Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: internet explorer öffnet ständig neue fenster! virus ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.01.2009, 22:54   #16
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



Logfile of random's system information tool 1.05 (written by random/random)
Run by x at 2009-01-05 22:29:43
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 40 GB (42%) free of 97 GB
Total RAM: 1013 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:17, on 05.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\VM_STI.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Users\RICHARD\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\RICHARD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htp://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - htp://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - htp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - htp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071219-1
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - htp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1215634447
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - htp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - htp://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - htp://webgames.d.tmsrv.com/c=1e1687785935a05e4d45b708851b80e1/aff=t_25oa_deca_wg/p/release/playfirst/wg_weddingdash/weddingdash/WeddingDash.1.0.0.47.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10272 bytes

Geändert von 123.wilhelm (05.01.2009 um 23:13 Uhr)

Alt 05.01.2009, 22:55   #17
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{A231AF6E-5BE4-472A-95EB-AA58394136DC}.job
C:\Windows\tasks\User_Feed_Synchronization-{C8E540D1-FFB8-415D-8E1C-0AB7FD4BF0CE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}]
Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97ac393a-a525-4cd0-95cf-019b028cc7a4}]
Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4596013b-6c31-408b-a266-deae5c086dc2} - Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104]
{97ac393a-a525-4cd0-95cf-019b028cc7a4} - Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-22 815104]
"RemoteControl"=C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe [2006-12-05 54832]
"TVBroadcast"=C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe [2007-01-10 824320]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"lxbkbmgr.exe"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672]
"BigDogPath"=C:\Windows\VM_STI.EXE [2004-06-09 40960]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Nonoh"=C:\Program Files\Nonoh.net\Nonoh\nonoh.exe [2008-11-07 8945952]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2008-11-30 172792]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite\ICQLite.exe -minimize []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-05 22:29:43 ----D---- C:\rsit
2009-01-05 21:31:04 ----D---- C:\Users\RICHARD\AppData\Roaming\Yahoo!
2009-01-05 21:31:04 ----D---- C:\ProgramData\Yahoo! Companion
2009-01-05 21:31:01 ----D---- C:\Program Files\Yahoo!
2009-01-05 21:30:54 ----D---- C:\Program Files\CCleaner
2009-01-04 23:11:28 ----D---- C:\Program Files\Navilog1
2009-01-04 21:38:58 ----D---- C:\Program Files\Trend Micro
2008-12-29 03:42:46 ----D---- C:\Program Files\UltraStar Deluxe
2008-12-28 02:11:06 ----D---- C:\Program Files\MSECache
2008-12-19 11:59:25 ----A---- C:\Windows\system32\mshtml.dll
2008-12-14 15:22:27 ----A---- C:\MDL 2.0 Debug.txt
2008-12-14 01:29:49 ----D---- C:\Program Files\MessengerDiscovery
2008-12-13 22:50:10 ----A---- C:\Windows\system32\deploytk.dll
2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaws.exe
2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaw.exe
2008-12-13 22:50:09 ----A---- C:\Windows\system32\java.exe
2008-12-13 22:12:53 ----D---- C:\Program Files\Fake Webcam
2008-12-13 22:12:29 ----D---- C:\Program Files\Conduit
2008-12-13 22:12:28 ----D---- C:\Program Files\Peer2Peer-DE
2008-12-13 11:45:48 ----D---- C:\Program Files\ICQ6.5
2008-12-12 12:34:53 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 12:34:51 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 12:34:50 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 12:34:50 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 12:34:47 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 12:34:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 12:06:09 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 06:33:07 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 06:32:38 ----A---- C:\Windows\system32\gameux.dll
2008-12-10 06:32:38 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 06:32:37 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 06:32:19 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 06:32:13 ----A---- C:\Windows\explorer.exe
2008-12-10 06:32:01 ----A---- C:\Windows\system32\mf.dll
2008-12-10 06:32:00 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 06:31:57 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 06:31:56 ----A---- C:\Windows\system32\logagent.exe

======List of files/folders modified in the last 1 months======

2009-01-05 22:30:10 ----D---- C:\Windows\Temp
2009-01-05 22:29:54 ----D---- C:\Windows\Prefetch
2009-01-05 21:56:29 ----D---- C:\Windows\system32\LogFiles
2009-01-05 21:40:55 ----D---- C:\Windows\Debug
2009-01-05 21:40:55 ----D---- C:\Windows
2009-01-05 21:40:54 ----D---- C:\Windows\Minidump
2009-01-05 21:31:04 ----HD---- C:\ProgramData
2009-01-05 21:31:01 ----RD---- C:\Program Files
2009-01-05 16:06:18 ----SHD---- C:\System Volume Information
2009-01-05 02:13:07 ----D---- C:\Windows\System32
2009-01-05 02:13:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-05 02:13:06 ----D---- C:\Windows\inf
2009-01-04 21:08:20 ----D---- C:\Users\RICHARD\AppData\Roaming\ICQ
2008-12-31 13:58:27 ----SHD---- C:\Windows\Installer
2008-12-31 13:54:24 ----D---- C:\Program Files\Common Files
2008-12-31 13:51:01 ----D---- C:\Program Files\DVDVideoSoft
2008-12-30 18:06:12 ----D---- C:\Windows\system32\catroot2
2008-12-25 22:48:02 ----D---- C:\Users\RICHARD\AppData\Roaming\Skype
2008-12-25 21:48:32 ----D---- C:\Users\RICHARD\AppData\Roaming\skypePM
2008-12-19 12:00:46 ----D---- C:\Windows\winsxs
2008-12-19 12:00:30 ----D---- C:\Windows\system32\catroot
2008-12-14 01:03:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 01:02:58 ----D---- C:\Windows\Tasks
2008-12-14 00:52:30 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-12-13 22:43:20 ----D---- C:\Program Files\Java
2008-12-13 22:15:53 ----A---- C:\Windows\NeroDigital.ini
2008-12-13 18:39:02 ----D---- C:\Program Files\ICQ6Toolbar
2008-12-13 11:47:59 ----D---- C:\ProgramData\ICQ
2008-12-11 12:36:20 ----D---- C:\Windows\rescache
2008-12-11 12:16:27 ----D---- C:\Windows\AppPatch
2008-12-11 12:16:26 ----D---- C:\Windows\system32\de-DE
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-09 20:04:34 ----D---- C:\Program Files\ICQ6

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-12 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-20 67072]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-22 179896]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PhilCap;PhilCap service; C:\Windows\system32\DRIVERS\PhilCap.sys [2006-10-12 1053824]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys []
S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys [2005-02-26 91527]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2003-08-18 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2007-01-25 537520]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 srvcPVR;Sceneo PVR Service; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-01-03 1468928]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------



so hier??


ach gott, musste alles mehr mals aufteilen, da es sonst nicht gepasst hätte
__________________


Alt 05.01.2009, 23:10   #18
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{A231AF6E-5BE4-472A-95EB-AA58394136DC}.job
C:\Windows\tasks\User_Feed_Synchronization-{C8E540D1-FFB8-415D-8E1C-0AB7FD4BF0CE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}]
Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97ac393a-a525-4cd0-95cf-019b028cc7a4}]
Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4596013b-6c31-408b-a266-deae5c086dc2} - Share_Accelerator_MM toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-05-27 1326104]
{97ac393a-a525-4cd0-95cf-019b028cc7a4} - Peer2Peer-DE Toolbar - C:\Program Files\Peer2Peer-DE\tbPee0.dll [2008-09-15 1784856]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-22 815104]
"RemoteControl"=C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe [2006-12-05 54832]
"TVBroadcast"=C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe [2007-01-10 824320]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"lxbkbmgr.exe"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-01-25 74672]
"BigDogPath"=C:\Windows\VM_STI.EXE [2004-06-09 40960]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Nonoh"=C:\Program Files\Nonoh.net\Nonoh\nonoh.exe [2008-11-07 8945952]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2008-11-30 172792]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite\ICQLite.exe -minimize []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-05 22:29:43 ----D---- C:\rsit
2009-01-05 21:31:04 ----D---- C:\Users\RICHARD\AppData\Roaming\Yahoo!
2009-01-05 21:31:04 ----D---- C:\ProgramData\Yahoo! Companion
2009-01-05 21:31:01 ----D---- C:\Program Files\Yahoo!
2009-01-05 21:30:54 ----D---- C:\Program Files\CCleaner
2009-01-04 23:11:28 ----D---- C:\Program Files\Navilog1
2009-01-04 21:38:58 ----D---- C:\Program Files\Trend Micro
2008-12-29 03:42:46 ----D---- C:\Program Files\UltraStar Deluxe
2008-12-28 02:11:06 ----D---- C:\Program Files\MSECache
2008-12-19 11:59:25 ----A---- C:\Windows\system32\mshtml.dll
2008-12-14 15:22:27 ----A---- C:\MDL 2.0 Debug.txt
2008-12-14 01:29:49 ----D---- C:\Program Files\MessengerDiscovery
2008-12-13 22:50:10 ----A---- C:\Windows\system32\deploytk.dll
2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaws.exe
2008-12-13 22:50:09 ----A---- C:\Windows\system32\javaw.exe
2008-12-13 22:50:09 ----A---- C:\Windows\system32\java.exe
2008-12-13 22:12:53 ----D---- C:\Program Files\Fake Webcam
2008-12-13 22:12:29 ----D---- C:\Program Files\Conduit
2008-12-13 22:12:28 ----D---- C:\Program Files\Peer2Peer-DE
2008-12-13 11:45:48 ----D---- C:\Program Files\ICQ6.5
2008-12-12 12:34:53 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 12:34:51 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 12:34:50 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 12:34:50 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 12:34:47 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 12:34:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 12:06:09 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 06:33:07 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 06:32:38 ----A---- C:\Windows\system32\gameux.dll
2008-12-10 06:32:38 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 06:32:37 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 06:32:19 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 06:32:13 ----A---- C:\Windows\explorer.exe
2008-12-10 06:32:01 ----A---- C:\Windows\system32\mf.dll
2008-12-10 06:32:00 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 06:31:57 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 06:31:56 ----A---- C:\Windows\system32\logagent.exe

======List of files/folders modified in the last 1 months======

2009-01-05 22:30:10 ----D---- C:\Windows\Temp
2009-01-05 22:29:54 ----D---- C:\Windows\Prefetch
2009-01-05 21:56:29 ----D---- C:\Windows\system32\LogFiles
2009-01-05 21:40:55 ----D---- C:\Windows\Debug
2009-01-05 21:40:55 ----D---- C:\Windows
2009-01-05 21:40:54 ----D---- C:\Windows\Minidump
2009-01-05 21:31:04 ----HD---- C:\ProgramData
2009-01-05 21:31:01 ----RD---- C:\Program Files
2009-01-05 16:06:18 ----SHD---- C:\System Volume Information
2009-01-05 02:13:07 ----D---- C:\Windows\System32
2009-01-05 02:13:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-05 02:13:06 ----D---- C:\Windows\inf
2009-01-04 21:08:20 ----D---- C:\Users\RICHARD\AppData\Roaming\ICQ
2008-12-31 13:58:27 ----SHD---- C:\Windows\Installer
2008-12-31 13:54:24 ----D---- C:\Program Files\Common Files
2008-12-31 13:51:01 ----D---- C:\Program Files\DVDVideoSoft
2008-12-30 18:06:12 ----D---- C:\Windows\system32\catroot2
2008-12-25 22:48:02 ----D---- C:\Users\RICHARD\AppData\Roaming\Skype
2008-12-25 21:48:32 ----D---- C:\Users\RICHARD\AppData\Roaming\skypePM
2008-12-19 12:00:46 ----D---- C:\Windows\winsxs
2008-12-19 12:00:30 ----D---- C:\Windows\system32\catroot
2008-12-14 01:03:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 01:02:58 ----D---- C:\Windows\Tasks
2008-12-14 00:52:30 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-12-13 22:43:20 ----D---- C:\Program Files\Java
2008-12-13 22:15:53 ----A---- C:\Windows\NeroDigital.ini
2008-12-13 18:39:02 ----D---- C:\Program Files\ICQ6Toolbar
2008-12-13 11:47:59 ----D---- C:\ProgramData\ICQ
2008-12-11 12:36:20 ----D---- C:\Windows\rescache
2008-12-11 12:16:27 ----D---- C:\Windows\AppPatch
2008-12-11 12:16:26 ----D---- C:\Windows\system32\de-DE
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-09 20:04:34 ----D---- C:\Program Files\ICQ6

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-12 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-20 67072]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-22 179896]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PhilCap;PhilCap service; C:\Windows\system32\DRIVERS\PhilCap.sys [2006-10-12 1053824]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys []
S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys [2005-02-26 91527]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2003-08-18 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2007-01-25 537520]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 srvcPVR;Sceneo PVR Service; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-01-03 1468928]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------



so hier??


ach gott, musste alles mehr mals aufteilen, da es sonst nicht gepasst hätte
__________________

Alt 05.01.2009, 23:32   #19
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



oh nein, jetzt habe ich manche irgendwie doppelt gepostet und ich weiß nicht wie ich sie löschen kann ! ich hoffe, du kannst dich durchfinden, ansonsten sag bescheid und ich poste die ergebnisse noch einmal der reihe nach !

Alt 05.01.2009, 23:33   #20
john.doe
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



Ja, das war der erste Teil, immer weiter. Meine Arbeitsliste ist lang.

Ich bin sicher, wenn ich dich nach einigen Programmen fragen würde, die da installiert sind, du nicht einmal weißt, wozu die überhaupt gut sind.

Du musst dringend entrümpeln, sprich deinstallieren.

ciao, andreas

Wie war der Spruch? Der Ordentliche räumt auf, das Genie beherrscht das Chaos.

p.s.: Eine wichtige Frage noch. Kannst du sagen, ab wann die Werbefenster kamen? Oder irgendeine Installation, nach der sie erschienen?


Geändert von john.doe (05.01.2009 um 23:40 Uhr)

Alt 06.01.2009, 03:28   #21
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



Malwarebytes' Anti-Malware 1.32
Datenbank Version: 1620
Windows 6.0.6001 Service Pack 1

06.01.2009 03:25:26
mbam-log-2009-01-06 (03-25-25).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 196188
Laufzeit: 3 hour(s), 15 minute(s), 48 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


hab zuerst den short scan gemacht und es wurden 17 dateien gefunden, die ich dann aber gelöscht habe. danach habe ich einen vollständigen scan durchgeführt und nun wurden keine bösartigen gefunden.

blacklight hat bei mir leider nicht funktioniert.

Alt 06.01.2009, 15:31   #22
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:55, on 06.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\VM_STI.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Safari\Safari.exe
C:\Users\RICHARD\Desktop\qlketzd.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htp://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = htp://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Peer2Peer-DE Toolbar - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPee0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - htp://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - htp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - htp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071219-1
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - htp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1215634447
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - htp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - htp://webgames.d.tmsrv.com/c=1e1687785935a05e4d45b708851b80e1/aff=t_25oa_deca_wg/p/release/playfirst/wg_weddingdash/weddingdash/WeddingDash.1.0.0.47.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10089 bytes

Alt 06.01.2009, 16:48   #23
john.doe
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



Zitat:
hab zuerst den short scan gemacht und es wurden 17 dateien gefunden, die ich dann aber gelöscht habe.
Das Log von den Funden ist wichtig. Bitte posten.

Wo ist das Log von Superantispyware?

Es fehlt auch noch die info.txt von rsit.

Das letzte HJT-Log sieht schon etwas freundlicher aus. Installiere http://www.trojaner-board.de/51464-a...-ccleaner.html und säubere dein System. Deinstalliere die Peer2peer und Share Accelerator Toolbars sowie alle Programme, die du nicht unbedingt benötigst.

ciao, andreas

Alt 06.01.2009, 20:43   #24
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



na toll. jetzt hatte ich aus versehn "intel graphics media accelerator driver" deinstalliert, was dazu geführt hat, dass die grafik viel zu groß war. hm. dann habe ich das system zurückgesetzt, weil ich glücklicherweise etwa 2 std davor einen neuen systemwiederherstellungspunkt festgelegt hatte.

aber als ich nun wieder die peer-to-peer toolbar löschen wollte, was vor der systemwiederherstellung einwandfrei geklappt hat, erscheint nun eine fehlermeldung

"die datei istall.log konnte nicht geöffnet werden" oder so.
die logs schicke ich gleich dazu.

Alt 06.01.2009, 20:47   #25
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



das müsste die von SUPERAntiSpyware sein, korrigiere mich, wenn nicht:

Malwarebytes' Anti-Malware 1.32
Datenbank Version: 1620
Windows 6.0.6001 Service Pack 1

06.01.2009 00:05:45
mbam-log-2009-01-06 (00-05-30).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 53284
Laufzeit: 7 minute(s), 20 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> No action taken.

Infizierte Dateien:
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> No action taken.

Alt 06.01.2009, 20:51   #26
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



info.txt logfile of random's system information tool 1.05 2009-01-05 22:30:22

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros USB Wireless LAN-->MsiExec.exe /I{B094F9EC-1016-428C-902A-3FF72A5945C0}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Die Sims 2: Wilde Campus-Jahre-->C:\Program Files\EA GAMES\Die Sims 2 Wilde Campus-Jahre\EAUninstall.exe
Die Sims 2-->C:\Program Files\EA GAMES\Die Sims 2\EAUninstall.exe
Die Sims™ 2 H&M®-Fashion-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 H&M®-Fashion-Accessoires\EAUninstall.exe
Easy CD-DA Extractor 11-->"C:\Windows\Easy CD-DA Extractor 11.5.3\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 11\irunin.xml"
Favorit-->c:\users\x\appdata\local\sfzfb.bat
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
G DATA Logox4 Speechengine-->C:\Windows\LgxSetup.exe /u C:\PROGRA~1\COMMON~1\LOGOX4~1.0\Log.inf lgx.server lgx4
Google Earth-->MsiExec.exe /I{374F03BB-9C09-4DB3-9C9B-C71E63292950}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LetsTrade Komponenten-->C:\Windows\fpuninst.exe -uninstall:"c:\program files\letstrade\uninst\uninst.ini"
Lexmark X1100 Series-->C:\Program Files\Lexmark X1100 Series\Install\x86\Uninst.exe
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
MessengerDiscovery 1.5.0800-->"C:\Program Files\MessengerDiscovery\unins001.exe"
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
Nero 7 Essentials-->MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite-->C:\ProgramData\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_ger_web.exe /LANG="1031"
Nokia PC Suite-->MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Peer2Peer-DE Toolbar-->C:\PROGRA~1\PEER2P~1\UNWISE.EXE C:\PROGRA~1\PEER2P~1\INSTALL.LOG
Philips SPC 200NC PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2646FB-7BAC-451B-BF90-4889C4429C5E}\setup.exe" -l0x7
PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x7
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Sceneo Bonavista-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}\Setup.exe"
Share Accelerator MM Toolbar-->C:\PROGRA~1\SHARE_~1\UNWISE.EXE C:\PROGRA~1\SHARE_~1\INSTALL.LOG
SIPPS-->C:\Windows\UNSIPPS.exe /UNINSTALL
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Systemsteuerung "MobileMe"-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7dedec2f\nokbtmdm.inf
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AS: Spyware Doctor
AS: Avira AntiVir PersonalEdition (outdated)
AS: Windows-Defender

System event log

Computer Name: x-PC
Event Code: xxxxx
Message: DCOM hat den Dienst iPod Service mit den Argumenten "" gestartet, um den Server auszuführen:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Record Number: 242029
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090105211127.000000-000
Event Type: Informationen
User:

Computer Name: x-PC
Event Code: xxx
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 242030
Source Name: Microsoft-Windows-TBS
Time Written: 20090105211228.998400-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: x-PC
Event Code: xxxxx
Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 242031
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090105211655.000000-000
Event Type: Informationen
User:

Computer Name: x-PC
Event Code: xxxxx
Message: Der Server "{C2BFE331-6739-4270-86C9-493D9A04CD38}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Record Number: 242032
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090105212405.000000-000
Event Type: Fehler
User:

Computer Name: x-PC
Event Code: xxxxx
Message: DCOM hat den Dienst usnjsvc mit den Argumenten "" gestartet, um den Server auszuführen:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
Record Number: 242033
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090105212550.000000-000
Event Type: Informationen
User:

Application event log

Computer Name: x-PC
Event Code: xxx
Message: msnmsgr (3588) \\.\C:\Users\x\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul (6.00.6001.0000) hat eine neue Instanz gestartet (0).
Record Number: 75711
Source Name: ESENT
Time Written: 20090105212550.000000-000
Event Type: Informationen
User:

Computer Name: x-PC
Event Code: xxx
Message: msnmsgr (3588) \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul initiiert Schritte zur Wiederherstellung.
Record Number: 75712
Source Name: ESENT
Time Written: 20090105212551.000000-000
Event Type: Informationen
User:

Computer Name: x-PC
Event Code: xxx
Message: msnmsgr (3588) \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul gibt die Protokolldatei \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\fsr.log wieder.
Record Number: 75713
Source Name: ESENT
Time Written: 20090105212552.000000-000
Event Type: Informationen
User:

Computer Name: x-PC
Event Code: xxx
Message: msnmsgr (3588) \\.\C:\Users\RICHARD\AppData\Local\Microsoft\Messenger\x@hotmail.de\SharingMetadata\Working\database_963E_D60B_3ED5_E471\dfsr.db: Das Datenbankmodul hat erfolgreich die Schritte zur Wiederherstellung abgeschlossen.
Record Number: 75714
Source Name: ESENT
Time Written: 20090105212552.000000-000
Event Type: Informationen
User:

Computer Name: x-PC
Event Code: x
Message: Unsupported service control request (see data below)
Record Number: 75715
Source Name: LightScribeService
Time Written: 20090105213020.000000-000
Event Type: Informationen
User:

Security event log

Computer Name: xD-PC
Event Code: xxxx
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 111557
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105213013.705400-000
Event Type: Überwachung gescheitert
User:

Computer Name: x-PC
Event Code: xxxx
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 111558
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105213013.744400-000
Event Type: Überwachung gescheitert
User:

Computer Name: x-PC
Event Code: xxxx
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 111559
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105213013.774400-000
Event Type: Überwachung gescheitert
User:

Computer Name: x-PC
Event Code: xxxx
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 111560
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105213013.805400-000
Event Type: Überwachung gescheitert
User:

Computer Name: x-PC
Event Code: xxxx
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 111561
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105213013.835400-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Alt 06.01.2009, 21:48   #27
john.doe
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



Irgendetwas stimmt mit deiner TCPIP.SYS nicht. Kann es sein, dass du die für P2P gepatch hast?

ciao, andreas

Alt 06.01.2009, 22:02   #28
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



hm. da ich nicht einmal weiß was das ist, denke ich nich, dass ich da irgendwas gepacht habe ? wieso ? was ist denn da ??

Alt 06.01.2009, 22:13   #29
john.doe
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



Zitat:
Computer Name: x-PC
Event Code: xxxx
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Ich warte noch immer auf das Log von Superantispyware.

ciao, andreas

Alt 07.01.2009, 15:00   #30
123.wilhelm
 
internet explorer öffnet ständig neue fenster! virus ? - Standard

internet explorer öffnet ständig neue fenster! virus ?



ich hab 2 scans durchgeführt, hab dann jetzt auch zwei protokolle.
hier das erste: SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/06/2009 at 02:30 PM

Application Version : 4.24.1004

Core Rules Database Version : 3696
Trace Rules Database Version: 1672

Scan type : Complete Scan
Total Scan Time : 01:12:08

Memory items scanned : 651
Memory threats detected : 0
Registry items scanned : 8555
Registry threats detected : 0
File items scanned : 29149
File threats detected : 25

Adware.Tracking Cookie
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@sevenoneintermedia.112.2o7[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@weborama[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\@azjmp[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@serw.clicksor[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atwola[1].txt
C:\Users\Rx\AppData\Roaming\Microsoft\Windows\Cookies\x@myroitracking[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atdmt[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@adserver.71i[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@doubleclick[1].txt
C:\Users\x_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@tto2.traffictrack[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@doubleclick[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@komtrack[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@adserver.71i[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@www.etracker[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ads.heias[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@adfarm1.adition[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@euros4click[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@statse.webtrendslive[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@advertising[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ottogroup.112.2o7[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@webmasterplan[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad.zanox[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ottotrialpopunders.112.2o7[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@traffictrack[2].txt

BearShare File Sharing Client
C:\USERS\x\DOCUMENTS\ICQ LITE\216******\ELLI_296******\BEARSHARE.EXE





und hier das zweite: SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/06/2009 at 04:59 AM

Application Version : 4.24.1004

Core Rules Database Version : 3696
Trace Rules Database Version: 1672

Scan type : Complete Scan
Total Scan Time : 01:20:05

Memory items scanned : 310
Memory threats detected : 0
Registry items scanned : 8184
Registry threats detected : 0
File items scanned : 42500
File threats detected : 14

Adware.Tracking Cookie
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@sevenoneintermedia.112.2o7[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@weborama[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@zbox.zanox[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@azjmp[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@serw.clicksor[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atwola[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@myroitracking[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atdmt[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@adserver.71i[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@tradedoubler[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@doubleclick[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@adserver.71i[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\x@atwola[1].txt

BearShare File Sharing Client
C:\USERS\RICHARD\DOCUMENTS\ICQ LITE\216******\ELLI_296******\BEARSHARE.EXE

Antwort

Themen zu internet explorer öffnet ständig neue fenster! virus ?
.com, adobe, antivir, antivirus, avg, avira, bho, defender, excel, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, home, install.exe, internet, internet explorer, local\temp, logfile, magix, neue seite, object, plug-in, problem, rundll, server, software, solution, system, temp, virus, virus ?, vista, windows, windows defender, windows sidebar




Ähnliche Themen: internet explorer öffnet ständig neue fenster! virus ?


  1. Internet Explorer und Firefox öffnen ständig neue Fenster und Tabs.
    Log-Analyse und Auswertung - 21.06.2015 (47)
  2. Internet-Browser öffnet ständig neue Fenster
    Log-Analyse und Auswertung - 23.08.2011 (23)
  3. Internet Explorer öffnet ständig Fenster mit Werbung?
    Alles rund um Windows - 10.01.2011 (6)
  4. Internet explorer öffnet immer neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (48)
  5. Internet Explorer öffnet ständig neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 04.07.2010 (28)
  6. Firefox lahm/öffnet ständig neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 09.02.2010 (1)
  7. Firefox öffnet ständig neue Fenster und Internet Explorer dreht auch durch
    Log-Analyse und Auswertung - 08.01.2010 (13)
  8. Firefox öffnet ständig neue Werbe-Fenster
    Log-Analyse und Auswertung - 14.06.2009 (7)
  9. IE öffnet ständig neue Fenster
    Log-Analyse und Auswertung - 09.01.2009 (1)
  10. Internet Explorer öffnet dauernd neue Fenster
    Log-Analyse und Auswertung - 28.12.2008 (1)
  11. Browser öffnet ständig neue Fenster! Virus?
    Mülltonne - 22.12.2008 (0)
  12. firefox öffnet ständig neue fenster
    Plagegeister aller Art und deren Bekämpfung - 18.12.2008 (2)
  13. Firefox öffnet ständig neue Fenster
    Log-Analyse und Auswertung - 24.10.2008 (6)
  14. IE öffnet ständig neue Fenster
    Log-Analyse und Auswertung - 25.03.2008 (9)
  15. Internet Explorer öffnet ständig Fenster mit Werbung
    Log-Analyse und Auswertung - 27.12.2007 (1)
  16. Internet Explorer öffnet ständig Werbe-Fenster
    Log-Analyse und Auswertung - 01.10.2007 (3)
  17. Internet-Explorer öffnet immer neue Fenster
    Log-Analyse und Auswertung - 10.02.2006 (4)

Zum Thema internet explorer öffnet ständig neue fenster! virus ? - Logfile of random's system information tool 1.05 (written by random/random) Run by x at 2009-01-05 22:29:43 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 40 GB - internet explorer öffnet ständig neue fenster! virus ?...
Archiv
Du betrachtest: internet explorer öffnet ständig neue fenster! virus ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.