Internet Explorer - öffnet automatisch Werbung!
 

Hallo Zusammen,

ich habe hier schon mehrere Themen über dieses Problem nachgelesen und zum Teil auch schon Reinigungen durchgeführt.

Problem:
Wenn ich im Internet Explorer surfe, öffnet sich automatisch ein neues Tab. Vor meinen Reinigungen kam noch Werbung - jetzt nur noch eine weisse Seite.

Folgende Reinigungen habe ich durchgeführt:

- Kaspersky online Scan
- Ad-Aware 2008 Systemprüfung
- Malewarebytes Anti Maleware
- Sbybot Search and Destroy

Könntet Ihr bitte mein HiJackThis-Logfile anschauen und mir weitere Tipps geben. DANKE!!

Anbei das HiJackThis-Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:19, on 09.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\smarty005\AppData\Local\ophipqy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ophipqy] "c:\users\smarty005\appdata\local\ophipqy.exe" ophipqy
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Canon LBP2900 Statusfenster.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 11166 bytes

Nach der Reinigung mit dem CC-Cleaner hier das Log von COMBOFIX:



ComboFix 08-10-08.05 - smarty005 2008-10-09 20:54:22.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1031.18.1106 [GMT 2:00]
ausgeführt von:: C:\Users\smarty005\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\smarty005\AppData\Local\ophipqy.dat
C:\Users\smarty005\AppData\Local\ophipqy.exe
C:\Users\smarty005\AppData\Local\ophipqy_nav.dat
C:\Users\smarty005\AppData\Local\ophipqy_navps.dat
C:\Windows\system32\x64
F:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-09-09 bis 2008-10-09 ))))))))))))))))))))))))))))))
.

2008-10-09 20:47 . 2008-10-09 20:47 <DIR> d-------- C:\Program Files\CCleaner
2008-10-09 19:59 . 2008-10-09 19:59 <DIR> d-------- C:\Windows\BDOSCAN8
2008-10-09 19:33 . 2008-10-09 20:49 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-09 19:33 . 2008-10-09 20:49 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-09 19:33 . 2008-10-09 20:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-09 19:29 . 2008-10-09 19:31 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-10-09 19:29 . 2008-10-09 19:31 <DIR> d-------- C:\ProgramData\Lavasoft
2008-10-09 19:29 . 2008-10-09 19:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-09 16:45 . 2008-10-09 16:45 <DIR> d-------- C:\Users\smarty005\AppData\Roaming\Malwarebytes
2008-10-09 16:45 . 2008-10-09 16:45 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-09 16:45 . 2008-10-09 16:45 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-09 16:45 . 2008-10-09 16:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 16:45 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-09 16:45 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-03 19:34 . 2008-10-03 19:34 <DIR> d-------- C:\Users\smarty005\AppData\Roaming\TVU Networks
2008-10-03 19:34 . 2008-10-03 19:34 <DIR> d-------- C:\Users\All Users\TVU Networks
2008-10-03 19:34 . 2008-10-03 19:34 <DIR> d-------- C:\ProgramData\TVU Networks
2008-10-03 19:20 . 2008-10-03 19:20 <DIR> d-------- C:\Windows\System32\PPLive
2008-10-02 10:20 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-01 19:07 . 2008-10-01 19:07 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-01 10:39 . 2008-10-01 10:39 <DIR> d-------- C:\PerfLogs
2008-10-01 09:51 . 2008-10-01 09:51 <DIR> d-------- C:\Windows\CheckSur
2008-10-01 09:48 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-10-01 09:47 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-10-01 09:46 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-10-01 09:45 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-10-01 09:45 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-10-01 09:45 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-10-01 09:45 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-10-01 09:45 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-10-01 09:44 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-10-01 09:44 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-10-01 09:44 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-10-01 09:44 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-09-27 12:07 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-09-27 12:07 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-09-27 12:07 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-09-27 12:07 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-09-27 12:07 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-09-27 12:07 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-09-27 12:07 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-09-27 12:06 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-09-16 06:33 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-16 06:33 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-16 06:33 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-16 06:33 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-16 06:33 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-16 06:33 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-16 06:33 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-16 06:33 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-16 06:33 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-11 21:12 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 21:12 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-11 21:12 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 17:48 --------- d-----w C:\Users\smarty005\AppData\Roaming\Spamihilator
2008-10-09 17:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 08:50 174 --sha-w C:\Program Files\desktop.ini
2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Mail
2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Journal
2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Defender
2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-01 08:41 --------- d-----w C:\Program Files\Windows Calendar
2008-10-01 08:30 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-01 08:30 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-27 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 15:43 --------- d-----w C:\Program Files\Hp
2008-08-17 11:43 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-08-17 11:43 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-14 17:38 --------- d-----w C:\Program Files\HO_1421
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2008-04-05 1060864]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-13 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-13 129560]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-09 44168]

C:\Users\smarty005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
Canon LBP2900 Statusfenster.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2008-04-19 50848]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-01-14 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{76F8E7EB-3E76-4E94-9B6A-D8802C75512F}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{A20C9CFE-41C7-4734-B074-4DC469D14DD2}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"{397E9E12-4334-4B66-A65F-1D4AD15BF912}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4446B9FA-002D-4F15-8495-035FF9CEC37D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{903A2383-DCCE-4DE5-B3F4-0BA1A30109E9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3C1323CE-C24D-4048-AC4D-B55C78442BF8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CEA8A723-16CF-4C79-9D9C-1954342071D7}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{14E72224-1DEA-4ADC-B5F4-B2458D1872C0}C:\\program files\\spamihilator\\dccproc.exe"= UDP:C:\program files\spamihilator\dccproc.exe:dccproc
"UDP Query User{96EF272D-730F-40AD-99DA-8A44CE300829}C:\\program files\\spamihilator\\dccproc.exe"= TCP:C:\program files\spamihilator\dccproc.exe:dccproc
"TCP Query User{B9A8698B-C095-4774-ACC2-327B35FB7B3D}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{4370C719-C449-4C2C-8E21-556C6B27A840}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"TCP Query User{D46DAACC-D714-425B-AF7F-3F058D495006}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{C1AD31D2-9A4D-49D9-B25B-AE3EE40EF699}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F2F4C83A-D9DA-429A-8CE2-377CDF2A75B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D0EFDDD5-D7DA-4288-8534-43B9431DE6D3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FEEC1330-0F72-4C61-A8A1-80444D8705A4}"= UDP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{A025567F-34A2-4F18-A707-9E7F7A7364B5}"= TCP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{D6A2177C-DA31-44C2-B04A-3A6B587EDC02}"= TCP:19375|C:\Program Files\devolo\dlanwlancfg\dlanwlancfg.exe:devolo dLAN Wireless extender Konfiguration
"{ACD82C04-2796-40E9-9A5E-D21B9BE3F734}"= UDP:10300|C:\Program Files\devolo\informer\devinf.exe:devolo Informer
"{A9BE20D9-E6B0-4FD6-AC9C-3A7A9B71014E}"= TCP:10301|LPort=19375|C:\Program Files\devolo\informer\devinf.exe:devolo Informer
"{1F8295DD-F932-4CC5-BB6C-07CDC73ECBE0}"= TCP:12345|C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare
"{EF0FA780-B01D-4724-A8F8-2438C18F3B9D}"= UDP:12346|LPort=12347|C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare
"TCP Query User{B0C795BF-1CCE-4CDF-B00C-868FD3FC5537}C:\\users\\smarty005\\appdata\\local\\temp\\tmp22df.tmp\\update.exe"= UDP:C:\users\smarty005\appdata\local\temp\tmp22df.tmp\update.exe:update.exe
"UDP Query User{BA5AAA12-8863-42F1-A5BB-00811E4DA652}C:\\users\\smarty005\\appdata\\local\\temp\\tmp22df.tmp\\update.exe"= TCP:C:\users\smarty005\appdata\local\temp\tmp22df.tmp\update.exe:update.exe
"TCP Query User{34D33508-6C4D-4A82-99F4-B06F5D47A0B8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B7E6311C-E672-4885-AB50-630E6ECEB10F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{52A46E38-05A6-49BD-B33F-DCC608970569}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{1137EAFB-9C02-41E5-9C96-ADC76441839E}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{6FF90A33-5863-4074-87B8-F49B18E2ADC1}C:\\program files\\miranda im\\miranda32.exe"= UDP:C:\program files\miranda im\miranda32.exe:Miranda IM
"UDP Query User{2129E118-5E72-4DE7-87C5-7C612CDFDBC5}C:\\program files\\miranda im\\miranda32.exe"= TCP:C:\program files\miranda im\miranda32.exe:Miranda IM
"TCP Query User{D0E5F611-4866-46B8-B1CF-E98527595273}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{23CBB635-F10D-4850-BB98-F884C1618F60}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{9132624D-C024-4E55-B04B-B2DCB93461F6}C:\\users\\smarty005\\appdata\\local\\temp\\tmp759c.tmp\\update.exe"= UDP:C:\users\smarty005\appdata\local\temp\tmp759c.tmp\update.exe:update.exe
"UDP Query User{47502F80-3A5F-4E1B-A4B4-26ABA4D38C41}C:\\users\\smarty005\\appdata\\local\\temp\\tmp759c.tmp\\update.exe"= TCP:C:\users\smarty005\appdata\local\temp\tmp759c.tmp\update.exe:update.exe
"{70A047B0-E5FE-4ADA-B584-4AFA8E4BC25C}"= UDP:C:\Program Files\PPLive\PPLive.exe:PPLive
"{4910C019-7665-42DA-87DC-3612A8ADE5C3}"= TCP:C:\Program Files\PPLive\PPLive.exe:PPLive
"TCP Query User{F3EBDEFF-8F58-4B36-A76D-91F4E057803E}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{E95CAA37-B4BC-4C02-9BC3-458A44088257}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

R0 SbAlg;SbAlg;C:\Windows\system32\drivers\SbAlg.sys [2006-10-09 44720]
R0 SbFsLock;SbFsLock;C:\Windows\system32\drivers\SbFsLock.sys [2007-03-29 13696]
R1 RsvLock;RsvLock;C:\Windows\system32\drivers\RsvLock.sys [2007-04-22 5808]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 ASBroker;Anmeldesitzungsbroker;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Lokaler Verbindungskanal;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 18944]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\Windows\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]
R3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 79664]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 81200]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 16432]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-08-17 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2008-10-09 C:\Windows\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 09:58]

2008-10-08 C:\Windows\Tasks\User_Feed_Synchronization-{F8821C4C-6A9F-47C2-BE00-2BB4E22DED9D}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-ophipqy - c:\users\smarty005\appdata\local\ophipqy.exe


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Users\smarty005\AppData\Roaming\Mozilla\Firefox\Profiles\hecgxad2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.t-online.de/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 21:02:01
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
C:\Windows\System32\CNAB4RPK.EXE
C:\Windows\System32\conime.exe
C:\Windows\SMINST\Scheduler.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-10-09 21:08:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-10-09 19:07:49

Vor Suchlauf: 10 Verzeichnis(se), 119.394.275.328 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 118,895,046,656 Bytes frei

267 --- E O F --- 2008-10-08 18:22:28

nachdem ich das Sytem mit dem C-Cleaner gescannt hatte und danach Combofix ausgeführt hatte, kommen keine Werbefenster mehr.

Könnte mir bitte einer von Euch trotzdem am HiJackThis-Log oben sagen, welcher Bestandteil der Übeltäter war?!