| |
| |||||||
Log-Analyse und Auswertung: Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.03.2009, 21:12
| #1 |
| |  Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! Moin an alle... habe da ein ähnliches Problem, wie schon beschrieben wurde, nur bei mir kommt hinzu, dass ich a: zusätzlich noch Probleme Habe den IE zu öffnen (wird mir verweigert) und b: kene wirkliche Ahnung habe, was ich wo und warum machen muss Habe "spywaredoctor" runtergeladen, der mir 3 Infizierungen, die niedrig eingestuft werden und 15 weitere niedrige fehler aufweist! Dann habe ich gelesen, dass das eine Verkaufsstrategie ist, um die Vollversion zu bestellen. Nun bin ich einfach mal irritiert! was hilft?? LG DLFrank  |
|
18.03.2009, 21:59
| #2 | |
 | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! Hallo und
__________________ Bitte befolge folgende Anleitung: Ausschnitt: Zitat:
Grüße a5cl3p1o5
__________________ |
|
18.03.2009, 22:20
| #3 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! ich danke Dir erstmal für die Tips und setze mich umgehend ran...
__________________Danke nochmal  |
|
18.03.2009, 23:42
| #4 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! Soo... der anfang ist gemacht. CC-Cleaner ist durch, HiJackThis ist durch... und das resultat schaut wie folgt aus: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:05:32, on 18.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Programme\AVSKey-Lock\AVSKey.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\Toshiba\Windows Utilities\Hotkey.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\igfxext.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe C:\Programme\Gemeinsame Dateien\ACD Systems\EN\DevDetect.exe C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\WinRAR\WinRAR.exe C:\Programme\WinRAR\WinRAR.exe c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Windows Live\Contacts\wlcomm.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\Littlefrank\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jappy.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [mqooo] "c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe" mqooo O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {9E958ACA-8CB9-414B-B5C6-2F044D71F7B2} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3EE6FB4A-CB78-46C0-B9C5-B359B7A6CC11}: NameServer = 213.191.92.86 62.109.123.7 O17 - HKLM\System\CCS\Services\Tcpip\..\{EE19F866-1C53-45F8-A466-7C47AA567A44}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVSKey-Lock (AvskeyService) - Unknown owner - C:\Programme\AVSKey-Lock\AVSKey.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 23670 bytes soo... der Malwarebytes-Anti Malware läüft noch... Benötigst Du noch Infos?? LG DLFrank |
|
18.03.2009, 23:52
| #5 | |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf!Zitat:
Grüße a5cl3p1o5
__________________ a5cl3p1o5, ehemals 45cl3p1u5 |
|
19.03.2009, 00:13
| #6 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! alwarebytes hat sich grad aufgehangen  also alles nochmal... dann wird es sicher erst morgen was... dann bedanke ich mich für heut erstmal LG DLFrank |
|
19.03.2009, 00:25
| #7 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! Dann lade bitte mal folgende Dateien bei Virustotal hoch und lasse sie analysieren. das Ergebnis bitte komplett hier posten. Code:
ATTFilter C:\Programme\AVSKey-Lock\AVSKey.exe
c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe
Code:
ATTFilter R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
a5cl3p1o5
__________________ a5cl3p1o5, ehemals 45cl3p1u5 |
|
19.03.2009, 00:57
| #8 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! soo, benötigst Du von den Datein die ich in den Virustotal gestopft hab, die volle info?? oder nur auszüge... wenn, welche sollen es sein? Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.12.0 2008.12.11 - AntiVir 7.9.0.45 2008.12.11 - Authentium 5.1.0.4 2008.12.11 - Avast 4.8.1281.0 2008.12.11 - AVG 8.0.0.199 2008.12.12 - BitDefender 7.2 2008.12.12 - CAT-QuickHeal 10.00 2008.12.11 - ClamAV 0.94.1 2008.12.11 - Comodo 733 2008.12.11 - DrWeb 4.44.0.09170 2008.12.12 - eSafe 7.0.17.0 2008.12.11 - eTrust-Vet 31.6.6256 2008.12.11 - Ewido 4.0 2008.12.11 - F-Prot 4.4.4.56 2008.12.11 - F-Secure 8.0.14332.0 2008.12.12 - Fortinet 3.117.0.0 2008.12.12 - GData 19 2008.12.12 - Ikarus T3.1.1.45.0 2008.12.12 - K7AntiVirus 7.10.551 2008.12.11 - Kaspersky 7.0.0.125 2008.12.12 - McAfee 5461 2008.12.11 - McAfee+Artemis 5461 2008.12.11 - Microsoft 1.4205 2008.12.12 - NOD32 3685 2008.12.12 - Norman 5.80.02 2008.12.11 - Panda 9.0.0.4 2008.12.11 Suspicious file PCTools 4.4.2.0 2008.12.11 - Prevx1 V2 2008.12.12 - Rising 21.07.32.00 2008.12.11 - SecureWeb-Gateway 6.7.6 2008.12.11 - Sophos 4.36.0 2008.12.12 - Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.12 - TheHacker 6.3.1.2.184 2008.12.11 - TrendMicro 8.700.0.1004 2008.12.11 - VBA32 3.12.8.10 2008.12.11 - ViRobot 2008.12.12.1514 2008.12.12 - VirusBuster 4.5.11.0 2008.12.11 - weitere Informationen File size: 4641634 bytes MD5...: a9103f2b9ef866af28b5baa93eeb6880 SHA1..: 7eff4f38d50ce3a496bf6c80e95d5848cc8fa313 SHA256: b0a9691cc11d31f148474e7184db9c91357c4f935869895170c0bbb24175cc72 SHA512: f4390672a3937ef3c0da43a0bb9fe667a13c89434a114a2db2334ac46c558e8c 6ee078e4e5f1930ce2e872e6b81673636e363e2ba2c159755e57193d5da3a2b3 ssdeep: 98304:tOhPuCguheWetyq3Ovk1mo+HFpqGejFWvxjKte2CUZ1/3:tOFnJtwyimfQ Z3 PEiD..: - TrID..: File type identification Windows OCX File (68.7%) Win32 EXE PECompact compressed (generic) (23.1%) Win32 Executable Generic (4.7%) Win16/32 Executable Delphi generic (1.1%) Generic Win/DOS Executable (1.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x47ea64 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 10 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x7c8d0 0x7ca00 6.53 fc715c4632b467ec2f080e0d61928f4d .itext 0x7e000 0xaac 0xc00 5.74 d478311d3fae9e8b3641b9f92a0b6294 .data 0x7f000 0x5b34 0x5c00 6.82 6d8319495d2f6690a5acb0d617b2e7f0 .bss 0x85000 0x3bcc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x89000 0x2af8 0x2c00 5.14 1b6ec851a322d7960eee00c4a6169205 .tls 0x8c000 0x34 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0x8d000 0x18 0x200 0.21 c3598d3596c18281a739cf5541bc5721 .reloc 0x8e000 0x95d4 0x9600 6.65 b1e654c8fb0afa94e3daf969d2f077ab .rsrc 0x98000 0x35600 0x35600 5.70 4c2f6d6f0b441e1f315ecd7baba057b4 .debug 0xce000 0x3a8362 0x3a8362 5.16 ebaf3d16c525a23df18c5371d34255f7 ( 15 imports ) > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA > kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA > user32.dll: CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout > gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt > version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA > kernel32.dll: lstrcpyA, WriteProcessMemory, WriteFile, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SuspendThread, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle > advapi32.dll: ReportEventA, RegisterEventSourceA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, DeregisterEventSource > advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, CloseServiceHandle > kernel32.dll: Sleep > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit > comctl32.dll: _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create > netapi32.dll: Netbios ( 0 exports ) Geändert von littlefrank (19.03.2009 um 01:04 Uhr) |
|
19.03.2009, 01:01
| #9 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! die volle Info (sprich alle Scannerergebnisse plus die kryptischen Daten darunter [md5 und co]) wäre toll!
__________________ a5cl3p1o5, ehemals 45cl3p1u5 |
|
19.03.2009, 01:15
| #10 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! Datei mqooo.exe empfangen 2009.03.19 01:06:16 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 2/39 (5.13%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.03.18 - AhnLab-V3 5.0.0.2 2009.03.18 - AntiVir 7.9.0.120 2009.03.18 - Authentium 5.1.2.4 2009.03.18 - Avast 4.8.1335.0 2009.03.18 - AVG 8.5.0.283 2009.03.19 - BitDefender 7.2 2009.03.19 - CAT-QuickHeal 10.00 2009.03.18 - ClamAV 0.94.1 2009.03.18 - Comodo 1066 2009.03.18 - DrWeb 4.44.0.09170 2009.03.19 - eSafe 7.0.17.0 2009.03.18 - eTrust-Vet 31.6.6388 2009.03.09 - F-Prot 4.4.4.56 2009.03.18 - F-Secure 8.0.14470.0 2009.03.19 - Fortinet 3.117.0.0 2009.03.19 - GData 19 2009.03.19 - Ikarus T3.1.1.48.0 2009.03.18 - K7AntiVirus 7.10.674 2009.03.17 - Kaspersky 7.0.0.125 2009.03.19 - McAfee 5557 2009.03.18 - McAfee+Artemis 5557 2009.03.18 - McAfee-GW-Edition 6.7.6 2009.03.18 Trojan.LooksLike.Dropper Microsoft 1.4502 2009.03.18 Trojan:Win32/Skintrim.gen!D NOD32 3946 2009.03.18 - Norman 6.00.06 2009.03.18 - nProtect 2009.1.8.0 2009.03.18 - Panda 10.0.0.10 2009.03.18 - PCTools 4.4.2.0 2009.03.18 - Prevx1 V2 2009.03.19 - Rising 21.21.22.00 2009.03.18 - Sophos 4.39.0 2009.03.18 - Sunbelt 3.2.1858.2 2009.03.18 - Symantec 1.4.4.12 2009.03.19 - TheHacker 6.3.3.0.283 2009.03.16 - TrendMicro 8.700.0.1004 2009.03.18 - VBA32 3.12.10.1 2009.03.18 - ViRobot 2009.3.18.1654 2009.03.18 - VirusBuster 4.6.5.0 2009.03.18 - weitere Informationen File size: 259072 bytes MD5...: 17062c6b14ea1760f7b5d12ddd3058e1 SHA1..: b861ed2fa0321bc2b9aff6a8be1ff37b57ef1638 SHA256: 42abf3731ec9d682cc289dfed8c188a7f6580ee77d7c1c59dd95ff6f08189b40 SHA512: 8d59de5017cbe253ec8dac5c505b4374d7b39eb2b948efc82c1fe76fc74fd778 9f4b556052cd3902da94b5a7fa1de77570fbf732dfa9a348d411edc254225093 ssdeep: 6144:A77weFpFa1x2hKAEPlPt1uZbryu/qVvJwfUP+F:q1F7a1Q0lPwryUo/+ PEiD..: Armadillo v1.71 TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x30784 timedatestamp.....: 0x43fe12f4 (Thu Feb 23 19:54:28 2006) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2f91c 0x2fa00 7.43 adb2ed8d7084a50f6a8994d758f0cbaf .rdata 0x31000 0xcbb4 0xcc00 5.72 238ac13cb405f342b8d6a97d5a163fc7 .data 0x3e000 0x285c 0x2a00 5.49 99aef854a3f43aeef2a6c22455af9519 ( 8 imports ) > GDI32.dll: StartDocA, CreatePen, GetTextMetricsA, GetTextExtentPointW, SetTextAlign, ScaleViewportExtEx, CreateDIBSection, AddFontResourceA, GetEnhMetaFilePaletteEntries, Arc, GetLayout, EnumFontFamiliesA, GetCharWidthA, ExtTextOutA, CreateBrushIndirect, EnumMetaFile, SetDIBColorTable, EnumFontsA, SelectClipRgn, GetTextAlign, InvertRgn, FrameRgn > WINSPOOL.DRV: DeletePortA, EnumPortsA, DeleteMonitorA > USER32.dll: EnableMenuItem, SetWindowsHookExA, ReuseDDElParam, FillRect, GetSysColor, InsertMenuItemW, CreatePopupMenu, GetDlgItemTextW, IsCharAlphaW, SetClassLongW, GetPropA, IsWindowUnicode, GetKeyboardLayoutList, CharLowerBuffA, RemovePropA, EnableScrollBar, DispatchMessageA, AdjustWindowRectEx, DdeFreeStringHandle > KERNEL32.dll: GetModuleHandleA, GetDateFormatW, FormatMessageA, GetShortPathNameA, FindFirstFileA, GlobalReAlloc, CreateFileW, VirtualAlloc, HeapFree, LoadLibraryExW, InitializeCriticalSection, GlobalUnlock, FindClose, EnumCalendarInfoA, HeapSetInformation, SetFilePointerEx, SystemTimeToTzSpecificLocalTime, ReleaseMutex, CreateTimerQueueTimer, CreateThread, FindResourceW, IsDBCSLeadByte, CreateFileMappingA, GetOEMCP, GetTickCount, SetLastError, SetWaitableTimer, ResetEvent, lstrlenW, MapViewOfFileEx, GetFullPathNameW, GlobalHandle, CreateTimerQueue, GlobalSize, HeapDestroy, lstrcmpiW, MoveFileW, IsBadCodePtr, CreateEventA, GetConsoleCP, TerminateThread, GlobalMemoryStatus, RemoveDirectoryW, GetDiskFreeSpaceExW, WideCharToMultiByte, SizeofResource, GetOverlappedResult, GetPrivateProfileIntA, MapViewOfFile, GetSystemDirectoryA, FindResourceA, GetVersionExA, GetThreadPriority, GetConsoleOutputCP, CreateIoCompletionPort, GetFileType, CreateProcessW, GetSystemDirectoryW, GetProcessHeap, HeapCreate, GetPrivateProfileIntW, GetLocaleInfoA, LocalReAlloc, MultiByteToWideChar, GetSystemPowerStatus, GetTempPathA, CreateFileMappingW, ExitThread, Beep, SetFileAttributesW, IsBadWritePtr, GetStartupInfoA > ADVAPI32.dll: IsValidSecurityDescriptor, RegOpenKeyExW, FreeSid, CreateServiceA, RegEnumValueW, LookupPrivilegeValueW, RegFlushKey, OpenThreadToken, RegQueryValueA, GetUserNameW, RegSetValueExA, CryptAcquireContextA, MakeSelfRelativeSD, InitializeSecurityDescriptor, RegCreateKeyW > SHLWAPI.dll: StrRChrW, PathAppendW, PathRenameExtensionW > VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueA, GetFileVersionInfoW > MSVCRT.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _XcptFilter, sprintf, _exit, malloc, _mbsrchr, iswdigit, atoi, _msize, atof, ceil, isspace, _wcsicmp, _setmbcp, tolower, iswalnum, wcscpy, localtime, _cexit, swscanf, _splitpath, exit, wcsncmp, wcstod, free, _wtoi, _errno, _ismbblead, wcstoul, strncmp, fread, _ltow, towlower, wcscspn, time, wcstok, qsort, fclose, _ecvt, _wcsupr, _strnicmp, _CxxThrowException, _fpreset, swprintf, bsearch, _expand, wcschr, _stricmp, realloc, _purecall, _wcsnicmp, _c_exit, _wsplitpath, isdigit ( 0 exports ) |
|
19.03.2009, 01:23
| #11 | |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! Lade Dir Avenger runter, starte es und gebe folgenden Text in das "Input script here:"-Feld ein: Zitat:
__________________ a5cl3p1o5, ehemals 45cl3p1u5 |
|
19.03.2009, 01:55
| #12 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! soo, nachdem er Windows wieder gestartet hat, kam ne Fehlermeldung, die ich via Print optisch festgehalten habe. Falls Du dann mal schauen möchtest... HiJackThis brachte folgendes zur Auswertung: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:46:37, on 19.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\Toshiba\Windows Utilities\Hotkey.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\igfxext.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Gemeinsame Dateien\ACD Systems\EN\DevDetect.exe C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jappy.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [mqooo] "c:\dokumente und einstellungen\littlefrank\lokale einstellungen\anwendungsdaten\mqooo.exe" mqooo O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {9E958ACA-8CB9-414B-B5C6-2F044D71F7B2} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EE19F866-1C53-45F8-A466-7C47AA567A44}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B0F1F39D-F0FF-40AA-80DA-2CC6A0AA0C04} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVSKey-Lock (AvskeyService) - Unknown owner - C:\Programme\AVSKey-Lock\AVSKey.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: FsUsbExService - Unknown owner - C:\WINDOWS\system32\FsUsbExService.Exe (file missing) O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Programme\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 22364 bytes Soo, ich danke Dir erstmal für Deine Hilfe! Ne angenehme Nacht erstmal LG DLFrank |
|
19.03.2009, 10:29
| #13 | |
  | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf!Zitat:
a bissl arg viel, oder? 
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around!  |
|
19.03.2009, 10:34
| #14 | |||
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! Hallo littlefrank, ich wurde gebeten, Dich die bisherigen Veränderungen rückgängig machen zu lassen. Dies erreichst Du, indem Du aus der backup.zip, welche sich unter c:\avenger\backup.zip findet, die Dateien wieder entpackst und an ihren alten Ursprungsort setzt (das Passwort ist infected). Ich wollte etwas testen, bevor wir regulär weitermachen ... Dass ich wusste, was ich mache, bevor ich Dich Avenger ausführen ließ, zeigt ein Schriftwechsel per privater Nachricht: Gesprächspartner: Zitat:
Zitat:
. (Zwischenzeitich über etwas anderes unterhalten) . ich: Zitat:
die PNs liegen weiterhin vor ... Was ich zugegeben nicht wusste, ist dass sich SweetIM auch regulär deinstallieren lässt und nicht per Avenger "deaktiviert" werden muss. Naja, wie gesagt: bitte stelle die Dateien wieder her. Ich hoffe, Du wirst anschließend von jemandem kompetenten weiter betreut. Grüße a5cl3p1o5
__________________ a5cl3p1o5, ehemals 45cl3p1u5 |
|
19.03.2009, 10:36
| #15 |
| | Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! @Angel21: das wir nur angezeigt, weil HijackThis nach auffälligen Zahlen-Buchstaben-Mixs sucht. Die Einträge sind aber unbedenklich.
__________________ a5cl3p1o5, ehemals 45cl3p1u5 |
|
| Themen zu Firefox öffnet neues Werbefenster selbsttätig und IE geht gar nicht mehr auf! |
| ahnung, einfach, eingestuft, fehler, firefox, gen, hilft, infizierungen, neues, nicht mehr, problem, probleme, runtergeladen, schmoll, selbsttätig, verweigert, vollversion, warum, werbefenster, wirkliche, zusätzlich, ähnliches, öffnen, öffnet |
Linear-Darstellung
