| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetseiten öffnen sich von selbst!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.09.2010, 18:05
| #1 |
 |  Internetseiten öffnen sich von selbst! Hallo Trojaner-board Also ich habe ein Problem und zwar öffnen sich zwischen durch bei browsen Internetseiten wie www.google.de/webhp , ebay oder von anderen Firmen die auch unbekannt sind. Es kommt auch vor das ich einen Link bei Google anklicke (zb. für eine Englishübersetzungsseite) und der meinen Suchbegriff den ich in Google eingab einfach mit Geom sucht obwohl ich ein link angeklickt habe! [Alles mit Firefox] Vor ein paar Tagen hab ich so einen Java.Agent mit Antiware gelöscht und nun das...... Das Problem ist der zeigt mir im Logfile nix an ... na vielleicht werdet ihr ja draus schlau MFG ... hoffe ihr könnt mir helfen  Hier ist der Malwarebytes-Quick-Scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4614 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 14.09.2010 18:54:11 mbam-log-2010-09-14 (18-54-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 149360 Laufzeit: 7 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ... und hier noch ein HiJackThis-Log HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:42, on 14.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LckFldService - Unknown owner - C:\Windows\system32\LckFldService.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 4708 bytes |
|
14.09.2010, 21:27
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internetseiten öffnen sich von selbst!Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
15.09.2010, 15:54
| #3 |
| | Internetseiten öffnen sich von selbst! Also hier ist der OT-Log der neue log von Malwarebytes wird folgen ..OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 15.09.2010 16:39:55 - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Admin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 44,19 Gb Free Space | 29,65% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RB_GAMBLER Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LckFldService) -- C:\Windows\System32\LckFldService.exe File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3746.dll () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (XPADFL02) -- C:\Windows\System32\DRIVERS\xpadfl02.sys File not found DRV - (XDva358) -- C:\Windows\System32\XDva358.sys File not found DRV - (XDva354) -- C:\Windows\System32\XDva354.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found DRV - (XDva328) -- C:\Windows\System32\XDva328.sys File not found DRV - (XDva326) -- C:\Windows\System32\XDva326.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (MotioninJoyUSBFilter) -- C:\Windows\System32\DRIVERS\MijUfilt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (ampro) -- C:\Users\Admin\Desktop\Portable ArtMoney by Hans212\ArtMoney\artmoney.sys File not found DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys () DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated) DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) DRV - (dsreader) MaxDrive Driver (dsreader.sys) -- C:\Windows\System32\drivers\dsreader.sys (Thesycon GmbH, Germany) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 32 28 C5 44 D6 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.giga.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.36.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.11 13:13:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.14 21:26:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.09.09 14:50:59 | 000,000,000 | ---D | M] [2009.08.17 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.09.14 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions [2010.05.23 20:28:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.13 16:47:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.26 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\battlefieldheroespatcher@ea.com [2010.07.15 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\IncredibleBookmarks@visibotech.com [2010.09.13 16:47:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\personas@christopher.beard [2010.09.13 16:47:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\smarterwiki@wikiatic.com [2010.02.16 17:36:20 | 000,002,055 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\daemon-search.xml [2010.07.06 18:16:14 | 000,001,196 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\winamp-search.xml [2010.08.09 17:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.19 17:06:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.09 17:38:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.04.04 13:09:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.04 13:09:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.04 13:09:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.04 13:09:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.04 13:09:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.07.25 11:45:25 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell - "" = AutoRun O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell - "" = AutoRun O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.15 16:33:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.09.14 21:26:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.14 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.09.14 18:40:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.14 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.14 18:39:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.14 18:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.14 18:37:59 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup.exe [2010.09.14 15:31:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.13 20:22:26 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.13 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Sunbelt Software [2010.09.13 20:20:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF} [2010.09.13 20:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010.09.13 20:07:18 | 133,070,376 | ---- | C] (Lavasoft ) -- C:\Users\Admin\Desktop\Ad-Aware833Install.exe [2010.09.09 18:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\TI [2010.09.09 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer [2010.09.09 14:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.09.09 14:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.09 14:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.09.09 14:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.09.09 14:49:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple [2010.09.09 14:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.09.09 14:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.09.09 14:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.09.03 18:35:07 | 000,000,000 | ---D | C] -- C:\c7f68f62de93ff910b3023224404db64 [2010.08.25 20:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.08.25 16:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TI Shared [2010.08.25 16:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education [2010.08.25 16:29:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\MyTIData [2010.08.25 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.15 16:41:07 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job [2010.09.15 16:38:56 | 002,621,440 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2010.09.15 16:33:58 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.09.15 16:26:33 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 16:26:33 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 16:26:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.15 16:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.14 21:37:53 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.14 21:37:53 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.14 21:30:03 | 002,482,746 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db [2010.09.14 21:26:56 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.14 18:40:17 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 18:38:26 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup.exe [2010.09.14 16:16:25 | 000,030,344 | ---- | M] () -- C:\Users\Admin\Desktop\Amazon.co.uk_ Your Halo_ Reach Spartan Recon helmet variant pre-order code.html [2010.09.14 15:31:48 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.14 15:30:20 | 000,291,640 | ---- | M] () -- C:\Users\Admin\Desktop\SoftonicDownloader20443.exe [2010.09.13 20:20:32 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.09.13 20:13:26 | 133,070,376 | ---- | M] (Lavasoft ) -- C:\Users\Admin\Desktop\Ad-Aware833Install.exe [2010.09.08 14:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.08 14:59:41 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.09.03 14:06:10 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.03 14:06:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.03 14:06:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.03 14:06:10 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.03 14:06:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.03 14:02:56 | 000,078,336 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.25 18:30:54 | 000,057,280 | ---- | M] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.25 18:29:59 | 000,259,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.19 20:57:14 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2010.08.16 17:31:02 | 000,013,299 | ---- | M] () -- C:\Users\Admin\Documents\fyn geb..odt [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.14 21:26:56 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.14 18:40:16 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 16:16:24 | 000,030,344 | ---- | C] () -- C:\Users\Admin\Desktop\Amazon.co.uk_ Your Halo_ Reach Spartan Recon helmet variant pre-order code.html [2010.09.14 15:29:09 | 000,291,640 | ---- | C] () -- C:\Users\Admin\Desktop\SoftonicDownloader20443.exe [2010.09.13 21:16:32 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.09.13 20:20:32 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.03.02 21:25:19 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2010.02.19 16:37:07 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.02.16 17:25:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.13 12:57:56 | 000,000,032 | ---- | C] () -- C:\Windows\System32\Mlkf.dll [2010.01.16 14:00:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.01.16 14:00:40 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.12.19 18:44:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.08 15:32:48 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2009.10.22 13:40:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.08 18:08:48 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.05.21 12:00:04 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png [2009.05.20 18:25:30 | 000,078,336 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.04 21:43:41 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.02.02 15:01:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > hier ist der neue Malewarebytes Log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4621 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 15.09.2010 17:48:43 mbam-log-2010-09-15 (17-48-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 267239 Laufzeit: 1 Stunde(n), 16 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Gerade hat mein Adaware auch verhindert das sich bei mir einfach eine schädliche Seite öffnet mit dieser ID 66.230.188.67 Geändert von RB_Gambler (15.09.2010 um 16:50 Uhr) |
|
15.09.2010, 17:47
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (XPADFL02) -- C:\Windows\System32\DRIVERS\xpadfl02.sys File not found
DRV - (XDva358) -- C:\Windows\System32\XDva358.sys File not found
DRV - (XDva354) -- C:\Windows\System32\XDva354.sys File not found
DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found
DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found
DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found
DRV - (XDva328) -- C:\Windows\System32\XDva328.sys File not found
DRV - (XDva326) -- C:\Windows\System32\XDva326.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (ampro) -- C:\Users\Admin\Desktop\Portable ArtMoney by Hans212\ArtMoney\artmoney.sys File not found
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell - "" = AutoRun
O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell - "" = AutoRun
O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found
[2010.09.03 18:35:07 | 000,000,000 | ---D | C] -- C:\c7f68f62de93ff910b3023224404db64
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.09.2010, 19:40
| #5 |
| | Internetseiten öffnen sich von selbst! So hab alles ausgeführt .... wie du gesagt hast... ach will mich auch nochmal dafür bedanken ,dass du dir die Zeit nimmst . Du hast ein dickes Danke verdient All processes killed ========== OTL ========== Service XPADFL02 stopped successfully! Service XPADFL02 deleted successfully! File C:\Windows\System32\DRIVERS\xpadfl02.sys File not found not found. Service XDva358 stopped successfully! Service XDva358 deleted successfully! File C:\Windows\System32\XDva358.sys File not found not found. Service XDva354 stopped successfully! Service XDva354 deleted successfully! File C:\Windows\System32\XDva354.sys File not found not found. Service XDva352 stopped successfully! Service XDva352 deleted successfully! File C:\Windows\System32\XDva352.sys File not found not found. Service XDva347 stopped successfully! Service XDva347 deleted successfully! File C:\Windows\System32\XDva347.sys File not found not found. Service XDva332 stopped successfully! Service XDva332 deleted successfully! File C:\Windows\System32\XDva332.sys File not found not found. Service XDva328 stopped successfully! Service XDva328 deleted successfully! File C:\Windows\System32\XDva328.sys File not found not found. Service XDva326 stopped successfully! Service XDva326 deleted successfully! File C:\Windows\System32\XDva326.sys File not found not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! File C:\Windows\System32\drivers\EagleNT.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys File not found not found. Service ampro stopped successfully! Service ampro deleted successfully! File C:\Users\Admin\Desktop\Portable ArtMoney by Hans212\ArtMoney\artmoney.sys File not found not found. Prefs.js: "Winamp Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c207d1be-1c90-11df-922c-00030d65b931}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c207d1be-1c90-11df-922c-00030d65b931}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. File E:\setup\rsrc\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. File E:\Directx\dxsetup.exe not found. C:\c7f68f62de93ff910b3023224404db64 folder moved successfully. ADS C:\ProgramData\TEMP  FC5A2B2 deleted successfully.========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Admin ->Temp folder emptied: 1768851 bytes ->Temporary Internet Files folder emptied: 845124244 bytes ->Java cache emptied: 59901004 bytes ->FireFox cache emptied: 73230522 bytes ->Flash cache emptied: 175791 bytes User: All Users Soll ich das mit dem Smile bei der einen tmp Datei ändern ?? |
|
15.09.2010, 20:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Internetseiten öffnen sich von selbst! |
|
15.09.2010, 20:18
| #7 |
| | Internetseiten öffnen sich von selbst! Ich werde jetzt erstmal schlafen gehen und mach dann morgen weiter da ... leide zurzeit unter Schlafentzug |
|
16.09.2010, 19:53
| #8 |
| | Internetseiten öffnen sich von selbst! Leider muss ich doppelposten ,aber hier ist der Log wenn auch mit Verspätungen. Sorry Combofix Logfile: Code:
ATTFilter ComboFix 10-09-16.03 - Admin 16.09.2010 20:33:17.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1917.1308 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-16 bis 2010-09-16 ))))))))))))))))))))))))))))))
.
2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-16 16:52 . 2010-08-26 12:40 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-09-16 16:52 . 2010-08-26 12:40 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-16 16:44 . 2010-09-16 16:44 -------- d-----w- c:\program files\CCleaner
2010-09-15 18:29 . 2010-09-15 18:29 -------- d-----w- C:\_OTL
2010-09-14 16:41 . 2010-09-14 16:41 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-09-14 16:40 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 16:39 . 2010-09-14 16:39 -------- d-----w- c:\programdata\Malwarebytes
2010-09-14 16:39 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 16:39 . 2010-09-14 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 13:31 . 2010-09-14 13:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-13 18:21 . 2010-09-13 18:21 -------- d-----w- c:\users\Admin\AppData\Local\Sunbelt Software
2010-09-09 16:40 . 2010-09-13 16:46 -------- d-----w- c:\users\Admin\TI
2010-09-09 12:54 . 2010-09-09 12:54 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2010-09-09 12:52 . 2010-09-09 12:52 -------- d-----w- c:\program files\iPod
2010-09-09 12:52 . 2010-09-09 12:53 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-09 12:52 . 2010-09-09 12:53 -------- d-----w- c:\program files\iTunes
2010-09-09 12:49 . 2010-09-09 12:50 -------- d-----w- c:\program files\QuickTime
2010-09-09 12:49 . 2010-09-09 12:49 -------- d-----w- c:\users\Admin\AppData\Local\Apple
2010-09-09 12:49 . 2010-09-09 12:49 -------- d-----w- c:\program files\Apple Software Update
2010-09-09 12:46 . 2010-09-09 12:46 -------- d-----w- c:\program files\Bonjour
2010-09-09 12:45 . 2010-09-09 12:45 -------- d-----w- c:\programdata\Apple
2010-09-01 07:12 . 2010-09-01 07:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-25 18:58 . 2010-08-25 18:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-25 14:29 . 2010-08-25 14:30 -------- d-----w- c:\program files\TI Education
2010-08-25 14:29 . 2010-08-25 14:29 -------- d-----w- c:\program files\Common Files\TI Shared
2010-08-25 14:27 . 2010-08-25 14:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 18:42 . 2010-07-21 13:21 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-16 18:25 . 2009-05-05 05:14 628742 ----a-w- c:\windows\system32\perfh007.dat
2010-09-16 18:25 . 2009-05-05 05:14 126260 ----a-w- c:\windows\system32\perfc007.dat
2010-09-16 18:14 . 2009-07-29 17:42 -------- d-----w- c:\programdata\Lavasoft
2010-09-16 16:52 . 2010-07-16 13:30 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-09-15 19:37 . 2009-05-17 09:31 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2010-09-15 18:53 . 2009-05-17 09:37 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM
2010-09-15 15:26 . 2009-11-24 15:03 1 ----a-w- c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-09 15:00 . 2009-12-19 16:42 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc
2010-09-09 12:52 . 2010-02-25 16:56 -------- d-----w- c:\program files\Common Files\Apple
2010-09-09 12:49 . 2010-03-02 14:58 -------- d-----w- c:\programdata\Apple Computer
2010-09-05 11:09 . 2010-02-02 12:19 -------- d-----w- c:\program files\JDownloader
2010-09-05 11:08 . 2010-02-20 14:54 -------- d-----w- c:\programdata\Microsoft Games
2010-09-05 11:08 . 2010-02-20 14:53 -------- d-----w- c:\users\Admin\AppData\Roaming\Microsoft Game Studios
2010-09-05 11:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-09-05 11:05 . 2010-05-13 07:06 -------- d-----w- c:\program files\Steam
2010-08-27 13:31 . 2010-03-02 16:02 -------- d-----w- c:\program files\Common Files\Steam
2010-08-26 12:45 . 2010-07-16 13:31 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-25 16:30 . 2009-05-04 19:44 57280 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-19 18:57 . 2009-05-04 19:43 680 ----a-w- c:\users\Admin\AppData\Local\d3d9caps.dat
2010-08-13 12:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-12 15:02 . 2010-08-12 15:02 5430 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_BBC8D813A8F14BA749114F.exe
2010-08-12 15:02 . 2010-08-12 15:02 5430 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_44F622AA395D57B9743A14.exe
2010-08-12 15:02 . 2010-08-12 15:02 -------- d-----w- c:\program files\Readon Technology
2010-08-09 18:02 . 2009-12-16 15:04 -------- d-----w- c:\users\Admin\AppData\Roaming\dvdcss
2010-08-09 15:38 . 2009-05-22 07:54 -------- d-----w- c:\program files\Java
2010-08-06 14:24 . 2010-02-13 18:22 -------- d-----w- c:\program files\Teeworlds
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 10:03 . 2010-07-21 13:41 -------- d-----w- c:\program files\alaplaya
2010-07-27 10:03 . 2009-05-04 20:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 13:53 . 2010-07-23 13:53 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-22 15:11 . 2010-07-16 13:47 3465216 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Borabora.tls.dll
2010-07-21 13:41 . 2009-05-04 20:38 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-17 03:00 . 2010-04-19 15:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 13:43 . 2010-07-16 13:43 65536 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\Circle.tla.dll
2010-07-02 07:52 . 2010-07-02 07:52 62776 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-26 06:05 . 2010-08-12 14:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 14:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 14:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 14:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 14:46 2037760 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\Drivers\dsreader.sys [2001-01-02 19677]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-16 691696]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-26 1051968]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2003-12-09 10368]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\phcr2h4c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.giga.de
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\phcr2h4c.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-16 20:42
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-09-16 20:45:50
ComboFix-quarantined-files.txt 2010-09-16 18:45
Vor Suchlauf: 12 Verzeichnis(se), 48.777.293.824 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 48.288.600.064 Bytes frei
- - End Of File - - 78AE85E15076AD1ED361011DD9ADEAB9
|
|
16.09.2010, 20:15
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2010, 15:19
| #10 |
| | Internetseiten öffnen sich von selbst! Hier ist der GMER-Log ... die anderen folgen GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-17 16:17:27
Windows 6.0.6002 Service Pack 2
Running: yx5jxusf.exe; Driver: C:\Users\Admin\AppData\Local\Temp\ugryauod.sys
---- System - GMER 1.0.15 ----
SSDT 959918A4 ZwCreateThread
SSDT 95991890 ZwOpenProcess
SSDT 95991895 ZwOpenThread
SSDT 9599189F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 822FC984 4 Bytes [A4, 18, 99, 95]
.text ntkrnlpa.exe!KeSetEvent + 3F1 822FCB54 4 Bytes [90, 18, 99, 95]
.text ntkrnlpa.exe!KeSetEvent + 40D 822FCB70 4 Bytes [95, 18, 99, 95]
.text ntkrnlpa.exe!KeSetEvent + 621 822FCD84 4 Bytes [9F, 18, 99, 95]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8B60D000, 0x267978, 0xE8000020]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x9F 0x0C 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0xE6 0xAE 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0xF2 0x6D 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEF 0xAA 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x9F 0x0C 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0xE6 0xAE 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0xF2 0x6D 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEF 0xAA 0xDB ...
---- EOF - GMER 1.0.15 ----
Hier ist der osam-logOSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:28:56 on 17.09.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0b1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "TIControlPanel.cpl" - "Texas Instruments Incorporated" - C:\Windows\system32\TIControlPanel.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Admin\AppData\Local\Temp\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "LibUsb-Win32 - Kernel Driver, Version 0.1.10.1" (libusb0) - ? - C:\Windows\System32\drivers\libusb0.sys "MaxDrive Driver (dsreader.sys)" (dsreader) - "Thesycon GmbH, Germany" - C:\Windows\System32\Drivers\dsreader.sys "MotioninJoy USB Filter Driver" (MotioninJoyUSBFilter) - ? - C:\Windows\System32\DRIVERS\MijUfilt.sys (File not found) "Ramdisk Driver" (RRamdisk) - "gavotte" - C:\Windows\System32\DRIVERS\rramdisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "ugryauod" (ugryauod) - ? - C:\Users\Admin\AppData\Local\Temp\ugryauod.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - ? - (File not found | COM-object registry key not found) {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Texas Instruments Incorporated" - C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\rswin_3746.dll (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LckFldService" (LckFldService) - ? - C:\Windows\system32\LckFldService.exe (File not found) "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von RB_Gambler (17.09.2010 um 15:30 Uhr) |
|
17.09.2010, 17:57
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Ok. Und der Bootkit Remover?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2010, 20:07
| #12 |
| | Internetseiten öffnen sich von selbst! Ohh.. ahb ich vergessen tschuldigung! Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6 002), 32-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit... |
|
17.09.2010, 20:08
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2010, 21:30
| #14 |
| | Internetseiten öffnen sich von selbst! Also hier sind die Logs ... wurde wohl nichts gefunden aufjedenfall vielen danke und ein großes Lob an euer Board ... ich kann euch nur weiterempfehlen Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4640 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 17.09.2010 22:17:27 mbam-log-2010-09-17 (22-17-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 257407 Laufzeit: 1 Stunde(n), 0 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und... SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 09/18/2010 bei 08:05 PM Version der Applikation : 4.43.1000 Version der Kern-Datenbank : 5530 Version der Spur-Datenbank : 3342 Scan Art : kompletter Scann Totale Scann-Zeit : 01:36:50 Gescannte Speicherelemente : 599 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 7592 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 123134 Erfasste Datei-Elemente : 0 |
|
19.09.2010, 17:20
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Sieht ok aus. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Internetseiten öffnen sich von selbst! |
| ad-aware, antivir, antivir guard, avg, avira, bonjour, dateien, defender, desktop, dll, ebay, explorer, firefox, gelöscht, hijack, internetseiten öffnen sich, link angeklickt, logfile, micro, microsoft, mozilla, problem, rundll, seiten, seiten öffnen sich, software, system, vista, von selbst |
Linear-Darstellung
