Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Andauernd Werbung und kein Googlen möglich (https://www.trojaner-board.de/52158-andauernd-werbung-kein-googlen-moeglich.html)

SaschaAleks 06.05.2008 21:10
Andauernd Werbung und kein Googlen möglich
 
Huhu, hier meine Logs:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\COMODO\Firewall\cmdagent.exe
C:\Programme\NewDotNet\nnrun.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Tunebite\tunebite.exe
C:\Programme\FeedReader30\feedreader.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\DOKUME~1\ALEKSA~1\ANWEND~1\DOBE~1\msconfig.exe
C:\WINDOWS\?ystem32\j?vaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Last.fm\LastFMHelper.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.BIN
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\NewDotNet\nnrun.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Safari\Safari.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = =ht//ww.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /go.microsoft.com/fwlink/?LinkId=69157]MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htp://go.microsoft.com/fwlink/?LinkId=54896]Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = tp://go.microsoft.com/fwlink/?LinkId=54896]Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htp://go.microsoft.com/fwlink/?LinkId=69157]MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/fuji/defaults/su/*htp://ww.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\atkctrsb.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - C:\WINDOWS\system32\iifddbXr.dll (file missing)
O2 - BHO: (no name) - {E7D7787E-68F8-4CFE-B9AA-E3B64FDC5143} - C:\WINDOWS\system32\hgGwTmlL.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {5c7911a3-1514-0258-4094-671b4b5f3a9e} - {e9a3f5b4-b176-4904-8520-41513a1197c5} - C:\WINDOWS\system32\emwjhpwt.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM2b9dff63] Rundll32.exe "C:\WINDOWS\system32\vomfhvcb.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Aleksander Gückelhor\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [tunebite.exe] C:\Programme\Tunebite\tunebite.exe -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [feedreader.exe] "C:\Programme\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Dokumente und Einstellungen\Aleksander Gückelhor\Anwendungsdaten\Microsoft\Windows\mqvxn.exe
O4 - HKCU\..\Run: [Bier] "C:\DOKUME~1\ALEKSA~1\ANWEND~1\DOBE~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Ktr] C:\WINDOWS\?ystem32\j?vaw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: DSL-Manager.lnk = ?
O4 - Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\***\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - hp://data.flatcast.com/NpFp415.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: iifddbXr - iifddbXr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\Firewall\cmdagent.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NNServ - New.net, Inc. - C:\Programme\NewDotNet\nnrun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

Könnt ihr mir vielleicht sagen, was ich tun kann?

Liebe Grüße
Aleks

undoreal 06.05.2008 21:14
Hallo Sascha.

Poste bitte eine komplette Problembeschreibung.

Danach deinstalliere über Start->Systemsteuerung->Software den "NewDotNet" Eintrag.

Überprüfe dein System mit SASW.

Mache einen letzten Maleware-Check mit Malewarebytes.

Durchsuche mit dem Kaspersky Online Scanner dein System.

Checke dein System mit dem ESET Online Scanner.

Räume mit cCleaner auf ( die Registry musst du mehrmals durchsuchen und bereinigen lassen).


Poste danach bitte ein frisches HJT logfile inklusive Kopf!!!

undoreal 06.05.2008 22:29
Nochmal 'ne kleine Anleitung: (hätte ich fast vergessen..)

http://www.trojaner-board.de/40645-a...t-spyware.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131