| |
| |||||||
Log-Analyse und Auswertung: FF öffnet immer zweites Fenter mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
02.01.2009, 21:00
| #1 |
 |  FF öffnet immer zweites Fenter mit Werbung Guten Abend!!! Ich habe das Problem das Firefox seit gestern ständig Websiten von Versandhäusern, Handyseiten und Single Seiten noch zusätzlich öffnet. Ich hänge hier mal ein HiJack Logfile und ein Navilog mit dran. Vielen Dank schon mal im vorraus. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:12:16, on 02.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\Razer\Copperhead\razertra.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\notepad.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 6640 bytes ------------------------------------------------------------------------- Search Navipromo version 3.7.0 began on 02.01.2009 at 19:58:23,67 !!! Warning, this report may include legitimate files/programs !!! !!! Post this report on the forum you are being helped !!! !!! Don't continue with removal unless instructed by an authorized helper !!! Fix running from C:\Program Files\navilog1 Updated on 10.12.2008 at 21h00 by IL-MAFIOSO Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ ) BIOS : Default System BIOS USER : ......... ( Administrator ) BOOT : Normal boot Antivirus : BitDefender Antivirus 12.0 (Activated) Firewall : BitDefender Firewall 12.0 (Activated) C:\ (Local Disk) - NTFS - Total:81 Go (Free:43 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:100 Go (Free:57 Go) F:\ (Local Disk) - NTFS - Total:133 Go (Free:83 Go) G:\ (Local Disk) - NTFS - Total:149 Go (Free:85 Go) H:\ (CD or DVD) Search done in normal mode *** Searching for installed Software *** *** Search folders in "C:\Windows" *** *** Search folders in "C:\Program Files" *** ...\WebMediaPlayer found ! *** Search folders in "c:\progra~2\micros~1\windows\startm~1\program s" *** ...\WebMediaPlayer found ! *** Search folders in "c:\progra~2\micros~1\windows\startm~1" *** *** Search folders in "C:\ProgramData" *** *** Search folders in "c:\users\............~1\appdata\roaming\micros~1\window s\startm~1\programs" *** *** Search folders in "C:\Users\............\AppData\Roaming" *** *** Search with Catchme-rootkit/stealth malware detector by gmer *** for more info : http://www.gmer.net *** Search with GenericNaviSearch *** !!! Possibility of legitimate files in the result !!! !!! Must always be checked before manually deleting !!! * Scan in "C:\Windows\system32" * * Scan in "C:\Users\............\AppData\Local\Microsoft" * * Scan in "C:\Users\............\AppData\Local" * *** Search files *** c:\users\public\desktop\WebMediaPlayer.lnk found ! *** Search specific Registry keys *** !! Following keys are not certainly all infected !! HKEY_CURRENT_USER\Software\Lanconfig found ! *** Complementary Search *** (Search specific files) 1)Search new Instant Access files : 2)Heuristic Search : * In "C:\Windows\system32" : * In "C:\Users\............\AppData\Local\Microsoft" : * In "C:\Users\............\AppData\Local" : swmem.exe found ! swmem.dat found ! swmem_nav.dat found ! swmem_navps.dat found ! 3)Certificates Search : Egroup certificate not found ! Electronic-Group certificate found ! Montorgueil certificate not found ! OOO-Favorit certificate found ! Sunny-Day-Design-Ltd certificate not found ! 4)Search others known folders and files : *** Search completed on 02.01.2009 at 20:03:51,76 *** |
|
03.01.2009, 08:12
| #2 |
| |  FF öffnet immer zweites Fenter mit Werbung Schönen guten Morgen.
__________________Ich habe hier im Forum jemanden mit dem in etwa gleichen Problem gefunden, Ihm wurde vorgeschlagen Schritt 2 im Navilog durchzuführen und dann das Logfile zu Posten. Ich habe es dann jetz auch mal gemacht und poste das Ergebnis. Könnte mir bitte jemand ein Feedback dazu geben ob es irgendwo noch Böse sachen gibt? Ich verstehe da nähmlich nur Banhof. Vielen Dank. Navilog1 Post nach Automatic Cleaning: (Sachen mit "......." habe ich meinen Name nur Entfernt!!!) -------------------------------------------------------- Navipromo Removal version 3.7.0 started on 03.01.2009 at 8:00:57,83 Fix running from C:\Program Files\navilog1 Updated on 10.12.2008 at 21h00 by IL-MAFIOSO Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ ) BIOS : Default System BIOS USER : ................. ( Administrator ) BOOT : Normal boot Antivirus : BitDefender Antivirus 12.0 (Activated) Firewall : BitDefender Firewall 12.0 (Activated) C:\ (Local Disk) - NTFS - Total:81 Go (Free:43 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:100 Go (Free:57 Go) F:\ (Local Disk) - NTFS - Total:133 Go (Free:83 Go) G:\ (Local Disk) - NTFS - Total:149 Go (Free:85 Go) H:\ (CD or DVD) Automatic removal with Catchme and GNS results Cleanning stage done on Reboot *** fsbl1.txt not found *** (Check that Catchme found nothing in Search Mode) *** Deleting with Backups GenericNaviSearch results *** * Deletion in "C:\Windows\System32" * * Deletion in "C:\Users\.................\AppData\Local\Microsoft" * * Deletion in "C:\Users\.................\AppData\Local" * *** Deleting folders in "C:\Windows" *** *** Deleting folders in "C:\Program Files" *** ...\WebMediaPlayer ...deleting... ...\WebMediaPlayer deleted ! *** Deleting folders in "c:\progra~2\micros~1\windows\startm~1\programs" *** ...\WebMediaPlayer ...deleting... ...\WebMediaPlayer deleted ! *** Deleting folders in "c:\progra~2\micros~1\windows\startm~1" *** *** Deleting folders in "C:\ProgramData" *** *** Deleting folders in c:\users\.................~1\appdata\roaming\micros~1\windows\startm~1\programs *** *** Deleting folders in "C:\Users\.................\AppData\Roaming" *** *** Deleting files *** c:\users\public\desktop\WebMediaPlayer.lnk deleted ! *** Deleting temporary files *** Cleaning of C:\Windows\Temp done ! Cleaning of C:\Users\.................~1\AppData\Local\Temp done ! *** Complementary Search *** (Search specific files) 1)Deletion with backups new Instant Access files: 2)Heuristic search and deletion with backups : * In "C:\Windows\system32" * * In "C:\Users\.................\AppData\Local\Microsoft" * * In "C:\Users\.................\AppData\Local" * swmem.exe found ! Copy swmem.exe done ! swmem.exe deleted ! swmem.dat found ! Copy swmem.dat done ! swmem.dat deleted ! swmem_nav.dat found ! Copy swmem_nav.dat done ! swmem_nav.dat deleted ! swmem_navps.dat found ! Copy swmem_navps.dat done ! swmem_navps.dat deleted ! *** Copy Registry to Safebackup folder *** Backing up Registry done ! *** Cleaning Registry *** Registry cleaned *** Certificates *** Egroup Certificate not found ! Electronic-Group Certificate deleted ! Montorgueil Certificate not found ! OOO-Favorit Certificate deleted ! Sunny-Day-Design-Ltd Certificate not found ! *** Search others known folders and files *** *** Cleaning stage complete on 03.01.2009 at 8:03:11,89 *** |
|
| Themen zu FF öffnet immer zweites Fenter mit Werbung |
| amd athlon, bho, browser, continue, defender, desktop, firefox, gservice, hijack, hijackthis, internet, internet explorer, local disk, logfile, malware, mozilla, navipromo, object, plug-in, problem, programdata, registry, rundll, senden, server, software, solution, system, tuneup.defrag, tuprogst.exe, virus, vista, werbung, windows, windows defender, windows sidebar |
Linear-Darstellung
