|
hartnäckige werbefenster hallo, habe schon adaware, hijacker und esacn durchlaufen lassen, doch keiner findet was. wobei ich glaube, den trojaner searchmaid auf dem pc zu haben. anbei meine logfile. für infos wäre ich furchtbar dankbar: **** Run Keys **** RUN: [KEN Taskbar Client] "C:\Programme\KEN!\kentbcli.exe" RUN: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd RUN: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" RUN: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" RUN: [GoToMyPC] C:\Programme\Expertcity\GoToMyPC\g2svc.exe -logon RUN: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe RUN: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe RUN: [1&1 SMS-Manager] C:\Programme\1&1\SMS-Manager\SMSMngr.exe **** Browser Helper Objects **** BHO: [AcroIEHlprObj Class] C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll BHO: [AcroIEHlprObj Class] C:\Programme\Spybot - Search & Destroy\SDHelper.dll BHO: [Google Toolbar Helper] c:\programme\google\googletoolbar2.dll BHO: [CNavExtBho Class] C:\Programme\Norton AntiVirus\NavShExt.dll **** IE Toolbars **** TOOLBAR: [Norton AntiVirus] C:\Programme\Norton AntiVirus\NavShExt.dll TOOLBAR: [&Google] c:\programme\google\googletoolbar2.dll TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx **** IE Extensions **** IEExt: [Web Browser Applet Control] C:\WINDOWS\System32\msjava.dll IEExt: [Recherchieren] C:\WINDOWS\System32\msjava.dll IEExt: [Messenger] C:\Programme\Messenger\MSMSGS.EXE **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 e-finder.cc HOSTS: 127.0.0.1 fast-look.com HOSTS: 127.0.0.1 bin.wordsx.cc HOSTS: 127.0.0.1 s13.tempx.cc HOSTS: 127.0.0.1 vv7.al.57e.net HOSTS: 127.0.0.1 ewizard.cc HOSTS: 127.0.0.1 awmdabest.com HOSTS: 127.0.0.1 20x2p.com HOSTS: 127.0.0.1 rf104.com HOSTS: 127.0.0.1 75tz.com HOSTS: 127.0.0.1 v-224.com HOSTS: 127.0.0.1 rf104.com HOSTS: 127.0.0.1 ga31.com HOSTS: 127.0.0.1 crl.thawte.com HOSTS: 127.0.0.1 t34rulit.com HOSTS: 127.0.0.1 win-eto.com HOSTS: 127.0.0.1 super-spider.com HOSTS: 127.0.0.1 letgohome.com HOSTS: 127.0.0.1 cc20foreva.com HOSTS: 127.0.0.1 solongas.com HOSTS: 127.0.0.1 tracking.allposters.com HOSTS: 127.0.0.1 vparivalka.com HOSTS: 127.0.0.1 greg-tut.com HOSTS: 127.0.0.1 toprefsys.com HOSTS: 127.0.0.1 free-spy-cam.net HOSTS: 127.0.0.1 terra.hcworld.com HOSTS: 127.0.0.1 visitfriend.net HOSTS: 127.0.0.1 tracktraff.cc HOSTS: 127.0.0.1 love-catalog.net HOSTS: 127.0.0.1 trackhits.cc HOSTS: 127.0.0.1 u47.cc HOSTS: 127.0.0.1 u48.cc HOSTS: 127.0.0.1 u45.cx HOSTS: 127.0.0.1 u46.cx HOSTS: 127.0.0.1 www.6o9.com HOSTS: 127.0.0.1 new.8ad.com HOSTS: 127.0.0.1 veryeasysearch.com HOSTS: 127.0.0.1 msnprotection.com HOSTS: 127.0.0.1 adulthell.com HOSTS: 127.0.0.1 datingforlove.org HOSTS: 127.0.0.1 meetyourfriend.biz HOSTS: 127.0.0.1 meetyourfriend.biz **** IE Settings **** IEProxy: ftp=192.168.0.1:3128;http=192.168.0.1:3128;https=192.168.0.1:3128;socks=192.168.0.1:1080 IEBypass: localhost Default Page: http://www.searchmaid.com/ Default Search: http://www.searchmaid.com/search.php?qq=%s Local Page: http://www.searchmaid.com/ Search Bar: http://searchmaid.com/bar/index.html Search Page: http://www.searchmaid.com/search.php?qq=%s **** IE Context Menu (Right click) **** IEContext: [&Google Search] res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html IEContext: [Im Cache gespeicherte Seite] res://c:\programme\google\GoogleToolbar2.dll/cmcache.html IEContext: [Nach Microsoft &Excel exportieren] res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IEContext: [Verweisseiten] res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html IEContext: [Ähnliche Seiten] res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html **** Layered Service Providers **** LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [UDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD Irda [IrDA] LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFF000A1-61D4-4F4F-819D-D42AF3D53CD1}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFF000A1-61D4-4F4F-819D-D42AF3D53CD1}] DATAGRAM 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA3C9B01-8B74-42F8-87BC-F94537EB0790}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA3C9B01-8B74-42F8-87BC-F94537EB0790}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{23153F25-F494-4401-88F8-FE54526A74CF}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{23153F25-F494-4401-88F8-FE54526A74CF}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{15F24A07-BD11-40D0-ABC1-39FBBF93635B}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{15F24A07-BD11-40D0-ABC1-39FBBF93635B}] DATAGRAM 2 **** Blocked Control Panel Items **** BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files **** DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab] FFPApplet [https://www12.firmenfinanzportal.de/...FFPApplet.cab] Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab] {6414512B-B978-451D-A0D8-FCFDF33E833C} [http://v5.windowsupdate.microsoft.co...1101899751652] C:\WINDOWS\System32\wuweb.dll {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/products/plugin/...dows-i586.cab] {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/...dows-i586.cab] {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/s...h/swflash.cab] {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} [http://download.spyspotter.com/spysp...abInstall.cab] **** Windows Services **** [Alerter] %SystemRoot%\System32\svchost.exe -k LocalService [ALG] %SystemRoot%\System32\alg.exe [AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs [aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [BITS] %SystemRoot%\System32\svchost.exe -k netsvcs [Browser] %SystemRoot%\System32\svchost.exe -k netsvcs [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe" [ccPwdSvc] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe" [ccSetMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe" [CiSvc] %SystemRoot%\system32\cisvc.exe [ClipSrv] %SystemRoot%\system32\clipsrv.exe [COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs [dmadmin] %SystemRoot%\System32\dmadmin.exe /com [dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs [Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService [ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs [Eventlog] %SystemRoot%\system32\services.exe [EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs [GoToMyPC] "C:\Programme\Expertcity\GoToMyPC\g2svc.exe" -service [helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs [ImapiService] C:\WINDOWS\System32\imapi.exe [Irmon] %SystemRoot%\System32\svchost.exe -k netsvcs [KEN Client Service] C:\Programme\KEN!\KENCLI.EXE [lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs [lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs [LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService [MDM] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" [Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs [mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe [MSDTC] C:\WINDOWS\System32\msdtc.exe [MSIServer] C:\WINDOWS\System32\msiexec.exe /V [navapsvc] "C:\Programme\Norton AntiVirus\navapsvc.exe" [NetDDE] %SystemRoot%\system32\netdde.exe [NetDDEdsdm] %SystemRoot%\system32\netdde.exe [Netlogon] %SystemRoot%\System32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs [Nla] %SystemRoot%\System32\svchost.exe -k netsvcs [NtLmSsp] %SystemRoot%\System32\lsass.exe [NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [ose] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [PlugPlay] %SystemRoot%\system32\services.exe [PolicyAgent] %SystemRoot%\System32\lsass.exe [ProtectedStorage] %SystemRoot%\system32\lsass.exe [RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs [RDSessMgr] C:\WINDOWS\system32\sessmgr.exe [RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService [RpcLocator] %SystemRoot%\System32\locator.exe [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\System32\rsvp.exe [SamSs] %SystemRoot%\system32\lsass.exe [SAVScan] C:\Programme\Norton AntiVirus\SAVScan.exe [SBService] C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe [SCardDrv] %SystemRoot%\System32\SCardSvr.exe [SCardSvr] %SystemRoot%\System32\SCardSvr.exe [Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs [seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs [SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs [SNDSrvc] C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [Spooler] %SystemRoot%\system32\spoolsv.exe [srservice] %SystemRoot%\System32\svchost.exe -k netsvcs [SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService [stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc [SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{52F3B6D7-7F41-4DD6-A971-2F96EFE75F8E} [SymWSC] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe [SysmonLog] %SystemRoot%\system32\smlogsvc.exe [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [TermService] %SystemRoot%\System32\svchost.exe -k netsvcs [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs [TlntSvr] C:\WINDOWS\System32\tlntsvr.exe [TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs [uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs [upnphost] %SystemRoot%\System32\svchost.exe -k LocalService [UPS] %SystemRoot%\System32\ups.exe [VSS] %SystemRoot%\System32\vssvc.exe [W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs [WebClient] %SystemRoot%\System32\svchost.exe -k LocalService [winmgmt] %systemroot%\system32\svchost.exe -k netsvcs [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs [Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs [WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs **** Custom IE Search Items **** SEARCH: [SearchAssistant] http://www.searchmaid.com/search.php?qq=%s SEARCH: [CustomizeSearch] http://www.searchmaid.com/search.php?qq=%s SEARCH: [SearchAssistant] http://www.searchmaid.com/search.php?qq=%s SEARCH: [CustomizeSearch] http://www.searchmaid.com/search.php?qq=%s **** Complete IE Options **** IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [Disable Script Debugger] yes IEOPT: [Show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] http://www.searchmaid.com/ IEOPT: [Save_Session_History_On_Exit] no IEOPT: [Show_FullURL] no IEOPT: [Show_StatusBar] yes IEOPT: [Show_ToolBar] yes IEOPT: [Show_URLinStatusBar] yes IEOPT: [Show_URLToolBar] yes IEOPT: [Start Page] http://news.google.de/nwshp?hl=de&gl=de IEOPT: [Use_DlgBox_Colors] yes IEOPT: [Search Page] http://www.searchmaid.com/search.php?qq=%s IEOPT: [Window_Placement] , IEOPT: [FormSuggest PW Ask] yes IEOPT: [Use FormSuggest] yes IEOPT: [AddToFavoritesExpanded] IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [NotifyDownloadComplete] no IEOPT: [FullScreen] no IEOPT: [Save Directory] Y:\Kaiser+Gent\EDV+Telefon\EDV+Telefon\Einwahldaten\ IEOPT: [AutoSearch] IEOPT: [Use Search Asst] http://www.searchmaid.com/search.php?qq=%s IEOPT: [Use Custom Search URL] IEOPT: [Force Offscreen Composition] IEOPT: [Enable Browser Extensions] yes IEOPT: [ShowGoButton] yes IEOPT: [NoWebJITSetup] IEOPT: [Friendly http errors] yes IEOPT: [FavIntelliMenus] no IEOPT: [NscSingleExpand] IEOPT: [SmoothScroll] IEOPT: [Page_Transitions] IEOPT: [AllowWindowReuse] IEOPT: [UseThemes] IEOPT: [Print_Background] no IEOPT: [Expand Alt Text] no IEOPT: [Move System Caret] no IEOPT: [Play_Animations] yes IEOPT: [Enable AutoImageResize] yes IEOPT: [Enable_MyPics_Hoverbar] yes IEOPT: [Show image placeholders] IEOPT: [Play_Background_Sounds] yes IEOPT: [Display Inline Videos] yes IEOPT: [Error Dlg Details Pane Open] yes IEOPT: [IEWatsonDisabled] IEOPT: [FormSuggest Passwords] yes IEOPT: [HistoryViewType] IEOPT: [Default_Page_URL] http://www.searchmaid.com/ IEOPT: [Search Bar] http://searchmaid.com/bar/index.html IEOPT: [Default_Search_URL] http://www.searchmaid.com/search.php?qq=%s IEOPT: [Default_Page_URL] http://www.searchmaid.com/ IEOPT: [Default_Search_URL] http://www.searchmaid.com/search.php?qq=%s IEOPT: [Search Page] http://www.searchmaid.com/search.php?qq=%s IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Local Page] http://www.searchmaid.com/ IEOPT: [Anchor_Visitation_Horizon] IEOPT: [Use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [Start Page] http://www.searchmaid.com/ IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.0.2600.0000 IEOPT: [FullScreen] no IEOPT: [Use_DlgBox_Colors] yes IEOPT: [Search Bar] http://searchmaid.com/bar/index.html IEOPT: [Use Search Asst] http://www.searchmaid.com/search.php?qq=%s |
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:39 Uhr. |
Copyright ©2000-2025, Trojaner-Board