firstadsolution bei firefox-start

[Rayson]

Hallo, habe ein Problem mit Firefox.

Bei jedem Start öffnet sich ein IE Popup von Firstadsolution!

Habe mein system gescannt und mit dem Onlineauswerter alles überprüft, jedoch
erscheint noch immer das Popup.

Hier mein Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:48, on 25.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\BacsTray.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Google\Gmail Notifier\gnotify.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINNT\system32\ctfmon.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\hijackthis\HijackThis.ex e

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programme\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .rx: C:\Programme\Attachmate\KEA! X\npacirx.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} - http://euro-antivirus.attachmate.com...l/WinNTChk.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - http://euro-antivirus.attachmate.com...l/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - http://euro-antivirus.attachmate.com...tall/setup.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - http://euro-antivirus.attachmate.com...RemoveCtrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5400B102-5B9E-40F5-A05B-4C947F5874D1}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe

[markusg]

hallo, erst einmal ein paar einstellungen:
geh auf arbeitsplatz extras ordneroptionen ansicht. dort geschützte systemdateien ausblenden off. alle dateien anzeigen on
und dateinamenerweiterung bei bekannten dateien ausblenden auch off.
dann lad dir den ccleaner von www.ccleaner.de runter und reinige damit dein system. aktiviere so viel wie möglich und reinige auch deine registry.
lad dir nun ad-aware von www.lavasoft.com und spybot von www.spybot runter und update beide programme. dann lass sie scannen und probleme beheben. poste die logs bitte hier.
weiterhin fixe bitte alle o16-einträge. hijackths muss in einem eigenen ordner laufen sonst werden keine sicherungen angelegt also z.B. c:\programme\hijackthis.
weiterhin solltest du im abgesicherten modus scannen mit ad-aware und spybot meine ich.

[Rayson]

Hab die anweisungen bei den ordneroptionen befolgt und die O16 einträge gefixt, dann ccleaner geladen und laufen lassen, dann spybot und adaware drüber.

Ad-Aware SE Build 1.06r1
Logfile Created onienstag, 25. Juli 2006 12:28:12
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R116 24.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):8 total references
WindUpdates(TAC index:8):2 total references
Zango(TAC index:6):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25.07.2006 12:28:12 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1275210071-789336058-839522115-500\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1275210071-789336058-839522115-500\software\microsoft\windows\currentversion\explorer\comdl g32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1275210071-789336058-839522115-500\software\microsoft\windows\currentversion\explorer\comdl g32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1275210071-789336058-839522115-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1275210071-789336058-839522115-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1275210071-789336058-839522115-500\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1275210071-789336058-839522115-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 436
ThreadCreationTime : 25.07.2006 08:39:29
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 500
ThreadCreationTime : 25.07.2006 08:39:42
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\SYSTEM32\
ProcessID : 524
ThreadCreationTime : 25.07.2006 08:39:43
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 568
ThreadCreationTime : 25.07.2006 08:39:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 580
ThreadCreationTime : 25.07.2006 08:39:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 736
ThreadCreationTime : 25.07.2006 08:39:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 792
ThreadCreationTime : 25.07.2006 08:39:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 860
ThreadCreationTime : 25.07.2006 08:39:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
FilePath : C:\Programme\Ahead\InCD\
ProcessID : 880
ThreadCreationTime : 25.07.2006 08:39:45
BasePriority : Normal
FileVersion : 4, 3, 14, 1
ProductVersion : 4, 3, 14, 1
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 984
ThreadCreationTime : 25.07.2006 08:39:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1076
ThreadCreationTime : 25.07.2006 08:39:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1204
ThreadCreationTime : 25.07.2006 08:39:46
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1428
ThreadCreationTime : 25.07.2006 08:39:55
BasePriority : Normal


#:14 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1440
ThreadCreationTime : 25.07.2006 08:39:55
BasePriority : Normal


#:15 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\
ProcessID : 1500
ThreadCreationTime : 25.07.2006 08:39:55
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:16 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1624
ThreadCreationTime : 25.07.2006 08:39:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1796
ThreadCreationTime : 25.07.2006 08:39:59
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [alg.exe]
FilePath : C:\WINNT\System32\
ProcessID : 896
ThreadCreationTime : 25.07.2006 08:40:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1764
ThreadCreationTime : 25.07.2006 08:40:04
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:20 [hkcmd.exe]
FilePath : C:\WINNT\system32\
ProcessID : 768
ThreadCreationTime : 25.07.2006 08:40:06
BasePriority : Normal
FileVersion : 3.0.0.4342
ProductVersion : 7.0.0.4342
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:21 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_06\bin\
ProcessID : 992
ThreadCreationTime : 25.07.2006 08:40:07
BasePriority : Normal


#:22 [bacstray.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1024
ThreadCreationTime : 25.07.2006 08:40:07
BasePriority : Normal
FileVersion : 6, 12, 0, 0
ProductVersion : 6, 12, 0, 0
ProductName : BacsTray Application
CompanyName : Broadcom Corporation
FileDescription : BacsTray Application
InternalName : BacsTray
LegalCopyright : Copyright(C) 2000-2003 Broadcom Corporation, All Rights Reserved
LegalTrademarks : Copyright(C) 2000-2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BacsTray.EXE

#:23 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1060
ThreadCreationTime : 25.07.2006 08:40:07
BasePriority : Normal


#:24 [gnotify.exe]
FilePath : C:\Programme\Google\Gmail Notifier\
ProcessID : 1084
ThreadCreationTime : 25.07.2006 08:40:07
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe

#:25 [smax4pnp.exe]
FilePath : C:\Programme\Analog Devices\Core\
ProcessID : 1100
ThreadCreationTime : 25.07.2006 08:40:08
BasePriority : Normal
FileVersion : 5, 2, 0, 5
ProductVersion : 5, 2, 0, 5
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright (C) 2002-2004 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:26 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 1316
ThreadCreationTime : 25.07.2006 08:40:10
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:27 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1356
ThreadCreationTime : 25.07.2006 08:40:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:28 [outlook.exe]
FilePath : C:\Programme\Microsoft Office\OFFICE11\
ProcessID : 4036
ThreadCreationTime : 25.07.2006 08:44:03
BasePriority : Normal


#:29 [winword.exe]
FilePath : C:\Programme\Microsoft Office\OFFICE11\
ProcessID : 296
ThreadCreationTime : 25.07.2006 08:44:15
BasePriority : Normal


#:30 [msnmsgr.exe]
FilePath : C:\Programme\MSN Messenger\
ProcessID : 3704
ThreadCreationTime : 25.07.2006 10:03:57
BasePriority : Normal
FileVersion : 8.0.0792.00
ProductVersion : 8.0.0792
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:31 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1660
ThreadCreationTime : 25.07.2006 10:04:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 632
ThreadCreationTime : 25.07.2006 10:25:58
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Zango Object Recognized!
Type : File
Data : A0061415.dll
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9A0A390D-F36A-4014-AD41-56FF6981D34D}\RP315\
FileVersion : 8.5.63.0
ProductVersion : 8.5.63.0
ProductName : Zango
CompanyName : 180solutions, Inc.
FileDescription : Zango
InternalName : ClientHook
LegalCopyright : Copyright © 2005, 180solutions Inc.
OriginalFilename : ClientHook.dll


WindUpdates Object Recognized!
Type : File
Data : A0061422.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{9A0A390D-F36A-4014-AD41-56FF6981D34D}\RP315\
FileVersion : 26, 0, 0, 148
ProductVersion : 26, 0, 0, 148
ProductName : MediaGateway
CompanyName : 180solutions
FileDescription : Give you access to free content.
InternalName : MediaGateway.exe
LegalCopyright : (c) 180solutions. All rights reserved.
OriginalFilename : MediaGateway.exe


WindUpdates Object Recognized!
Type : File
Data : A0061423.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{9A0A390D-F36A-4014-AD41-56FF6981D34D}\RP315\
FileVersion : 26, 0, 0, 148
ProductVersion : 26, 0, 0, 148
ProductName : MediaGateway
CompanyName : 180solutions
FileDescription : Give you access to free content.
InternalName : MediaGateway.exe
LegalCopyright : (c) 180solutions. All rights reserved.
OriginalFilename : MediaGateway.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 11




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

12:44:28 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:15.109
Objects scanned:232503
Objects identified:3
Objects ignored:0
New critical objects:3

Spybot hab ich kein Logfile gefunden, war aber 1 ergebniss von Swizzor
und wurde behoben, hab nur leider versäumt das ganze im abgesicherten Modus zu machen. Soll ich es lieber nochmal laufen lassen?

Problem ist nicht behoben

[markusg]

wenn die probleme behoben isnd dann nciht. du kannst es natürlich sicherheitshalber machen.

[Rayson]

nee die probleme sind noch da, also werd ichs wohl auf jeden fall machen

[markusg]

hallo lade dir das programm CounterSpy
von
http://research.sunbelt-software.com/download.cfm
runter.
nimm bitte diese anleitung:
CounterSpy Anleitung
scans im abgesicherten modus kann einige zeit in anspruch nehem. alle logs hier posten!!!!

[markusg]

hallo, pste jees logfile einzeln. also nach jedem fund und danach löschen. wird ein log erstellt, dieses jeweils posten bitte.

[markusg]

wegen deines Swizzor's
geh mal auf arbeitsplatz systemsteuerung
software
und schau mal ob da
Netpumper oder MessengerPlus3 sind. wenn ja, deinstalieren. hilft das?
du musst deine pc neu starten nachdem du die programme deinstaliert hast.

[Rayson]

joa hab alles im abgesicherten modus nochmal gemacht und die popups sind weg

Danke für die Hilfe

(Messenger Plus war auch installiert)

[markusg]

dan deinstaliere diesen ich würde obwohl es sicher viel zeit in anspruch nimmt counterspy laufen lassen und poste uns die logs.
schalte auch bitte nachdem du das programm deinstaliert hast die systemwiederherrstellung aus. starte den rechner neu in den abgesicherten modus und lass wenn du willst counterspy scannen. aber das mit der systemwiederherrstellung auf jeden fall. wenn du counterspy nicht benutzt, kannst wieder in den normalen modus zurückkehren.