Virus EXP/2010-0840.BC auf Rechner gefunden

cosinus · 08.11.2011, 20:58

Was verstehst du an der Anleitung nicht?

Chaoselly · 08.11.2011, 21:34

Hallo, hier schon mal gmer, bin mir aber nicht sicher ob das so komplett ist, ich schwitz hier Blut und Wasser weil ich nicht weiss was ich tue, versuche mich jetzt an dem Osam.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-08 21:27:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD5000AAKS-75A7B0 rev.01.03B01
Running: dvxe6ve2.exe; Driver: C:\Users\Petra\AppData\Local\Temp\ugloapob.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwClose [0x9068788E]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwCreateFile [0x906870EC]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwCreateKey [0x90686DCE]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwCreateSection [0x90688938]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwDeleteKey [0x90686ED8]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwDeleteValueKey [0x90686FC2]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwLoadDriver [0x90687BBC]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwOpenFile [0x906873F4]
SSDT            8BADE6D3                                                                                                                ZwSetContextThread
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwSetInformationFile [0x90687526]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwSetValueKey [0x90686BFC]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwTerminateProcess [0x90687B04]
SSDT            \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                           ZwWriteFile [0x9068770C]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 1A9                                                                                           822FC92C 4 Bytes  [8E, 78, 68, 90]
.text           ntkrnlpa.exe!KeSetEvent + 1D9                                                                                           822FC95C 4 Bytes  [EC, 70, 68, 90] {IN AL, DX ; JO 0x6b; NOP }
.text           ntkrnlpa.exe!KeSetEvent + 1E9                                                                                           822FC96C 4 Bytes  [CE, 6D, 68, 90]
.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                           822FC998 4 Bytes  [38, 89, 68, 90]
.text           ntkrnlpa.exe!KeSetEvent + 2D5                                                                                           822FCA58 4 Bytes  [D8, 6E, 68, 90] {FSUBR DWORD [ESI+0x68]; NOP }
.text           ...                                                                                                                     
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                section is writeable [0x8F607340, 0x399D17, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                              Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Petra\AppData\Local\Temp\catchme.sys                                                                           Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                                   [73C87817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                                    [73CDA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                [73C8BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                          [73C7F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                                    [73C875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                 [73C7E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                     [73CB8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                        [73C8DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                                [73C7FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                                 [73C7FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                                  [73C771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                          [73D0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                             [73CAC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                [73C7D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                                          [73C76853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                                         [73C7687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4788] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                            [73C82AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{2805e90c-341c-495d-8d89-0c1a790bfd7c}@Dhcpv6Iaid   100668450
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{2805e90c-341c-495d-8d89-0c1a790bfd7c}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4f4b0580-a9f3-4ab8-8aca-90ba5a3a55b9}@Dhcpv6Iaid   335544320
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4f4b0580-a9f3-4ab8-8aca-90ba5a3a55b9}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5a2d3e1e-9d7d-4330-9c34-4d598814b787}@Dhcpv6Iaid   251663218
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5a2d3e1e-9d7d-4330-9c34-4d598814b787}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{63c6161c-b636-4767-b403-9c7c8c8f1137}@Dhcpv6Iaid   201331011
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{63c6161c-b636-4767-b403-9c7c8c8f1137}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{6846832d-77cf-434a-958b-6fbc7022b40a}@Dhcpv6Iaid   251666843
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{6846832d-77cf-434a-958b-6fbc7022b40a}@Dhcpv6State  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{6846832d-77cf-434a-958b-6fbc7022b40a}@NameServer   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c5143e22-906f-42a9-838f-8fe3af703932}@Dhcpv6Iaid   268566612
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c5143e22-906f-42a9-838f-8fe3af703932}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c5143e22-906f-42a9-838f-8fe3af703932}@NameServer   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{d49b0fb5-de02-4e28-ae91-94565eaf16b8}@Dhcpv6Iaid   234885443
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{d49b0fb5-de02-4e28-ae91-94565eaf16b8}@Dhcpv6State  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f8b9ab0c-f9e8-47f4-ba0b-9ddcc01bffb2}@Dhcpv6Iaid   117445666
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f8b9ab0c-f9e8-47f4-ba0b-9ddcc01bffb2}@Dhcpv6State  0

---- EOF - GMER 1.0.15 ----

--- --- ---

Chaoselly · 08.11.2011, 21:43

Hallo,

ich kann das nicht öffnen, sagt Datei wird nicht unterstüzt oder Fehlerhaft,
ist im Adobe Reader ist das richtig, oder hab ich was falsches downgeloadtet?

Auch habe ich nun nach dem Neustart Probleme, erst kommt der Windowsbildschirm nur Bruchstückhaft ,es verschwinden Teile davon, weiss nicht wie ich es erklären soll und dann hat er das Farbschema geändert.

Chaoselly · 08.11.2011, 23:00

Hallo Cosinus,

sorry das hat nun was gedauert bis ichs kapiert habe, hier der Log von Osam

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:53:44 on 08.11.2011

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 7.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CinePlayer DVD Decoder Options" - "Sonic Solutions" - C:\Program Files\Sonic\CinePlayer Decoder Pack\cmdvdpak.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Petra\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"Spyware Terminator Driver 2" (sp_rsdrv2) - ? - C:\Windows\system32\drivers\sp_rsdrv2.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys  (File not found)
"ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys  (File not found)
"ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - "Crawler.com" - C:\Program Files\Spyware Terminator\sptcontmenu.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} "Flash Casino Helper Control" - "Microgaming.co.uk" - C:\Windows\Downloaded Program Files\iefax.dll / https://plugins.valueactive.eu/flashax/iefax.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech . Produktregistrierung.lnk" - "Leader Technologies/Logitech" - C:\Program Files\Logitech\Ereg\eReg.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"SpywareTerminatorUpdate" - "Crawler.com" - "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"dscactivate" - " " - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"ECenter" - " " - C:\Dell\E-Center\EULALauncher.exe
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"PMX Daemon" - "Primax Electronics Ltd." - ICO.EXE
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SpywareTerminator" - "Crawler.com" - "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ToADiMon.exe" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"SSP2M Langmon" - ? - C:\Windows\system32\ssp2ml3.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xampp\xampplite\apache\bin\httpd.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"MySQL" (MySQL) - "MySQL AB" - C:\xampp\xampplite\mysql\bin\mysqld.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
"Spyware Terminator Realtime Shield Service" (sp_rssrv) - "Crawler.com" - C:\Program Files\Spyware Terminator\sp_rsser.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Gruss Chaoselly

Chaoselly · 09.11.2011, 00:42

Nun noch der Log von aswMBR,

Gruss Chaoselly

cosinus · 09.11.2011, 10:02

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Chaoselly · 09.11.2011, 13:58

Hallo cosinus,

ok hier die zwei scans, bei SUPERAntiSpyware hat er wieder was gefunden.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8122

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

09.11.2011 13:24:10
mbam-log-2011-11-09 (13-24-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 404181
Laufzeit: 1 Stunde(n), 11 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Superantispyware:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/09/2011 at 01:47 PM

Application Version : 5.0.1134

Core Rules Database Version : 7917
Trace Rules Database Version: 5729

Scan type : Quick Scan
Total Scan Time : 00:04:47

Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 702
Memory threats detected : 0
Registry items scanned : 30063
Registry threats detected : 0
File items scanned : 7272
File threats detected : 1

Adware.Tracking Cookie
C:\USERS\PETRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\petra@www.google[3].txt [ Cookie

etra@www.google.com/accounts ]

Gruss Chaoselly

Chaoselly · 09.11.2011, 14:04

Hilfe, hab glaub ich falsch geklickt der will rebooten nun, ich lass erst mal alles offen

cosinus · 10.11.2011, 09:46

Zitat:

Scan type : Quick Scan

Ich wollte auch einen Vollscan mit SUPERAntiSpyware sehen

Chaoselly · 10.11.2011, 13:50

sorry,

hier der richtige scan

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/10/2011 at 01:33 PM

Application Version : 5.0.1134

Core Rules Database Version : 7924
Trace Rules Database Version: 5736

Scan type : Complete Scan
Total Scan Time : 01:28:49

Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 720
Memory threats detected : 0
Registry items scanned : 37275
Registry threats detected : 0
File items scanned : 248557
File threats detected : 35

Adware.Tracking Cookie
C:\USERS\PETRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6CYO4K4.txt [ Cookie

etra@trafficnetzwerk.de/ ]
.doubleclick.net [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
www.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
www.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]

Gruss Chaoselly

cosinus · 10.11.2011, 16:09

Zitat:

Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

So bringt das ganze nichts. Du musst möglichst alle Tools per Rechtsklick als Administrator ausführen.
Alternativ UAC sanfter einstellen oder deaktivieren

Chaoselly · 10.11.2011, 18:31

Hallo cosinus,

sorry, aber ich hab am Anfang geschrieben das ich null Ahnung habe.
Hab nicht mal ne Ahnung was nu sanfter eingestellt werden soll.
Ich scan das Ding nun mit nem Rechtsklick hoffe das ist dann richtig.

Gruss Chaoselly

Chaoselly · 10.11.2011, 20:28

So, neuer scan,

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/10/2011 at 08:04 PM

Application Version : 5.0.1134

Core Rules Database Version : 7924
Trace Rules Database Version: 5736

Scan type : Complete Scan
Total Scan Time : 01:28:47

Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 703
Memory threats detected : 0
Registry items scanned : 37283
Registry threats detected : 0
File items scanned : 250870
File threats detected : 36

Adware.Tracking Cookie
C:\USERS\PETRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6CYO4K4.txt [ Cookie

etra@trafficnetzwerk.de/ ]
.doubleclick.net [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
www.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
www.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.dasleadsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVHGSYRR.DEFAULT\COOKIES.SQLITE ]

Gruss Chaoselly

cosinus · 10.11.2011, 21:49

Ok, fehlt noch ESET

Chaoselly · 11.11.2011, 14:16

So hier eset

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c11aafa070c964db4ccc3304b1a0da1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 04:40:29
# local_time=2011-11-07 05:40:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 103144 57211879 97084 0
# compatibility_mode=5892 16776637 100 100 11844 158207725 0 0
# compatibility_mode=7937 16777213 100 100 5104701 45846823 0 0
# compatibility_mode=8192 67108863 100 0 4769 4769 0 0
# compatibility_mode=9217 16777214 75 66 4596219 22635725 0 0
# scanned=404220
# found=5
# cleaned=0
# scan_time=9006
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Petra\Downloads\SoftonicDownloader9266.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Petra\Downloads\SoftonicDownloader_fuer_nero-multimedia-suite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
J:\Downloads\SetupCasino_d70c81.exe Win32/PTCasino application (unable to clean) 00000000000000000000000000000000 I
J:\Downloads\SoftonicDownloader9266.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c11aafa070c964db4ccc3304b1a0da1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-11 12:49:48
# local_time=2011-11-11 01:49:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 134063 57547341 143922 0
# compatibility_mode=5892 16776637 100 100 9125 158543187 0 0
# compatibility_mode=7937 16777213 100 100 5440163 46182285 0 0
# compatibility_mode=8192 67108863 100 0 340231 340231 0 0
# scanned=244192
# found=3
# cleaned=0
# scan_time=5302
C:\Users\Petra\Downloads\SoftonicDownloader9266.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Petra\Downloads\SoftonicDownloader_fuer_nero-multimedia-suite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\11082011_124607\C_Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I

Gruss Chaoselly

08.11.2011, 20:58	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus EXP/2010-0840.BC auf Rechner gefunden Was verstehst du an der Anleitung nicht? __________________ Logfiles bitte immer in CODE-Tags posten

10.11.2011, 21:49	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus EXP/2010-0840.BC auf Rechner gefunden Ok, fehlt noch ESET __________________ Logfiles bitte immer in CODE-Tags posten

Virus EXP/2010-0840.BC auf Rechner gefunden

Log-Analyse und Auswertung: Virus EXP/2010-0840.BC auf Rechner gefunden