| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GEMA - Trojaner ...shell.text bereits erstelltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.01.2012, 10:43
| #61 |
 |  GEMA - Trojaner ...shell.text bereits erstellt Also ich hab gerade nen Problem. Comcofix meint, dass Avira Desktop noch aktiv ist. Ich habe den Ectzeitscanner aber deaktiviert. Ist Avira Desktop noch eine andere Funktion? Und wenn ja, wie schalte ich sie aus? Ich hab schon bei Google gesucht, aber da finde ich nichts passendes. Im Taskmanager wollte ich alle Prozesse und Dienste die mit Avira zu tun haben beenden, aber da wird mir immer der Zugriff verweigert. mfg |
|
07.01.2012, 12:52
| #62 |
| | GEMA - Trojaner ...shell.text bereits erstellt Ok ich hab dann doch gefunden wie es geht.
__________________Ich hab bei AntiVir die Prezesssicherheit ausgeschaltet und dann Antivir über die Verwaltung beendet. Danach hab ich Combofix starten lassen. Nach dem Scan hieß es, dass ich eine "schwierige Infektion" habe und Combofix wollte einen Neustart machen. Allerdings bleibt dieser auf halbem Wege stehen. Im Momment sehe ich nur den schwarzen Bildschirm wo oben links der cursor blinkt. Weiter tut sich nichts. Die F-Tasten bringen auch nichts und ich traue mich nicht den PC kalt abzuschalten, weil Combofix meinte, dass ich keinen manuellen Neustart machen soll. Was nun?  mfg Geändert von Tamrin (07.01.2012 um 13:14 Uhr) |
|
07.01.2012, 15:43
| #63 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GEMA - Trojaner ...shell.text bereits erstellt Starte einfach mal neu. Wenn das nicht geht im abgesicherten Modus mit Netzwerktreibern (mal wieder
__________________ ) weitermachen
__________________ |
|
07.01.2012, 16:34
| #64 |
| | GEMA - Trojaner ...shell.text bereits erstellt Ok Neustart ging (zum Glück) ohne Probleme Code:
ATTFilter ComboFix 12-01-06.03 - Tamrin 07.01.2012 15:50:39.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1012.425 [GMT 1:00]
ausgeführt von:: c:\users\Tamrin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ipconfig.txt
c:\users\Tamrin\AppData\Local\._Revolution_
c:\users\Tamrin\AppData\Roaming\dwlGina3.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\~DFK57a2c5.tmp
c:\users\Tamrin\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\bass.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Tamrin\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Tamrin\AppData\Roaming\toolplugin\toolbar.dll
c:\windows\$NtUninstallKB12553$
c:\windows\$NtUninstallKB12553$\3407739412\@
c:\windows\$NtUninstallKB12553$\3407739412\bckfg.tmp
c:\windows\$NtUninstallKB12553$\3407739412\cfg.ini
c:\windows\$NtUninstallKB12553$\3407739412\Desktop.ini
c:\windows\$NtUninstallKB12553$\3407739412\keywords
c:\windows\$NtUninstallKB12553$\3407739412\kwrd.dll
c:\windows\$NtUninstallKB12553$\3407739412\L\xadqgnnk
c:\windows\$NtUninstallKB12553$\3407739412\U\00000001.@
c:\windows\$NtUninstallKB12553$\3407739412\U\00000002.@
c:\windows\$NtUninstallKB12553$\3407739412\U\00000004.@
c:\windows\$NtUninstallKB12553$\3407739412\U\80000000.@
c:\windows\$NtUninstallKB12553$\3407739412\U\80000004.@
c:\windows\$NtUninstallKB12553$\3407739412\U\80000032.@
c:\windows\$NtUninstallKB12553$\5603253
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\SETB871.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-07 bis 2012-01-07 ))))))))))))))))))))))))))))))
.
.
2012-01-04 19:33 . 2012-01-04 19:33 -------- d-----w- c:\programdata\Malwarebytes
2012-01-04 19:33 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-04 19:00 . 2012-01-04 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 11:26 . 2012-01-02 13:03 -------- d-----w- C:\_OTL
2011-12-29 02:30 . 2011-12-29 02:30 -------- d-----w- C:\eeepcfr
2011-12-28 23:55 . 2004-03-09 16:45 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-12-28 23:55 . 2003-12-26 00:13 212992 ----a-w- c:\windows\system32\YExBar.ocx
2011-12-28 23:55 . 1998-07-06 17:55 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2011-12-28 23:55 . 1998-06-24 10:55 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2011-12-28 23:55 . 1998-05-05 16:35 24576 ----a-w- c:\windows\system32\CMCT2DE.dll
2011-12-28 23:55 . 1998-05-05 16:35 112640 ----a-w- c:\windows\system32\CMCTLde.DLL
2011-12-28 23:55 . 2005-04-15 18:58 1351392 ----a-w- c:\windows\system32\comctl32.ocx
2011-12-26 23:53 . 2011-12-26 23:53 -------- d-----w- c:\program files\ESET
2011-12-26 01:10 . 2011-12-26 01:10 -------- d-----w- c:\users\Tamrin\AppData\Roaming\Malwarebytes
2011-12-26 00:58 . 2011-12-26 01:04 -------- d-----w- c:\programdata\SecTaskMan
2011-12-23 11:19 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40A6C077-1DDC-48FA-AA68-99DF7159B88A}\mpengine.dll
2011-12-14 08:21 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 08:21 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 08:20 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 08:20 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 08:20 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 08:20 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:35 . 2011-10-16 11:29 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-26 12:33 . 2011-11-26 12:33 644400 ----a-w- c:\windows\system32\mscomct2.ocx
2011-10-24 21:38 . 2011-10-24 21:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-16 11:29 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-16 11:29 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72}]
2010-03-08 17:05 198656 ----a-w- c:\users\Tamrin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-21 809480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tamrin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Tamrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tamrin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Tamrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2009-08-06 04:31 707104 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-05 09:09 1305408 ----a-w- c:\abc\Programme\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-08-04 05:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-08-06 17:18 349480 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-24 23:31 588648 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-05 10:29 7703072 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-09-25 12:16 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-03 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-03 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-28 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-08 218176]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 727584]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc52c46ddaf021.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-03 16:46]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc52c46f5c658f.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-03 16:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Tamrin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.178.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Tamrin\AppData\Roaming\Mozilla\Firefox\Profiles\b9e8zovd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?rls=ig
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ICQ - c:\abc\Programme\ICQ7\ICQ7.4\ICQ.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-toolplugin - c:\users\Tamrin\AppData\Local\Temp\WZSE0.TMP\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3480)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-07 16:32:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-07 15:31
.
Vor Suchlauf: 13 Verzeichnis(se), 149.968.117.760 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 153.192.632.320 Bytes frei
.
- - End Of File - - 70DA3F957A267B3214EF1F4F3EB2DD9C
 mfg |
|
07.01.2012, 16:44
| #65 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA - Trojaner ...shell.text bereits erstellt Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 17:54
| #66 |
| | GEMA - Trojaner ...shell.text bereits erstellt Gmer ist fertig. OSAM folgt: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:02:03 on 07.01.2012 OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cc52c46ddaf021.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA1cc52c46f5c658f.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "agdiipob" (agdiipob) - ? - C:\Users\Tamrin\AppData\Local\Temp\agdiipob.sys (Hidden registry entry, rootkit activity | File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Tamrin\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "int15.sys" (int15.sys) - ? - C:\Windows\System32\OEM\Factory\int15.sys (File found, but it contains no detailed information) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (File not found) {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (File not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\ABC\Programme\7-Zip\7-zip.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- 55963676-2F5E-4BAF-AC28-CF26AA587566 "55963676-2F5E-4BAF-AC28-CF26AA587566" - ? - (File not found | COM-object registry key not found) / vpnweb.cab {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} "Adobe Reader" - "Adobe Systems, Incorporated" - C:\Users\Tamrin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files\Acer\Registration\GregHSRW.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe "Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von Tamrin (07.01.2012 um 18:01 Uhr) |
|
07.01.2012, 19:18
| #67 |
| | GEMA - Trojaner ...shell.text bereits erstellt Und jetzt noch aswMBR: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:02:03 on 07.01.2012 OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cc52c46ddaf021.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA1cc52c46f5c658f.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "agdiipob" (agdiipob) - ? - C:\Users\Tamrin\AppData\Local\Temp\agdiipob.sys (Hidden registry entry, rootkit activity | File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Tamrin\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "int15.sys" (int15.sys) - ? - C:\Windows\System32\OEM\Factory\int15.sys (File found, but it contains no detailed information) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (File not found) {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (File not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\ABC\Programme\7-Zip\7-zip.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\ABC\Programme\OpenOffice\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- 55963676-2F5E-4BAF-AC28-CF26AA587566 "55963676-2F5E-4BAF-AC28-CF26AA587566" - ? - (File not found | COM-object registry key not found) / vpnweb.cab {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} "Adobe Reader" - "Adobe Systems, Incorporated" - C:\Users\Tamrin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files\Acer\Registration\GregHSRW.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe "Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru mfg |
|
08.01.2012, 01:10
| #69 |
| | GEMA - Trojaner ...shell.text bereits erstellt Huch wie konnte das passieren? Naja jetzt aber: Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 18:04:05
-----------------------------
18:04:05.648 OS Version: Windows 6.1.7601 Service Pack 1
18:04:05.648 Number of processors: 2 586 0x1C02
18:04:05.648 ComputerName: TAMRIN-PC UserName: Tamrin
18:04:14.899 Initialize success
18:08:13.782 AVAST engine defs: 12010700
18:10:11.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:10:11.001 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3
18:10:11.094 Disk 0 MBR read successfully
18:10:11.110 Disk 0 MBR scan
18:10:11.188 Disk 0 Windows 7 default MBR code
18:10:11.235 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
18:10:11.313 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
18:10:11.422 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226085 MB offset 25372672
18:10:11.469 Disk 0 scanning sectors +488395120
18:10:11.890 Disk 0 scanning C:\Windows\system32\drivers
18:11:53.165 Service scanning
18:11:54.429 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:11:55.178 Modules scanning
18:14:10.399 Disk 0 trace - called modules:
18:14:10.492 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spex.sys >>UNKNOWN [0x84307938]<<
18:14:10.508 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851ab370]
18:14:10.524 3 CLASSPNP.SYS[87ba059e] -> nt!IofCallDriver -> [0x847ab900]
18:14:10.539 5 ACPI.sys[873613d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84765028]
18:14:11.834 AVAST engine scan C:\Windows
18:15:52.049 AVAST engine scan C:\Windows\system32
18:28:41.068 AVAST engine scan C:\Windows\system32\drivers
18:32:10.810 AVAST engine scan C:\Users\Tamrin
19:07:13.631 AVAST engine scan C:\ProgramData
19:12:25.023 Scan finished successfully
19:16:54.295 Disk 0 MBR has been saved successfully to "C:\Users\Tamrin\Desktop\MBR.dat"
19:16:54.311 The log file has been saved successfully to "C:\Users\Tamrin\Desktop\aswMBR.txt"
mfg |
|
08.01.2012, 01:11
| #70 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA - Trojaner ...shell.text bereits erstellt Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2012, 01:20
| #71 |
| | GEMA - Trojaner ...shell.text bereits erstellt Wenn du sagst, dass es ok aussieht, meinst du damit, das mein Rechner eigentlich in Ordnung sein müsste? Ich frage, weil mein Desktop immernoch nicht richtig funktioniert. Ich mache jetzt erstmal die Scans, aber über eine Antwort würde ich mich trotzdem freuen. mfg |
|
08.01.2012, 02:35
| #72 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA - Trojaner ...shell.text bereits erstellt Ja das mit dem Desktop wusste ich so nicht. Ich sitz ja auch nicht direkt vor deinem Rechner. Wär auch mal gut zu wissen was wie genau immer noch nicht funktionieren sollte Denk dran, dass ich als Helfer weder auf deinem Monitot sehen noch deine Gedanken lesen kann 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2012, 16:42
| #73 |
| | GEMA - Trojaner ...shell.text bereits erstellt Malewarebytes hat nichts gefunden deswegen spar ich mir den Log hier mal Aber hier der SASW-Log Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/08/2012 at 04:23 PM
Application Version : 5.0.1142
Core Rules Database Version : 8112
Trace Rules Database Version: 5924
Scan type : Complete Scan
Total Scan Time : 02:14:32
Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 642
Memory threats detected : 0
Registry items scanned : 37653
Registry threats detected : 2
File items scanned : 175694
File threats detected : 133
Malware.Trace
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
Adware.Tracking Cookie
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@ad.zanox[1].txt [ /ad.zanox ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@adx.chip[1].txt [ /adx.chip ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@adxpose[1].txt [ /adxpose ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@apmebf[2].txt [ /apmebf ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@doubleclick[2].txt [ /doubleclick ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@invitemedia[1].txt [ /invitemedia ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@mediaplex[2].txt [ /mediaplex ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@msadcenter.112.2o7[1].txt [ /msadcenter.112.2o7 ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@smartadserver[1].txt [ /smartadserver ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@zanox[2].txt [ /zanox ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\HQI6PNPH.txt [ /ad.ad-srv.net ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\IJVITDX2.txt [ /media6degrees.com ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\Z8FW5QJB.txt [ /adfarm1.adition.com ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\JB87MSQW.txt [ /lucidmedia.com ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\P6ZASBDF.txt [ /atdmt.com ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\409J9OBY.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\1L2SPL90.txt [ /webmasterplan.com ]
C:\Users\Tamrin\AppData\Roaming\Microsoft\Windows\Cookies\4BYZDF1G.txt [ /tradedoubler.com ]
C:\USERS\TAMRIN\AppData\Roaming\Microsoft\Windows\Cookies\4ONSSEVQ.txt [ Cookie:tamrin@google.com/support/accounts/ ]
C:\USERS\TAMRIN\AppData\Roaming\Microsoft\Windows\Cookies\tamrin@www.google[4].txt [ Cookie:tamrin@www.google.com/support/accounts/ ]
C:\USERS\TAMRIN\Cookies\IJVITDX2.txt [ Cookie:tamrin@media6degrees.com/ ]
C:\USERS\TAMRIN\Cookies\tamrin@adxpose[1].txt [ Cookie:tamrin@adxpose.com/ ]
C:\USERS\TAMRIN\Cookies\4ONSSEVQ.txt [ Cookie:tamrin@google.com/support/accounts/ ]
C:\USERS\TAMRIN\Cookies\tamrin@ad.zanox[1].txt [ Cookie:tamrin@ad.zanox.com/ ]
C:\USERS\TAMRIN\Cookies\Z8FW5QJB.txt [ Cookie:tamrin@adfarm1.adition.com/ ]
C:\USERS\TAMRIN\Cookies\JB87MSQW.txt [ Cookie:tamrin@lucidmedia.com/ ]
C:\USERS\TAMRIN\Cookies\tamrin@msadcenter.112.2o7[1].txt [ Cookie:tamrin@msadcenter.112.2o7.net/ ]
C:\USERS\TAMRIN\Cookies\tamrin@adx.chip[1].txt [ Cookie:tamrin@adx.chip.de/ ]
C:\USERS\TAMRIN\Cookies\tamrin@smartadserver[1].txt [ Cookie:tamrin@smartadserver.com/ ]
C:\USERS\TAMRIN\Cookies\P6ZASBDF.txt [ Cookie:tamrin@atdmt.com/ ]
C:\USERS\TAMRIN\Cookies\tamrin@invitemedia[1].txt [ Cookie:tamrin@invitemedia.com/ ]
C:\USERS\TAMRIN\Cookies\409J9OBY.txt [ Cookie:tamrin@ad2.adfarm1.adition.com/ ]
C:\USERS\TAMRIN\Cookies\1L2SPL90.txt [ Cookie:tamrin@webmasterplan.com/ ]
C:\USERS\TAMRIN\Cookies\tamrin@doubleclick[2].txt [ Cookie:tamrin@doubleclick.net/ ]
C:\USERS\TAMRIN\Cookies\tamrin@www.google[4].txt [ Cookie:tamrin@www.google.com/support/accounts/ ]
C:\USERS\TAMRIN\Cookies\tamrin@mediaplex[2].txt [ Cookie:tamrin@mediaplex.com/ ]
C:\USERS\TAMRIN\Cookies\tamrin@zanox[2].txt [ Cookie:tamrin@zanox.com/ ]
C:\USERS\TAMRIN\Cookies\4BYZDF1G.txt [ Cookie:tamrin@tradedoubler.com/ ]
www.active-tracking.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.active-tracking.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.account.frogster-online.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.copernic-media.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openstat.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.geopaysys.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.geopaysys.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.geopaysys.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
webclickmanager.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.adxvalue.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countdownr.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countdownr.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countdownr.com [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.active-tracking.de [ C:\USERS\TAMRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.freenet.de [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
cdn.eyewonder.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
cdn.insights.gravity.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
cdn1.static.pornhub.phncdn.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
cloud.video.unrulymedia.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
counter.cam-content.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
delivery.ibanner.de [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
ds.serving-sys.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
files.youporn.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
ia.media-imdb.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
imagesrv.adition.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
inwmedia.net [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
media.adxpansion.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
media.ign.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
media.kyte.tv [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
media.mtvnservices.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
media.scanscout.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
objects.tremormedia.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
s0.2mdn.net [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
secure-us.imrworldwide.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
serving-sys.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
vidii.hardsextube.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
www.adservercentral.info [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
www.naiadsystems.com [ C:\USERS\TAMRIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UJVHGU3 ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XQ9GKG33 ]
delivery.ibanner.de [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XQ9GKG33 ]
Trojan.Agent/Gen-Frauder
C:\STORMBLADE\ZLCONF.EXE
Trojan.Agent/Gen-SoftonicDownloader
C:\USERS\TAMRIN\DOWNLOADS\SOFTONICDOWNLOADER_FUER_WOWMATRIX.EXE
Zu der Sache mit dem Desktop: ... Ich hatte am Anfang des Themas hier erzählt, dass alle Icons weg sind, aber habe eben gesehen, dass die per Einstellung einfach ausgeblendet wurden.  Ich mach jetzt ESET, aber ich bin überrascht wieviel SUPERAntiSpyware noch gefunden hat  mfg |
|
08.01.2012, 20:19
| #74 |
| | GEMA - Trojaner ...shell.text bereits erstellt ESET ist gerade fertig geworden: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=81e2b2100558fd40963ed3f4681fedd8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 08:11:11
# local_time=2011-12-27 09:11:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6240104 6240104 0 0
# compatibility_mode=5893 16776574 66 94 186522 76635831 0 0
# compatibility_mode=8192 67108863 100 0 64602 64602 0 0
# scanned=129424
# found=10
# cleaned=0
# scan_time=12032
C:\ABC\Spiele\WoW\sblauncher.exe probably a variant of Win32/TrojanDownloader.Agent.SVNSNU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Stormblade\zlconf.exe probably a variant of Win32/TrojanDownloader.Agent.SVNSNU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCLIRLSK\st[1].exe a variant of Win32/Kryptik.XZM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\AppData\Local\Temp\jar_cache572285927657068335.tmp a variant of J2ME/Agent.AA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\AppData\Roaming\toolplugin\toolbar.dll Win32/Adware.ToolPlugin application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\Downloads\sblauncher (1).exe probably a variant of Win32/TrojanDownloader.Agent.SVNSNU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\Downloads\sblauncher.exe probably a variant of Win32/TrojanDownloader.Agent.SVNSNU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\Downloads\SoftonicDownloader_fuer_wowmatrix.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Temp\ymoimg\setup.exe a variant of Win32/Kryptik.YBK trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Sirefef.DN trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=81e2b2100558fd40963ed3f4681fedd8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 07:05:46
# local_time=2012-01-08 08:05:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 7273166 7273166 0 0
# compatibility_mode=5893 16776574 66 94 1219584 77668893 0 0
# compatibility_mode=8192 67108863 100 0 1097664 1097664 0 0
# scanned=126762
# found=4
# cleaned=0
# scan_time=11845
C:\ABC\Spiele\WoW\sblauncher.exe probably a variant of Win32/TrojanDownloader.Agent.SVNSNU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Tamrin\AppData\Roaming\toolplugin\toolbar.dll.vir Win32/Adware.ToolPlugin application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\Downloads\sblauncher (1).exe probably a variant of Win32/TrojanDownloader.Agent.SVNSNU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tamrin\Downloads\sblauncher.exe probably a variant of Win32/TrojanDownloader.Agent.SVNSNU trojan (unable to clean) 00000000000000000000000000000000 I
mfg |
|
08.01.2012, 21:27
| #75 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA - Trojaner ...shell.text bereits erstellt Ein paar Überreste, die übliche Toolparplage in Setups. Kannst meinetwegen alles löschen. Die Cookies auch... Rechner soweit wieder im Lot?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GEMA - Trojaner ...shell.text bereits erstellt |
| adobe, antivir, appdata, avg, avgnt, avira, benutzerkonto, c:\windows, desktop, file, ics, infected, laden, launch, link, maleware, moved, not, probleme, ratlos, roaming, scan, shell.txt, suche, system, system32, trojaner, windows, winlogon |
Linear-Darstellung
