| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Selbständig öffnende WerbefensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.09.2010, 11:25
| #1 |
| |  Selbständig öffnende Werbefenster Hallo zusammen, ich habe seit ca. 1 Woche das Problem von sich selbst öffnenden Werbefenstern. Dies betrifft FF, Chrome und IE. Jamba-Werbung, Baur usw. Ein Ad-Aware Scan ergab nichts, und Virenscanner (Trend Micro, Free-AV) waren auch ergebnislos. Ein OLT-Scan ergab folgende Log-Datei: ---OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2010 11:26:22 - Run 1
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 271,24 Gb Free Space | 90,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 300,00 Gb Total Space | 22,15 Gb Free Space | 7,38% Space Free | Partition Type: NTFS
Drive Q: | 300,00 Gb Total Space | 22,15 Gb Free Space | 7,38% Space Free | Partition Type: NTFS
Drive W: | 499,99 Gb Total Space | 18,33 Gb Free Space | 3,67% Space Free | Partition Type: NTFS
Drive X: | 15,00 Gb Total Space | 3,70 Gb Free Space | 24,64% Space Free | Partition Type: NTFS
Drive Y: | 15,00 Gb Total Space | 3,70 Gb Free Space | 24,64% Space Free | Partition Type: NTFS
Drive Z: | 15,00 Gb Total Space | 3,70 Gb Free Space | 24,64% Space Free | Partition Type: NTFS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.29 15:25:46 | 000,575,488 | ---- | M]
PRC - [2010.09.20 15:24:23 | 012,479,664 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.09.20 14:25:41 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.09.20 14:25:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.09.16 18:51:02 | 002,320,301 | ---- | M] () -- C:\Programme\Search Advisor\adgui.exe
PRC - [2010.09.02 23:12:40 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010.09.02 23:07:46 | 001,028,560 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010.09.02 23:07:46 | 000,730,408 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010.09.02 23:07:46 | 000,296,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Temp\HUA667.EXE
PRC - [2010.09.02 23:07:44 | 000,988,456 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.07.26 21:52:06 | 000,546,360 | ---- | M] (Google) -- C:\Programme\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010.06.28 15:03:50 | 001,415,632 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2010.06.11 14:42:00 | 012,979,056 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.04.12 12:33:02 | 002,147,704 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010.04.12 12:33:02 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.03.17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.03.03 15:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 15:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.02.18 14:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\system32\vcsFPService.exe
PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.10.09 09:21:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.04.21 21:01:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009.03.27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008.04.14 06:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.09 17:12:24 | 000,240,640 | ---- | M] () -- C:\Programme\AutoHotkey\AutoHotkey.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe
========== Modules (SafeList) ==========
MOD - [2010.04.12 12:33:12 | 000,099,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008.04.14 06:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.09.29 15:49:13 | 001,356,952 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.09.02 23:12:40 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010.09.02 23:12:40 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010.09.02 23:07:46 | 001,028,560 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010.09.02 23:07:44 | 000,988,456 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.03.03 15:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 15:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.18 14:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.03.27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2010.09.02 23:12:42 | 000,341,008 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010.09.02 23:12:42 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010.09.02 23:07:46 | 000,163,344 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.06.28 15:03:50 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.05.27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2010.04.26 11:25:00 | 000,305,312 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2010.04.15 04:41:12 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.04.05 10:44:28 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2010.04.01 00:20:20 | 000,911,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.03.17 04:48:42 | 001,659,283 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010.02.25 14:19:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.12.04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2009.12.04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2009.12.04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)
DRV - [2009.10.19 21:48:20 | 004,415,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.09.17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.08.19 07:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.21 14:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009.03.26 06:39:14 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.05.23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.04.14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.94.20100904
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.2.0
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Programme\AutocompletePro\support@predictad.com [2010.09.24 09:58:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.27 13:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.27 13:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.27 13:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2010.09.30 11:20:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.16 15:38:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.28 13:29:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.24 09:27:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.01 17:28:31 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.06.28 15:24:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.28 15:24:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.28 15:24:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.28 15:24:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.28 15:24:35 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.04.14 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Search Advisor] C:\Programme\Search Advisor\adgui.exe ()
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [TrueCrypt] C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Calendar Sync.lnk = C:\Programme\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe (Fred's Software)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277732021382 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277878741054 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.28 13:05:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010.09.29 16:02:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010.09.29 16:01:58 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010.09.29 15:49:50 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.09.29 15:49:47 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.09.29 15:31:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010.09.29 15:30:58 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.09.29 15:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2010.09.29 12:14:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.29 12:14:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.09.28 16:21:55 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.09.28 15:58:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.09.28 15:58:32 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.09.28 14:19:46 | 000,000,000 | ---D | C] -- C:\Navilog1
[2010.09.27 15:06:06 | 000,000,000 | ---D | C] -- C:\Programme\TimeWriter
[2010.09.27 13:49:15 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.09.27 13:49:10 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.09.27 13:43:33 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.09.27 13:41:50 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010.09.27 13:41:00 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.24 10:00:27 | 002,170,398 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\Word Clock.scr
[2010.09.24 10:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Word Clock Uninstaller
[2010.09.24 09:58:01 | 000,000,000 | ---D | C] -- C:\Programme\AutocompletePro
[2010.09.24 09:57:42 | 000,000,000 | ---D | C] -- C:\Programme\Search Advisor
[2010.09.24 09:27:40 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.09.24 09:27:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.09.24 09:27:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.09.24 09:27:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.09.23 13:11:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.09.23 12:43:14 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010.09.23 12:35:19 | 000,000,000 | ---D | C] -- C:\Programme\HP
[2010.09.23 12:35:17 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010.09.23 12:30:59 | 000,000,000 | ---D | C] -- C:\hp_LJM2727_full_solution_AM_EMEA1
[2010.09.20 15:17:45 | 000,000,000 | ---D | C] -- C:\Programme\XING Connector
[2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010.07.16 15:38:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.07.16 15:38:34 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.07.16 15:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2010.07.15 17:40:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.07.15 09:28:12 | 000,000,000 | ---D | C] -- C:\Programme\Taskbar Shuffle
[2010.07.15 09:18:30 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2010.07.02 14:21:49 | 000,000,000 | ---D | C] -- C:\Programme\AutoHotkey
[2010.07.02 14:21:41 | 000,000,000 | ---D | C] -- C:\Programme\ac'tivAid
[2010.07.02 13:19:15 | 000,000,000 | ---D | C] -- C:\Programme\FreeCommander
[2009.03.26 06:39:56 | 000,203,312 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009.03.26 06:37:38 | 000,256,560 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010.09.30 11:23:13 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{75DEF776-F4EF-4B79-99AA-DF1DF78497F5}.job
[2010.09.30 11:17:56 | 000,014,223 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010.09.30 10:39:00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-839522115-1708537768-10624UA.job
[2010.09.30 09:37:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.30 09:33:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.30 09:33:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.29 16:00:58 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.09.29 15:51:11 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.09.29 15:49:47 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.09.27 15:06:40 | 000,000,104 | ---- | M] () -- C:\WINDOWS\twfree.ini
[2010.09.23 12:44:10 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010.09.23 12:44:03 | 000,000,700 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2010.09.21 09:51:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.17 10:09:43 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010.09.02 23:12:42 | 000,341,008 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2010.09.02 23:12:42 | 000,090,256 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010.09.02 23:07:46 | 000,163,344 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010.07.16 15:39:50 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2010.09.27 15:06:15 | 000,000,104 | ---- | C] () -- C:\WINDOWS\twfree.ini
[2010.09.24 10:00:27 | 000,023,558 | ---- | C] () -- C:\WINDOWS\Word Clock.ico
[2010.09.23 12:42:56 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010.09.23 12:41:47 | 000,000,700 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
< End of report >
--- Jemand eine Idee, was das sein könnte? Danke und Gruß...  |
| Themen zu Selbständig öffnende Werbefenster |
| .com, 0x00000001, ad-aware, adobe, askbar, bho, bonjour, components, desktop, einstellungen, excel.exe, explorer, firefox, format, google, helper, homepage, location, log-datei, logfile, microsoft, monitor, mozilla, mozilla thunderbird, object, plug-in, problem, registry, scan, searchplugins, senden, software, temp, werbefenster |
Baum-Darstellung