Ging OSAM auch nicht?

doch osam ging, hier ist das log dafuer

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:05:13 on 11.06.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 13.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForOwner.job" - "Hewlett-Packard" - C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"pavcpl.cpl" - "Panda Software" - C:\Windows\system32\pavcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PavCPL" - "Panda Software" - C:\Windows\system32\pavcpl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AmFSM" (AmFSM) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\amm8660.sys
"Antivirus Filter Driver" (AvFlt) - ? - C:\Windows\system32\drivers\av5flt.sys  (File not found)
"App Filter Plugin" (APPFLT) - "Panda Security, S.L." - C:\Windows\system32\Drivers\APPFLT.SYS
"catchme" (catchme) - ? - C:\Users\Owner\AppData\Local\Temp\catchme.sys  (File not found)
"DSA Filter Plugin" (DSAFLT) - ? - C:\Windows\system32\Drivers\DSAFLT.SYS
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Ids Filter Plugin" (IDSFLT) - "Panda Security, S.L." - C:\Windows\system32\Drivers\IDSFLT.SYS
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NetMon Filter Plugin" (FNETMON) - "Panda Security, S.L." - C:\Windows\system32\Drivers\fnetmon.SYS
"PalmUSBD" (PalmUSBD) - ? - C:\Windows\System32\drivers\PalmUSBD.sys  (File not found)
"Panda Anti-Dialer" (ComFiltr) - ? - C:\Windows\system32\DRIVERS\COMFiltr.sys
"Panda boot driver" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\Drivers\pavboot.sys
"Panda File Shield Driver" (ShldDrv) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\ShlDrv51.sys
"Panda Net Driver [TDI Layer]" (NETFLTDI) - "Panda Security, S.L." - C:\Windows\system32\Drivers\NETFLTDI.SYS
"Panda Process Protection Driver" (PavProc) - "Panda Security, S.L." - C:\Windows\system32\DRIVERS\PavProc.sys
"PavSRK.sys" (PavSRK.sys) - ? - C:\Windows\system32\PavSRK.sys  (File not found)
"PavTPK.sys" (PavTPK.sys) - ? - C:\Windows\system32\PavTPK.sys  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"Wifi Monitor Filter Plugin" (WNMFLT) - ? - C:\Windows\system32\Drivers\WNMFLT.SYS

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{65756541-C65C-11CD-0000-4B656E696100} "Panda Antivirus" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Internet Security 2012\PavOLE.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "Installation Support" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Common\Yinsthelper.dll / C:\Program Files\Yahoo!\Common\Yinsthelper.dll
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - ? - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll  (File not found)
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{2EECD738-5844-4a99-B4B6-146BF802613B} "Babylon toolbar helper" - ? - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll  (File not found)
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"APVXDWIN" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" /s
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SCANINICIO" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
"Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Panda Function Service" (PAVFNSVR) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
"Panda Host Service" (PSHost) - "Panda Security International" - c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE
"Panda IManager Service" (PSIMSVC) - "Panda Security S.L." - C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe
"Panda On-Access Anti-Malware Service" (PAVSRV) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
"Panda Process Protection Service" (PavPrSrv) - "Panda Security, S.L." - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
"Panda PSK service" (PskSvcRetail) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe
"Panda Software Controller" (Panda Software Controller) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe
"Panda TPSrv" (TPSrv) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"avldr" - "On-Access Anti-Malware Scanner Sync" - C:\Windows\system32\avldr.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Also hier ist nochmal das log., kann es sein das der MBRFix nur ein paar Sekunden dauert?!

Danke dir fuer deine Hilfe

MFG Sarah

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 13:47:02
-----------------------------
13:47:02.000    OS Version: Windows 6.0.6002 Service Pack 2
13:47:02.000    Number of processors: 2 586 0x6802
13:47:02.000    ComputerName: OWNER-PC  UserName: Owner
13:47:49.674    Initialize success
13:48:09.611    AVAST engine defs: 12061100
13:48:18.175    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
13:48:18.175    Disk 0 Vendor: WDC_WD2500BEVS-60UST0 01.01A01 Size: 238475MB BusType: 3
13:48:18.191    Disk 0 MBR read successfully
13:48:18.191    Disk 0 MBR scan
13:48:18.206    Disk 0 Windows VISTA default MBR code
13:48:18.237    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       226282 MB offset 63
13:48:18.269    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        12189 MB offset 463427055
13:48:18.284    Disk 0 scanning sectors +488392065
13:48:18.362    Disk 0 scanning C:\Windows\system32\drivers
13:48:37.020    Service scanning
13:49:17.581    Modules scanning
13:49:24.148    Disk 0 trace - called modules:
13:49:24.180    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys nvlddmkm.sys 
13:49:24.195    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85741ac8]
13:49:24.211    3 CLASSPNP.SYS[881b48b3] -> nt!IofCallDriver -> [0x84fac3b8]
13:49:24.211    5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x850155e0]
13:49:25.459    AVAST engine scan C:\Windows
13:49:30.061    AVAST engine scan C:\Windows\system32
13:55:41.935    AVAST engine scan C:\Windows\system32\drivers
13:56:07.754    AVAST engine scan C:\Users\Owner
14:13:05.297    AVAST engine scan C:\ProgramData
14:18:52.555    Scan finished successfully
17:06:21.342    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:06:21.388    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
         

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hi Arne also ich habe jetzt 3 mal den Vollscan von Malwarebytes gemacht und ich bekomme keine log datein auser das hier

Code: Alles auswählenAufklappen

ATTFilter

2012/06/13 09:40:17 +0200	OWNER-PC	Owner	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 60711, Process: firefox.exe)
2012/06/13 09:40:19 +0200	OWNER-PC	Owner	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 60712, Process: firefox.exe)
2012/06/13 09:40:20 +0200	OWNER-PC	Owner	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 49152)
2012/06/13 09:48:50 +0200	OWNER-PC	Owner	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 61862, Process: firefox.exe)
2012/06/13 09:48:51 +0200	OWNER-PC	Owner	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 49152)
2012/06/13 09:48:51 +0200	OWNER-PC	Owner	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 61863, Process: firefox.exe)
2012/06/13 09:48:51 +0200	OWNER-PC	Owner	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 49152)
2012/06/13 11:44:16 +0200	OWNER-PC	Owner	MESSAGE	Starting database refresh
2012/06/13 11:44:16 +0200	OWNER-PC	Owner	MESSAGE	Stopping IP protection
2012/06/13 11:44:27 +0200	OWNER-PC	Owner	MESSAGE	IP Protection stopped
2012/06/13 11:45:25 +0200	OWNER-PC	Owner	MESSAGE	Database refreshed successfully
2012/06/13 11:45:25 +0200	OWNER-PC	Owner	MESSAGE	Starting IP protection
2012/06/13 11:45:40 +0200	OWNER-PC	Owner	MESSAGE	IP Protection started successfully
2012/06/13 16:52:41 +0200	OWNER-PC	Owner	MESSAGE	Stopping IP protection
2012/06/13 16:52:47 +0200	OWNER-PC	Owner	MESSAGE	IP Protection stopped
2012/06/13 16:52:47 +0200	OWNER-PC	Owner	MESSAGE	Starting IP protection
2012/06/13 16:53:02 +0200	OWNER-PC	Owner	MESSAGE	IP Protection started successfully
2012/06/13 16:53:02 +0200	OWNER-PC	Owner	MESSAGE	Stopping IP protection
2012/06/13 16:53:07 +0200	OWNER-PC	Owner	MESSAGE	IP Protection stopped
2012/06/13 16:53:07 +0200	OWNER-PC	Owner	MESSAGE	Starting IP protection
2012/06/13 16:53:23 +0200	OWNER-PC	Owner	MESSAGE	IP Protection started successfully
         

Das ist kein Scan-Log, sondern ein Protection-Log!

Schau mal nach ob die Logs noch hier zu sehen sind in Form von Textdateien. Damit du die Ordner auch siehst das hier VORHER umsetzen!! => http://www.trojaner-board.de/59624-a...-sichtbar.html

Hauptlogs nach Scans (Quick, Full oder Flash):

• XP:
  C:\Dokumente und Einstellungen\(USER)\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd.txt
  
  
• Vista, Windows 7, 2008:
  C:\Users\(USER)\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd.txt

Hi Arne also ich hab nachgeschaut, gibt es nicht, warum ist mir auch nicht ganz klar da ich alle scan's genau wie vorher auch gemacht habe, ich habe gerade mal ein quick scan gemacht und das ist das log automatisch gekommen was beim full scan nicht der fall war

hier ist das log

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Owner :: OWNER-PC [Administrator]

Schutz: Aktiviert

6/14/2012 2:46:57 PM
mbam-log-2012-06-14 (14-46-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211183
Laufzeit: 23 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

hier ist das log von superantispyware

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/14/2012 at 05:52 PM

Application Version : 5.0.1150

Core Rules Database Version : 8734
Trace Rules Database Version: 6546

Scan type       : Complete Scan
Total Scan Time : 02:25:21

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 733
Memory threats detected   : 0
Registry items scanned    : 35466
Registry threats detected : 0
File items scanned        : 72468
File threats detected     : 4

Adware.Tracking Cookie
	C:\USERS\OWNER\APPDATA\LOCAL\VIRTUALSTORE\WINDOWS\TEMP\COOKIES\OWNER@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
	delivery.ibanner.de [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7WXUZ6ZH ]
	media.mtvnservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7WXUZ6ZH ]

Adware.InstallCore
	C:\USERS\OWNER\DOWNLOADS\ADLSOFT_UNCOMPRESSOR_V2.EXE
         

das programm hat etwas gefunden, wie sollte ich jetzt weiter vorgehen?!

vielen dank

mfg sarah

Zitat:

Adware.InstallCore
C:\USERS\OWNER\DOWNLOADS\ADLSOFT_UNCOMPRESSOR_V2.EXE

Wieso kommt dieser komischer Entpacker in letzter Zeit so stark in Mode?
Den seh ich nicht nur bei dir. SOndern häufiger in den Logs. Darf ich fragen warum du den benutzt und nicht sowas wie 7zip?


Sieht aberr ok aus, da wurden ansonsten nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hi Arne habe nochmals ein fullscan mit PANDA gemacht und er hatte nochmal ein cookie gefunden und gleich bereinigt sonst nichts weiter.

Vielen Dank dir nochmal, ohne deine super hilfe haette ich es nicht so hinbekommen

MFG Sarah

Verrat mir bitte noch woher und warum du diesen Entpacker hast