| Martin89 | 28.05.2006 20:40 |
Firefox öffnet dauernd Popups, HJT-Log anschauen
Seit gestern öffnet mein Firefox alle paar min irgendwelche Werbefenster. Inhalt ist verschieden, teils einfach nur Werbung, aber auch Warnungen über den Backtera-Virus(genau so wie in einem thread etwas weiter unten) und Downloadaufforderung für das Programm Error-Safe. Hab nichts runtergeladen, was sich auch nach kurzem Check durch Google als gut erwiesen hat. Hab auch mal S&D rüberlaufen lassen und 3 Probleme beheben lassen, trotzdem keine Besserung.
Hier mal der aktuelle HJT-Log:
Logfile of HijackThis v1.99.1
Scan saved at 21:19:43, on 28.05.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\0190WA~1\w0svc.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\ScanPanel\ScnPanel.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\x\Desktop\sicherheit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w*w.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://w*w.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = w*w.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\ELITET~1\ELITET~3.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [restrictanonymous] �
O4 - HKLM\..\Run: [MSN Messenger] mwibznr.exe
O4 - HKLM\..\Run: [WindowsRegKey%update] ethernet32m.exe
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry.exe
O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [windows monitor] C:\arsetup.exe
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [XM2002] C:\Programme\IPPS\XM2002®\XM2002.exe -auto
O4 - HKLM\..\Run: [defender] C:\\defender22.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\RunServices: [EnableDCOM] N
O4 - HKLM\..\RunServices: [MSN Messenger] mwibznr.exe
O4 - HKLM\..\RunServices: [WindowsRegKey%update] ethernet32m.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSN Messenger] mwibznr.exe
O4 - HKCU\..\Run: [WindowsRegKey%update] ethernet32m.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Startup] kimochi.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\RunServices: [MSN Messenger] mwibznr.exe
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://w*w.t-online.de/service/redir/ie_t-online.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5A1152-920B-49DA-94A2-FC62036E9A02}: NameServer = 195.50.140.252 195.50.140.114
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D5A1152-920B-49DA-94A2-FC62036E9A02}: NameServer = 195.50.140.252 195.50.140.114
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\k6800glme6qa0.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\
O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - C:\PROGRA~1\0190WA~1\w0svc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AolSoftwares (aolsoftwares) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Microsoft Windows Driver Service (Windows Driver Service) - Unknown owner - C:\WINDOWS\devldr32.exe (file missing)
Wär nett wenn sich das mal jmd angucken könnte, denke mal da wird sich das Problem irgendwo finden. | 