Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Werbe-PopUp mit IE7

Werbe-PopUp mit IE7


Log-Analyse und Auswertung: Werbe-PopUp mit IE7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.11.2008, 11:48   #1
d4n3
 
Werbe-PopUp mit IE7 - Icon17

Werbe-PopUp mit IE7


Hallo,
habe seit einigen Tagen immer diese blöden Werbungen - es öffnet automatisch der IE7 obwohl ich Firefox benutze.
Kann mir jemand sagen, wie ich den Mist weg bekomme?

HijackThis
Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:30:58, on 24.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Notebook Hardware Control\nhc.exe
C:\Programme\LevelOne\MFP Server Control Center\Control Center.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\PrevxCSI\prevxcsi.exe
C:\Programme\PrevxCSI\prevxcsi.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Java\jre1.6.0_01\launch4j-tmp\JDownloader.exe
D:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.asus.com.tw/
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programme\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [Control Center] C:\Programme\LevelOne\MFP Server Control Center\Control Center.exe -mini
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sign Info] C:\DOKUME~1\**\ANWEND~1\IDOLIN~1\Encbias.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: netzlaufwerk-movie.bat
O4 - Global Startup: netzlaufwerk - mediacenter.bat
O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://D:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Mit GetRight laden - D:\GetRight\GRdownload.htm
O8 - Extra context menu item: Mit GetRight-Browser öffnen - D:\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky

Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=h**p://www.asus.com.tw
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158592582713
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158592621329
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A2A8B5-4B65-49F0-B190-6B738C7882AA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5ABC62-FCE4-43D5-80C9-FD9D8C903838}: NameServer = 192.168.2.1
O20 - AppInit_DLLs:

C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~

1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CSIScanner - Prevx - C:\Programme\PrevxCSI\prevxcsi.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8858 bytes
VirusTotal
Zitat:
Datei Encbias.exe empfangen 2008.11.24 07:52:33 (CET)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.11.21.0 2008.11.24 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.24 W32/Swizzor-based.2!Maximus
Avast 4.8.1281.0 2008.11.23 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 Trojan.Swizzor.based
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6222 2008.11.22 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.24 W32/Swizzor-based.2!Maximus
F-Secure 8.0.14332.0 2008.11.24 Suspicious:W32/Kronos.b!Gemini
Fortinet 3.117.0.0 2008.11.23 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 Virus.Trojan.Win32.Obfuscated
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.24 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3633 2008.11.24 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.24 -
Rising 21.05.00.00 2008.11.24 Trojan.Win32.Swizzor.ul
SecureWeb-Gateway 6.7.6 2008.11.23 -
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.23 OScope.Trojan.BagsWay.C
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
weitere Informationen
File size: 560128 bytes
MD5...: 115a80d2ba703fb59734535c823a4c94
SHA1..: 02913558ed78fb13e9e82941d7a9730e43c05103
SHA256: a1b58ac473b54bd12682060cc6d0e88d3bd953986f298508cee6355679c8ba7b
SHA512: 7ed6c283b0ad8b9e334bd72d0d50c869f36ce384a4a04ac4b605d932b32252af
6518e1dfebdf6caf8b8ccbbdf8edc994f2734e79331d6571c644fa79d9eef1e7
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4066b0
timedatestamp.....: 0x46c05d83 (Mon Aug 13 13:32:51 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3082a 0x30a00 6.39 a3b10db0e9ef6f76e30b6009f8905848
.rdata 0x32000 0x39ca0 0x34600 7.98 e6406eb1aeaa5825fe131fbf107f9969
.data 0x6c000 0x1bd3c 0x1be00 7.18 39fb76c83601617097dc0b8664bb1b2b
.rsrc 0x88000 0x7859 0x7a00 5.73 1a410fa338fc82cfccdbb0054106785b

( 4 imports )
> WININET.dll: InternetOpenUrlA, FtpCommandA, FindFirstUrlCacheEntryW, UnlockUrlCacheEntryFileA, FreeUrlCacheSpaceW, FtpCreateDirectoryA, FtpGetCurrentDirectoryW
> comctl32.dll: InitCommonControlsEx, _TrackMouseEvent
> USER32.dll: MessageBoxW, RegisterClassA, ShowWindow, ClientToScreen, DefWindowProcA, FindWindowW, DestroyWindow, BeginDeferWindowPos, CopyRect, CreateWindowExW, IsWindowVisible, RegisterClassExA, CallMsgFilter
> KERNEL32.dll: IsDebuggerPresent, LoadLibraryA, WideCharToMultiByte, GetACP, GetTimeFormatA, CompareStringA, GetStartupInfoA, HeapAlloc, WriteConsoleA, TerminateProcess, MultiByteToWideChar, GetConsoleCP, InitializeCriticalSection, HeapFree, TlsAlloc, EnterCriticalSection, GetStdHandle, LCMapStringW, OpenMutexA, FindFirstFileExA, GetCommandLineA, GetStartupInfoW, GetConsoleMode, Sleep, VirtualFree, GetStringTypeA, WriteFile, InterlockedIncrement, SetEnvironmentVariableA, LCMapStringA, CreateMutexA, WriteConsoleOutputW, FillConsoleOutputCharacterW, VirtualQuery, DeleteCriticalSection, GetEnvironmentStrings, ReadFile, GetModuleFileNameA, GetCurrentProcessId, GetStringTypeW, HeapDestroy, SetStdHandle, SetFilePointer, SetConsoleCtrlHandler, GetCurrentProcess, GetFileType, LockFile, SetUnhandledExceptionFilter, TlsSetValue, AllocConsole, GetVersionExA, GetCurrentThread, IsValidLocale, TlsGetValue, GetEnvironmentStringsW, GetLastError, FreeLibrary, GetCurrentThreadId, CreateFileA, FlushFileBuffers, VirtualAlloc, SetHandleCount, ExitProcess, GetUserDefaultLCID, CloseHandle, LeaveCriticalSection, InterlockedDecrement, QueryPerformanceCounter, EnumSystemLocalesA, GetCommandLineW, HeapReAlloc, WriteConsoleW, GetConsoleOutputCP, LoadLibraryExA, GetModuleFileNameW, GetProcessHeap, RtlUnwind, GetProcAddress, GetTimeZoneInformation, FreeEnvironmentStringsW, HeapSize, FreeEnvironmentStringsA, GetSystemTimeAsFileTime, GetLocaleInfoA, GetTickCount, InterlockedExchange, UnhandledExceptionFilter, GetLocaleInfoW, GetCPInfo, IsValidCodePage, GetOEMCP, SetLastError, GetDateFormatA, GetModuleHandleA, WriteProfileSectionW, HeapCreate, CompareStringW, LocalUnlock, TlsFree, SystemTimeToFileTime

( 0 exports )
packers (Kaspersky): PE_Patch
Zitat:
Datei Noun_Heck_Nurb.exe empfangen 2008.11.24 10:52:57 (CET)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.11.21.0 2008.11.24 -
AntiVir 7.9.0.35 2008.11.24 -
Authentium 5.1.0.4 2008.11.24 W32/Swizzor-based.2!Maximus
Avast 4.8.1281.0 2008.11.23 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 Win32.Trojan.C2Lop.E.4
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 Trojan.Swizzor.based
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6225 2008.11.24 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.24 W32/Swizzor-based.2!Maximus
F-Secure 8.0.14332.0 2008.11.24 -
Fortinet 3.117.0.0 2008.11.24 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 -
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.24 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3634 2008.11.24 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.24 -
Rising 21.05.00.00 2008.11.24 Trojan.Win32.Swizzor.ul
SecureWeb-Gateway 6.7.6 2008.11.24 -
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.161 2008.11.24 -
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.23 Trojan.Win32.Drivecurb.3
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
weitere Informationen
File size: 311808 bytes
MD5...: cd771aeb365c4cc60f9c4adac3565abc
SHA1..: edfc421dc90c1894d0d4d368d160f351f412d45e
SHA256: 17b342cb016868df638555a8e6016524ac0d5ba93d427009b088e33307a32a3c
SHA512: 92b10cc4311ae4242a0a3525c3015f28718ff23e9a69fd3a5a63ad30e91f2900
34996fac9505aff6e32e906ff8de1d5cdc1fb1cce1c8bf7c3e693cd88761b07b
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403ffa
timedatestamp.....: 0x47133cfe (Mon Oct 15 10:12:14 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2206f 0x22200 6.51 a0a16e1228d04b832e5f0506ad4f397f
.rdata 0x24000 0x146c0 0xea00 7.84 2db3775a9cf2fca46a309237a32bc328
.data 0x39000 0x16cc4 0x16e00 7.17 bc11b303dc3bd7c1542673a533ad96d3
.rsrc 0x50000 0x43b8 0x4400 4.70 b848ea21d5471e022864ce2fdc03a1bb

( 4 imports )
> USER32.dll: CheckRadioButton, GetCursorInfo, GetKeyNameTextW, GetScrollBarInfo, RegisterClassExA, LoadCursorA, RegisterWindowMessageA, RegisterClassA, CallMsgFilter, GetClipboardSequenceNumber, GetDlgItemTextW, DlgDirListA, RegisterHotKey, DestroyWindow, ShowWindow, FrameRect, ChangeMenuW, DefWindowProcA, CreateWindowExA, ReleaseCapture, ClientToScreen, DdeInitializeA, MessageBoxW, GetKBCodePage, CreateDialogIndirectParamA, DdeConnect
> comctl32.dll: ImageList_Merge, CreateMappedBitmap, ImageList_Remove, ImageList_LoadImage, ImageList_AddMasked, GetEffectiveClientRect, InitCommonControlsEx, ImageList_SetFilter
> SHELL32.dll: RealShellExecuteA
> KERNEL32.dll: TlsGetValue, MultiByteToWideChar, GetVersionExA, VirtualFree, HeapSize, HeapAlloc, GetModuleHandleA, LCMapStringW, GetFileType, InterlockedDecrement, IsDebuggerPresent, GetStartupInfoA, WritePrivateProfileStructA, GetConsoleMode, GetProcessHeap, SetFilePointer, TlsAlloc, SetStdHandle, GetLocaleInfoA, FreeEnvironmentStringsW, GetProcAddress, CreateMutexA, WideCharToMultiByte, CreateFileA, HeapDestroy, LocalSize, HeapFree, TerminateProcess, lstrcmpW, EnterCriticalSection, GetConsoleOutputCP, GetSystemTimeAsFileTime, GetUserDefaultLCID, GetTickCount, GetCurrentProcess, GetEnvironmentStringsW, LoadLibraryA, OpenMutexA, InterlockedExchange, TlsSetValue, TlsFree, GetPrivateProfileSectionNamesW, GetLocaleInfoW, RtlUnwind, IsValidCodePage, WriteProfileStringW, GetTimeZoneInformation, GetStringTypeA, GetCurrentProcessId, FreeEnvironmentStringsA, GetOEMCP, SetEnvironmentVariableA, ExitProcess, GetSystemDirectoryW, InterlockedIncrement, CompareStringA, GetDateFormatA, GetConsoleCP, FlushFileBuffers, CreateNamedPipeW, GetCurrentThread, ReadFile, CompareStringW, CloseHandle, LCMapStringA, FreeLibrary, QueryPerformanceCounter, GetModuleFileNameA, EnumSystemLocalesA, HeapCreate, WriteConsoleA, SetConsoleCtrlHandler, GetACP, WriteConsoleW, Sleep, GetCommandLineA, VirtualQuery, WriteFile, SetUnhandledExceptionFilter, DeleteCriticalSection, GetTimeFormatA, GetStringTypeW, InitializeCriticalSection, IsValidLocale, GetCPInfo, VirtualAlloc, SetHandleCount, GetStdHandle, SetLastError, IsBadWritePtr, HeapReAlloc, GetLastError, GetEnvironmentStrings, GetCurrentThreadId, UnhandledExceptionFilter, LeaveCriticalSection, CopyFileA

( 0 exports )
packers (Kaspersky): PE_Patch
Zitat:
Datei option_body.exe empfangen 2008.11.24 10:58:25 (CET)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.11.21.0 2008.11.24 -
AntiVir 7.9.0.35 2008.11.24 -
Authentium 5.1.0.4 2008.11.24 W32/Swizzor-based.2!Maximus
Avast 4.8.1281.0 2008.11.23 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 -
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6225 2008.11.24 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.24 W32/Swizzor-based.2!Maximus
Fortinet 3.117.0.0 2008.11.24 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 -
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.24 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3634 2008.11.24 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.24 -
Rising 21.05.00.00 2008.11.24 Trojan.DL.Win32.Swizzor.cx
SecureWeb-Gateway 6.7.6 2008.11.24 -
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.161 2008.11.24 -
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.23 OScope.Trojan.BagsWay.D
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
weitere Informationen
File size: 3972608 bytes
MD5...: 2ade602331263b6235e52c0a9020b333
SHA1..: 2abadaafedefe8767950d30dcee60d37e2b12a50
SHA256: 494a752adbcfb3c24d3c126bf538d6de609858c7e8992e2b1a2abd245834938a
SHA512: 66ea997a220f0a4c1f516994cd3086b10d5cfb8088c77277b22fbd2c0d39d1dd
e6a3329f36930868858ae16df60fd63330038ed6228367abae0d950a5a8535dc
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41eaf5
timedatestamp.....: 0x4719ccd3 (Sat Oct 20 09:39:31 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x24858 0x24a00 6.43 eefec69a6423bf916f3b3d37b4fa12ff
.rdata 0x26000 0x43b0c 0x3f000 7.98 b533f05d085bd784f9ba63d4e736002f
.data 0x6a000 0x358d60 0x35a000 8.00 ad14798a690f6dacae3ad31eef20d378
.rsrc 0x3c3000 0xbff8 0xc000 4.93 089321638e08f2dd01edf1a752195969

( 4 imports )
> KERNEL32.dll: GetTimeFormatA, GetCommandLineA, HeapReAlloc, ReadFile, InterlockedExchange, WriteConsoleW, GetEnvironmentStrings, GetProcAddress, OpenMutexA, GetStartupInfoA, HeapDestroy, WideCharToMultiByte, SetStdHandle, GetUserDefaultLCID, InterlockedIncrement, GetStdHandle, GetModuleHandleA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetPrivateProfileStringA, UnhandledExceptionFilter, HeapCreate, GetSystemTimeAsFileTime, GetStringTypeA, IsValidLocale, LeaveCriticalSection, WriteFile, FreeLibrary, CreateMutexA, GetStringTypeW, TlsSetValue, EnumSystemLocalesA, ExitProcess, TlsGetValue, SetUnhandledExceptionFilter, InterlockedDecrement, LCMapStringW, GetDateFormatA, GetModuleHandleW, LocalSize, SetWaitableTimer, IsValidCodePage, GetProcessHeaps, Sleep, CompareStringA, GetTickCount, RtlUnwind, DeleteCriticalSection, LockResource, LoadLibraryA, FlushFileBuffers, GetTimeZoneInformation, SetConsoleCtrlHandler, HeapAlloc, GetCurrentProcessId, GetLastError, GetConsoleOutputCP, HeapSize, FillConsoleOutputCharacterA, CloseHandle, SetFilePointer, GetEnvironmentStringsW, GetCurrentProcess, GetLocaleInfoW, SetHandleCount, EnterCriticalSection, GetCPInfo, GetCurrentThreadId, TerminateProcess, QueryPerformanceCounter, GetCurrentThread, VirtualAlloc, VirtualFree, GetConsoleCP, SetLastError, GetFileType, CreateFileA, VirtualQuery, MultiByteToWideChar, SetEnvironmentVariableA, GetACP, WriteConsoleA, LCMapStringA, TlsFree, GetModuleFileNameA, HeapFree, IsDebuggerPresent, TlsAlloc, GetLocaleInfoA, GetWindowsDirectoryA, GetAtomNameW, GetFileTime, GetOEMCP, CompareStringW, GetConsoleMode, InitializeCriticalSectionAndSpinCount
> SHELL32.dll: SheGetDirA
> comctl32.dll: ImageList_DrawIndirect, CreateToolbarEx, ImageList_DrawEx, ImageList_SetDragCursorImage, ImageList_GetImageCount, ImageList_AddIcon, InitMUILanguage, CreatePropertySheetPageW, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_DragShowNolock, GetEffectiveClientRect, InitCommonControlsEx
> USER32.dll: GetUserObjectInformationW, BeginDeferWindowPos, DestroyAcceleratorTable, ActivateKeyboardLayout, GetKeyboardLayoutList, SetWindowLongA, DialogBoxIndirectParamA, RegisterClassA, DefWindowProcW, RegisterClassExA, UnregisterClassA, DrawEdge, CreateWindowExW, EndDeferWindowPos, CascadeChildWindows, DestroyWindow, EnumPropsExA, MessageBoxW, LoadAcceleratorsW, EnumWindowStationsA, DdeSetUserHandle, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, RegisterClassW, ShowWindow, GetGuiResources, EnumDesktopWindows, SetWindowWord

( 0 exports )
packers (Kaspersky): PE_Patch

Alt 24.11.2008, 11:53   #2
d4n3
 
Werbe-PopUp mit IE7 - Icon17

Werbe-PopUp mit IE7


MBR
Zitat:
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
BlackLight
Zitat:
11/24/08 11:03:09 [Info]: BlackLight Engine 2.2.1092 initialized
11/24/08 11:03:09 [Info]: OS: 5.1 build 2600 (Service Pack 3)
11/24/08 11:03:09 [Note]: 7019 4
11/24/08 11:03:09 [Note]: 7005 0
11/24/08 11:03:17 [Note]: 7006 0
11/24/08 11:03:17 [Note]: 7011 1400
11/24/08 11:03:17 [Note]: 7035 0
11/24/08 11:03:17 [Note]: 7026 0
11/24/08 11:03:18 [Note]: 7026 0
11/24/08 11:03:21 [Note]: FSRAW library version 1.7.1024
11/24/08 11:03:56 [Note]: 2000 1012
11/24/08 11:03:56 [Note]: 2000 1012
11/24/08 11:04:46 [Note]: 7007 0
Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AlcoholAutomount" = ""D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]
"Sign Info" = "C:\DOKUME~1\**\ANWEND~1\IDOLIN~1\Encbias.exe" ["Nlcsy cwydheo"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Hcontrol" = "C:\WINDOWS\ATK0100\Hcontrol.exe" [empty string]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"NotebookHardwareControl" = ""C:\Programme\Notebook Hardware Control\nhc.exe" -quiet" [null data]
"ControlCenter2.0" = "C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun" ["Brother Industries, Ltd."]
"IntelZeroConfig" = ""C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" [file not found]
"ATKHOTKEY" = ""C:\Programme\ATK Hotkey\Hcontrol.exe"" ["ATK0100"]
"Control Center" = "C:\Programme\LevelOne\MFP Server Control Center\Control Center.exe -mini" [null data]
"AVP" = ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]
"Windows Defender" = ""C:\Programme\Windows Defender\MSASCui.exe" -hide" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"Malwarebytes' Anti-Malware" = "D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "bho2gr Class"
\InProcServer32\(Default) = "D:\GetRight\xx2gr.dll" ["Headlight Software, Inc."]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
-> {HKLM...CLSID} = "IEVkbdBHO Class"
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "D:\Free Download Manager\iefdmcks.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "D:\MICROS~1\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\MICROS~1\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\Nero\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für den Schutz des Web-Datenverkehrs"
-> {HKLM...CLSID} = "Statistik für den Schutz des Web-Datenverkehrs"
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = ""ShellExecuteHook" von Microsoft AntiMalware"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\Nero\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\dane\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AlcoholAutoPlayV2.BurnDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""D:\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

AlcoholAutoPlayV2.ReadDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""D:\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

MXCDRBurningCDArrival\
"Provider" = "MAGIX Goya"
"InvokeProgID" = "Magix.MXCDR"
"InvokeVerb" = "Show"
HKLM\SOFTWARE\Classes\Magix.MXCDR\shell\Show\DropTarget\CLSID = "{FF482932-87EF-409E-9C02-48E9FF861CBF}"
-> {HKLM...CLSID} = "MXCDR AutoplayClass"
\LocalServer32\(Default) = "C:\Programme\MAGIX\Goya_burnR_mxcdr\Goya.exe" ["MAGIX AG"]

MXSuiteBurningCDArrival\
"Provider" = "MAGIX Goya burnR"
"InvokeProgID" = "Magix.MXSuite"
"InvokeVerb" = "Show"
HKLM\SOFTWARE\Classes\Magix.MXSuite\shell\Show\DropTarget\CLSID = "{F9AD4E4F-B992-4B84-AC51-9F990D5F4738}"
-> {HKLM...CLSID} = "MAGIXSuite Autoplay Class"
\LocalServer32\(Default) = "C:\Programme\MAGIX\Goya_burnR\Goya.exe" ["MAGIX AG"]

NeroAutoPlay8AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay8CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero Burning Rom\nero.exe /DialogiscCopy %L" ["Nero AG"]

NeroAutoPlay8DataDisc_CD\

"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]

NeroAutoPlay8DataDisc_DVD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /MediaVD %L" ["Nero AG"]

NeroAutoPlay8LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay8PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay8VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""D:\Nero\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay8ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "D:\Nero\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]

[/QUOTE]
__________________
Alt 24.11.2008, 11:54   #3
d4n3
 
Werbe-PopUp mit IE7 - Icon17

Werbe-PopUp mit IE7


Zitat:
InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\MICROS~1\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistik für den Schutz des Web-Datenverkehrs"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]
CSIScanner, CSIScanner, ""C:\Programme\PrevxCSI\prevxcsi.exe" /service" ["Prevx"]
Kaspersky Internet Security, AVP, ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"]
Lavasoft Ad-Aware Service, aawservice, "D:\Lavasoft\Ad-Aware\aawservice.exe" ["Lavasoft"]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "D:\Nero\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
StarWind AE Service, StarWindServiceAE, "D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
Windows Defender, WinDefend, ""C:\Programme\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
WinSuite Fax Monitor\Driver = "wsfaxmon.dll" [null data]

bin für jeden Tip dankbar!
__________________
Alt 24.11.2008, 12:04   #4
Argus
 
Werbe-PopUp mit IE7 - Standard

Werbe-PopUp mit IE7


CID-uninstall (by smeenk )
De-aktiviere zeitweilig dein Antiviren scanner
Download LOP-uninstall zum Desktop
Führe bei “Uninstall verification“ die siebenstellige Zahl ein und klicke “Uninstall“
Klicke bei “Legal notice” ok
Schließe alle Fenster und klicke ok
Warte…..und klicke bei “Uninstall complete for all users “ok

Download Deljob.exe zum Desktop
Doppelklick: Deljob.exe
Ein logfile wird sich öffnen (logit.txt)
Kopiere den Inhalt des Berichts “logit.txt“ in diesen Thread

Alt 24.11.2008, 12:33   #5
guso
 
Werbe-PopUp mit IE7 - Standard

Werbe-PopUp mit IE7


hi nutzte den ff und beim surfen geht werbung vom ie auf "http://www.dsl-beratung,com/" z.b.
auch geht beim starten mit anti-vir net an steht aber auch auf aktiv
habe

anti-vir,addaware
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional

schon durchlaufen lassen finden aber nix mehr... kann das vom netpumper kommen?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:44, on 24.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Programme\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\WgaTray.exe
F:\WINDOWS\Explorer.EXE
F:\Programme\Creative\Shared Files\CTSched.exe
F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Programme\LevelOne\Common\RaUI.exe
F:\Programme\Internet Explorer\iexplore.exe
F:\Programme\Internet Explorer\iexplore.exe
F:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CreativeTaskScheduler] "F:\Programme\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [Bleh Flap] F:\DOKUME~1\Eddy\ANWEND~1\THATTW~1\Ping surf type.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LevelOne Wireless Utility.lnk = F:\Programme\LevelOne\Common\RaUI.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226516379926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA84AB7-15F9-476C-97E7-4C5119C26B7B}: NameServer = 192.168.178.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4534 bytes

hoffe man kann helfen
mfg guso


Alt 24.11.2008, 12:39   #6
d4n3
 
Werbe-PopUp mit IE7 - Icon17

Werbe-PopUp mit IE7


Danke für die super schnelle Antwort.
Hier der gewünschte Log!

Zitat:
--------------------------------------------------------
No LOP job-files found
--------------------------------------------------------
Files in Windows Tasks folder

1-Klick-Wartung.job
MP Scheduled Scan.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 18D5-A199

Verzeichnis von C:\Dokumente und Einstellungen\**\Anwendungsdaten

18.09.2006 17:06 <DIR> .
18.09.2006 17:06 <DIR> ..
18.09.2006 16:48 <DIR> INTERT~1 InterTrust
18.09.2006 16:57 <DIR> IDENTI~1 Identities
18.09.2006 16:36 <DIR> MICROS~1 Microsoft
18.09.2006 17:28 <DIR> MACROM~1 Macromedia
18.09.2006 21:53 <DIR> HELP Help
22.09.2006 00:06 <DIR> ADOBE Adobe
23.09.2006 02:32 <DIR> MOZILLA Mozilla
23.09.2006 02:40 <DIR> SUN Sun
02.01.2007 00:37 <DIR> NOTEPA~1 Notepad++
02.01.2007 05:02 <DIR> FREEDO~1 Free Download Manager
04.01.2007 00:35 <DIR> OPENOF~1.ORG OpenOffice.org2
20.03.2007 19:14 <DIR> ICQLITE ICQLite
08.07.2007 11:55 <DIR> DIVX DivX
17.09.2007 21:29 <DIR> CONCEP~1 concept design
17.09.2007 21:34 <DIR> REAL Real
06.01.2008 11:08 <DIR> TUNEUP~1 TuneUp Software
21.01.2008 19:36 <DIR> HLSW
22.02.2008 14:00 <DIR> gtk-2.0
24.03.2008 19:42 <DIR> DAEMON~1 DAEMON Tools
24.03.2008 19:51 <DIR> INSTAL~1 InstallShield
24.03.2008 19:52 <DIR> BUHLDA~1 Buhl Data Service
07.04.2008 22:20 <DIR> NERO Nero
27.04.2008 12:58 <DIR> INTEL Intel
13.06.2008 19:01 <DIR> vlc
09.08.2008 13:39 <DIR> HAENLE~1 Haenlein-Software
22.08.2008 13:45 <DIR> AZUREUS Azureus
12.10.2008 11:00 <DIR> FILEZI~1 FileZilla
17.10.2008 21:05 <DIR> GEANY Geany
04.11.2008 19:45 <DIR> MP3TAG Mp3tag
08.11.2008 18:44 <DIR> LINDY Lindy
16.11.2008 13:49 <DIR> TEAMVI~1 TeamViewer
16.11.2008 14:59 <DIR> WINRAR WinRAR
24.11.2008 11:06 <DIR> MALWAR~1 Malwarebytes
0 Datei(en) 0 Bytes
35 Verzeichnis(se), 8.849.440.768 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 18D5-A199

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

18.09.2006 16:36 <DIR> .
18.09.2006 16:36 <DIR> ..
18.09.2006 16:36 <DIR> MICROS~1 Microsoft
18.09.2006 16:48 <DIR> SBSI
18.09.2006 17:41 <DIR> KASPER~1 Kaspersky Lab
18.09.2006 18:20 <DIR> WINDOW~1 Windows Genuine Advantage
29.08.2007 07:01 <DIR> KASPER~2 Kaspersky Lab Setup Files
26.09.2007 08:19 <DIR> ADOBE Adobe
27.01.2008 20:18 <DIR> BROTHER Brother
24.03.2008 19:51 <DIR> BUHLDA~1 Buhl Data Service GmbH
31.03.2008 20:04 <DIR> MICROS~2 Microsoft Help
06.04.2008 00:09 <DIR> HAGELT~1 Hagel Technologies
07.04.2008 22:13 <DIR> NERO Nero
20.04.2008 20:08 <DIR> SPYBOT~1 Spybot - Search & Destroy
07.08.2008 17:22 <DIR> SONYER~1 Sony Ericsson
07.08.2008 17:23 <DIR> BVRPSO~1 BVRP Software
22.08.2008 13:45 <DIR> AZUREUS Azureus
23.08.2008 19:57 <DIR> MAGIX
31.08.2008 10:07 <DIR> APPLE Apple
31.08.2008 10:08 <DIR> APPLEC~1 Apple Computer
29.09.2008 19:30 <DIR> NOS
23.11.2008 10:20 <DIR> LAVASOFT Lavasoft
24.11.2008 06:59 <DIR> PREVXCSI PrevxCSI
24.11.2008 11:06 <DIR> MALWAR~1 Malwarebytes
0 Datei(en) 0 Bytes
24 Verzeichnis(se), 8.849.440.768 Bytes frei
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
All Users
Administrator
**
Eigene Dateien
--------------------------------------------------------

Alt 24.11.2008, 13:11   #7
Argus
 
Werbe-PopUp mit IE7 - Standard

Werbe-PopUp mit IE7


Entferne auf C:\ deljob

Und poste noch ein Log von Hijack This

Alt 24.11.2008, 14:04   #8
guso
 
Werbe-PopUp mit IE7 - Standard

Werbe-PopUp mit IE7


hat mich man da oben vergessen oder is da alles ok?

http://www.trojaner-board.de/65072-werbe-popup-mit-ie7.html#post394383

MFG guso

Antwort

Themen zu Werbe-PopUp mit IE7
ad-aware, bho, control center, controlcenter, defender, dll, error, explorer, firefox, free download, gen 2, generic, gservice, hkus\s-1-5-18, icq, internet, internet explorer, internet security, kaspersky, launch, logfile, magix, mozilla, notebook, programme, remote control, rundll, schutz, security, server, shell32.dll, software, system, windows, windows defender, windows xp, windows xp sp3, xp sp3, öffnet, öffnet automatisch


« Neues antivir 2009 opfer - bitte um hilfe | shchost.exe gefunden - Trojanermeldung »


Ähnliche Themen: Werbe-PopUp mit IE7


  1. Windows 7 Chrome Trojaner, Werbe-Popup Horror!
    Log-Analyse und Auswertung - 05.02.2014 (16)
  2. Firefox Werbe-Popup (Virus?): Onlinewebfind.com
    Plagegeister aller Art und deren Bekämpfung - 29.01.2014 (11)
  3. Browser/Werbe popup, "AppsHat", MBAM Funde, nach "Schrift-Download"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (31)
  4. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (36)
  5. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Mülltonne - 03.09.2012 (1)
  6. Werbe-Virus
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (20)
  7. Problem mit Werbe-Pop-ups
    Log-Analyse und Auswertung - 27.06.2010 (19)
  8. Werbe seite vom ie
    Log-Analyse und Auswertung - 16.10.2009 (1)
  9. Werbe-Popups
    Plagegeister aller Art und deren Bekämpfung - 04.04.2009 (28)
  10. Popup-Werbung trotz Popup-Blocker
    Plagegeister aller Art und deren Bekämpfung - 04.01.2009 (4)
  11. Popup-Werbung trotz Popup-Blocker
    Mülltonne - 03.01.2009 (0)
  12. Werbe PopUp beim Internet Explorer...
    Log-Analyse und Auswertung - 01.09.2008 (5)
  13. Werbe Popup
    Log-Analyse und Auswertung - 10.07.2007 (1)
  14. Werbe Popups :/
    Log-Analyse und Auswertung - 10.09.2006 (18)
  15. Werbe-Virus searchbar.findthewebsiteyouneed.com
    Plagegeister aller Art und deren Bekämpfung - 12.03.2006 (17)
  16. ständige werbe Pop Up's
    Log-Analyse und Auswertung - 17.12.2005 (23)
  17. Lästiges Werbe-Popup mit Timer
    Log-Analyse und Auswertung - 16.02.2005 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Werbe-PopUp mit IE7 - Hallo, habe seit einigen Tagen immer diese blöden Werbungen - es öffnet automatisch der IE7 obwohl ich Firefox benutze. Kann mir jemand sagen, wie ich den Mist weg bekomme? HijackThis - Werbe-PopUp mit IE7...
Archiv
Du betrachtest: Werbe-PopUp mit IE7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131