|
Plagegeister aller Art und deren Bekämpfung: Internetseiten öffnen sich von selbst!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.09.2010, 18:05 | #1 |
| Internetseiten öffnen sich von selbst! Hallo Trojaner-board Also ich habe ein Problem und zwar öffnen sich zwischen durch bei browsen Internetseiten wie www.google.de/webhp , ebay oder von anderen Firmen die auch unbekannt sind. Es kommt auch vor das ich einen Link bei Google anklicke (zb. für eine Englishübersetzungsseite) und der meinen Suchbegriff den ich in Google eingab einfach mit Geom sucht obwohl ich ein link angeklickt habe! [Alles mit Firefox] Vor ein paar Tagen hab ich so einen Java.Agent mit Antiware gelöscht und nun das...... Das Problem ist der zeigt mir im Logfile nix an ... na vielleicht werdet ihr ja draus schlau MFG ... hoffe ihr könnt mir helfen Hier ist der Malwarebytes-Quick-Scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4614 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 14.09.2010 18:54:11 mbam-log-2010-09-14 (18-54-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 149360 Laufzeit: 7 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ... und hier noch ein HiJackThis-Log HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:42, on 14.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LckFldService - Unknown owner - C:\Windows\system32\LckFldService.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 4708 bytes |
14.09.2010, 21:27 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst!Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
15.09.2010, 15:54 | #3 |
| Internetseiten öffnen sich von selbst! Also hier ist der OT-Log der neue log von Malwarebytes wird folgen ..OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 15.09.2010 16:39:55 - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Admin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 44,19 Gb Free Space | 29,65% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RB_GAMBLER Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LckFldService) -- C:\Windows\System32\LckFldService.exe File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3746.dll () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (XPADFL02) -- C:\Windows\System32\DRIVERS\xpadfl02.sys File not found DRV - (XDva358) -- C:\Windows\System32\XDva358.sys File not found DRV - (XDva354) -- C:\Windows\System32\XDva354.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found DRV - (XDva328) -- C:\Windows\System32\XDva328.sys File not found DRV - (XDva326) -- C:\Windows\System32\XDva326.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (MotioninJoyUSBFilter) -- C:\Windows\System32\DRIVERS\MijUfilt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (ampro) -- C:\Users\Admin\Desktop\Portable ArtMoney by Hans212\ArtMoney\artmoney.sys File not found DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys () DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated) DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) DRV - (dsreader) MaxDrive Driver (dsreader.sys) -- C:\Windows\System32\drivers\dsreader.sys (Thesycon GmbH, Germany) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 32 28 C5 44 D6 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.giga.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.36.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.11 13:13:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.14 21:26:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.09.09 14:50:59 | 000,000,000 | ---D | M] [2009.08.17 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.09.14 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions [2010.05.23 20:28:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.13 16:47:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.26 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\battlefieldheroespatcher@ea.com [2010.07.15 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\IncredibleBookmarks@visibotech.com [2010.09.13 16:47:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\personas@christopher.beard [2010.09.13 16:47:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\smarterwiki@wikiatic.com [2010.02.16 17:36:20 | 000,002,055 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\daemon-search.xml [2010.07.06 18:16:14 | 000,001,196 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\winamp-search.xml [2010.08.09 17:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.19 17:06:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.09 17:38:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.04.04 13:09:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.04 13:09:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.04 13:09:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.04 13:09:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.04 13:09:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.07.25 11:45:25 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell - "" = AutoRun O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell - "" = AutoRun O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.15 16:33:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.09.14 21:26:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.14 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.09.14 18:40:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.14 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.14 18:39:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.14 18:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.14 18:37:59 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup.exe [2010.09.14 15:31:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.13 20:22:26 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.13 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Sunbelt Software [2010.09.13 20:20:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF} [2010.09.13 20:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010.09.13 20:07:18 | 133,070,376 | ---- | C] (Lavasoft ) -- C:\Users\Admin\Desktop\Ad-Aware833Install.exe [2010.09.09 18:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\TI [2010.09.09 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer [2010.09.09 14:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.09.09 14:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.09 14:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.09.09 14:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.09.09 14:49:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple [2010.09.09 14:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.09.09 14:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.09.09 14:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.09.03 18:35:07 | 000,000,000 | ---D | C] -- C:\c7f68f62de93ff910b3023224404db64 [2010.08.25 20:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.08.25 16:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TI Shared [2010.08.25 16:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education [2010.08.25 16:29:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\MyTIData [2010.08.25 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.15 16:41:07 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job [2010.09.15 16:38:56 | 002,621,440 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2010.09.15 16:33:58 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.09.15 16:26:33 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 16:26:33 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 16:26:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.15 16:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.14 21:37:53 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.14 21:37:53 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.14 21:30:03 | 002,482,746 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db [2010.09.14 21:26:56 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.14 18:40:17 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 18:38:26 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup.exe [2010.09.14 16:16:25 | 000,030,344 | ---- | M] () -- C:\Users\Admin\Desktop\Amazon.co.uk_ Your Halo_ Reach Spartan Recon helmet variant pre-order code.html [2010.09.14 15:31:48 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.14 15:30:20 | 000,291,640 | ---- | M] () -- C:\Users\Admin\Desktop\SoftonicDownloader20443.exe [2010.09.13 20:20:32 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.09.13 20:13:26 | 133,070,376 | ---- | M] (Lavasoft ) -- C:\Users\Admin\Desktop\Ad-Aware833Install.exe [2010.09.08 14:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.08 14:59:41 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.09.03 14:06:10 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.03 14:06:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.03 14:06:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.03 14:06:10 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.03 14:06:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.03 14:02:56 | 000,078,336 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.25 18:30:54 | 000,057,280 | ---- | M] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.25 18:29:59 | 000,259,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.19 20:57:14 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2010.08.16 17:31:02 | 000,013,299 | ---- | M] () -- C:\Users\Admin\Documents\fyn geb..odt [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.14 21:26:56 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.14 18:40:16 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 16:16:24 | 000,030,344 | ---- | C] () -- C:\Users\Admin\Desktop\Amazon.co.uk_ Your Halo_ Reach Spartan Recon helmet variant pre-order code.html [2010.09.14 15:29:09 | 000,291,640 | ---- | C] () -- C:\Users\Admin\Desktop\SoftonicDownloader20443.exe [2010.09.13 21:16:32 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.09.13 20:20:32 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.03.02 21:25:19 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2010.02.19 16:37:07 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.02.16 17:25:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.13 12:57:56 | 000,000,032 | ---- | C] () -- C:\Windows\System32\Mlkf.dll [2010.01.16 14:00:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.01.16 14:00:40 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.12.19 18:44:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.08 15:32:48 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2009.10.22 13:40:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.08 18:08:48 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.05.21 12:00:04 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png [2009.05.20 18:25:30 | 000,078,336 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.04 21:43:41 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.02.02 15:01:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > hier ist der neue Malewarebytes Log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4621 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 15.09.2010 17:48:43 mbam-log-2010-09-15 (17-48-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 267239 Laufzeit: 1 Stunde(n), 16 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Gerade hat mein Adaware auch verhindert das sich bei mir einfach eine schädliche Seite öffnet mit dieser ID 66.230.188.67 Geändert von RB_Gambler (15.09.2010 um 16:50 Uhr) |
15.09.2010, 17:47 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV - (XPADFL02) -- C:\Windows\System32\DRIVERS\xpadfl02.sys File not found DRV - (XDva358) -- C:\Windows\System32\XDva358.sys File not found DRV - (XDva354) -- C:\Windows\System32\XDva354.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found DRV - (XDva328) -- C:\Windows\System32\XDva328.sys File not found DRV - (XDva326) -- C:\Windows\System32\XDva326.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (ampro) -- C:\Users\Admin\Desktop\Portable ArtMoney by Hans212\ArtMoney\artmoney.sys File not found FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell - "" = AutoRun O33 - MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell - "" = AutoRun O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found [2010.09.03 18:35:07 | 000,000,000 | ---D | C] -- C:\c7f68f62de93ff910b3023224404db64 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.09.2010, 19:40 | #5 |
| Internetseiten öffnen sich von selbst! So hab alles ausgeführt .... wie du gesagt hast... ach will mich auch nochmal dafür bedanken ,dass du dir die Zeit nimmst . Du hast ein dickes Danke verdient All processes killed ========== OTL ========== Service XPADFL02 stopped successfully! Service XPADFL02 deleted successfully! File C:\Windows\System32\DRIVERS\xpadfl02.sys File not found not found. Service XDva358 stopped successfully! Service XDva358 deleted successfully! File C:\Windows\System32\XDva358.sys File not found not found. Service XDva354 stopped successfully! Service XDva354 deleted successfully! File C:\Windows\System32\XDva354.sys File not found not found. Service XDva352 stopped successfully! Service XDva352 deleted successfully! File C:\Windows\System32\XDva352.sys File not found not found. Service XDva347 stopped successfully! Service XDva347 deleted successfully! File C:\Windows\System32\XDva347.sys File not found not found. Service XDva332 stopped successfully! Service XDva332 deleted successfully! File C:\Windows\System32\XDva332.sys File not found not found. Service XDva328 stopped successfully! Service XDva328 deleted successfully! File C:\Windows\System32\XDva328.sys File not found not found. Service XDva326 stopped successfully! Service XDva326 deleted successfully! File C:\Windows\System32\XDva326.sys File not found not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! File C:\Windows\System32\drivers\EagleNT.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys File not found not found. Service ampro stopped successfully! Service ampro deleted successfully! File C:\Users\Admin\Desktop\Portable ArtMoney by Hans212\ArtMoney\artmoney.sys File not found not found. Prefs.js: "Winamp Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c207d1be-1c90-11df-922c-00030d65b931}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c207d1be-1c90-11df-922c-00030d65b931}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c207d1be-1c90-11df-922c-00030d65b931}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. File E:\setup\rsrc\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c594d8f4-1b11-11df-8ea6-00030d65b931}\ not found. File E:\Directx\dxsetup.exe not found. C:\c7f68f62de93ff910b3023224404db64 folder moved successfully. ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Admin ->Temp folder emptied: 1768851 bytes ->Temporary Internet Files folder emptied: 845124244 bytes ->Java cache emptied: 59901004 bytes ->FireFox cache emptied: 73230522 bytes ->Flash cache emptied: 175791 bytes User: All Users Soll ich das mit dem Smile bei der einen tmp Datei ändern ?? |
15.09.2010, 20:07 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Internetseiten öffnen sich von selbst! |
15.09.2010, 20:18 | #7 |
| Internetseiten öffnen sich von selbst! Ich werde jetzt erstmal schlafen gehen und mach dann morgen weiter da ... leide zurzeit unter Schlafentzug |
16.09.2010, 19:53 | #8 |
| Internetseiten öffnen sich von selbst! Leider muss ich doppelposten ,aber hier ist der Log wenn auch mit Verspätungen. Sorry Combofix Logfile: Code:
ATTFilter ComboFix 10-09-16.03 - Admin 16.09.2010 20:33:17.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1917.1308 [GMT 2:00] ausgeführt von:: c:\users\Admin\Desktop\cofi.exe SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2010-08-16 bis 2010-09-16 )))))))))))))))))))))))))))))) . 2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Admin\AppData\Local\temp 2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Gast\AppData\Local\temp 2010-09-16 18:42 . 2010-09-16 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-16 16:52 . 2010-08-26 12:40 21312 ----a-w- c:\windows\system32\authuitu.dll 2010-09-16 16:52 . 2010-08-26 12:40 30016 ----a-w- c:\windows\system32\uxtuneup.dll 2010-09-16 16:44 . 2010-09-16 16:44 -------- d-----w- c:\program files\CCleaner 2010-09-15 18:29 . 2010-09-15 18:29 -------- d-----w- C:\_OTL 2010-09-14 16:41 . 2010-09-14 16:41 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes 2010-09-14 16:40 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-14 16:39 . 2010-09-14 16:39 -------- d-----w- c:\programdata\Malwarebytes 2010-09-14 16:39 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-14 16:39 . 2010-09-14 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-14 13:31 . 2010-09-14 13:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-13 18:21 . 2010-09-13 18:21 -------- d-----w- c:\users\Admin\AppData\Local\Sunbelt Software 2010-09-09 16:40 . 2010-09-13 16:46 -------- d-----w- c:\users\Admin\TI 2010-09-09 12:54 . 2010-09-09 12:54 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer 2010-09-09 12:52 . 2010-09-09 12:52 -------- d-----w- c:\program files\iPod 2010-09-09 12:52 . 2010-09-09 12:53 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-09-09 12:52 . 2010-09-09 12:53 -------- d-----w- c:\program files\iTunes 2010-09-09 12:49 . 2010-09-09 12:50 -------- d-----w- c:\program files\QuickTime 2010-09-09 12:49 . 2010-09-09 12:49 -------- d-----w- c:\users\Admin\AppData\Local\Apple 2010-09-09 12:49 . 2010-09-09 12:49 -------- d-----w- c:\program files\Apple Software Update 2010-09-09 12:46 . 2010-09-09 12:46 -------- d-----w- c:\program files\Bonjour 2010-09-09 12:45 . 2010-09-09 12:45 -------- d-----w- c:\programdata\Apple 2010-09-01 07:12 . 2010-09-01 07:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe 2010-08-25 18:58 . 2010-08-25 18:58 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-25 14:29 . 2010-08-25 14:30 -------- d-----w- c:\program files\TI Education 2010-08-25 14:29 . 2010-08-25 14:29 -------- d-----w- c:\program files\Common Files\TI Shared 2010-08-25 14:27 . 2010-08-25 14:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 18:42 . 2010-07-21 13:21 -------- d-----w- c:\program files\Common Files\Akamai 2010-09-16 18:25 . 2009-05-05 05:14 628742 ----a-w- c:\windows\system32\perfh007.dat 2010-09-16 18:25 . 2009-05-05 05:14 126260 ----a-w- c:\windows\system32\perfc007.dat 2010-09-16 18:14 . 2009-07-29 17:42 -------- d-----w- c:\programdata\Lavasoft 2010-09-16 16:52 . 2010-07-16 13:30 -------- d-----w- c:\program files\TuneUp Utilities 2010 2010-09-15 19:37 . 2009-05-17 09:31 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype 2010-09-15 18:53 . 2009-05-17 09:37 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM 2010-09-15 15:26 . 2009-11-24 15:03 1 ----a-w- c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-09 15:00 . 2009-12-19 16:42 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc 2010-09-09 12:52 . 2010-02-25 16:56 -------- d-----w- c:\program files\Common Files\Apple 2010-09-09 12:49 . 2010-03-02 14:58 -------- d-----w- c:\programdata\Apple Computer 2010-09-05 11:09 . 2010-02-02 12:19 -------- d-----w- c:\program files\JDownloader 2010-09-05 11:08 . 2010-02-20 14:54 -------- d-----w- c:\programdata\Microsoft Games 2010-09-05 11:08 . 2010-02-20 14:53 -------- d-----w- c:\users\Admin\AppData\Roaming\Microsoft Game Studios 2010-09-05 11:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games 2010-09-05 11:05 . 2010-05-13 07:06 -------- d-----w- c:\program files\Steam 2010-08-27 13:31 . 2010-03-02 16:02 -------- d-----w- c:\program files\Common Files\Steam 2010-08-26 12:45 . 2010-07-16 13:31 30528 ----a-w- c:\windows\system32\TURegOpt.exe 2010-08-25 16:30 . 2009-05-04 19:44 57280 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-19 18:57 . 2009-05-04 19:43 680 ----a-w- c:\users\Admin\AppData\Local\d3d9caps.dat 2010-08-13 12:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-12 15:02 . 2010-08-12 15:02 5430 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_BBC8D813A8F14BA749114F.exe 2010-08-12 15:02 . 2010-08-12 15:02 5430 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_44F622AA395D57B9743A14.exe 2010-08-12 15:02 . 2010-08-12 15:02 -------- d-----w- c:\program files\Readon Technology 2010-08-09 18:02 . 2009-12-16 15:04 -------- d-----w- c:\users\Admin\AppData\Roaming\dvdcss 2010-08-09 15:38 . 2009-05-22 07:54 -------- d-----w- c:\program files\Java 2010-08-06 14:24 . 2010-02-13 18:22 -------- d-----w- c:\program files\Teeworlds 2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-07-27 16:44 . 2010-07-27 16:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-07-27 10:03 . 2010-07-21 13:41 -------- d-----w- c:\program files\alaplaya 2010-07-27 10:03 . 2009-05-04 20:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-23 13:53 . 2010-07-23 13:53 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-07-22 15:11 . 2010-07-16 13:47 3465216 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Borabora.tls.dll 2010-07-21 13:41 . 2009-05-04 20:38 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-17 03:00 . 2010-04-19 15:06 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-16 13:43 . 2010-07-16 13:43 65536 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\Circle.tla.dll 2010-07-02 07:52 . 2010-07-02 07:52 62776 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-06-26 06:05 . 2010-08-12 14:48 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 14:48 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 14:48 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 14:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-12 14:46 2037760 ----a-w- c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] R3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\Drivers\dsreader.sys [2001-01-02 19677] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792] R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [x] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-16 691696] R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640] R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-26 1051968] S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2003-12-09 10368] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\phcr2h4c.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.giga.de FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\phcr2h4c.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.sessionstore.resume_from_crash - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-09-16 20:42 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Zeit der Fertigstellung: 2010-09-16 20:45:50 ComboFix-quarantined-files.txt 2010-09-16 18:45 Vor Suchlauf: 12 Verzeichnis(se), 48.777.293.824 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 48.288.600.064 Bytes frei - - End Of File - - 78AE85E15076AD1ED361011DD9ADEAB9 |
16.09.2010, 20:15 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.09.2010, 15:19 | #10 |
| Internetseiten öffnen sich von selbst! Hier ist der GMER-Log ... die anderen folgen GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-09-17 16:17:27 Windows 6.0.6002 Service Pack 2 Running: yx5jxusf.exe; Driver: C:\Users\Admin\AppData\Local\Temp\ugryauod.sys ---- System - GMER 1.0.15 ---- SSDT 959918A4 ZwCreateThread SSDT 95991890 ZwOpenProcess SSDT 95991895 ZwOpenThread SSDT 9599189F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 822FC984 4 Bytes [A4, 18, 99, 95] .text ntkrnlpa.exe!KeSetEvent + 3F1 822FCB54 4 Bytes [90, 18, 99, 95] .text ntkrnlpa.exe!KeSetEvent + 40D 822FCB70 4 Bytes [95, 18, 99, 95] .text ntkrnlpa.exe!KeSetEvent + 621 822FCD84 4 Bytes [9F, 18, 99, 95] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8B60D000, 0x267978, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x9F 0x0C 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0xE6 0xAE 0x44 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0xF2 0x6D 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEF 0xAA 0xDB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x9F 0x0C 0xF7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0xE6 0xAE 0x44 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0xF2 0x6D 0xF3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEF 0xAA 0xDB ... ---- EOF - GMER 1.0.15 ---- Hier ist der osam-logOSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:28:56 on 17.09.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0b1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "TIControlPanel.cpl" - "Texas Instruments Incorporated" - C:\Windows\system32\TIControlPanel.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Admin\AppData\Local\Temp\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "LibUsb-Win32 - Kernel Driver, Version 0.1.10.1" (libusb0) - ? - C:\Windows\System32\drivers\libusb0.sys "MaxDrive Driver (dsreader.sys)" (dsreader) - "Thesycon GmbH, Germany" - C:\Windows\System32\Drivers\dsreader.sys "MotioninJoy USB Filter Driver" (MotioninJoyUSBFilter) - ? - C:\Windows\System32\DRIVERS\MijUfilt.sys (File not found) "Ramdisk Driver" (RRamdisk) - "gavotte" - C:\Windows\System32\DRIVERS\rramdisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "ugryauod" (ugryauod) - ? - C:\Users\Admin\AppData\Local\Temp\ugryauod.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - ? - (File not found | COM-object registry key not found) {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Texas Instruments Incorporated" - C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\rswin_3746.dll (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LckFldService" (LckFldService) - ? - C:\Windows\system32\LckFldService.exe (File not found) "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von RB_Gambler (17.09.2010 um 15:30 Uhr) |
17.09.2010, 17:57 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Ok. Und der Bootkit Remover?
__________________ Logfiles bitte immer in CODE-Tags posten |
17.09.2010, 20:07 | #12 |
| Internetseiten öffnen sich von selbst! Ohh.. ahb ich vergessen tschuldigung! Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6 002), 32-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit... |
17.09.2010, 20:08 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.09.2010, 21:30 | #14 |
| Internetseiten öffnen sich von selbst! Also hier sind die Logs ... wurde wohl nichts gefunden aufjedenfall vielen danke und ein großes Lob an euer Board ... ich kann euch nur weiterempfehlen Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4640 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 17.09.2010 22:17:27 mbam-log-2010-09-17 (22-17-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 257407 Laufzeit: 1 Stunde(n), 0 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und... SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 09/18/2010 bei 08:05 PM Version der Applikation : 4.43.1000 Version der Kern-Datenbank : 5530 Version der Spur-Datenbank : 3342 Scan Art : kompletter Scann Totale Scann-Zeit : 01:36:50 Gescannte Speicherelemente : 599 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 7592 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 123134 Erfasste Datei-Elemente : 0 |
19.09.2010, 17:20 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetseiten öffnen sich von selbst! Sieht ok aus. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Internetseiten öffnen sich von selbst! |
ad-aware, antivir, antivir guard, avg, avira, bonjour, dateien, defender, desktop, dll, ebay, explorer, firefox, gelöscht, hijack, internetseiten öffnen sich, link angeklickt, logfile, micro, microsoft, mozilla, problem, rundll, seiten, seiten öffnen sich, software, system, vista, von selbst |