Andauernd Werbung und kein Googlen möglich

SaschaAleks · 06.05.2008, 21:10

Huhu, hier meine Logs:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\COMODO\Firewall\cmdagent.exe
C:\Programme\NewDotNet\nnrun.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Tunebite\tunebite.exe
C:\Programme\FeedReader30\feedreader.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\DOKUME~1\ALEKSA~1\ANWEND~1\DOBE~1\msconfig.exe
C:\WINDOWS\?ystem32\j?vaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Last.fm\LastFMHelper.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.BIN
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\NewDotNet\nnrun.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Safari\Safari.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = =ht//ww.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /go.microsoft.com/fwlink/?LinkId=69157]MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htp://go.microsoft.com/fwlink/?LinkId=54896]Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = tp://go.microsoft.com/fwlink/?LinkId=54896]Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htp://go.microsoft.com/fwlink/?LinkId=69157]MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/fuji/defaults/su/*htp://ww.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\atkctrsb.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - C:\WINDOWS\system32\iifddbXr.dll (file missing)
O2 - BHO: (no name) - {E7D7787E-68F8-4CFE-B9AA-E3B64FDC5143} - C:\WINDOWS\system32\hgGwTmlL.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {5c7911a3-1514-0258-4094-671b4b5f3a9e} - {e9a3f5b4-b176-4904-8520-41513a1197c5} - C:\WINDOWS\system32\emwjhpwt.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM2b9dff63] Rundll32.exe "C:\WINDOWS\system32\vomfhvcb.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Aleksander GÃ¼ckelhor\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [tunebite.exe] C:\Programme\Tunebite\tunebite.exe -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [feedreader.exe] "C:\Programme\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Dokumente und Einstellungen\Aleksander Gückelhor\Anwendungsdaten\Microsoft\Windows\mqvxn.exe
O4 - HKCU\..\Run: [Bier] "C:\DOKUME~1\ALEKSA~1\ANWEND~1\DOBE~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Ktr] C:\WINDOWS\?ystem32\j?vaw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: DSL-Manager.lnk = ?
O4 - Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\***\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - hp://data.flatcast.com/NpFp415.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: iifddbXr - iifddbXr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\Firewall\cmdagent.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NNServ - New.net, Inc. - C:\Programme\NewDotNet\nnrun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

Könnt ihr mir vielleicht sagen, was ich tun kann?

Liebe Grüße
Aleks

undoreal · 06.05.2008, 21:14

Hallo Sascha.

Poste bitte eine komplette Problembeschreibung.

Danach deinstalliere über Start->Systemsteuerung->Software den "NewDotNet" Eintrag.

Überprüfe dein System mit SASW.

Mache einen letzten Maleware-Check mit Malewarebytes.

Durchsuche mit dem Kaspersky Online Scanner dein System.

Checke dein System mit dem ESET Online Scanner.

Räume mit cCleaner auf ( die Registry musst du mehrmals durchsuchen und bereinigen lassen).

Poste danach bitte ein frisches HJT logfile inklusive Kopf!!!

undoreal · 06.05.2008, 22:29

Nochmal 'ne kleine Anleitung: (hätte ich fast vergessen..)

http://www.trojaner-board.de/40645-a...t-spyware.html

06.05.2008, 22:29	#3
undoreal /// AVZ-Toolkit Guru	Andauernd Werbung und kein Googlen möglich Nochmal 'ne kleine Anleitung: (hätte ich fast vergessen..) http://www.trojaner-board.de/40645-a...t-spyware.html __________________ __________________

Andauernd Werbung und kein Googlen möglich

Mülltonne: Andauernd Werbung und kein Googlen möglich