| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer - öffnet automatisch Werbung!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.10.2008, 19:27
| #1 |
| |  Internet Explorer - öffnet automatisch Werbung! Hallo Zusammen, ich habe hier schon mehrere Themen über dieses Problem nachgelesen und zum Teil auch schon Reinigungen durchgeführt. Problem: Wenn ich im Internet Explorer surfe, öffnet sich automatisch ein neues Tab. Vor meinen Reinigungen kam noch Werbung - jetzt nur noch eine weisse Seite. Folgende Reinigungen habe ich durchgeführt: - Kaspersky online Scan - Ad-Aware 2008 Systemprüfung - Malewarebytes Anti Maleware - Sbybot Search and Destroy Könntet Ihr bitte mein HiJackThis-Logfile anschauen und mir weitere Tipps geben. DANKE!! Anbei das HiJackThis-Logfile Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:15:19, on 09.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\smarty005\AppData\Local\ophipqy.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ophipqy] "c:\users\smarty005\appdata\local\ophipqy.exe" ophipqy O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Canon LBP2900 Statusfenster.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: APSHook.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 11166 bytes |
|
09.10.2008, 20:11
| #2 |
| | Internet Explorer - öffnet automatisch Werbung! Nach der Reinigung mit dem CC-Cleaner hier das Log von COMBOFIX:
__________________ComboFix 08-10-08.05 - smarty005 2008-10-09 20:54:22.1 - NTFSx86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1031.18.1106 [GMT 2:00] ausgeführt von:: C:\Users\smarty005\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\smarty005\AppData\Local\ophipqy.dat C:\Users\smarty005\AppData\Local\ophipqy.exe C:\Users\smarty005\AppData\Local\ophipqy_nav.dat C:\Users\smarty005\AppData\Local\ophipqy_navps.dat C:\Windows\system32\x64 F:\Autorun.inf . ((((((((((((((((((((((( Dateien erstellt von 2008-09-09 bis 2008-10-09 )))))))))))))))))))))))))))))) . 2008-10-09 20:47 . 2008-10-09 20:47 <DIR> d-------- C:\Program Files\CCleaner 2008-10-09 19:59 . 2008-10-09 19:59 <DIR> d-------- C:\Windows\BDOSCAN8 2008-10-09 19:33 . 2008-10-09 20:49 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-09 19:33 . 2008-10-09 20:49 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-09 19:33 . 2008-10-09 20:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-09 19:29 . 2008-10-09 19:31 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-10-09 19:29 . 2008-10-09 19:31 <DIR> d-------- C:\ProgramData\Lavasoft 2008-10-09 19:29 . 2008-10-09 19:29 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-09 16:45 . 2008-10-09 16:45 <DIR> d-------- C:\Users\smarty005\AppData\Roaming\Malwarebytes 2008-10-09 16:45 . 2008-10-09 16:45 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-09 16:45 . 2008-10-09 16:45 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-09 16:45 . 2008-10-09 16:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-09 16:45 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-09 16:45 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-03 19:34 . 2008-10-03 19:34 <DIR> d-------- C:\Users\smarty005\AppData\Roaming\TVU Networks 2008-10-03 19:34 . 2008-10-03 19:34 <DIR> d-------- C:\Users\All Users\TVU Networks 2008-10-03 19:34 . 2008-10-03 19:34 <DIR> d-------- C:\ProgramData\TVU Networks 2008-10-03 19:20 . 2008-10-03 19:20 <DIR> d-------- C:\Windows\System32\PPLive 2008-10-02 10:20 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-10-01 19:07 . 2008-10-01 19:07 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-10-01 10:39 . 2008-10-01 10:39 <DIR> d-------- C:\PerfLogs 2008-10-01 09:51 . 2008-10-01 09:51 <DIR> d-------- C:\Windows\CheckSur 2008-10-01 09:48 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr 2008-10-01 09:47 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr 2008-10-01 09:46 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-10-01 09:45 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-10-01 09:45 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-10-01 09:45 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-10-01 09:45 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-10-01 09:45 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-10-01 09:44 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-10-01 09:44 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-10-01 09:44 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-10-01 09:44 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Users\All Users\Electronic Arts 2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\ProgramData\Electronic Arts 2008-09-27 12:07 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll 2008-09-27 12:07 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll 2008-09-27 12:07 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll 2008-09-27 12:07 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll 2008-09-27 12:07 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll 2008-09-27 12:07 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll 2008-09-27 12:07 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll 2008-09-27 12:06 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll 2008-09-16 06:33 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-16 06:33 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-16 06:33 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-16 06:33 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-16 06:33 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-16 06:33 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-16 06:33 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-16 06:33 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-16 06:33 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-09-11 21:12 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-11 21:12 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-11 21:12 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 17:48 --------- d-----w C:\Users\smarty005\AppData\Roaming\Spamihilator 2008-10-09 17:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-01 08:50 174 --sha-w C:\Program Files\desktop.ini 2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Sidebar 2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Mail 2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Journal 2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Defender 2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Collaboration 2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Calendar 2008-10-01 08:30 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-10-01 08:30 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-09-27 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-15 15:43 --------- d-----w C:\Program Files\Hp 2008-08-17 11:43 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-08-17 11:43 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-08-14 17:38 --------- d-----w C:\Program Files\HO_1421 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840] "CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2008-04-05 1060864] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-13 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-13 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-13 129560] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-09 44168] C:\Users\smarty005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664] Canon LBP2900 Statusfenster.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2008-04-19 50848] DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-01-14 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{76F8E7EB-3E76-4E94-9B6A-D8802C75512F}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite "UDP Query User{A20C9CFE-41C7-4734-B074-4DC469D14DD2}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite "{397E9E12-4334-4B66-A65F-1D4AD15BF912}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{4446B9FA-002D-4F15-8495-035FF9CEC37D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{903A2383-DCCE-4DE5-B3F4-0BA1A30109E9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3C1323CE-C24D-4048-AC4D-B55C78442BF8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CEA8A723-16CF-4C79-9D9C-1954342071D7}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{14E72224-1DEA-4ADC-B5F4-B2458D1872C0}C:\\program files\\spamihilator\\dccproc.exe"= UDP:C:\program files\spamihilator\dccproc.exe:dccproc "UDP Query User{96EF272D-730F-40AD-99DA-8A44CE300829}C:\\program files\\spamihilator\\dccproc.exe"= TCP:C:\program files\spamihilator\dccproc.exe:dccproc "TCP Query User{B9A8698B-C095-4774-ACC2-327B35FB7B3D}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client "UDP Query User{4370C719-C449-4C2C-8E21-556C6B27A840}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client "TCP Query User{D46DAACC-D714-425B-AF7F-3F058D495006}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{C1AD31D2-9A4D-49D9-B25B-AE3EE40EF699}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{F2F4C83A-D9DA-429A-8CE2-377CDF2A75B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{D0EFDDD5-D7DA-4288-8534-43B9431DE6D3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{FEEC1330-0F72-4C61-A8A1-80444D8705A4}"= UDP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process "{A025567F-34A2-4F18-A707-9E7F7A7364B5}"= TCP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process "{D6A2177C-DA31-44C2-B04A-3A6B587EDC02}"= TCP:19375|C:\Program Files\devolo\dlanwlancfg\dlanwlancfg.exe:devolo dLAN Wireless extender Konfiguration "{ACD82C04-2796-40E9-9A5E-D21B9BE3F734}"= UDP:10300|C:\Program Files\devolo\informer\devinf.exe:devolo Informer "{A9BE20D9-E6B0-4FD6-AC9C-3A7A9B71014E}"= TCP:10301|LPort=19375|C:\Program Files\devolo\informer\devinf.exe:devolo Informer "{1F8295DD-F932-4CC5-BB6C-07CDC73ECBE0}"= TCP:12345|C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare "{EF0FA780-B01D-4724-A8F8-2438C18F3B9D}"= UDP:12346|LPort=12347|C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare "TCP Query User{B0C795BF-1CCE-4CDF-B00C-868FD3FC5537}C:\\users\\smarty005\\appdata\\local\\temp\\tmp22df.tmp\\update.exe"= UDP:C:\users\smarty005\appdata\local\temp\tmp22df.tmp\update.exe:update.exe "UDP Query User{BA5AAA12-8863-42F1-A5BB-00811E4DA652}C:\\users\\smarty005\\appdata\\local\\temp\\tmp22df.tmp\\update.exe"= TCP:C:\users\smarty005\appdata\local\temp\tmp22df.tmp\update.exe:update.exe "TCP Query User{34D33508-6C4D-4A82-99F4-B06F5D47A0B8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{B7E6311C-E672-4885-AB50-630E6ECEB10F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{52A46E38-05A6-49BD-B33F-DCC608970569}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite "UDP Query User{1137EAFB-9C02-41E5-9C96-ADC76441839E}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite "TCP Query User{6FF90A33-5863-4074-87B8-F49B18E2ADC1}C:\\program files\\miranda im\\miranda32.exe"= UDP:C:\program files\miranda im\miranda32.exe:Miranda IM "UDP Query User{2129E118-5E72-4DE7-87C5-7C612CDFDBC5}C:\\program files\\miranda im\\miranda32.exe"= TCP:C:\program files\miranda im\miranda32.exe:Miranda IM "TCP Query User{D0E5F611-4866-46B8-B1CF-E98527595273}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{23CBB635-F10D-4850-BB98-F884C1618F60}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager "TCP Query User{9132624D-C024-4E55-B04B-B2DCB93461F6}C:\\users\\smarty005\\appdata\\local\\temp\\tmp759c.tmp\\update.exe"= UDP:C:\users\smarty005\appdata\local\temp\tmp759c.tmp\update.exe:update.exe "UDP Query User{47502F80-3A5F-4E1B-A4B4-26ABA4D38C41}C:\\users\\smarty005\\appdata\\local\\temp\\tmp759c.tmp\\update.exe"= TCP:C:\users\smarty005\appdata\local\temp\tmp759c.tmp\update.exe:update.exe "{70A047B0-E5FE-4ADA-B584-4AFA8E4BC25C}"= UDP:C:\Program Files\PPLive\PPLive.exe:PPLive "{4910C019-7665-42DA-87DC-3612A8ADE5C3}"= TCP:C:\Program Files\PPLive\PPLive.exe:PPLive "TCP Query User{F3EBDEFF-8F58-4B36-A76D-91F4E057803E}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{E95CAA37-B4BC-4C02-9BC3-458A44088257}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component R0 SbAlg;SbAlg;C:\Windows\system32\drivers\SbAlg.sys [2006-10-09 44720] R0 SbFsLock;SbFsLock;C:\Windows\system32\drivers\SbFsLock.sys [2007-03-29 13696] R1 RsvLock;RsvLock;C:\Windows\system32\drivers\RsvLock.sys [2007-04-22 5808] R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632] R2 ASBroker;Anmeldesitzungsbroker;C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 ASChannel;Lokaler Verbindungskanal;C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 HpFkCryptService;Drive Encryption Service;c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 18944] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\Windows\system32\drivers\npf_devolo.sys [2007-02-07 35840] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448] R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 21504] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712] R3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 79664] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 81200] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 16432] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-08-17 307968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Inhalt des "geplante Tasks" Ordners 2008-10-09 C:\Windows\Tasks\1-Klick-Wartung.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 09:58] 2008-10-08 C:\Windows\Tasks\User_Feed_Synchronization-{F8821C4C-6A9F-47C2-BE00-2BB4E22DED9D}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33] . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-ophipqy - c:\users\smarty005\appdata\local\ophipqy.exe . ------- Zusätzlicher Suchlauf ------- . FireFox -: Profile - C:\Users\smarty005\AppData\Roaming\Mozilla\Firefox\Profiles\hecgxad2.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.t-online.de/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 21:02:01 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Weitere laufende Prozesse ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\System32\agrsmsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe C:\Windows\System32\CNAB4RPK.EXE C:\Windows\System32\conime.exe C:\Windows\SMINST\Scheduler.exe C:\Windows\System32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-10-09 21:08:08 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-10-09 19:07:49 Vor Suchlauf: 10 Verzeichnis(se), 119.394.275.328 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 118,895,046,656 Bytes frei 267 --- E O F --- 2008-10-08 18:22:28 |
|
10.10.2008, 15:39
| #3 |
| | Internet Explorer - öffnet automatisch Werbung! nachdem ich das Sytem mit dem C-Cleaner gescannt hatte und danach Combofix ausgeführt hatte, kommen keine Werbefenster mehr.
__________________Könnte mir bitte einer von Euch trotzdem am HiJackThis-Log oben sagen, welcher Bestandteil der Übeltäter war?! |
|
| Themen zu Internet Explorer - öffnet automatisch Werbung! |
| ad-aware, adobe, agere systems, antivir, avg, avira, bho, browser, canon, defender, document, explorer, hijack, internet, internet explorer, kaspersky, launch, mehrere, micro, microsoft, pdf, problem, rundll, security, sich automatisch, software, tuneup.defrag, vista, werbung, windows, windows defender, windows sidebar, öffnet, öffnet automatisch, öffnet sich automatisch |
Linear-Darstellung
