09 - PCTools 4.4.2.0 2008.10.09 - Prevx1 V2 2008.10.09 Cloaked Malware Rising 20.65.32.00 2008.10.09 Suspicious.Trojan.Win32.Agent.b SecureWeb-Gateway 6.7.6 2008.10.09 Ad-Spyware.LooksLike.Virtumonde.alei Sophos 4.34.0 2008.10.09 - Sunbelt 3.1.1708.1 2008.10.09 - Symantec 10 2008.10.09 Trojan.Vundo TheHacker 6.3.1.0.103 2008.10.07 - TrendMicro 8.700.0.1004 2008.10.09 - VBA32 3.12.8.6 2008.10.09 - ViRobot 2008.10.9.1414 2008.10.09 - VirusBuster 4.5.11.0 2008.10.09 - weitere Informationen File size: 123904 bytes MD5...: 2d4dab2af01123e12f175c35f7b6830e SHA1..: f8cb243f1889e20af6c853e99f0b0eeb851afcf3 SHA256: e4c9eb168b9beebd7af692aa7acaffe39eb68605a6b3188c709e596f3b2e6fd8 SHA512: be2ed1b34d0387c52bc5785f22794dcd3613985969b29ae78d30bb73348ce449 5b442d50d63f89f497e4bb12a78bfce15ea7458aebb6bffc650f932a0c579407 PEiD..: - TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1003b67a timedatestamp.....: 0x4823b00f (Fri May 09 01:59:43 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1000 0x200 7.60 fd2a57a25fb6b98b9f754786d263a4da .rdata 0x2000 0x1000 0x200 7.64 9a45a064cedcd601f08c31e2f8469197 .data 0x3000 0x37000 0x1ac00 8.00 9c133eda4bbf4cca5bfd2b7765b7fb27 .data 0x3a000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .pdata 0x3b000 0x2000 0x2000 4.21 a060869643119349ff133990d7a4883c .rsrc 0x3d000 0x1000 0x400 1.97 500b52278bc6394041e7a74c6ec44828 ( 3 imports ) > GDI32.dll: StartDocA, CreateRoundRectRgn > KERNEL32.dll: ExitProcess, GetModuleHandleA, CreateFileA > comdlg32.dll: ChooseColorA ( 0 exports ) und hier mlJBQHXO.dll Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.10.0 2008.10.09 - AntiVir 7.8.1.34 2008.10.09 - Authentium 5.1.0.4 2008.10.09 - Avast 4.8.1248.0 2008.10.09 - AVG 8.0.0.161 2008.10.09 Generic11.ATPT BitDefender 7.2 2008.10.09 - CAT-QuickHeal 9.50 2008.10.08 - ClamAV 0.93.1 2008.10.09 - DrWeb 4.44.0.09170 2008.10.09 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6137 2008.10.09 - Ewido 4.0 2008.10.09 - F-Prot 4.4.4.56 2008.10.08 - F-Secure 8.0.14332.0 2008.10.09 - Fortinet 3.113.0.0 2008.10.09 - GData 19 2008.10.09 - Ikarus T3.1.1.34.0 2008.10.09 - K7AntiVirus 7.10.489 2008.10.09 - Kaspersky 7.0.0.125 2008.10.09 - McAfee 5401 2008.10.09 - Microsoft 1.4005 2008.10.09 - NOD32 3507 2008.10.09 - Norman 5.80.02 2008.10.08 - Panda 9.0.0.4 2008.10.09 - PCTools 4.4.2.0 2008.10.09 - Prevx1 V2 2008.10.09 - Rising 20.65.32.00 2008.10.09 Suspicious.Trojan.Win32.Agent.b SecureWeb-Gateway 6.7.6 2008.10.09 - Sophos 4.34.0 2008.10.09 - Sunbelt 3.1.1708.1 2008.10.09 - Symantec 10 2008.10.09 - TheHacker 6.3.1.0.103 2008.10.07 - TrendMicro 8.700.0.1004 2008.10.09 - VBA32 3.12.8.6 2008.10.09 - ViRobot 2008.10.9.1414 2008.10.09 - VirusBuster 4.5.11.0 2008.10.09 - weitere Informationen File size: 317440 bytes MD5...: ed8cf626bedb5cd89da904187c019104 SHA1..: e0cfa0b8ca5bfc7f7e36afbbb5e5ba835e3c9987 SHA256: 649094f00ba095ed0c893a7e5dd5783873cf841fb16f141241c2c22beac95c9a SHA512: 4b3d6a25ce2d1cebb418544c51c42dd8274cd8cbe9e3ab8d027fe0f9c2f37010 d4ee96566cfb344d2f603dd50b42d8d3734ef3350ba6c58951e2fd56c190fc80 PEiD..: - TrID..: File type identification Win32 Executable Generic (38.5%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1009e67a timedatestamp.....: 0x48234739 (Thu May 08 18:32:25 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1000 0x200 7.57 6701cadbff7c959eb6c4f7132dd858e0 .rdata 0x2000 0x1000 0x200 7.63 d58e579703d9776226ade3bea2cb95b5 .data 0x3000 0x9a000 0x4a800 8.00 3a4d3d85fa128ed4f1d0b3f8bc5ec5d4 .data 0x9d000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .pdata 0x9e000 0x3000 0x2400 3.93 748fa886338ee41ced48b2d4c81f651b .rsrc 0xa1000 0x1000 0x400 6.01 e3b7f8ac1a138240227303db30a12ce8 ( 3 imports ) > GDI32.dll: StartDocA, CreateRoundRectRgn > KERNEL32.dll: ExitProcess, GetModuleHandleA, CreateFileA > comdlg32.dll: ChooseColorA ( 0 exports ) svchost.exe ging net ---> 0 byte size und hier ybpgtvld.dll Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.9.0 2008.10.09 - AntiVir 7.8.1.34 2008.10.09 - Authentium 5.1.0.4 2008.10.09 - Avast 4.8.1248.0 2008.10.08 - AVG 8.0.0.161 2008.10.09 Generic11.ATRH BitDefender 7.2 2008.10.09 - CAT-QuickHeal 9.50 2008.10.08 - ClamAV 0.93.1 2008.10.09 - DrWeb 4.44.0.09170 2008.10.09 - eSafe 7.0.17.0 2008.10.08 Suspicious File eTrust-Vet 31.6.6137 2008.10.09 - Ewido 4.0 2008.10.09 - F-Prot 4.4.4.56 2008.10.08 - F-Secure 8.0.14332.0 2008.10.09 - Fortinet 3.113.0.0 2008.10.08 - GData 19 2008.10.09 - Ikarus T3.1.1.34.0 2008.10.09 Trojan.Win32.Vundo.D K7AntiVirus 7.10.488 2008.10.08 - Kaspersky 7.0.0.125 2008.10.09 - McAfee 5401 2008.10.09 Vundo.gen.k Microsoft 1.4005 2008.10.09 - NOD32 3506 2008.10.09 - Norman 5.80.02 2008.10.08 - Panda 9.0.0.4 2008.10.09 - PCTools 4.4.2.0 2008.10.08 - Prevx1 V2 2008.10.09 Fraudulent Security Program Rising 20.65.32.00 2008.10.09 Suspicious.Trojan.Win32.Agent.b SecureWeb-Gateway 6.7.6 2008.10.09 Trojan.LooksLike.Vundo Sophos 4.34.0 2008.10.09 - Sunbelt 3.1.1708.1 2008.10.09 - Symantec 10 2008.10.09 Trojan.Vundo TheHacker 6.3.1.0.103 2008.10.07 - TrendMicro 8.700.0.1004 2008.10.09 - VBA32 3.12.8.6 2008.10.09 - ViRobot 2008.10.9.1413 2008.10.09 - VirusBuster 4.5.11.0 2008.10.08 - weitere Informationen File size: 71680 bytes MD5...: 7f39bdb96a3a50006848d31fa7f52005 SHA1..: 6dc4d45f9d0295679e8c39b4cc5868ed615be7d8 SHA256: bfb5cc7b856abbd84a92cf17ec0d965359fa8e7542a9dc4ce74c4c35c903c090 SHA512: 616d58d1fe663641f4cf7c5d657db029113357c57fb4bc4e039af9f3d8caa7ac b1d698bef69a3b4da83662ece9f9436a81253ef8dc34a16cd2dc7f75cb5e022a PEiD..: - TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1002167a timedatestamp.....: 0x4823c5ed (Fri May 09 03:33:01 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1000 0x200 7.57 2f4d9719e4123cd4f79fbce1c4cd7eef .rdata 0x2000 0x1000 0x200 7.56 2c798025059625d610b8d5b1756c1ff5 .data 0x3000 0x1d000 0xe800 8.00 a7d3bd28c3838dab425a81c844a7274d .data 0x20000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .pdata 0x21000 0x3000 0x2400 3.94 c43c681532f69b063ab8c5af640acd93 .rsrc 0x24000 0x1000 0x400 1.92 b70851b762bc95f924b518a08f50b069 ( 3 imports ) > GDI32.dll: StartDocA, CreateRoundRectRgn > KERNEL32.dll: ExitProcess, GetModuleHandleA, CreateFileA > comdlg32.dll: ChooseColorA ( 0 exports ) Mbr Ausgabe Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 7 ! copy of MBR has been found in sector 11 ! Geändert von masterchief (09.10.2008 um 16:48 Uhr) |
09.10.2008, 16:51 | #4 |
| Hilfe!!! IE öffnet dauernd Werbung!!! Danke rst einmal für deine Antwort komme jetzt nur noch zu diesen Punkten, da ich weg muss. Werde Morgen weitere Daten angeben. |
10.10.2008, 11:12 | #5 |
| Hilfe!!! IE öffnet dauernd Werbung!!! So es geht weitersi blacklight hat nix gefunden und malwarebyte Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1248 Windows 5.1.2600 Service Pack 3 10.10.2008 12:48:15 mbam-log-2008-10-10 (12-48-15).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 149414 Laufzeit: 32 minute(s), 22 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 6 Infizierte Registrierungsschlüssel: 13 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 21 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\eahjbnnx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\mlJBQHXO.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\adtrjb.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\vtUmMdCr.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\erexbnrw.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\cczoud.dll (Trojan.Vundo) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtummdcr (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a658cc5d-f543-42b5-aa34-dda0e20a730c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a658cc5d-f543-42b5-aa34-dda0e20a730c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5dc78d0-d6af-45d4-a2da-76601c6c054a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b5dc78d0-d6af-45d4-a2da-76601c6c054a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\788df1a9 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljbqhxo -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljbqhxo -> Delete on reboot. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\vtUmMdCr.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\mlJBQHXO.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\OXHQBJlm.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\OXHQBJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cczoud.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\eahjbnnx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\xnnbjhae.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ybpgtvld.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dlvtgpby.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\adtrjb.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\erexbnrw.dll (Trojan.Vundo) -> Delete on reboot. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2F5TQS2T\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2F5TQS2T\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mnmvkckb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uklgcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUoPjjG.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xeaiaycc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{F4F4A88C-93D1-4096-A6A2-1B01F27A37EF}\RP259\A0084439.EXE (Trojan.Agent) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{F4F4A88C-93D1-4096-A6A2-1B01F27A37EF}\RP262\A0086507.EXE (Trojan.Agent) -> Quarantined and deleted successfully. D:\Ahead.Nero.v8.3.2.1b.GERMAN.Incl.Keymaker\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. E:\Programme\TuneUp.Utilities.2008.v7.0.8004.German.Incl.Keymaker-CORE\TuneUp.Utilities.2008.v7.0.8004.German.Incl\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully. und hier silent runner "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MsnMsgr" = ""C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" ["Nero AG"] "PC Suite Tray" = ""C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"] "Nokia.PCSync" = ""C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ["Time Information Services Ltd."] "MSMSGS" = ""C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background" [MS] "Messenger (Yahoo!)" = ""C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."] "Arcor Online" = "C:\PROGRA~1\ARCORO~1\Arcor.exe /inst_typ:2 /kunden_typ:bestand" [null data] "Yahoo! Pager" = ""C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Easy-PrintToolBox" = "C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."] "OODefragTray" = "C:\WINDOWS\system32\oodtray.exe" ["O&O Software GmbH"] "NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" ["Nero AG"] "HiYo" = "C:\Programme\HiYo\bin\HiYo.exe /RunFromStartup" ["IncrediMail, Ltd."] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub" \StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Meine freigegebenen Ordner" \InProcServer32\(Default) = "C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 7\phonebrowser.dll" ["Nokia"] "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension" -> {HKLM...CLSID} = "TuneUp Theme Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"] "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay8AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Programme\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay8CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay8CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Programme\Nero\Nero8\Nero Burning Rom\nero.exe /DialogiscCopy %L" ["Nero AG"] NeroAutoPlay8DataDisc_CD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero8\Nero Burning Rom\nero.exe /New:ISODisc /Media:CD %L" ["Nero AG"] NeroAutoPlay8DataDisc_DVD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero8\Nero Burning Rom\nero.exe /New:ISODisc /MediaVD %L" ["Nero AG"] NeroAutoPlay8RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Programme\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay8ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Programme\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] NMMPlayCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMPlayCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Programme\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"] NMMRipCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMRipCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Programme\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"] VLCPlayCDAudioOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.CDAudio" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe cdda:%1" ["VideoLAN Team"] VLCPlayDVDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.DVDMovie" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe dvd:%1@1:0" ["VideoLAN Team"] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" ["TuneUp Software GmbH"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "@C:\Programme\Messenger\Msgslang.dll,-61144" "MenuText" = "@C:\Programme\Messenger\Msgslang.dll,-61144" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): Messenger USN Journal Reader-Service für freigegebene Ordner, usnjsvc, ""C:\Programme\Windows Live\Messenger\usnsvc.exe"" [MS] NMIndexingService, NMIndexingService, ""C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe"" ["Nero AG"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"] ServiceLayer, ServiceLayer, ""C:\Programme\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."] TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]} Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor iP4200\Driver = "CNMLM78.DLL" ["CANON INC."] (launch time: 2008-10-10 12:57:00) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. (total run time: 69 seconds, including 18 seconds for message boxes) Geändert von masterchief (10.10.2008 um 12:00 Uhr) |
10.10.2008, 13:11 | #6 |
| Hilfe!!! IE öffnet dauernd Werbung!!! Und hier von combofix Code:
ATTFilter ComboFix 08-10-09.06 - Administrator 2008-10-10 13:08:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1595 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ewxctumc.ini . ((((((((((((((((((((((( Dateien erstellt von 2008-09-10 bis 2008-10-10 )))))))))))))))))))))))))))))) . 2008-10-10 13:03 . 2008-10-10 13:03 <DIR> d-------- C:\Programme\CCleaner 2008-10-10 12:04 . 2008-10-10 12:05 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-10-10 12:04 . 2008-10-10 12:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-10-10 12:04 . 2008-10-10 12:04 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes 2008-10-10 12:04 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-10 12:04 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-09 13:57 . 2008-10-09 13:58 <DIR> d-------- C:\Programme\Unlocker 2008-10-09 11:49 . 2008-10-09 11:49 <DIR> d-------- C:\Programme\Lavasoft 2008-10-09 11:49 . 2008-10-09 11:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-10-07 11:12 . 2008-10-07 11:12 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss 2008-10-06 11:21 . 2008-10-06 11:22 <DIR> d-------- C:\Programme\Windows Live Safety Center 2008-10-04 10:41 . 2008-10-04 10:40 44,476 --a------ C:\GetAttachment4.jpg 2008-10-04 10:41 . 2008-10-04 10:40 39,160 --a------ C:\GetAttachment3.jpg 2008-10-04 10:41 . 2008-10-04 10:40 35,501 --a------ C:\GetAttachment5.jpg 2008-10-04 10:41 . 2008-10-04 10:40 34,056 --a------ C:\3.jpg 2008-10-04 10:40 . 2008-10-04 10:40 49,437 --a------ C:\GetAttachment.jpg 2008-10-04 10:40 . 2008-10-04 10:40 43,549 --a------ C:\GetAttachment2.jpg 2008-10-04 10:40 . 2008-10-04 10:40 41,502 --a------ C:\GetAttachment1.jpg 2008-10-04 00:47 . 2008-10-04 00:45 82,337 --a------ C:\kfp696whqbomrd53hv72ay1zzw0.jpg 2008-10-04 00:47 . 2008-10-04 00:47 66,863 --a------ C:\4mkjkcyxmio5i899ukx56eftl7h.jpg 2008-10-04 00:47 . 2008-10-04 00:46 65,212 --a------ C:\do78xqunbk1sn0tbzwcbv7dbx5h.jpg 2008-10-04 00:46 . 2008-10-04 00:46 65,468 --a------ C:\j3ar3p4b7zmeg8j0wywimoxtx89.jpg 2008-10-02 18:05 . 2008-10-02 18:05 7,763 ---hs---- C:\Folder.jpg 2008-10-02 18:05 . 2008-10-02 18:05 7,763 ---hs---- C:\AlbumArt_{8B365EAD-A18F-4BE4-B919-FEFEA2848F35}_Large.jpg 2008-10-02 18:05 . 2008-10-02 18:05 2,061 ---hs---- C:\AlbumArtSmall.jpg 2008-10-02 18:05 . 2008-10-02 18:05 2,061 ---hs---- C:\AlbumArt_{8B365EAD-A18F-4BE4-B919-FEFEA2848F35}_Small.jpg 2008-10-02 18:05 . 2008-10-02 18:05 367 ---hs---- C:\desktop.ini 2008-10-02 15:00 . 2008-10-02 15:00 18,096 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-09-29 13:06 . 2008-09-29 13:06 <DIR> d-------- C:\Programme\HiYo 2008-09-29 13:06 . 2008-09-29 13:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HiYo 2008-09-29 13:06 . 2008-09-29 13:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HiYo 2008-09-23 12:30 . 2001-08-18 04:54 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-09-23 12:29 . 2008-04-14 04:22 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-09-23 12:07 . 2008-09-23 12:07 <DIR> d--hs---- C:\Dokumente und Einstellungen\Administrator\PrivacIE 2008-09-23 11:48 . 2008-04-14 04:22 81,920 --a------ C:\WINDOWS\system32\ieencode.dll 2008-09-23 11:33 . 2008-09-23 11:33 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-23 11:33 . 2008-09-23 11:33 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-23 00:41 . 2008-09-23 00:41 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc 2008-09-22 22:51 . 2008-09-22 22:51 <DIR> d-------- C:\Programme\VideoLAN 2008-09-21 14:06 . 2008-09-21 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SecondLife 2008-09-18 13:26 . 2008-09-18 13:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Scanner 2008-09-18 13:26 . 2008-09-18 13:28 <DIR> d-------- C:\Programme\CA Yahoo! Anti-Spy 2008-09-17 21:45 . 2008-09-17 21:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion 2008-09-17 21:45 . 2008-09-17 21:45 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yahoo! 2008-09-17 20:34 . 2008-09-17 20:34 <DIR> d-------- C:\Programme\Yahoo! 2008-09-17 20:34 . 2008-09-17 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! 2008-09-17 16:02 . 2008-10-02 18:15 4,232,880 --a------ C:\Loreena Mckennitt - Greensleeves.mp3 2008-09-17 02:20 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys 2008-09-15 12:38 . 2008-09-15 12:38 <DIR> d-------- C:\WINDOWS\system\color 2008-09-15 12:37 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-09-14 21:59 . 2000-06-29 09:00 36,864 --a------ C:\WINDOWS\system32\agusbsti.dll 2008-09-14 21:58 . 2008-09-14 21:58 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Agfa 2008-09-14 21:58 . 2008-09-14 21:58 <DIR> d-------- C:\Programme\Agfa 2008-09-14 21:58 . 2001-09-06 15:55 90,112 --a------ C:\WINDOWS\system32\adomps.dll 2008-09-13 16:27 . 2008-09-13 16:27 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software 2008-09-13 16:27 . 2008-09-13 16:27 361,728 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-09-13 16:27 . 2008-07-18 15:05 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-13 16:26 . 2008-09-13 16:26 <DIR> d-------- C:\Programme\TuneUp Utilities 2008 2008-09-13 16:26 . 2008-09-13 16:26 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software 2008-09-13 16:25 . 2008-10-09 16:12 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-09-13 15:16 . 2008-10-04 10:48 167,936 --ahs---- C:\Thumbs.db 2008-09-13 15:16 . 2008-10-09 16:12 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-09-13 15:16 . 2008-10-09 16:12 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-09-13 14:55 . 2008-09-14 21:20 <DIR> d-------- C:\Programme\ArcorOnline 2008-09-13 14:55 . 2003-06-20 11:07 188,416 --a------ C:\WINDOWS\system32\AMCButton.ocx 2008-09-13 14:55 . 2002-11-10 09:57 86,016 --a------ C:\WINDOWS\system32\SBList30.ocx 2008-09-13 14:55 . 2005-08-09 19:21 65,536 --a------ C:\WINDOWS\system32\WinRas32.ocx 2008-09-13 13:37 . 2008-09-13 13:37 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AdobeUM 2008-09-13 03:01 . 2008-09-13 03:01 <DIR> d-------- C:\Programme\MSXML 4.0 2008-09-12 21:06 . 2008-09-12 21:15 <DIR> d-------- C:\Programme\Lavasoft Ad-aware plus 2008-09-12 17:29 . 2008-09-12 17:29 <DIR> d-------- C:\WINDOWS\Sun 2008-09-12 12:12 . 2008-09-12 12:12 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite 2008-09-12 12:09 . 2008-09-12 12:09 <DIR> d-------- C:\Programme\PC Connectivity Solution 2008-09-12 12:09 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-09-12 10:51 . 2008-09-12 10:51 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia 2008-09-12 10:48 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-09-12 10:48 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-09-12 10:48 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-09-12 10:48 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-09-12 10:48 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-09-12 10:48 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-09-12 10:47 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-09-12 10:47 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-09-12 10:46 . 2008-09-12 10:46 <DIR> d-------- C:\Programme\MSXML 6.0 2008-09-12 10:01 . 2008-09-12 10:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-12 10:00 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-09-12 10:00 . 2008-09-12 10:00 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-12 10:00 . 2008-09-12 10:00 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-12 09:57 . 2008-09-12 10:00 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite 2008-09-12 09:57 . 2008-09-29 22:18 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite 2008-09-12 09:50 . 2008-09-12 12:37 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia 2008-09-12 09:49 . 2008-09-29 22:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia 2008-09-12 09:49 . 2008-09-12 09:49 <DIR> d-------- C:\Programme\DIFX 2008-09-12 09:48 . 2008-09-29 22:19 <DIR> d-------- C:\Programme\Nokia 2008-09-12 09:48 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-09-12 09:47 . 2008-09-29 22:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations 2008-09-11 21:43 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2008-09-11 15:00 . 2008-09-11 15:00 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nero 2008-09-11 00:21 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-09-11 00:21 . 2008-07-07 22:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll 2008-09-11 00:20 . 2008-06-24 18:42 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll 2008-09-11 00:19 . 2008-06-23 18:14 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-09-11 00:18 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-09-11 00:18 . 2008-06-20 19:46 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-09-11 00:18 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-09-11 00:18 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-09-11 00:18 . 2008-06-20 19:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-09-11 00:18 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-09-11 00:17 . 2008-05-07 07:10 1,293,824 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll 2008-09-11 00:16 . 2008-06-14 19:32 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-09-11 00:16 . 2008-06-14 19:32 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-11 00:05 . 2008-09-11 00:05 <DIR> d-------- C:\Programme\Nero 2008-09-11 00:05 . 2008-09-11 00:07 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero 2008-09-11 00:05 . 2008-09-11 00:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2008-09-11 00:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-11 00:01 . 2008-06-23 18:14 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-11 00:01 . 2007-04-17 11:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-09-11 00:01 . 2007-03-08 07:09 1,040,384 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-09-11 00:01 . 2008-06-23 18:14 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-09-11 00:01 . 2008-06-23 18:14 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-09-11 00:01 . 2008-06-23 18:14 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-09-11 00:01 . 2008-06-23 18:14 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-09-11 00:01 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-09-10 23:42 . 2008-09-10 23:42 <DIR> d-------- C:\Programme\Windows Media Connect 2 2008-09-10 23:42 . 2008-09-10 23:42 3 --a------ C:\WINDOWS\system32\EUupdate.installed . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-10 09:28 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus 2008-10-09 15:22 --------- d-----w C:\Programme\eMule 2008-09-10 22:02 --------- d-----w C:\Programme\Java 2008-09-10 20:56 --------- d-----w C:\Programme\Azureus 2008-09-10 20:34 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus 2008-09-10 20:18 --------- d-----w C:\Programme\Canon 2008-09-10 20:16 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\eMule 2008-09-10 20:15 --------- d--h--w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ 2008-09-10 20:08 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-09-10 20:07 --------- d-----w C:\Programme\Gemeinsame Dateien\Java 2008-09-10 20:07 --------- d-----w C:\Programme\DAMN NFO Viewer 2008-09-10 18:59 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-09-10 18:41 --------- d-----w C:\Programme\microsoft frontpage 2008-09-10 18:40 --------- d-----w C:\Programme\Windows Media Connect 2008-09-10 18:40 --------- d-----w C:\Programme\Windows Journal Viewer 2008-09-10 18:40 --------- d-----w C:\Programme\HighMAT CD Writing Wizard 2008-09-10 18:36 --------- d-----w C:\Programme\Online-Dienste 2008-09-10 18:35 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste 2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll 2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll 2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll 2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll 2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll 2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll 2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "PC Suite Tray"="C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "MSMSGS"="C:\PROGRA~1\MESSEN~1\Msmsgs.exe" [2008-06-02 1660952] "Messenger (Yahoo!)"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "Arcor Online"="C:\PROGRA~1\ARCORO~1\Arcor.exe" [2007-09-13 535000] "Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Easy-PrintToolBox"="C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 2512392] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] "HiYo"="C:\Programme\HiYo\bin\HiYo.exe" [2008-09-25 300336] "SoundMan"="SOUNDMAN.EXE" [2004-11-11 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=cczoud.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Azureus\\Azureus.exe"= "C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Programme\\Messenger\\Msmsgs.exe"= "C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"= "D:\\Marcel1\\PSP\\upgrade\\SLVoice.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programme\\eMule\\emule.exe"= R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-13 361728] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners 2008-10-10 C:\WINDOWS\Tasks\1-Klick-Wartung.job - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21 18:47] . . ------- Zusätzlicher Suchlauf ------- . R0 -: HKCU-Main,Start Page = hxxp://www.arcor.de R0 -: HKLM-Main,Start Page = hxxp://www.arcor.de R0 -: HKLM-Main,Window Title = Arcor AG & Co. KG R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.arcor.de/ O8 -: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 -: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 -: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 -: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O17 -: HKLM\CCS\Interface\{66B10B68-943F-4F72-B3EC-525716A0D257}: NameServer = 195.50.140.178 195.50.140.114 O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1223466456 C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf C:\WINDOWS\system32\unicows.dll C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-10 13:10:49 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-10-10 13:12:41 ComboFix-quarantined-files.txt 2008-10-10 11:12:02 Vor Suchlauf: 6 Verzeichnis(se), 35.398.098.944 Bytes frei Nach Suchlauf: 8 Verzeichnis(se), 35,397,980,160 Bytes frei 270 --- E O F --- 2008-09-24 01:00:39 http://www.file-upload.net/download-...sting.txt.html |
10.10.2008, 13:16 | #7 |
| Hilfe!!! IE öffnet dauernd Werbung!!! Und hier das neiue hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:16:01, on 10.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\HiYo\bin\HiYo.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\ARCORO~1\AOButler.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2F5TQS2T\qlketzd[1].com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HiYo] C:\Programme\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Arcor Online] C:\PROGRA~1\ARCORO~1\Arcor.exe /inst_typ:2 /kunden_typ:bestand O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.schuelervz.net/phot...che=1223466456 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{66B10B68-943F-4F72-B3EC-525716A0D257}: NameServer = 195.50.140.178 195.50.140.114 O20 - AppInit_DLLs: cczoud.dll O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7068 bytes |
10.10.2008, 13:19 | #8 |
| Hilfe!!! IE öffnet dauernd Werbung!!! Und was nun? |
10.10.2008, 14:56 | #9 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe!!! IE öffnet dauernd Werbung!!! Sry, aber wenn ich sowas lese kann ich nur mitm Kopf schütteln: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Hilfe!!! IE öffnet dauernd Werbung!!! |
administrator, adobe, bho, canon, confused, content.ie5, dateien, dll, einstellungen, explorer, helfen, helper, heulen, hijack, hijackthis, hilfe!!, hilfe!!!, hkus\s-1-5-18, home, internet, internet explorer, log-file, microsoft, programme, rundll, software, solution, system, tuneup.defrag, urlsearchhook, werbung, windows, windows xp, windows xp sp3, xp sp3, yahoo, öffnet |