| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox4 öffnet immer Popups egal auf welche Seiten ich surfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.07.2011, 21:42
| #16 | |
 |  Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe Ich habe nun alles mit Tdsskiller gescannt und ein Objekt gedunden: Zitat:
|
|
04.07.2011, 22:18
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
04.07.2011, 23:23
| #18 |
| | Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe logfile von combofix:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 11-07-03.04 - *** 04.07.2011 23:48:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2012 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\QuickStores.ico
c:\programdata\vlc-1.0.1-win32.exe
c:\windows\IsUn0407.exe
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-04 bis 2011-07-04 ))))))))))))))))))))))))))))))
.
.
2011-07-04 22:01 . 2011-07-04 22:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-04 21:44 . 2011-07-04 21:45 -------- d-----w- C:\32788R22FWJFW
2011-07-04 17:48 . 2011-07-04 17:48 -------- d-----w- C:\_OTL
2011-07-04 16:08 . 2011-07-04 16:08 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2011-06-30 19:55 . 2011-06-30 19:55 -------- d-----w- c:\program files\epson
2011-06-30 19:55 . 2005-02-24 22:00 46080 ----a-w- c:\windows\system32\escimgd.dll
2011-06-30 19:55 . 2005-02-24 22:00 29696 ----a-w- c:\windows\system32\escwiad.dll
2011-06-30 19:55 . 2005-02-24 22:00 22016 ----a-w- c:\windows\system32\esccmd.dll
2011-06-30 19:54 . 2011-06-30 19:54 -------- d-----w- C:\EPSON
2011-06-30 18:58 . 2011-06-30 18:58 -------- d-----w- c:\program files\Canon
2011-06-28 04:21 . 2011-06-27 20:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-27 20:00 . 2011-06-30 20:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-27 19:56 . 2011-06-27 19:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-27 19:56 . 2011-04-29 10:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-27 19:55 . 2011-06-27 19:55 -------- d-----w- c:\program files\Lavasoft
2011-06-27 19:55 . 2011-06-27 19:55 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 12:12 . 2009-10-31 16:36 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 12:12 . 2009-10-31 16:36 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-07 15:55 . 2011-07-01 23:37 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0049EFCE-9FB6-4EC0-8C39-FD648A74065E}\mpengine.dll
2011-05-24 17:14 . 2009-10-02 23:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-22 21:40 . 2010-09-12 19:17 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-04-14 16:40 . 2011-07-03 15:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 09:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
2006-10-05 22:17 53248 ------w- c:\windows\Ctregrun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 09:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
2008-05-15 13:30 688128 ----a-w- c:\progra~1\WinTV\EPG Services\System\EPGClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-23 21:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 22:04 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player]
2007-04-12 14:33 202312 ----a-w- c:\program files\Virtual CD v9\System\VC9Play.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [2006-09-20 11392]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
R4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-05-30 437248]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-15 691696]
R4 VC9SecS;Virtual CD v9 Management Service;c:\program files\Virtual CD v9\System\VC9SecS.exe [2007-04-12 124488]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 11:19]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 15:46]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 15:46]
.
2011-07-04 c:\windows\Tasks\User_Feed_Synchronization-{22E7FA87-A719-425E-B66C-D169DE398560}.job
- c:\windows\system32\msfeedssync.exe [2011-03-28 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=14772&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xnxqxnho.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
SafeBoot-77670133.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-Biing! 2 - c:\windows\IsUn0407.exe
AddRemove-HaaliMkx - c:\program files\Matroska Pack\haali\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-05 00:09
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1878822649-3520458863-1312088198-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,94,4a,3a,5d,48,e0,fc,4e,00,99,48,79,79,51,53,f7,22,81,c4,46,78,ff,
22,82,49,96,bc,47,2b,89,3c,9d,ff,6a,01,1d,09,a2,08,14,e5,67,6c,c0,23,01,52,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1878822649-3520458863-1312088198-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,e9,aa,13,d2,a5,5e,ec,20,63,14,83,96,aa,7c,72,53,72,e8,da,65,
b0,9e,db,ef,30,1e,36,86,77,9d,77,46,0e,e3,09,c7,3c,46,d6,f1,04,c8,77,12,89,\
"rkeysecu"=hex:e0,93,35,4e,78,4a,d5,5b,c5,45,7c,e2,ff,6f,b6,4e
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4296)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-05 00:15:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-04 22:14
.
Vor Suchlauf: 7.049.240.576 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 13.400.272.896 Bytes frei
.
- - End Of File - - 2E4D4F66019624A712CC3E8DD2E07462
|
|
04.07.2011, 23:27
| #19 |
| | Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe nachdem ich combofix ausgeführt habe funktionierte firefox4 nicht mehr "registrierungskey fehlt" oder sowas ähnliches, ich habe es dann einfach nochmal neu installiert. hoffe dass das nicht mit anderen Programmen passiert ist. |
|
05.07.2011, 07:26
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe Nach CF den Rechner neustarten!! Der Rechner wird nicht immer automatisch neu gestartet!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.07.2011, 18:56
| #21 |
| | Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe Die Programme funktionieren wieder...lol. Leider sind die popups aber auch immer noch da  .mfg jake |
|
06.07.2011, 09:23
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.07.2011, 23:22
| #23 | |
| | Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe Hi, sry war gestern sehr beschäftigt und kam nicht dazu die scans zu machen. Habs jetzt endlich geschaft mein System mit Osam und MBRCheck zu machen. Gmer hat leider nicht funktioniert. Osam logfile: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:03:26 on 08.07.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "HH9Help.sys" (HH9Help.sys) - "H+H Software GmbH" - C:\Windows\system32\drivers\HH9Help.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxldqpog" (kxldqpog) - ? - C:\Users\***\AppData\Local\Temp\kxldqpog.sys (Hidden registry entry, rootkit activity | File not found) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "{22D78859-9CE9-4B77-BF18-AC83E81A9263}" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - "Cyberlink Corp." - C:\Program Files\HP\QuickPlay\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {705977C7-86CB-4743-BFAF-6908BD19B7B0} "HashCheck Shell Extension" - "code.kliu.org" - C:\Windows\system32\ShellExt\HashCheck.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll "PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [Logon] -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" "SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDF995 Monitor" - ? - C:\Windows\system32\pdf995mon.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/QUOTE] MBRCheck logfile: Zitat:
- NetGroup Packet Filter Driver CACE Technologies, Inc. C:\Windows\System32\drivers\npf.sys - Remote Packet Capture Protocol v.0 (experimental) CACE Technologies, Inc. C:\Program Files\WinPcap\rpcapd.exe Könnte dass das Problem sein? Danke!!! Geändert von jake33 (07.07.2011 um 23:30 Uhr) |
|
| Themen zu Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe |
| ad-aware, ausgehen, avira, button, ebenfalls, firefox, forum, hijack, hijackthis, hijackthis logfile, iminent, klicke, logfile, nichts, offen, online, plötzlich, pop ups, popups, problem, seite, seiten, spybot, system, vista, vista 32, öffnen, öffnet |
Linear-Darstellung
