|
Log-Analyse und Auswertung: IE öffnet Werbung, VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.05.2010, 20:09 | #1 |
| IE öffnet Werbung, Virus Hallo Zusammen, also, bei mir öffnet der IE ständig Werbefenster. Virenscanner habe ich auch schon mehrfach (auch im abgesicherten Modus) laufen lassen und auch Viren gelöscht. Scheinbar ist das Problem aber noch nicht behoben. Beim Suchen einer Lösung habe ich immerhin heraus gefunden, dass ich ein Logfile erstellen muss ;-) aber weiter komm ich leider nicht. Es wäre klasse, wenn mir jemand helfen könnte! LG Mone Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:59, on 03.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Users\XXX\AppData\Local\Temp\Izq.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\pdf24\pdf24.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\mobsync.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Opera\opera.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\XXX\Documents\Desktop\Desktop\Desktop\HiJack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.asus.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://wetter.rtl.de/redaktion/wettercockpit/index.php?md5=b8c56a0731084d3de92585284a60dbdc R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: BBR - Unknown owner - C:\Users\XXX\AppData\Local\Temp\BBR.exe (file missing) O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SG - Unknown owner - C:\Users\XXX\AppData\Local\Temp\SG.exe (file missing) -- End of file - 6083 bytes |
03.05.2010, 20:53 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet Werbung, Virus Hallo und
__________________bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
03.05.2010, 21:05 | #3 |
| IE öffnet Werbung, Virus Hallo Arne,
__________________Danke, dann mach ich das mal :-) LG Mone |
04.05.2010, 06:24 | #4 |
| IE öffnet Werbung, Virus Guten morgen! Ich habe bei dem Check mit dem Malware Programm folgendes Ergebnis: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4063 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 04.05.2010 06:48:24 mbam-log-2010-05-04 (06-48-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 336449 Laufzeit: 2 Stunde(n), 54 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\$RECYCLE.BIN\S-1-5-21-1925237303-2714135112-2563916689-1000\$R7UQCT1.exe (Trojan.Fraudpack) -> No action taken. C:\$RECYCLE.BIN\S-1-5-21-1925237303-2714135112-2563916689-1000\$RHZUUZV.exe (Rootkit.Dropper) -> No action taken. C:\.Trash-500\files\S-1-5-21-1925237303-2714135112-2563916689-1000\$R3Q4PY1.exe (Trojan.Downloader) -> No action taken. C:\Users\XXX\AppData\Local\Temp\rknfl.exe (Rootkit.Agent) -> No action taken. C:\Users\XXX\AppData\Local\Temp\7DCC.tmp (Backdoor.Sinowal) -> No action taken. C:\Users\XXX\Documents\GrafikHochzeit\schluesselfinder.exe (Trojan.Downloader) -> No action taken. C:\Users\XXX\Favorites\_favdata.dat (Malware.Trace) -> No action taken. C:\Users\XXX\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. Die infizierten Objekte habe ich direkt gelöscht. Und dann das OTL laufen lassen: OTL logfile created on: 04.05.2010 06:54:15 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = c:\Users\Anke\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 21,27 Gb Free Space | 28,55% Space Free | Partition Type: NTFS Drive D: | 64,76 Gb Total Space | 39,78 Gb Free Space | 61,43% Space Free | Partition Type: NTFS Drive E: | 505,52 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX-PC Current User Name: XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - c:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) ========== Modules (SafeList) ========== MOD - c:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SG) -- File not found SRV - (BBR) -- File not found SRV - (Akamai) -- c:\program files\common files\akamai\rswin_3653.dll () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://wetter.rtl.de/redaktion/wettercockpit/index.php?md5=b8c56a0731084d3de92585284a60dbdc IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://portal.opera.com" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 18:14:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.24 17:34:57 | 000,000,000 | ---D | M] [2009.03.25 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.05.03 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions [2010.03.26 10:17:38 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2009.09.03 23:19:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.05.09 22:26:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions\moveplayer@movenetworks.com [2009.09.01 19:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2008.09.15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll [2010.03.25 23:20:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.25 23:20:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.25 23:20:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.25 23:20:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.25 23:20:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\XXX\Pictures\Hamburg\50620093.JPG O24 - Desktop BackupWallPaper: C:\Users\XXX\Pictures\Hamburg\50620093.JPG O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.03 22:04:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2010.05.03 22:04:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.03 22:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.03 22:04:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.03 22:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.03 20:40:40 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Desktop\Desktop\Desktop\HiJack [2010.05.02 19:28:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\257182FA9E52EDFFAE486570458FC912 [2010.04.24 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\umzug [2010.04.24 17:34:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.24 15:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010.04.18 11:43:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\old [2010.04.13 20:39:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.13 20:39:46 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.13 20:39:45 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.13 20:39:41 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.13 20:39:41 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.04 06:54:13 | 003,145,728 | -HS- | M] () -- C:\Users\XXX\ntuser.dat [2010.05.04 06:51:10 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job [2010.05.04 06:50:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.04 06:50:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.04 06:50:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.04 06:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.04 06:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{9059337d-d461-11dd-87bf-00235432c377}.TMContainer00000000000000000001.regtrans-ms [2010.05.04 06:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{9059337d-d461-11dd-87bf-00235432c377}.TM.blf [2010.05.04 06:49:33 | 002,684,762 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db [2010.05.03 23:43:42 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{72FD5496-1DB6-40EE-9756-06127CDFB6A5}.job [2010.05.03 22:04:15 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.02 18:01:15 | 000,014,792 | ---- | M] () -- C:\Users\XXX\Documents\Einweihungsparty.xlsx [2010.05.01 23:44:03 | 000,050,688 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.01 20:43:15 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.01 20:43:15 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.01 20:43:15 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.01 20:43:15 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.01 20:43:15 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.30 07:36:17 | 000,011,646 | ---- | M] () -- C:\Users\XXX\Documents\Kosten.xlsx [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 22:12:41 | 000,012,536 | ---- | M] () -- C:\Users\XXX\Documents\TO DOs_einweihung.docx [2010.04.28 19:22:26 | 002,301,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.26 19:24:31 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2010.04.24 20:27:12 | 000,135,115 | ---- | M] () -- C:\Users\XXX\Documents\foto.jpg [2010.04.24 17:34:57 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.19 21:58:34 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.04.18 21:37:40 | 000,010,102 | ---- | M] () -- C:\Users\XXX\Documents\Beantragter urlaub.docx [2010.04.10 21:07:35 | 000,011,655 | ---- | M] () -- C:\Users\XXX\Documents\emailadressen.docx [2010.04.10 11:23:07 | 000,010,223 | ---- | M] () -- C:\Users\XXX\Documents\Unity.docx [2010.04.10 11:05:33 | 000,021,757 | ---- | M] () -- C:\Users\XXX\Documents\100315_2_unitymedia.pdf [2010.04.10 11:05:12 | 000,020,761 | ---- | M] () -- C:\Users\XXX\Documents\100315_1_unitymedia.pdf [2010.04.10 11:04:39 | 000,021,992 | ---- | M] () -- C:\Users\XXX\Documents\100305_Unitymedia.pdf [2010.04.07 07:28:55 | 000,012,006 | ---- | M] () -- C:\Users\XXX\Documents\einladung.docx [2010.04.06 07:11:59 | 000,000,680 | ---- | M] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.03 22:04:15 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.25 20:13:07 | 000,012,536 | ---- | C] () -- C:\Users\XXX\Documents\TO DOs_einweihung.docx [2010.04.24 20:27:12 | 000,135,115 | ---- | C] () -- C:\Users\XXX\Documents\foto.jpg [2010.04.19 21:58:34 | 000,001,660 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.04.18 21:37:39 | 000,010,102 | ---- | C] () -- C:\Users\XXX\Documents\Beantragter urlaub.docx [2010.04.15 21:22:35 | 000,014,792 | ---- | C] () -- C:\Users\XXX\Documents\Einweihungsparty.xlsx [2010.04.10 17:01:29 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.10 11:05:33 | 000,021,757 | ---- | C] () -- C:\Users\XXX\Documents\100315_2_unitymedia.pdf [2010.04.10 11:05:12 | 000,020,761 | ---- | C] () -- C:\Users\XXX\Documents\100315_1_unitymedia.pdf [2010.04.10 11:04:39 | 000,021,992 | ---- | C] () -- C:\Users\XXX\Documents\100305_Unitymedia.pdf [2010.04.10 11:01:46 | 000,010,223 | ---- | C] () -- C:\Users\XXX\Documents\Unity.docx [2010.04.10 10:40:03 | 000,011,655 | ---- | C] () -- C:\Users\XXX\Documents\emailadressen.docx [2010.04.06 22:21:50 | 000,012,006 | ---- | C] () -- C:\Users\XXX\Documents\einladung.docx [2009.09.16 21:48:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.17 23:57:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.03.15 15:14:46 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.03.15 15:14:42 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.03.15 15:14:41 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.03.15 15:14:39 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.03.15 15:14:39 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.01.11 21:14:23 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2009.01.11 21:11:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.01.11 21:11:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.12.28 01:46:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2008.12.28 01:46:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2008.12.28 01:46:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2008.12.28 01:44:50 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2008.12.28 01:44:50 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2008.12.28 00:11:52 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.12.27 21:41:57 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008.08.29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.02.11 05:55:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll [2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll [2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll [2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll [2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll [2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll [2005.05.26 18:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll [2005.05.26 18:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll [2005.05.26 18:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll < End of report > Wäre super, wenn jemand mal drüber schauen könnte, ob alles so richtig ist. Viele Grüße Mone |
04.05.2010, 09:37 | #6 |
| IE öffnet Werbung, Virus Da dachte ich schon nun sei alles gut ;-) Mache ich auf jeden Fall direkt heute abend, wenn ich von der Arbeit zurück bin! Vielen Dank! |
04.05.2010, 19:41 | #7 |
| IE öffnet Werbung, Virus Hier schon mal das erste! GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-05-04 20:37:34 Windows 6.0.6002 Service Pack 2 Running: yutbqgyl.exe; Driver: C:\Users\XXX\AppData\Local\Temp\kwldrpow.sys ---- System - GMER 1.0.15 ---- SSDT AC6DBE84 ZwCreateThread SSDT AC6DBE70 ZwOpenProcess SSDT AC6DBE75 ZwOpenThread SSDT AC6DBE7F ZwTerminateProcess INT 0x52 ? 86243F00 INT 0x62 ? 86243F00 INT 0x72 ? 86243F00 INT 0x82 ? 86243F00 INT 0x82 ? 86243F00 INT 0x92 ? 86243F00 INT 0x92 ? 86243F00 INT 0xA2 ? 84D68BF8 INT 0xB2 ? 84D64BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 820E8984 4 Bytes [84, BE, 6D, AC] .text ntkrnlpa.exe!KeSetEvent + 3F1 820E8B54 4 Bytes [70, BE, 6D, AC] {JO 0xffffffffffffffc0; INSD ; LODSB } .text ntkrnlpa.exe!KeSetEvent + 40D 820E8B70 4 Bytes [75, BE, 6D, AC] {JNZ 0xffffffffffffffc0; INSD ; LODSB } .text ntkrnlpa.exe!KeSetEvent + 621 820E8D84 4 Bytes [7F, BE, 6D, AC] {JG 0xffffffffffffffc0; INSD ; LODSB } ? System32\Drivers\spab.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 8F1A841B 5 Bytes JMP 862434E0 .text a1wwswrm.SYS 8E65D000 22 Bytes [82, 03, 01, 82, 6C, 02, 01, ...] .text a1wwswrm.SYS 8E65D017 167 Bytes [00, 32, 47, 79, 80, 3D, 45, ...] .text a1wwswrm.SYS 8E65D0BF 13 Bytes [82, 00, 00, 00, 00, 00, 00, ...] {ADD BYTE [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text a1wwswrm.SYS 8E65D0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX} .text a1wwswrm.SYS 8E65D0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1500] ntdll.dll!LdrLoadDll 77209390 5 Bytes JMP 003B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D2] \SystemRoot\System32\Drivers\spab.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B040] \SystemRoot\System32\Drivers\spab.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B7FC] \SystemRoot\System32\Drivers\spab.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0BE] \SystemRoot\System32\Drivers\spab.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13C] \SystemRoot\System32\Drivers\spab.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069B048] \SystemRoot\System32\Drivers\spab.sys IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortNotification] 009E840F IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetParentBusType] 8D575750 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortCompleteRequest] 2FBC35FF IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortMoveMemory] 4D898E68 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortInitialize] 6A8E682F IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52 IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84D6B1F8 AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider) Device \FileSystem\fastfat \FatCdrom 88964500 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 84D661F8 Device \Driver\netbt \Device\NetBT_Tcpip_{7609612D-DD80-4DBA-AB8B-18D52BF6CB0E} 8789A1F8 Device \Driver\usbuhci \Device\USBPDO-0 86F911F8 Device \Driver\usbuhci \Device\USBPDO-1 86F911F8 Device \Driver\usbehci \Device\USBPDO-2 86F8F1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{2F885168-9675-4E7B-A12A-772BAC4C1E25} 8789A1F8 Device \Driver\usbuhci \Device\USBPDO-3 86F911F8 Device \Driver\usbuhci \Device\USBPDO-4 86F911F8 Device \Driver\usbuhci \Device\USBPDO-5 86F911F8 Device \Driver\usbehci \Device\USBPDO-6 86F8F1F8 Device \Driver\volmgr \Device\HarddiskVolume1 84D661F8 Device \Driver\PCI_PNP6854 \Device\00000058 spab.sys Device \Driver\volmgr \Device\HarddiskVolume2 84D661F8 Device \Driver\cdrom \Device\CdRom0 86FB21F8 Device \Driver\cdrom \Device\CdRom1 86FB21F8 Device \Driver\volmgr \Device\HarddiskVolume3 84D661F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84D691F8 Device \Driver\iaStor \Device\Ide\iaStor0 [826F6580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 84D691F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [826F6580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\netbt \Device\NetBt_Wins_Export 8789A1F8 Device \Driver\Smb \Device\NetbiosSmb 878891F8 Device \Driver\iScsiPrt \Device\RaidPort0 870951F8 Device \Driver\usbuhci \Device\USBFDO-0 86F911F8 Device \Driver\netbt \Device\NetBT_Tcpip_{2DB41703-4591-4567-8614-33DAB9AFD102} 8789A1F8 Device \Driver\usbuhci \Device\USBFDO-1 86F911F8 Device \Driver\sptd \Device\3418134872 spab.sys Device \Driver\usbehci \Device\USBFDO-2 86F8F1F8 Device \Driver\usbuhci \Device\USBFDO-3 86F911F8 Device \Driver\usbuhci \Device\USBFDO-4 86F911F8 Device \Driver\usbuhci \Device\USBFDO-5 86F911F8 Device \Driver\usbehci \Device\USBFDO-6 86F8F1F8 Device \Driver\a1wwswrm \Device\Scsi\a1wwswrm1 86F991F8 Device \Driver\a1wwswrm \Device\Scsi\a1wwswrm1Port3Path0Target0Lun0 86F991F8 Device \FileSystem\fastfat \Fat 88964500 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 86FD21F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x37 0x29 0x48 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0x47 0x62 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x53 0x65 0xEA 0x4E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x37 0x29 0x48 0x06 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0x47 0x62 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x53 0x65 0xEA 0x4E ... ---- Files - GMER 1.0.15 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\_avt 512 bytes File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes ---- EOF - GMER 1.0.15 ---- |
04.05.2010, 20:00 | #8 |
| IE öffnet Werbung, Virus Und hier das nächste: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:58:11 on 04.05.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Opera Software Opera Internet Browser 10.10 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "SDMsgUpdate (TE).job" - ? - C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a1wwswrm" (a1wwswrm) - "Microsoft Corporation" - C:\Windows\system32\drivers\a1wwswrm.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys (File not found) "ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys "ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kwldrpow" (kwldrpow) - ? - C:\Users\XXX\AppData\Local\Temp\kwldrpow.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0901.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun "IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\rswin_3653.dll (File found, but it contains no detailed information) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Ich bin für jede Hilfe dankbar :-) LG Mone |
04.05.2010, 21:33 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet Werbung, Virus Sieht soweit ok aus. Noch Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
05.05.2010, 06:06 | #10 |
| IE öffnet Werbung, Virus Hallo Arne, es scheint nun wirklich alles ok zu sein. Auf jeden Fall geht keine Werbung mehr auf! Vielen Dank!!! LG Mone |
05.05.2010, 10:14 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet Werbung, Virus Ok. Mach aber bitte noch nen Durchgang mit CF, dann trau ich der Sache vllt etwas mehr ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
05.05.2010, 16:14 | #12 |
| IE öffnet Werbung, Virus Hallo! OK, dann mach ich das mal heute abend! Ist denn irgendwas "komisch" an meinen Logfiles? LG Mone |
05.05.2010, 18:54 | #14 |
| IE öffnet Werbung, Virus Okay, dann mal hier das Nächste: ComboFix 10-05-04.06 - XXX 05.05.2010 18:59:36.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3062.2153 [GMT 2:00] ausgeführt von:: c:\users\XXX\Documents\Desktop\Desktop\Desktop\Cofi.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2010-04-05 bis 2010-05-05 )))))))))))))))))))))))))))))) . 2010-05-05 17:09 . 2010-05-05 17:10 -------- d-----w- c:\users\XXX\AppData\Local\temp 2010-05-05 17:09 . 2010-05-05 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-04 18:50 . 2010-05-04 18:52 -------- d-----w- c:\users\XXX\osam 2010-05-04 18:48 . 2010-05-04 18:48 -------- d-----w- c:\users\XXX\osam_autorun_manager_5_0_portable 2010-05-03 20:04 . 2010-05-03 20:04 -------- d-----w- c:\users\XXX\AppData\Roaming\Malwarebytes 2010-05-03 20:04 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-03 20:04 . 2010-05-03 20:04 -------- d-----w- c:\programdata\Malwarebytes 2010-05-03 20:04 . 2010-05-03 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-03 20:04 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-02 17:28 . 2010-05-02 17:28 745472 ----a-w- c:\users\XXX\AppData\Roaming\257182FA9E52EDFFAE486570458FC912\gotnewupdate.exe 2010-05-02 17:28 . 2010-05-02 17:28 -------- d-----w- c:\users\XXX\AppData\Roaming\257182FA9E52EDFFAE486570458FC912 2010-04-24 13:35 . 2010-04-24 13:35 -------- d-----w- c:\program files\Common Files\Skype 2010-04-13 18:39 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-13 18:39 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-13 18:39 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-13 18:39 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-13 18:39 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-13 18:39 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-13 18:39 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-13 18:39 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-13 18:39 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-13 17:05 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-13 17:05 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-05 17:10 . 2010-02-09 20:11 -------- d-----w- c:\program files\Common Files\Akamai 2010-05-03 17:06 . 2008-12-27 20:06 -------- d-----w- c:\users\XXX\AppData\Roaming\Skype 2010-05-03 16:53 . 2008-12-30 19:28 -------- d-----w- c:\users\XXX\AppData\Roaming\skypePM 2010-05-01 18:43 . 2008-04-16 11:11 618442 ----a-w- c:\windows\system32\perfh007.dat 2010-05-01 18:43 . 2008-04-16 11:11 122842 ----a-w- c:\windows\system32\perfc007.dat 2010-04-19 19:59 . 2009-01-05 21:30 -------- d-----w- c:\program files\pdf24 2010-04-14 01:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-14 01:06 . 2008-09-30 18:59 -------- d-----w- c:\programdata\Microsoft Help 2010-04-10 15:01 . 2008-12-27 19:24 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-06 05:11 . 2009-04-03 02:00 680 ----a-w- c:\users\XXX\AppData\Local\d3d9caps.dat 2010-02-25 02:19 . 2008-12-27 19:21 101480 ----a-w- c:\users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-02 19:18 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 21:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 21:20 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 21:20 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 21:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-13 02:02 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-13 02:02 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-13 02:02 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-12 10:32 . 2010-03-14 02:00 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-09 20:31 . 2010-02-09 20:11 1228240 ----a-w- c:\users\XXX\ADBEPHSPCS4_LS4.exe 2010-02-09 14:51 . 2008-09-30 20:37 45056 ----a-w- c:\windows\system32\acovcnt.exe 2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-03-11 208528] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2] 2007-10-18 02:04 7737344 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-10-11 03:04 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2005-05-26 16:12 544768 ----a-w- c:\windows\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):c3,ea,14,6f,09,37,ca,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-27 717296] R4 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296] R4 BBR;BBR;c:\users\XXX\AppData\Local\Temp\BBR.exe [x] R4 SG;SG;c:\users\XXX\AppData\Local\Temp\SG.exe [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners 2010-05-05 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-04-30 05:29] 2010-05-04 c:\windows\Tasks\User_Feed_Synchronization-{72FD5496-1DB6-40EE-9756-06127CDFB6A5}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://wetter.rtl.de/redaktion/wettercockpit/index.php?md5=b8c56a0731084d3de92585284a60dbdc uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\s6w9kulm.default\ FF - prefs.js: browser.startup.homepage - hxxp://portal.opera.com FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\s6w9kulm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-Canaveral - c:\users\XXX\AppData\Local\Temp\sshnas21.dll MSConfigStartUp-M5T8QL3YW3 - c:\users\XXX\AppData\Local\Temp\Izr.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-05-05 19:10 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... C:\ADSM_PData_0150 Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2010-05-05 19:13:22 ComboFix-quarantined-files.txt 2010-05-05 17:13 Vor Suchlauf: 8 Verzeichnis(se), 24.775.127.040 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 24.706.375.680 Bytes frei - - End Of File - - 1A31B8B5F699FB3E4A3374265367897A |
06.05.2010, 10:19 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet Werbung, Virus Sieht auch gut aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu IE öffnet Werbung, Virus |
antivir, antivir guard, avg, avira, bho, defender, desktop, excel, firefox, hijack, hijackthis, internet, internet explorer, local\temp, logfile, mozilla, plug-in, problem, programdata, rundll, scan, senden, skype.exe, software, system, virus, vista, werbung, windows, öffnet werbung |