Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   internet explorer öffnet sich von selber (https://www.trojaner-board.de/55344-internet-explorer-oeffnet-selber.html)

HellGamer 03.07.2008 22:11
internet explorer öffnet sich von selber
 
Log created by WinPatrol version 15.0.2008.0:15.0.2008.0
Scan saved at 11:06:04 PM, on 7/03/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAMME\Lavasoft\Ad-Aware\AAWSERVICE.EXE
C:\PROGRAMME\ALIENGUISE\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\GEMEINSAME DATEIEN\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRAMME\Avira\ANTIVIR PERSONALEDITION CLASSIC\sched.exe
C:\PROGRAMME\Avira\ANTIVIR PERSONALEDITION CLASSIC\avguard.exe
C:\PROGRAMME\NVIDIA CORPORATION\NETWORKACCESSMANAGER\APACHE GROUP\Apache2\bin\Apache.exe
C:\PROGRAMME\GEMEINSAME DATEIEN\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRAMME\NVIDIA CORPORATION\NETWORKACCESSMANAGER\bin\nSvcIp.exe
C:\PROGRAMME\NVIDIA CORPORATION\NETWORKACCESSMANAGER\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAMME\NVIDIA CORPORATION\NETWORKACCESSMANAGER\bin\NSVCAPPFLT.EXE
C:\WINDOWS\explorer.exe
C:\PROGRAMME\Logitech\G-SERIES SOFTWARE\LCDMon.exe
C:\PROGRAMME\Avira\ANTIVIR PERSONALEDITION CLASSIC\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAMME\Java\JRE1.6.0_06\bin\jusched.exe
C:\PROGRAMME\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAMME\WINDOWS LIVE\MESSENGER\msnmsgr.exe
C:\PROGRAMME\ALIENGUISE\ALIENWAREDOCK\OBJECTDOCK.EXE
C:\PROGRAMME\Logitech\G-SERIES SOFTWARE\Applets\LCDCOUNTDOWN\LCDCOUNTDOWN.EXE
C:\PROGRAMME\Logitech\G-SERIES SOFTWARE\Applets\LCDPop3\LCDPOP3.exe
C:\PROGRAMME\Logitech\G-SERIES SOFTWARE\Applets\LCDMedia.exe
C:\PROGRAMME\Logitech\G-SERIES SOFTWARE\Applets\LCDClock.exe
C:\PROGRAMME\ICQ6\ICQ.exe
C:\PROGRAMME\WINDOWS LIVE\MESSENGER\usnsvc.exe
C:\PROGRAMME\MOZILLA FIREFOX\firefox.exe
C:\PROGRAMME\WINDOWS MEDIA PLAYER\wmplayer.exe
C:\PROGRAMME\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAMME\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon]C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz]nwiz.exe /install
O4 - HKLM\..\Run: [Launch LCDMon]C:\Programme\Logitech\G-series Software\LCDMon.exe
O4 - HKLM\..\Run: [avgnt]C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [NvMediaCenter]C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Programme\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Steam]c:\programme\steam\steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr]C:\Programme\Windows Live\Messenger\msnmsgr.exe /background
O4 - Global Startup: Microsoft Office.lnk=C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alienware Dock.lnk=C:\Programme\AlienGUIse\AlienwareDock\ObjectDock.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Programme\Java\jre1.6.0_06\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: wbsys.dll

O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Anwendungsverwaltung - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface - - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -k runservice
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\*******Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor - Logitech Inc. - C:\Programme\****** Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\******* Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ForceWare IP service - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag-Dienst - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: TuneUp Designerweiterung - TuneUp Software GmbH - C:\WINDOWS\system32\uxtuneup.dll
O23 - Service: Windows Live Setup Service - - C:\Programme\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Die derzeitige Homepage - About:Home

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16674
MSIE: Internet Explorer (7.00.6000.16674)
Firefox 3.0 installed in C:\Programme\Mozilla Firefox.
128 IE Cookies in Folder: C:\Dokumente und Einstellungen\******\Cookies\
0 Mozilla Cookies in Folder: C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\FireFox\Profiles\j6f5fqnv.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Empfohlene Updates automatisch herunterladen und installieren.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [1-Klick-Wartung.job]C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe 07/03/2008 11:00 PM

WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16674
WP16 - ActiveX: {912763F8-BB85-464A-8538-4F09A4A4A7D7} [VeohClientVersion4 Class] C:\PROGRAMME\VEOH NETWORKS\Veoh\Plugins\reg\VEOHVERSION4.DLL 1.0.0.4
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx 9,0,124,0
WP16 - ActiveX: {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [msgsc.8.5.1302.1018] C:\Programme\Windows Live\Messenger\msgsc.8.5.1302.1018.dll 8.5.1302
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {0002E510-0000-0000-C000-000000000046} [Microsoft Office Spreadsheet 9.0] C:\Programme\Microsoft Office\Office\MSOWC.DLL
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5145
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\PROGRAMME\MESSENGERDISCOVERY\COMCTL32.ocx 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\PROGRAMME\MESSENGERDISCOVERY\COMCTL32.ocx 6.00.8105
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.2847
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\PROGRAMME\MESSENGERDISCOVERY\COMCTL32.ocx 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\PROGRAMME\MESSENGERDISCOVERY\COMCTL32.ocx 6.00.8105
WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 1
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\PROGRAMME\MESSENGERDISCOVERY\COMCTL32.ocx 6.00.8105
WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 1
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16674
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\system32\FM20.DLL 2.01
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 7.00.6000.16674
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAMME\GEMEINSAME DATEIEN\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx 9,0,124,0
WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 1
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\bootfont.bin
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\ezsidmv.dat
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest

WP33 - File Type .AVI: [Videoclip]C:\Programme\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Stapelverarbeitungsdatei für MS-DOS]%1 %*
WP33 - File Type .CAB: [WinRAR-Archiv]C:\Programme\WinRAR\WinRAR.exe %1
WP33 - File Type .CAT: [Sicherheitskatalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Kompilierte HTML-Hilfedatei]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [Anwendung für MS-DOS]%1 %*
WP33 - File Type .CMD: [Befehlsskript von Windows NT]%1 %*
WP33 - File Type .DOC: [Microsoft Word-Dokument]C:\Programme\Microsoft Office\Office\WINWORD.EXE /n
WP33 - File Type .EXE: [Anwendung]%1 %*
WP33 - File Type .INF: [Setup-Informationen]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript-Skriptdatei]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Textdatei]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook-Element]C:\Programme\Microsoft Office\Office\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI-Sequenz]C:\Programme\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3-Audioformat]C:\Programme\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Verknüpfung mit einer Anwendung für MS-DOS]%1 %*
WP33 - File Type .REG: [Registrierungsdatei]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Programme\Microsoft Office\Office\WINWORD.EXE /n
WP33 - File Type .SBS: [Spyware supplemental file]C:\Programme\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: [Bildschirmschoner]%1 /S
WP33 - File Type .TXT: [Textdatei]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .VBS: [VBScript-Skriptdatei]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [Codierte VBScript-Skriptdatei]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows-Skriptdatei]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host-Einstellungsdatei]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel-Arbeitsblatt]C:\Programme\Microsoft Office\Office\EXCEL.EXE /e

Memory currently in use: 22%
Physical Memory Free: 2,097,151 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 2,039,252 KB


--
End of file


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:21 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130