Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme
Pop Ups öffnen sich automatisch nach Virenmeldung

Pop Ups öffnen sich automatisch nach Virenmeldung


Antiviren-, Firewall- und andere Schutzprogramme: Pop Ups öffnen sich automatisch nach Virenmeldung

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.04.2010, 15:20   #21
FiDoS
 
Pop Ups öffnen sich automatisch nach Virenmeldung - Standard

Pop Ups öffnen sich automatisch nach Virenmeldung


OTL LOG:

OTL logfile created on: 23.04.2010 16:16:49 - Run 2
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Michael\Desktop\ALDI
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 379,50 Gb Free Space | 89,36% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 31,60 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAEL-PC
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.21 17:31:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\ALDI\OTL.exe
PRC - [2010.04.21 08:43:00 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.04.03 21:15:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.04.02 09:52:22 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.03.17 17:03:13 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.03.17 17:03:12 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.03.17 17:02:47 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe
PRC - [2010.03.17 17:02:47 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.11 20:54:20 | 007,739,936 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.07.28 02:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009.07.26 16:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.07.15 10:18:48 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.07.15 10:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.06.03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2010.04.21 17:31:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\ALDI\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.17 17:03:12 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.03.17 17:02:47 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.07.15 10:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.21 09:57:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 21:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.23 13:09:28 | 000,000,000 | ---D | M]

[2010.01.03 23:16:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2010.04.23 13:44:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\cj6zx2mo.default\extensions
[2010.01.28 18:54:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\cj6zx2mo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.23 13:09:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.23 13:09:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.23 13:09:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.04.23 13:49:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.04.23 13:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.04.23 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
[2010.04.23 13:10:51 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.04.23 13:10:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.04.23 13:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.23 13:09:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.04.23 13:00:55 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Michael\Desktop\JavaRa.exe
[2010.04.22 12:27:38 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Roaming\.#
[2010.04.22 11:44:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.22 07:58:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.04.22 07:56:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.04.22 07:56:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.04.22 07:56:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2010.04.22 07:49:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.22 07:49:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.22 07:49:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.22 07:49:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.22 07:49:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.22 07:48:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.21 17:30:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2010.04.21 17:29:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.21 17:29:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.21 17:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.21 17:29:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.21 16:59:30 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.04.21 16:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.04.21 16:47:16 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

========== Files - Modified Within 14 Days ==========

[2010.04.23 16:18:40 | 001,835,008 | -HS- | M] () -- C:\Users\Michael\ntuser.dat
[2010.04.23 16:14:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.23 16:08:51 | 000,000,000 | ---- | M] () -- C:\Users\Michael\AppData\Local\prvlcl.dat
[2010.04.23 13:49:41 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.23 13:49:41 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.23 13:48:47 | 002,672,312 | ---- | M] () -- C:\Users\Michael\Desktop\esetsmartinstaller_enu.exe
[2010.04.23 13:47:06 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.23 13:47:06 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.23 13:47:06 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.23 13:47:06 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.23 13:47:06 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.23 13:42:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.23 13:42:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.23 13:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.23 13:42:19 | 2363,129,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.23 13:41:27 | 008,690,538 | -H-- | M] () -- C:\Users\Michael\AppData\Local\IconCache.db
[2010.04.23 13:34:49 | 000,002,312 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2010.04.23 13:10:53 | 000,001,067 | ---- | M] () -- C:\Users\Michael\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.23 13:00:30 | 000,071,798 | ---- | M] () -- C:\Users\Michael\Desktop\JavaRa.zip
[2010.04.23 08:06:03 | 059,177,035 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.04.22 11:20:23 | 000,147,177 | ---- | M] () -- C:\Users\Michael\Desktop\SD743892img.JPG
[2010.04.22 08:22:53 | 000,009,728 | ---- | M] () -- C:\Users\Michael\Desktop\Mietkündigung.wps
[2010.04.22 07:55:41 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.04.22 07:47:13 | 003,923,062 | R--- | M] () -- C:\Users\Michael\Desktop\ComboFix.exe
[2010.04.21 14:44:21 | 1135,655,140 | ---- | M] () -- C:\Users\Michael\Desktop\Inseltraum_Suedthailand_10.04.20_02-50_zdfneo_50_TVOON_DE.mpg.avi
[2010.04.21 08:43:00 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.04.18 20:33:54 | 021,573,632 | ---- | M] () -- C:\Users\Michael\Desktop\Guns N' Roses-November Rain.mp3
[2010.04.15 18:49:09 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010.04.23 13:48:45 | 002,672,312 | ---- | C] () -- C:\Users\Michael\Desktop\esetsmartinstaller_enu.exe
[2010.04.23 13:10:53 | 000,001,067 | ---- | C] () -- C:\Users\Michael\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.23 13:00:55 | 000,245,103 | ---- | C] () -- C:\Users\Michael\Desktop\JavaRa.def
[2010.04.23 07:18:10 | 000,071,798 | ---- | C] () -- C:\Users\Michael\Desktop\JavaRa.zip
[2010.04.22 11:20:22 | 000,147,177 | ---- | C] () -- C:\Users\Michael\Desktop\SD743892img.JPG
[2010.04.22 08:22:53 | 000,009,728 | ---- | C] () -- C:\Users\Michael\Desktop\Mietkündigung.wps
[2010.04.22 07:49:23 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.22 07:49:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.22 07:49:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.22 07:49:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.22 07:49:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.22 07:47:06 | 003,923,062 | R--- | C] () -- C:\Users\Michael\Desktop\ComboFix.exe
[2010.04.21 14:43:36 | 1135,655,140 | ---- | C] () -- C:\Users\Michael\Desktop\Inseltraum_Suedthailand_10.04.20_02-50_zdfneo_50_TVOON_DE.mpg.avi
[2010.04.18 20:33:16 | 021,573,632 | ---- | C] () -- C:\Users\Michael\Desktop\Guns N' Roses-November Rain.mp3
[2010.04.15 18:49:09 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.09 20:53:07 | 015,338,945 | ---- | C] () -- C:\Users\Michael\Desktop\hasi.mp4
[2010.03.26 20:23:19 | 000,043,008 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.14 15:53:17 | 000,002,312 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2010.02.09 22:06:19 | 000,000,019 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\mdbu.bin
[2010.02.06 15:28:48 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\prvlcl.dat
[2010.01.14 11:04:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.01.14 11:04:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.01.09 10:18:30 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{7e50aebe-fcf7-11de-abf1-00222008339b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.09 10:18:30 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{7e50aebe-fcf7-11de-abf1-00222008339b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.09 10:18:30 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{7e50aebe-fcf7-11de-abf1-00222008339b}.TM.blf
[2009.12.24 18:52:11 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.12.24 18:52:11 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.24 18:52:11 | 000,262,144 | -HS- | C] () -- C:\Users\Michael\ntuser.dat.LOG1
[2009.12.24 18:52:11 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.24 18:52:11 | 000,000,020 | -HS- | C] () -- C:\Users\Michael\ntuser.ini
[2009.12.24 18:52:11 | 000,000,000 | -HS- | C] () -- C:\Users\Michael\ntuser.dat.LOG2
[2009.12.24 18:52:09 | 001,835,008 | -HS- | C] () -- C:\Users\Michael\ntuser.dat
[2009.09.29 12:18:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.09.29 07:38:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.09.29 07:15:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.28 12:53:48 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

========== LOP Check ==========

[2010.04.23 15:47:06 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2010.04.23 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ALDI_SUED_Mah_Jong
[2009.12.24 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MAGIX
[2010.03.27 09:03:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2010.03.27 08:27:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2010.02.19 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PhotoFiltre
[2010.01.14 11:04:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Samsung
[2010.03.14 15:53:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Template
[2010.03.20 20:04:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2010.03.30 19:36:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

 

Themen zu Pop Ups öffnen sich automatisch nach Virenmeldung
automatisch, avg free, explorer, gupdate, ie explorer, local\temp, magix, meldung, menu.exe, plug-in, pop ups, sich automatisch, studio, troja, trojaner, ups, virenmeldung, öffnen


« Virus? Desktop leer! Was ist das ? | NoVirusThanks Malware Remover »


Ähnliche Themen: Pop Ups öffnen sich automatisch nach Virenmeldung


  1. Nach Neuinstallation: Bei Firefox start öffnen sich immer WOT und Noscript automatisch
    Antiviren-, Firewall- und andere Schutzprogramme - 20.02.2015 (18)
  2. Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 15.12.2014 (5)
  3. Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 02.12.2014 (7)
  4. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (10)
  5. Registerkarten öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 25.02.2014 (3)
  6. tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (13)
  7. Links öffnen sich automatisch
    Antiviren-, Firewall- und andere Schutzprogramme - 28.08.2010 (25)
  8. Interseiten öffnen sich automatisch
    Log-Analyse und Auswertung - 11.07.2010 (25)
  9. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 10.12.2009 (7)
  10. Browserfenster öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 03.12.2009 (6)
  11. Ordner schließt sich nach dem öffnen automatisch!!
    Alles rund um Windows - 02.07.2009 (9)
  12. FF lässt sich nicht öffnen, Virenmeldung von Antivir
    Plagegeister aller Art und deren Bekämpfung - 21.08.2008 (5)
  13. Fenster öffnen sich automatisch im IE
    Log-Analyse und Auswertung - 21.02.2008 (4)
  14. IE-Werbeseiten öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 07.08.2006 (6)
  15. Browserfenster öffnen sich automatisch
    Log-Analyse und Auswertung - 25.03.2006 (5)
  16. Pop Ups öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 20.10.2005 (2)
  17. es öffnen sich automatisch Internetwerbeseiten
    Log-Analyse und Auswertung - 21.02.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Pop Ups öffnen sich automatisch nach Virenmeldung - OTL LOG: OTL logfile created on: 23.04.2010 16:16:49 - Run 2 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Michael\Desktop\ALDI Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation - Pop Ups öffnen sich automatisch nach Virenmeldung...
Archiv
Du betrachtest: Pop Ups öffnen sich automatisch nach Virenmeldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30