Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IE öffnet Werbung, Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.05.2010, 20:09   #1
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Hallo Zusammen,

also, bei mir öffnet der IE ständig Werbefenster. Virenscanner habe ich auch schon mehrfach (auch im abgesicherten Modus) laufen lassen und auch Viren gelöscht. Scheinbar ist das Problem aber noch nicht behoben.

Beim Suchen einer Lösung habe ich immerhin heraus gefunden, dass ich ein Logfile erstellen muss ;-) aber weiter komm ich leider nicht.

Es wäre klasse, wenn mir jemand helfen könnte!

LG
Mone

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:59, on 03.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\XXX\AppData\Local\Temp\Izq.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\XXX\Documents\Desktop\Desktop\Desktop\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://wetter.rtl.de/redaktion/wettercockpit/index.php?md5=b8c56a0731084d3de92585284a60dbdc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BBR - Unknown owner - C:\Users\XXX\AppData\Local\Temp\BBR.exe (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SG - Unknown owner - C:\Users\XXX\AppData\Local\Temp\SG.exe (file missing)

--
End of file - 6083 bytes

Alt 03.05.2010, 20:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 03.05.2010, 21:05   #3
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Hallo Arne,

Danke, dann mach ich das mal :-)

LG
Mone
__________________

Alt 04.05.2010, 06:24   #4
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Guten morgen!

Ich habe bei dem Check mit dem Malware Programm folgendes Ergebnis:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4063

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

04.05.2010 06:48:24
mbam-log-2010-05-04 (06-48-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 336449
Laufzeit: 2 Stunde(n), 54 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\$RECYCLE.BIN\S-1-5-21-1925237303-2714135112-2563916689-1000\$R7UQCT1.exe (Trojan.Fraudpack) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1925237303-2714135112-2563916689-1000\$RHZUUZV.exe (Rootkit.Dropper) -> No action taken.
C:\.Trash-500\files\S-1-5-21-1925237303-2714135112-2563916689-1000\$R3Q4PY1.exe (Trojan.Downloader) -> No action taken.
C:\Users\XXX\AppData\Local\Temp\rknfl.exe (Rootkit.Agent) -> No action taken.
C:\Users\XXX\AppData\Local\Temp\7DCC.tmp (Backdoor.Sinowal) -> No action taken.
C:\Users\XXX\Documents\GrafikHochzeit\schluesselfinder.exe (Trojan.Downloader) -> No action taken.
C:\Users\XXX\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
C:\Users\XXX\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.


Die infizierten Objekte habe ich direkt gelöscht. Und dann das OTL laufen lassen:

OTL logfile created on: 04.05.2010 06:54:15 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = c:\Users\Anke\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 21,27 Gb Free Space | 28,55% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 39,78 Gb Free Space | 61,43% Space Free | Partition Type: NTFS
Drive E: | 505,52 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX-PC
Current User Name: XXX
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - c:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)


========== Modules (SafeList) ==========

MOD - c:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SG) -- File not found
SRV - (BBR) -- File not found
SRV - (Akamai) -- c:\program files\common files\akamai\rswin_3653.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://wetter.rtl.de/redaktion/wettercockpit/index.php?md5=b8c56a0731084d3de92585284a60dbdc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://portal.opera.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 18:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.24 17:34:57 | 000,000,000 | ---D | M]

[2009.03.25 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.05.03 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions
[2010.03.26 10:17:38 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009.09.03 23:19:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.09 22:26:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\s6w9kulm.default\extensions\moveplayer@movenetworks.com
[2009.09.01 19:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008.09.15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010.03.25 23:20:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.25 23:20:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.25 23:20:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.25 23:20:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.25 23:20:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\XXX\Pictures\Hamburg\50620093.JPG
O24 - Desktop BackupWallPaper: C:\Users\XXX\Pictures\Hamburg\50620093.JPG
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.03 22:04:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2010.05.03 22:04:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.03 22:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.03 22:04:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.03 22:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.03 20:40:40 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Desktop\Desktop\Desktop\HiJack
[2010.05.02 19:28:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\257182FA9E52EDFFAE486570458FC912
[2010.04.24 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\umzug
[2010.04.24 17:34:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.24 15:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.04.18 11:43:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\old
[2010.04.13 20:39:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.13 20:39:46 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.13 20:39:45 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.13 20:39:41 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.13 20:39:41 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.04 06:54:13 | 003,145,728 | -HS- | M] () -- C:\Users\XXX\ntuser.dat
[2010.05.04 06:51:10 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010.05.04 06:50:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.04 06:50:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.04 06:50:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.04 06:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.04 06:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{9059337d-d461-11dd-87bf-00235432c377}.TMContainer00000000000000000001.regtrans-ms
[2010.05.04 06:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{9059337d-d461-11dd-87bf-00235432c377}.TM.blf
[2010.05.04 06:49:33 | 002,684,762 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db
[2010.05.03 23:43:42 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{72FD5496-1DB6-40EE-9756-06127CDFB6A5}.job
[2010.05.03 22:04:15 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.02 18:01:15 | 000,014,792 | ---- | M] () -- C:\Users\XXX\Documents\Einweihungsparty.xlsx
[2010.05.01 23:44:03 | 000,050,688 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.01 20:43:15 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.01 20:43:15 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.01 20:43:15 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.01 20:43:15 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.01 20:43:15 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.30 07:36:17 | 000,011,646 | ---- | M] () -- C:\Users\XXX\Documents\Kosten.xlsx
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 22:12:41 | 000,012,536 | ---- | M] () -- C:\Users\XXX\Documents\TO DOs_einweihung.docx
[2010.04.28 19:22:26 | 002,301,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.26 19:24:31 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.04.24 20:27:12 | 000,135,115 | ---- | M] () -- C:\Users\XXX\Documents\foto.jpg
[2010.04.24 17:34:57 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.19 21:58:34 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2010.04.18 21:37:40 | 000,010,102 | ---- | M] () -- C:\Users\XXX\Documents\Beantragter urlaub.docx
[2010.04.10 21:07:35 | 000,011,655 | ---- | M] () -- C:\Users\XXX\Documents\emailadressen.docx
[2010.04.10 11:23:07 | 000,010,223 | ---- | M] () -- C:\Users\XXX\Documents\Unity.docx
[2010.04.10 11:05:33 | 000,021,757 | ---- | M] () -- C:\Users\XXX\Documents\100315_2_unitymedia.pdf
[2010.04.10 11:05:12 | 000,020,761 | ---- | M] () -- C:\Users\XXX\Documents\100315_1_unitymedia.pdf
[2010.04.10 11:04:39 | 000,021,992 | ---- | M] () -- C:\Users\XXX\Documents\100305_Unitymedia.pdf
[2010.04.07 07:28:55 | 000,012,006 | ---- | M] () -- C:\Users\XXX\Documents\einladung.docx
[2010.04.06 07:11:59 | 000,000,680 | ---- | M] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.03 22:04:15 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.25 20:13:07 | 000,012,536 | ---- | C] () -- C:\Users\XXX\Documents\TO DOs_einweihung.docx
[2010.04.24 20:27:12 | 000,135,115 | ---- | C] () -- C:\Users\XXX\Documents\foto.jpg
[2010.04.19 21:58:34 | 000,001,660 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2010.04.18 21:37:39 | 000,010,102 | ---- | C] () -- C:\Users\XXX\Documents\Beantragter urlaub.docx
[2010.04.15 21:22:35 | 000,014,792 | ---- | C] () -- C:\Users\XXX\Documents\Einweihungsparty.xlsx
[2010.04.10 17:01:29 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.10 11:05:33 | 000,021,757 | ---- | C] () -- C:\Users\XXX\Documents\100315_2_unitymedia.pdf
[2010.04.10 11:05:12 | 000,020,761 | ---- | C] () -- C:\Users\XXX\Documents\100315_1_unitymedia.pdf
[2010.04.10 11:04:39 | 000,021,992 | ---- | C] () -- C:\Users\XXX\Documents\100305_Unitymedia.pdf
[2010.04.10 11:01:46 | 000,010,223 | ---- | C] () -- C:\Users\XXX\Documents\Unity.docx
[2010.04.10 10:40:03 | 000,011,655 | ---- | C] () -- C:\Users\XXX\Documents\emailadressen.docx
[2010.04.06 22:21:50 | 000,012,006 | ---- | C] () -- C:\Users\XXX\Documents\einladung.docx
[2009.09.16 21:48:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.17 23:57:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.03.15 15:14:46 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.15 15:14:42 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.15 15:14:41 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.03.15 15:14:39 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.15 15:14:39 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.01.11 21:14:23 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.01.11 21:11:56 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.01.11 21:11:56 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.12.28 01:46:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2008.12.28 01:46:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2008.12.28 01:46:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2008.12.28 01:44:50 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008.12.28 01:44:50 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008.12.28 00:11:52 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.12.27 21:41:57 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008.08.29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.02.11 05:55:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.05.26 18:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.05.26 18:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.05.26 18:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.05.26 18:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll
< End of report >


Wäre super, wenn jemand mal drüber schauen könnte, ob alles so richtig ist.

Viele Grüße
Mone

Alt 04.05.2010, 09:09   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Ok. Poste erstell bitte nun Logs mit GMER und OSAM

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2010, 09:37   #6
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Da dachte ich schon nun sei alles gut ;-) Mache ich auf jeden Fall direkt heute abend, wenn ich von der Arbeit zurück bin! Vielen Dank!

Alt 04.05.2010, 19:41   #7
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Hier schon mal das erste!

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-04 20:37:34
Windows 6.0.6002 Service Pack 2
Running: yutbqgyl.exe; Driver: C:\Users\XXX\AppData\Local\Temp\kwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT AC6DBE84 ZwCreateThread
SSDT AC6DBE70 ZwOpenProcess
SSDT AC6DBE75 ZwOpenThread
SSDT AC6DBE7F ZwTerminateProcess

INT 0x52 ? 86243F00
INT 0x62 ? 86243F00
INT 0x72 ? 86243F00
INT 0x82 ? 86243F00
INT 0x82 ? 86243F00
INT 0x92 ? 86243F00
INT 0x92 ? 86243F00
INT 0xA2 ? 84D68BF8
INT 0xB2 ? 84D64BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 820E8984 4 Bytes [84, BE, 6D, AC]
.text ntkrnlpa.exe!KeSetEvent + 3F1 820E8B54 4 Bytes [70, BE, 6D, AC] {JO 0xffffffffffffffc0; INSD ; LODSB }
.text ntkrnlpa.exe!KeSetEvent + 40D 820E8B70 4 Bytes [75, BE, 6D, AC] {JNZ 0xffffffffffffffc0; INSD ; LODSB }
.text ntkrnlpa.exe!KeSetEvent + 621 820E8D84 4 Bytes [7F, BE, 6D, AC] {JG 0xffffffffffffffc0; INSD ; LODSB }
? System32\Drivers\spab.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8F1A841B 5 Bytes JMP 862434E0
.text a1wwswrm.SYS 8E65D000 22 Bytes [82, 03, 01, 82, 6C, 02, 01, ...]
.text a1wwswrm.SYS 8E65D017 167 Bytes [00, 32, 47, 79, 80, 3D, 45, ...]
.text a1wwswrm.SYS 8E65D0BF 13 Bytes [82, 00, 00, 00, 00, 00, 00, ...] {ADD BYTE [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a1wwswrm.SYS 8E65D0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX}
.text a1wwswrm.SYS 8E65D0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1500] ntdll.dll!LdrLoadDll 77209390 5 Bytes JMP 003B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D2] \SystemRoot\System32\Drivers\spab.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B040] \SystemRoot\System32\Drivers\spab.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B7FC] \SystemRoot\System32\Drivers\spab.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0BE] \SystemRoot\System32\Drivers\spab.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13C] \SystemRoot\System32\Drivers\spab.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069B048] \SystemRoot\System32\Drivers\spab.sys
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortNotification] 009E840F
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetParentBusType] 8D575750
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortCompleteRequest] 2FBC35FF
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortMoveMemory] 4D898E68
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortInitialize] 6A8E682F
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52
IAT \SystemRoot\System32\Drivers\a1wwswrm.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D6B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device \FileSystem\fastfat \FatCdrom 88964500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84D661F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7609612D-DD80-4DBA-AB8B-18D52BF6CB0E} 8789A1F8
Device \Driver\usbuhci \Device\USBPDO-0 86F911F8
Device \Driver\usbuhci \Device\USBPDO-1 86F911F8
Device \Driver\usbehci \Device\USBPDO-2 86F8F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{2F885168-9675-4E7B-A12A-772BAC4C1E25} 8789A1F8
Device \Driver\usbuhci \Device\USBPDO-3 86F911F8
Device \Driver\usbuhci \Device\USBPDO-4 86F911F8
Device \Driver\usbuhci \Device\USBPDO-5 86F911F8
Device \Driver\usbehci \Device\USBPDO-6 86F8F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 84D661F8
Device \Driver\PCI_PNP6854 \Device\00000058 spab.sys
Device \Driver\volmgr \Device\HarddiskVolume2 84D661F8
Device \Driver\cdrom \Device\CdRom0 86FB21F8
Device \Driver\cdrom \Device\CdRom1 86FB21F8
Device \Driver\volmgr \Device\HarddiskVolume3 84D661F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84D691F8
Device \Driver\iaStor \Device\Ide\iaStor0 [826F6580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 84D691F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [826F6580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\netbt \Device\NetBt_Wins_Export 8789A1F8
Device \Driver\Smb \Device\NetbiosSmb 878891F8
Device \Driver\iScsiPrt \Device\RaidPort0 870951F8
Device \Driver\usbuhci \Device\USBFDO-0 86F911F8
Device \Driver\netbt \Device\NetBT_Tcpip_{2DB41703-4591-4567-8614-33DAB9AFD102} 8789A1F8
Device \Driver\usbuhci \Device\USBFDO-1 86F911F8
Device \Driver\sptd \Device\3418134872 spab.sys
Device \Driver\usbehci \Device\USBFDO-2 86F8F1F8
Device \Driver\usbuhci \Device\USBFDO-3 86F911F8
Device \Driver\usbuhci \Device\USBFDO-4 86F911F8
Device \Driver\usbuhci \Device\USBFDO-5 86F911F8
Device \Driver\usbehci \Device\USBFDO-6 86F8F1F8
Device \Driver\a1wwswrm \Device\Scsi\a1wwswrm1 86F991F8
Device \Driver\a1wwswrm \Device\Scsi\a1wwswrm1Port3Path0Target0Lun0 86F991F8
Device \FileSystem\fastfat \Fat 88964500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 86FD21F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x37 0x29 0x48 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0x47 0x62 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x53 0x65 0xEA 0x4E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x37 0x29 0x48 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0x47 0x62 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x53 0x65 0xEA 0x4E ...

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

Alt 04.05.2010, 20:00   #8
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Und hier das nächste:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:58:11 on 04.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.10

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"SDMsgUpdate (TE).job" - ? - C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a1wwswrm" (a1wwswrm) - "Microsoft Corporation" - C:\Windows\system32\drivers\a1wwswrm.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys (File not found)
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"kwldrpow" (kwldrpow) - ? - C:\Users\XXX\AppData\Local\Temp\kwldrpow.sys (Hidden registry entry, rootkit activity | File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information)
"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0901.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\rswin_3653.dll (File found, but it contains no detailed information)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru



Ich bin für jede Hilfe dankbar :-)

LG
Mone

Alt 04.05.2010, 21:33   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Sieht soweit ok aus. Noch Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.05.2010, 06:06   #10
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Hallo Arne,

es scheint nun wirklich alles ok zu sein. Auf jeden Fall geht keine Werbung mehr auf!

Vielen Dank!!!

LG
Mone

Alt 05.05.2010, 10:14   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Ok. Mach aber bitte noch nen Durchgang mit CF, dann trau ich der Sache vllt etwas mehr

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.05.2010, 16:14   #12
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Hallo!

OK, dann mach ich das mal heute abend! Ist denn irgendwas "komisch" an meinen Logfiles?

LG
Mone

Alt 05.05.2010, 18:27   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Nein, OSAM und GMER für mich unauffällig. Hätte ich schon geschrieben, wenn da was Offensichtliches zu sehen wäre...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.05.2010, 18:54   #14
Mone
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Okay, dann mal hier das Nächste:


ComboFix 10-05-04.06 - XXX 05.05.2010 18:59:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3062.2153 [GMT 2:00]
ausgeführt von:: c:\users\XXX\Documents\Desktop\Desktop\Desktop\Cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2010-04-05 bis 2010-05-05 ))))))))))))))))))))))))))))))
.

2010-05-05 17:09 . 2010-05-05 17:10 -------- d-----w- c:\users\XXX\AppData\Local\temp
2010-05-05 17:09 . 2010-05-05 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-04 18:50 . 2010-05-04 18:52 -------- d-----w- c:\users\XXX\osam
2010-05-04 18:48 . 2010-05-04 18:48 -------- d-----w- c:\users\XXX\osam_autorun_manager_5_0_portable
2010-05-03 20:04 . 2010-05-03 20:04 -------- d-----w- c:\users\XXX\AppData\Roaming\Malwarebytes
2010-05-03 20:04 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 20:04 . 2010-05-03 20:04 -------- d-----w- c:\programdata\Malwarebytes
2010-05-03 20:04 . 2010-05-03 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 20:04 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-02 17:28 . 2010-05-02 17:28 745472 ----a-w- c:\users\XXX\AppData\Roaming\257182FA9E52EDFFAE486570458FC912\gotnewupdate.exe
2010-05-02 17:28 . 2010-05-02 17:28 -------- d-----w- c:\users\XXX\AppData\Roaming\257182FA9E52EDFFAE486570458FC912
2010-04-24 13:35 . 2010-04-24 13:35 -------- d-----w- c:\program files\Common Files\Skype
2010-04-13 18:39 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 18:39 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 18:39 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 18:39 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 18:39 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 18:39 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-13 18:39 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-13 18:39 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-13 18:39 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 17:05 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 17:05 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 17:10 . 2010-02-09 20:11 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-03 17:06 . 2008-12-27 20:06 -------- d-----w- c:\users\XXX\AppData\Roaming\Skype
2010-05-03 16:53 . 2008-12-30 19:28 -------- d-----w- c:\users\XXX\AppData\Roaming\skypePM
2010-05-01 18:43 . 2008-04-16 11:11 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-05-01 18:43 . 2008-04-16 11:11 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-04-19 19:59 . 2009-01-05 21:30 -------- d-----w- c:\program files\pdf24
2010-04-14 01:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 01:06 . 2008-09-30 18:59 -------- d-----w- c:\programdata\Microsoft Help
2010-04-10 15:01 . 2008-12-27 19:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-06 05:11 . 2009-04-03 02:00 680 ----a-w- c:\users\XXX\AppData\Local\d3d9caps.dat
2010-02-25 02:19 . 2008-12-27 19:21 101480 ----a-w- c:\users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-02 19:18 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 21:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 21:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 21:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 21:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-13 02:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-13 02:02 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-13 02:02 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-14 02:00 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-09 20:31 . 2010-02-09 20:11 1228240 ----a-w- c:\users\XXX\ADBEPHSPCS4_LS4.exe
2010-02-09 14:51 . 2008-09-30 20:37 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-03-11 208528]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 02:04 7737344 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-10-11 03:04 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-05-26 16:12 544768 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c3,ea,14,6f,09,37,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-27 717296]
R4 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R4 BBR;BBR;c:\users\XXX\AppData\Local\Temp\BBR.exe [x]
R4 SG;SG;c:\users\XXX\AppData\Local\Temp\SG.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-05-05 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-04-30 05:29]

2010-05-04 c:\windows\Tasks\User_Feed_Synchronization-{72FD5496-1DB6-40EE-9756-06127CDFB6A5}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://wetter.rtl.de/redaktion/wettercockpit/index.php?md5=b8c56a0731084d3de92585284a60dbdc
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\s6w9kulm.default\
FF - prefs.js: browser.startup.homepage - hxxp://portal.opera.com
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\s6w9kulm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Canaveral - c:\users\XXX\AppData\Local\Temp\sshnas21.dll
MSConfigStartUp-M5T8QL3YW3 - c:\users\XXX\AppData\Local\Temp\Izr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-05 19:10
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-05 19:13:22
ComboFix-quarantined-files.txt 2010-05-05 17:13

Vor Suchlauf: 8 Verzeichnis(se), 24.775.127.040 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 24.706.375.680 Bytes frei

- - End Of File - - 1A31B8B5F699FB3E4A3374265367897A

Alt 06.05.2010, 10:19   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet Werbung, Virus - Standard

IE öffnet Werbung, Virus



Sieht auch gut aus.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu IE öffnet Werbung, Virus
antivir, antivir guard, avg, avira, bho, defender, desktop, excel, firefox, hijack, hijackthis, internet, internet explorer, local\temp, logfile, mozilla, plug-in, problem, programdata, rundll, scan, senden, skype.exe, software, system, virus, vista, werbung, windows, öffnet werbung




Ähnliche Themen: IE öffnet Werbung, Virus


  1. Chrome öffnet bei Klick auf Link Werbung & Werbung PopUps im Browser
    Plagegeister aller Art und deren Bekämpfung - 03.11.2015 (1)
  2. Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung
    Log-Analyse und Auswertung - 21.07.2015 (10)
  3. Werbung in Firefox, Fenster mit PC Optimierung Werbung öffnet sich automatisch
    Log-Analyse und Auswertung - 10.04.2015 (11)
  4. Virus öffnet schädliche Webseiten und Werbeseiten + Webseiten voller Werbung
    Log-Analyse und Auswertung - 27.10.2014 (10)
  5. Browser langsam und öffnet über google Werbung + Paysafecard Virus (100€) incl. Locked Screen
    Log-Analyse und Auswertung - 12.08.2013 (13)
  6. Virus: Internet Explorer öffnet sich von allein und zeigt Werbung.
    Log-Analyse und Auswertung - 19.07.2011 (3)
  7. Firefox öffnet plötzlich, immer wieder unerwünschte Webseiten ...Internet Explorer öffnet Werbung
    Log-Analyse und Auswertung - 12.06.2011 (17)
  8. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  9. Nervige Musik im Hintergrund, Werbung öffnet sich iexplorer.exe virus eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (25)
  10. Firefox öffnet Werbung bei Links, IE öffnet selbstständig Werbung
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (1)
  11. Virus: Beim Start Grauer Bildschirm, Öffnet Werbung in Firefox und IE
    Plagegeister aller Art und deren Bekämpfung - 10.04.2010 (5)
  12. IE öffnet werbung virus
    Log-Analyse und Auswertung - 09.04.2010 (4)
  13. IE öffnet Werbung, Avira findet Virus... hilfe
    Log-Analyse und Auswertung - 27.01.2010 (1)
  14. IE öffnet Werbung
    Log-Analyse und Auswertung - 05.11.2009 (15)
  15. Internet Explorer öffnet automatisch und öffnet Werbung
    Log-Analyse und Auswertung - 28.08.2009 (18)
  16. Firefox öffnet ständig Werbung und öffnet nie die gewünschte Seite
    Log-Analyse und Auswertung - 05.06.2009 (2)
  17. Werbung öffnet sich
    Alles rund um Windows - 18.02.2009 (7)

Zum Thema IE öffnet Werbung, Virus - Hallo Zusammen, also, bei mir öffnet der IE ständig Werbefenster. Virenscanner habe ich auch schon mehrfach (auch im abgesicherten Modus) laufen lassen und auch Viren gelöscht. Scheinbar ist das Problem - IE öffnet Werbung, Virus...
Archiv
Du betrachtest: IE öffnet Werbung, Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.