| |
| |||||||
Log-Analyse und Auswertung: ie explorer öffnet leere seiten, prog will daten ins inet übertragenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.07.2008, 13:08
| #1 |
 |  ie explorer öffnet leere seiten, prog will daten ins inet übertragen hi, auf dem laptop enínes bekannten von mir öffnet sich öfters ein neues ie fenster (ohne inhalt), und ein prog will daten ins inet stelle, man wird aber zuerst gefragt, ich selber habe das nochnicht gesehn, aber er meine iwas mit hidden/hiden?!?! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:02:46, on 14.07.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\user\Desktop\HiJackThis.exe C:\Windows\System32\wsqmcons.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\user\AppData\Local\Temp\jkkJawtr.dll,#1 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\user\AppData\Local\Temp\xxyxXnki.dll,c O4 - HKCU\..\Run: [80d79745] rundll32.exe "C:\Users\user\AppData\Local\Temp\munoqplx.dll",b O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 5494 bytes hoffe iwer kann da helfen grüße |
|
14.07.2008, 13:33
| #2 |
| | ie explorer öffnet leere seiten, prog will daten ins inet übertragen Hallo chris1111 und
__________________ Dein KIS ist veraltet installiere bitte die neue Version nach dieser Anleitung. Lass dir wie hier beschrieben alle versteckten Dateien anzeigen.http://www.trojaner-board.de/54791-a...tml#post349565(nur Punkt1!) Lass diese Dateien Code:
ATTFilter C:\Users\user\AppData\Local\Temp\munoqplx.dll
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll
C:\Users\user\AppData\Local\Temp\jkkJawtr.dll
|
|
14.07.2008, 13:47
| #3 | |
  | ie explorer öffnet leere seiten, prog will daten ins inet übertragenZitat:
Der Onlinscan bei Virustotal ist da schon in Ordnung. |
|
14.07.2008, 14:10
| #4 |
| | ie explorer öffnet leere seiten, prog will daten ins inet übertragen hier die ausertung er 3 datein Code:
ATTFilter C:\Users\user\AppData\Local\Temp\munoqplx.dll
File size: 93184 bytes
MD5...: e8e476362eaeaeaec8d76a80f918c257
SHA1..: dc783f52267eafbbc60496a894276bf56ce1110e
SHA256: 436b049a266bf03637067dacac9540fe97f79dac8fe9ce588b079842d3e55e35
SHA512: 9535b8196b405dc239966a6be51b400124ad0bde1c2cfcf6955145277ea44b3d
3c8a5163f08e540169f25677a4f62c426389b05998aca58f309bdca8d8444411
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100016bd
timedatestamp.....: 0x486b4ed7 (Wed Jul 02 09:48:07 2008)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3000 0x3000 4.37 f4af1a7819e16afbae40aa05c94ea696
.reloc 0x4000 0x1000 0x600 4.12 5523f1dbdee3ad6d781cfd33dd7eeaca
.rsrc 0x5000 0x2000 0x1800 7.97 cca692666d81b562be3e9b87d00f1657
.code 0x7000 0x1000 0xc00 7.93 0fbbf2d96391f5b7f8e81ca1738fd1cd
.data 0x8000 0x8000 0x7400 7.99 49c222a31ffdb864bca0884de18ca921
.code 0x10000 0x16000 0x8000 7.97 231a38bb34632a45b25e87d867de1b09
( 1 imports )
> user32.dll: BeginPaint, CheckMenuRadioItem, CheckRadioButton, CopyIcon, CreateMenu, CreateWindowExA, DestroyCursor, DestroyIcon, DestroyWindow, EndPaint, ExitWindowsEx, FindWindowExA, GetCapture, GetCursorPos, GetDC, GetDesktopWindow, GetSystemMetrics, GetWindow, GetWindowDC, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadIconA, LoadStringA, MessageBoxA, SetWindowPos, ShowWindow, SystemParametersInfoA, TranslateMessage, UpdateWindow, ValidateRect, WaitMessage, wvsprintfA
( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E63D98A10030701B6CC4018107D805005F0280D8
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll
weitere Informationen
File size: 318720 bytes
MD5...: 68f1e202aa0eed6dd2c73b1318a93613
SHA1..: 02a00e21f9d69a120e7568ffe1f32a585ce863fe
SHA256: 7dea3d053d090b80af91182c9c2549590695a6968a547d30adbc3c72c7ab4418
SHA512: cce9efd5e22b20faf88997bd8c930f740b1501acba1085aaee91f333f742732a
5c6e21ca71114f582f5011ce0e26e707c587b3e07844c5bc578e3bd13f8743fa
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000136f
timedatestamp.....: 0x485f54bd (Mon Jun 23 07:46:05 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2000 0x2000 5.36 715bd33bbe9526eb05838f25d86ed2a6
.data 0x3000 0x1000 0x600 4.86 928b679ff186b40c5e1c5d532d3013f2
CODE 0x4000 0x17000 0x16e00 8.00 34dfa8123118df37b77c649f02fc7f6d
.code 0x1b000 0x15000 0x14c00 8.00 facc9b6c065e7ec3f196e8259add3877
.reloc 0x30000 0x6d000 0x1f900 8.00 cb333e43977fdf886050f332c4ca759e
( 1 imports )
> user32.dll: BeginPaint, CreateMenu, CreateWindowExA, DestroyCursor, DestroyWindow, EndPaint, EndPaint, ExitWindowsEx, FindWindowExA, GetCapture, GetCursorPos, GetDC, GetDesktopWindow, GetSystemMetrics, GetWindow, GetWindowDC, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadStringA, MessageBoxA, PeekMessageA, PostMessageA, PostQuitMessage, RegisterClassA, ReleaseCapture, ReleaseDC, SendMessageA, SetCursor, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetPropA, SetScrollPos, SetScrollRange, SetSysColors, SetTimer, SetWindowLongA, SetWindowPos, ShowWindow, SystemParametersInfoA, TranslateMessage, UpdateWindow, ValidateRect, WaitMessage, wvsprintfA
( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E5EFA2F600C17BF7DDD604ADD30E5B00AE8C1741
C:\Users\user\AppData\Local\Temp\jkkJawtr.dll
File size: 28288 bytes
MD5...: d00b9b58f8f91b39a8e21795fba707ae
SHA1..: 0c57183bd00c7f7e7f6b0af181d89e42f4930317
SHA256: 008f6c7db29a9ba2ee165180f09ff1edc5e1183c401faf354c0a1033c08a65c4
SHA512: 4af3d8780539f4d799cbd643ddb9892444a42df8483158fb27f8cd51bfaa92d1
e0e785f2e5c92b42eb38314957c700a2f933b67c09365bf526f67f02901fb5aa
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100012a5
timedatestamp.....: 0x4821945b (Wed May 07 11:36:59 2008)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2000 0x2000 5.27 411556fafa00018d48d2261025c4c6ae
.rsrc 0x3000 0x1000 0x400 3.65 c3721dfca6de0ec7fa87c823194af350
.data 0x4000 0x1000 0x600 7.86 a8f6466feaabd1c7fc15881a7745e81a
.text 0x5000 0x1000 0xa00 7.92 6ec1b01e62aa382c2f2ed34019c56608
.idata 0x6000 0x1000 0x400 7.79 c2a38c5ba340d7b4be56c2f18b7f7cfd
.reloc 0x7000 0x1000 0xc00 7.93 af0fdeed3355560cdac55192899659a6
CODE 0x8000 0x1000 0x200 7.59 802e0da99795749576e206ae6b0af15c
.rsrc 0x9000 0x1000 0x1000 7.95 7b835a69b05dcd3e89927b884d28207e
BSS 0xa000 0x6000 0x1480 7.69 eedd7cee1d514f12767477055ed24246
( 1 imports )
> user32.dll: BeginPaint, EndPaint, GetDesktopWindow, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadStringA, MessageBoxA, PeekMessageA, PostMessageA, PostQuitMessage
( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=D4B3189080C304FF6E74002DDDE82A00ECEF19A5
|
|
14.07.2008, 15:00
| #5 |
| | ie explorer öffnet leere seiten, prog will daten ins inet übertragen malerebyte Code:
ATTFilter Malwarebytes' Anti-Malware 1.20
Datenbank Version: 948
Windows 6.0.6001 Service Pack 1
15:51:21 14.07.2008
mbam-log-7-14-2008 (15-51-21).txt
Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 159599
Scan Dauer: 45 minute(s), 9 second(s)
Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 29
Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)
Infizierte Speicher Module:
C:\Users\user\AppData\Local\Temp\munoqplx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll (Trojan.Vundo) -> Unloaded module successfully.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80d79745 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)
Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)
Infizierte Dateien:
C:\Users\user\AppData\Local\Temp\munoqplx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\user\AppData\Local\Temp\jkkJawtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSAK39UD\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\bgbobwvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\rsjdylnx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00008507 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp000094fe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00009896 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000a38e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000b431 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000b51b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000bc3c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000be01 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000c10d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000e79f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000eaab (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000f527 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000f8fe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00010ea0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0001143b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0001d2e7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\urujnqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\xoajlaff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\yekvceyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\yvlwdwov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll konnte nicht geöffnet werden |
|
14.07.2008, 15:08
| #6 |
| | ie explorer öffnet leere seiten, prog will daten ins inet übertragen hijackthis nach den scann: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06:12, on 14.07.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Users\user\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll, O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 5998 bytes |
|
14.07.2008, 19:24
| #7 |
| | ie explorer öffnet leere seiten, prog will daten ins inet übertragen die fehlermeldung erscheint nu nimma nach neustart (hmmm, ich hätt auch den edit button nehmen können, sorry  ) |
|
15.07.2008, 07:45
| #8 |
| | ie explorer öffnet leere seiten, prog will daten ins inet übertragen Hallo Chris Dann lasse mal noch den CCleaner nach Anleitung drüber laufen. Die Registry dabei mehrmals durchsuchen lassen, bis keine Fehler mehr festgestellt werden können. In deinem HJT-Log ist nichts mehr zu sehen. Die Benutzung des Editbuttens ist nur in der 1. Stunde möglich. (oder nur 30 Minuten?) |
|
15.07.2008, 14:06
| #9 |
| | ie explorer öffnet leere seiten, prog will daten ins inet übertragen hi, ccleaner hab ich drüber laufen lassen, alles so wie nach der anleitung, danke für die hilfe  |
|
| Themen zu ie explorer öffnet leere seiten, prog will daten ins inet übertragen |
| adobe, defender, desktop, dll, explorer, google, hijack, hijackthis, hkus\s-1-5-18, hotkey, ie explorer, ie fenster, internet, internet explorer, internet security, kaspersky, local\temp, logfile, microsoft, object, rundll, security, seiten, software, solution, system, temp, tuneup.defrag, vista, windows, windows defender, windows sidebar, öffnet |
