|
Log-Analyse und Auswertung: CiD Popups entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.11.2008, 15:17 | #1 |
| CiD Popups entfernen Hallo. Ich habe ein nerviges Problem mit diesen CiD Popups die seit n paar Wochen alle paar Minuten bei mir auftauchen. Ausserdem ist der Rechner so derbe langsam geworden. Ich weiss net was ich tun soll. Und es macht mich allmählich wahnsinnig. Wäre toll wenn mir einer helfen könnte. Ich habe das Logfile mit einkopiert. Vielen Dank schon mal. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:01:40, on 04.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\hp\kbd\kbd.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *** Bitte registrieren, um Bilder oder Links posten zu können *** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *** Bitte registrieren, um Bilder oder Links posten zu können *** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *** Bitte registrieren, um Bilder oder Links posten zu können *** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *** Bitte registrieren, um Bilder oder Links posten zu können *** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *** Bitte registrieren, um Bilder oder Links posten zu können *** R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *** Bitte registrieren, um Bilder oder Links posten zu können *** R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [army book] "C:\ProgramData\phone media media.g2qp6o" O4 - HKLM\..\Run: [Frag Ooze Cash Scr] "C:\ProgramData\CHIN BIN EXIT.6lzicn" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - *** Bitte registrieren, um Bilder oder Links posten zu können *** O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9898 bytes |
04.11.2008, 16:55 | #2 |
| CiD Popups entfernen Hi,
__________________guckst Du hier: O4 - HKLM\..\Run: [army book] "C:\ProgramData\phone media media.g2qp6o" O4 - HKLM\..\Run: [Frag Ooze Cash Scr] "C:\ProgramData\CHIN BIN EXIT.6lzicn" und ev. hier: O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\ProgramData\phone media media.g2qp6o C:\ProgramData\CHIN BIN EXIT.6lzicn C:\windows\SMINST\launcher.exe
Nicht erkannte Files unten rausnehmen! Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop: 2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Registry values to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|army book HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Frag Ooze Cash Scr Files to delete: C:\ProgramData\phone media media.g2qp6o C:\ProgramData\CHIN BIN EXIT.6lzicn C:\windows\SMINST\launcher.exe 3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet. 4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O4 - HKLM\..\Run: [army book] "C:\ProgramData\phone media media.g2qp6o" O4 - HKLM\..\Run: [Frag Ooze Cash Scr] "C:\ProgramData\CHIN BIN EXIT.6lzicn" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Fullscan und alles bereinigen lassen! Log & neues HJ-Log posten. Chris
__________________ |
04.11.2008, 17:22 | #3 |
| CiD Popups entfernen Der Scan von: C:\ProgramData\phone media media.g2qp6o
__________________Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.11.4.3 2008.11.04 - AntiVir 7.9.0.10 2008.11.04 - Authentium 5.1.0.4 2008.11.04 - Avast 4.8.1248.0 2008.11.03 - AVG 8.0.0.161 2008.11.04 - BitDefender 7.2 2008.11.04 - CAT-QuickHeal 9.50 2008.11.04 - ClamAV 0.94.1 2008.11.04 - DrWeb 4.44.0.09170 2008.11.04 - eSafe 7.0.17.0 2008.11.04 - eTrust-Vet 31.6.6189 2008.11.04 - Ewido 4.0 2008.11.04 - F-Prot 4.4.4.56 2008.11.04 - F-Secure 8.0.14332.0 2008.11.04 - Fortinet 3.117.0.0 2008.11.04 - GData 19 2008.11.04 - Ikarus T3.1.1.45.0 2008.11.04 - K7AntiVirus 7.10.516 2008.11.04 - Kaspersky 7.0.0.125 2008.11.04 - McAfee 5423 2008.11.04 - Microsoft 1.4005 2008.11.04 - NOD32 3583 2008.11.04 - Norman 5.80.02 2008.11.04 - Panda 9.0.0.4 2008.11.04 - PCTools 4.4.2.0 2008.11.03 - Prevx1 V2 2008.11.04 - Rising 21.02.12.00 2008.11.04 - SecureWeb-Gateway 6.7.6 2008.11.04 - Sophos 4.35.0 2008.11.04 - Sunbelt 3.1.1777.2 2008.11.03 - Symantec 10 2008.11.04 - TheHacker 6.3.1.1.138 2008.11.04 - TrendMicro 8.700.0.1004 2008.11.04 - VBA32 3.12.8.9 2008.11.03 - ViRobot 2008.11.4.1450 2008.11.04 - VirusBuster 4.5.11.0 2008.11.04 - weitere Informationen File size: 8208 bytes MD5...: be52c1193a4fff8fd6ee0faf947a7407 SHA1..: 15f02d53986992be0c9aa84588d47e0f42fbe1de SHA256: 637eca7f24c6cc37ef2551e303c95b36553b22eafb65fdfb9611cdc18df742ea SHA512: 41b5f1d4fcc88453f463e95a364bf632c11c0bbbad06c29077ed4132acef1b16 71d87d972e01733667d4e6db87eaedc28c232e837ac19fb0ec80f2d3956bea45 PEiD..: - TrID..: File type identification Unknown! PEInfo: - |
04.11.2008, 17:25 | #4 |
| CiD Popups entfernen Der Scan von: C:\ProgramData\CHIN BIN EXIT.6lzicn Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.11.4.3 2008.11.04 - AntiVir 7.9.0.10 2008.11.04 - Authentium 5.1.0.4 2008.11.04 - Avast 4.8.1248.0 2008.11.03 - AVG 8.0.0.161 2008.11.04 - BitDefender 7.2 2008.11.04 - CAT-QuickHeal 9.50 2008.11.04 - ClamAV 0.94.1 2008.11.04 - DrWeb 4.44.0.09170 2008.11.04 - eSafe 7.0.17.0 2008.11.04 - eTrust-Vet 31.6.6188 2008.11.03 - Ewido 4.0 2008.11.04 - F-Prot 4.4.4.56 2008.11.04 - F-Secure 8.0.14332.0 2008.11.04 - Fortinet 3.117.0.0 2008.11.04 - GData 19 2008.11.04 - Ikarus T3.1.1.45.0 2008.11.04 - K7AntiVirus 7.10.516 2008.11.04 - Kaspersky 7.0.0.125 2008.11.04 - McAfee 5423 2008.11.04 - Microsoft 1.4005 2008.11.04 - NOD32 3583 2008.11.04 - Norman 5.80.02 2008.11.04 - Panda 9.0.0.4 2008.11.04 - PCTools 4.4.2.0 2008.11.03 - Prevx1 V2 2008.11.04 - Rising 21.02.12.00 2008.11.04 - SecureWeb-Gateway 6.7.6 2008.11.04 - Sophos 4.35.0 2008.11.04 - Sunbelt 3.1.1777.2 2008.11.03 - Symantec 10 2008.11.04 - TheHacker 6.3.1.1.138 2008.11.04 - TrendMicro 8.700.0.1004 2008.11.04 - VBA32 3.12.8.9 2008.11.03 - ViRobot 2008.11.4.1450 2008.11.04 - VirusBuster 4.5.11.0 2008.11.04 - weitere Informationen File size: 339984 bytes MD5...: da854250ef2f392f54e91f5c46c68a63 SHA1..: aa5bcc2e6ed1ed4163dde9141700f0e17afca7ad SHA256: 35583205322ef6dcd8966dd5476e5f04493042b2093699efb468b4c5f5746b5e SHA512: b1f8b516350fa629f33b85319b400a823d7d4f66adf2cc5690f13e9a86c09ac7 6eb93bb2b7e603e5d27d694d8abaefa372280d03558bbfea684ee957d5dd9490 PEiD..: - TrID..: File type identification Unknown! PEInfo: - |
04.11.2008, 17:32 | #5 |
| CiD Popups entfernen Der Scan von: C:\windows\SMINST\launcher.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.11.4.3 2008.11.04 - AntiVir 7.9.0.10 2008.11.04 - Authentium 5.1.0.4 2008.11.04 - Avast 4.8.1248.0 2008.11.03 - AVG 8.0.0.161 2008.11.04 - BitDefender 7.2 2008.11.04 - CAT-QuickHeal 9.50 2008.11.04 - ClamAV 0.94.1 2008.11.04 - DrWeb 4.44.0.09170 2008.11.04 - eSafe 7.0.17.0 2008.11.04 - eTrust-Vet 31.6.6188 2008.11.03 - Ewido 4.0 2008.11.04 - F-Prot 4.4.4.56 2008.11.04 - Fortinet 3.117.0.0 2008.11.04 - GData 19 2008.11.04 - Ikarus T3.1.1.45.0 2008.11.04 - K7AntiVirus 7.10.516 2008.11.04 - Kaspersky 7.0.0.125 2008.11.04 - McAfee 5423 2008.11.04 - Microsoft 1.4005 2008.11.04 - NOD32 3583 2008.11.04 - Norman 5.80.02 2008.11.04 - Panda 9.0.0.4 2008.11.04 - PCTools 4.4.2.0 2008.11.03 - Rising 21.02.12.00 2008.11.04 - SecureWeb-Gateway 6.7.6 2008.11.04 - Sophos 4.35.0 2008.11.04 - Sunbelt 3.1.1777.2 2008.11.03 - Symantec 10 2008.11.04 - TheHacker 6.3.1.1.138 2008.11.04 - TrendMicro 8.700.0.1004 2008.11.04 - VBA32 3.12.8.9 2008.11.03 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics) ViRobot 2008.11.4.1450 2008.11.04 Trojan.Win32.Agent.44168 VirusBuster 4.5.11.0 2008.11.04 - weitere Informationen File size: 44136 bytes MD5...: dbeb9ee2a13d9aa0d5f180757b5a2c26 SHA1..: 5400a2b2ade9d78630e0aed1c88a284a2da18835 SHA256: cfe6e4902f8387c2e2d2f400ed683acd4b152c5d299a144a34c4bd79eeca6bb7 SHA512: 5e207f5015594b544227cfabc4abe5650580c16ce5b1ace27564127ef4d9426f 835fae19caf0c0719537bb19943d9929a9f583a7b25653abb92f6952e83b2bfb PEiD..: - TrID..: File type identification Win64 Executable Generic (80.9%) Win32 Executable Generic (8.0%) Win32 Dynamic Link Library (generic) (7.1%) Generic Win/DOS Executable (1.8%) DOS Executable Generic (1.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x404858 timedatestamp.....: 0x454f2771 (Mon Nov 06 12:15:45 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x41c9 0x5000 5.38 5c5a7f6e4e9784110db25bddcc6dee3c .rdata 0x6000 0x1458 0x2000 3.03 ae638035d8f027226689b7c38288aca2 .data 0x8000 0xb30 0x1000 2.60 90612eb9fcc7c59a48e1552b7ea3bb65 .rsrc 0x9000 0x3b0 0x1000 0.96 3b4d5d544aab5d57e8e6f20740ea399c ( 7 imports ) > MFC42u.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > msvcrt.dll: __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, __p__fmode, __1type_info@@UAE@XZ, _onexit, __dllonexit, __set_app_type, _ltow, __CxxFrameHandler, wcscmp, wcslen, _terminate@@YAXXZ, _controlfp, _c_exit, _except_handler3, _wgetenv, _wcsicmp > KERNEL32.dll: CreateFileW, DeleteFileW, SetFileAttributesW, SetLastError, FormatMessageW, GetLastError, GlobalFree, GlobalUnlock, GetPrivateProfileStringW, GlobalAlloc, GetModuleFileNameW, GetVersionExW, GetModuleHandleA, GetStartupInfoA, GetPrivateProfileIntW, GetCurrentDirectoryW, GlobalLock, GetExitCodeProcess, CloseHandle, WaitForSingleObject, CreateProcessW > USER32.dll: wvsprintfW > ADVAPI32.dll: RegSetValueExW, RegCloseKey, RegOpenKeyW > VERSION.dll: VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW > SHLWAPI.dll: PathStripPathW ( 0 exports ) |
04.11.2008, 17:41 | #6 |
| CiD Popups entfernen Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\ProgramData\phone media media.g2qp6o" deleted successfully. File "C:\ProgramData\CHIN BIN EXIT.6lzicn" deleted successfully. File "C:\windows\SMINST\launcher.exe" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|army book" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Frag Ooze Cash Scr" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
04.11.2008, 17:49 | #7 |
| CiD Popups entfernen Hallo Chris. Wie du siehst hab ich bis zum Punkt Avenger alles gemacht. Jetzt wollte ich HijackThis starten und die drei Punkte anklicken, aber die sind nicht mehr im Log drin. Gutes Zeichen??? Ich mache jetzt noch MAM und poste dann den neuen HI-Log. Gruss Matze |
04.11.2008, 19:56 | #8 |
| CiD Popups entfernen Malwarebytes' Anti-Malware 1.30 Datenbank Version: 1363 Windows 6.0.6001 Service Pack 1 04.11.2008 19:48:40 mbam-log-2008-11-04 (19-48-40).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Durchsuchte Objekte: 140702 Laufzeit: 1 hour(s), 42 minute(s), 13 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
04.11.2008, 19:58 | #9 |
| CiD Popups entfernen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:57:49, on 04.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\hp\kbd\kbd.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9617 bytes |
04.11.2008, 20:03 | #10 |
| CiD Popups entfernen So habe jetzt alles gemacht. Wies aussieht ist sind die Würmer jetzt wech oder? Bis jetzt sind noch keine Cid Popups gekommen. Man, vielen Dank auf jeden Fall. Hast mir mega geholfen. Besten Dank! |
Themen zu CiD Popups entfernen |
ad-aware, add-on, antivir, antivirus, application, avira, bho, browser, cid, entfernen, excel, firefox, google, helfen, helper, hijack, hijackthis, internet security, langsam, logfile, object, plug-in, problem, programdata, security, server, software, symantec, system, toolbars, tracker, vista, windows, windows defender, windows sidebar |