Hallo,
ich bin neu hier und bitte eventuelle Fehler zu entschuldigen.

Mein Firefox öffnet seit kurzem selbstständig TABs mit Werbung.Z.B. Quelle.
Ist zwar nervig,aber damit könnte ich noch leben.

Schlimmer ist,wenn ich mit Firefox arbeite,lädt er nach ca. 5 Minuten keine Seiten mehr.
Wenn ich FF schließe und es wieder öffnen möchte,sagt er mir,dass FF bereits läuft.Ich kann den FF Prozess im Task-Manager schließen und dann funktionert es wieder.Für ca.5 Minuten und dann geht das Spiel wieder von vorne los

Malwarebytes' Anti-Malware 1.30 hat nichts gefunden

Ich hoffe ich poste das jetzt alles richtig:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
Advanced Audio FX Engine
Advanced Video FX Engine
AppCore
Apple Mobile Device Support
Apple Software Update
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
Backup
Benutzerhandbuch
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
CafeDelSolScreensaver1-2
ccCommon
CCleaner (remove only)
Conexant HDA D330 MDC V.92 Modem
Dell Handbuch zum Einstieg
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
DivX Player
Favorit
FujiDirekt 2.6
Fußball-Lexikon 2008
GearDrvs
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
ICQ6
iTunes
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar
Live! Cam Avatar Creator
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaDirect
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Modem-Diagnose-Tool
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
NetWaiting
Norton 360
Norton 360
Norton 360
Norton 360 HTMLHelp
Norton 360 Online (Symantec Corporation)
Norton Confidential Core
NVIDIA Drivers
OutlookAddinSetup
Preispiraten
PunkBuster Services
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Sonic Activation Module
SPBBC 32bit
Spybot - Search & Destroy
Steuer-Spar-Erklärung 2008
Steuer-Spar-Erklärung 2009
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
TuneUp Utilities 2008
Veetle TV Player 0.9.11
Veetle TV Player 0.9.11
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Mobile-Gerätecenter
Windows Mobile-Gerätecenter: Treiberupdate
Windows-Treiberpaket - NVIDIA (nvlddmkm) Display (03/24/2008 7.15.11.7474)
WinRAR
Xvid 1.1.3 final uninstall

Code: Alles auswählenAufklappen

ATTFilter

	
HTML-Code:
	
[CODE][PHP]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:18, on 07.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\***\AppData\Local\aokag.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E0208AA-712A-4D03-800E-E8BC33659C75} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Online\osCheck.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [aokag] "c:\users\***\appdata\local\aokag.exe" aokag
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Spiele\Pokerstars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11050 bytes[INDENT][/PHP]
 
 

[/INDENT][/CODE]

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

• Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

• Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code: Alles auswählenAufklappen

ATTFilter

C:\Windows\System32\appdrvrem01.exe
c:\users\***\appdata\local\aokag.exe <- Pfad richtig anpassen!
         

• Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

• Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

• Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Falls die aokag.exe erkannt wird, hier weiter... (die andere Datei kann beides sein, gut und böse, daher erst nach erkennen ein entsprechendes Script)....
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html
oder
http://www.wintotal.de/Software/index.php?id=4101

Options: Delete on Reboot --> anhaken
reinkopieren:

Code: Alles auswählenAufklappen

ATTFilter

c:\users\***\appdata\local\aokag.exe <- Pfad richtig anpassen!
         

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "yes"

PC neustarten

Hijackthis, fixen (wenn die aokag.exe erkannt wird):
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code: Alles auswählenAufklappen

ATTFilter

O4 - HKCU\..\Run: [aokag] "c:\users\***\appdata\local\aokag.exe" aokag
         

Anschließend MAM installieren und laufen/bereinigen lassen (update nicht vergessen)!

Malwarebytes Antimalware (MAM).
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Fullscan und alles bereinigen lassen! Log posten.
Alternativer Download: http://filepony.de/download-malwarebytes_anti_malware/, http://www.gt500.org/malwarebytes/mbam.jsp

Poste auch noch ein neues HJ-Log...

Chris

Hier schon mal die Ergebnisse von Virustotal
File size: 304528 bytes
MD5...: 3f56e9e6f01d014a70718f3986566481
SHA1..: 09f6b561551b92ff498dec8633ee6ccc0daffa07
SHA256: b9c39e3b3b2ac52dd890c89a3ab06e2a812ea4d7b291145f776bb8a35d4cb0a5
SHA512: 1b216aed2cef4586f13ca9ca141021d2895ec6ea9b60c91ffb679a77621efa75
7f843ce1c142550c904e9a81f5d93e76216d3d3248ee6c4399bd519514282055
ssdeep: 6144:JrE1282PtIvOZEBxMAluxEqozvN7JEN8kmBxY1VJheO+BH/tniZ+bvT/jGb
nPtF0:JI0Jd+BlqL+qxu

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14842
timedatestamp.....: 0x48689439 (Mon Jun 30 08:07:21 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2b903 0x2c000 6.56 5eb91fbfae17dd2f7681a11dd859c50e
.rdata 0x2d000 0x1634c 0x17000 4.76 ea3abc23bd474e07e5bcc8be7cfd082a
.data 0x44000 0x5d94 0x4000 4.69 2ec59dce875d2fcb69a76efe0b6d29bc
.rsrc 0x4a000 0x4c8 0x1000 1.29 d80ef2b75cfd1159071bc82f77ddb834

( 4 imports )
> VERSION.dll: GetFileVersionInfoW, VerQueryValueA, GetFileVersionInfoSizeW
> KERNEL32.dll: GetCurrentProcess, LoadLibraryW, LocalFree, SetLastError, GetFullPathNameW, QueryDosDeviceW, GetVersionExA, GetVersionExW, LoadLibraryA, CreateFileA, CreateFileW, GetModuleFileNameA, CreateFileMappingA, CreateFileMappingW, CreateMutexA, CreateMutexW, GetSystemDirectoryA, GetSystemDirectoryW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetDriveTypeW, FindFirstFileA, FindFirstFileW, GetEnvironmentVariableW, GetModuleHandleW, WriteConsoleA, CreateProcessA, CreateProcessW, GetFileAttributesW, SetFileAttributesA, SetFileAttributesW, DeleteFileA, DeleteFileW, LocalAlloc, FormatMessageA, FormatMessageW, GetCPInfo, WideCharToMultiByte, FindClose, GetFileSize, ReadFile, WriteFile, SetFileTime, MapViewOfFile, UnmapViewOfFile, DeviceIoControl, Sleep, AreFileApisANSI, GetOEMCP, GetACP, SleepEx, WaitForMultipleObjectsEx, ReleaseMutex, GetExitCodeProcess, WaitForSingleObject, SetEndOfFile, SetStdHandle, SetFilePointer, GetConsoleOutputCP, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, LCMapStringA, GetSystemTime, SystemTimeToFileTime, FreeLibrary, CloseHandle, LCMapStringW, MultiByteToWideChar, GetModuleHandleA, GetProcAddress, InterlockedDecrement, InterlockedIncrement, GetTickCount, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetEnvironmentVariableA, GetStdHandle, WriteConsoleW, VirtualFree, VirtualAlloc, GetLastError, GetCommandLineW, GetFileAttributesA, HeapSize, FlushFileBuffers, GetConsoleMode, HeapAlloc, HeapFree, RtlUnwind, HeapReAlloc, RaiseException, GetCommandLineA, GetProcessHeap, GetStartupInfoA, HeapDestroy, HeapCreate, ExitProcess, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetConsoleCP
> USER32.dll: MessageBoxA, MessageBoxW
> ADVAPI32.dll: RegCloseKey, QueryServiceStatus, ControlService, DeleteService, CloseServiceHandle, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegQueryValueExW, RegQueryValueExA, RegDeleteValueW, RegSetValueExW, RegSetValueExA, RegEnumKeyExW, RegDeleteKeyW, RegOpenKeyExW, RegOpenKeyExA, RegCreateKeyExW, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, StartServiceW, ChangeServiceConfigW, QueryServiceConfigW, CreateServiceW, OpenServiceW, OpenSCManagerW, SetServiceStatus

( 0 exports )

RDS...: NSRL Reference Data Set

Bei der nächsten Datei stand:
McAfee-GW-Edition 6.7.6 2009.04.07 Trojan.LooksLike.Dropper

File size: 265216 bytes
MD5...: 66a357e3a77f1ae1b4028b92c31e4304
SHA1..: d114dc3c3c0448ecdef2689a227c1458b15952ba
SHA256: 2aa30f2315485df11e3c74f234f42170288722af298a69224f9418f99e15c451
SHA512: cb4747a40c69335e8a249b78c31cb7f3bf4a22ca07e0bd5bbe6cf5bc0b6546d3
26ecfac23119ca3032631cce35771fd3d35081f2220b6ace67d6307e03aa457c
ssdeep: 6144:H+IirYwCqIubl920xdjE/5itJqMgpzlc6aZ6jRra+XC58NPy:KMZuR9rxKI
tJqMgpzlQZKny5MP

PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x36a4c
timedatestamp.....: 0x434bf57b (Tue Oct 11 17:25:15 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x35bd2 0x35c00 7.44 64b6e8132b827c06ae72636ae3b9e98f
.rdata 0x37000 0x734e 0x7400 5.74 9eadf357010dcaebd05095fafbe4a7f9
.data 0x3f000 0x2ea0 0x3000 5.53 ecfea68297371046095fe5ac3817433f
.rsrc 0x42000 0x658 0x800 2.74 9babe1970ef37665437a2c8ab50c6925

( 6 imports )
> SHLWAPI.dll: PathIsUNCA
> USER32.dll: GetMenuState, ShowCursor, CheckMenuRadioItem, GetAsyncKeyState, ExcludeUpdateRgn, DestroyCaret, CreateDialogParamW, ReuseDDElParam, IsDlgButtonChecked, InsertMenuItemW, GetIconInfo, EnableMenuItem, GetMessagePos, RemovePropA, TrackPopupMenu, InsertMenuW, GetClientRect, CharNextW, SetMenuItemInfoW, GrayStringA, SetKeyboardState, CharNextA, DispatchMessageW, GetKeyboardLayout, PtInRect, DeferWindowPos, GetAncestor, LoadAcceleratorsA, MessageBoxA, UnregisterClassW, IsWindowEnabled, InvalidateRect, DialogBoxParamA, CharPrevW, GetWindowTextLengthA, EnableScrollBar, DdeQueryNextServer, RemoveMenu, SetWindowLongA, TranslateMessage, GetSystemMetrics, CreateMenu, OemToCharBuffA, CallWindowProcA, ActivateKeyboardLayout, ValidateRgn, WindowFromDC, ScrollDC, EnumDisplayMonitors, CallWindowProcW, RegisterClassExW, InsertMenuA, InflateRect, TrackMouseEvent, IsMenu, SendMessageTimeoutW, BroadcastSystemMessageA, SetWindowPlacement, ScreenToClient, VkKeyScanA, IsIconic, SetCaretPos, SetWindowRgn, ClientToScreen, GetSysColor
> KERNEL32.dll: FindNextFileW, GetModuleHandleA, GlobalLock, MoveFileExA, CreateEventA, SetFileAttributesW, GetComputerNameA, FileTimeToSystemTime, GetEnvironmentStringsW, SetProcessWorkingSetSize, GlobalGetAtomNameA, OpenFileMappingA, FindFirstFileW, GetStringTypeExW, SetCurrentDirectoryW, OpenFile, CreateToolhelp32Snapshot, GetOEMCP, IsBadWritePtr, IsBadCodePtr, HeapCreate, GetStartupInfoA, GetProcessHeap, SetErrorMode, GetFullPathNameW, _lopen, ReadFile, GetProcAddress, GetShortPathNameA, GetNumberFormatW, InitializeCriticalSectionAndSpinCount, GetTimeFormatW, GlobalFree, UnmapViewOfFile, WritePrivateProfileStringW, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, GetCommandLineA, FreeResource, GetEnvironmentStrings, CopyFileA, GetFileType, GetDiskFreeSpaceA, GetProfileStringA, lstrcpyW, GetModuleFileNameW, lstrcmpW, OpenProcess, VirtualAlloc, GetStringTypeA, GetUserDefaultLCID, GetFileSize, GetProcessTimes, IsDebuggerPresent, OpenFileMappingW, GlobalHandle, DeleteFileA, VerifyVersionInfoW
> ADVAPI32.dll: RevertToSelf, RegDeleteValueA, GetFileSecurityW, BuildExplicitAccessWithNameW, GetUserNameA, AccessCheck, RegSetValueExA, DeregisterEventSource, LookupAccountSidA, CryptVerifySignatureW, ImpersonateSelf, CreateServiceA, OpenSCManagerA, RegQueryInfoKeyA, CheckTokenMembership, CryptCreateHash, QueryServiceConfigA, AddAccessAllowedAce
> VERSION.dll: GetFileVersionInfoSizeW
> MSVCRT.dll: _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _XcptFilter, wcstod, towlower, _stricmp, _wcsnicmp, _mbsrchr, wcsncmp, _purecall, wcsrchr, wcsstr, _wtoi, iswspace, ceil, time, strncpy, towupper, exit, floor, _expand, atoi, tolower, _wsplitpath, _msize, _setmbcp, _itoa, _itow, setlocale, _wcslwr, _vsnprintf, _ltow, _errno, atof, _controlfp, wcslen, wcspbrk, wcsspn, wcschr, _strnicmp, _fpreset, iswdigit, strstr, isspace, _wcsupr, strncmp, wcsncpy, _exit, wcscpy, srand, _ecvt

( 0 exports )

Hallo,

habe exakt das gleiche Problem...
Jemand eine Lösung?

Hi,

bitte das Ganze abkopieren, welcher Scanner was gefunden hat...
Bei der zweiten Datei handelt es sich um die "aokag.exe", dann bitte killbox loslassen und HJ-fixen...

chris (auf dem Wege nach hause )

Es hat nur ein Scanner bei der "aokag.exe" was gefunden:
McAfee-GW-Edition 6.7.6 2009.04.07 Trojan.LooksLike.Dropper
Bin dann nach Anleitung gegangen und scanne gerade noch mal mit MAM.

Hi,

danach bitte (gilt für Beide...):

Navilog
Starte navilog1.exe und installiere die Anwendung, eventuelle Fehlermeldungen Deines
Virescanners sin zu ignorieren (Anwendung erlauben!)
Alle anderen Anwendungen bitte beenden!
Danach sollte navilog automatsich starten, sonst per Doppelklick dem Desktop starten.
Im Sprachmenü bitte English auswählen, ausser Du kannst eine der angegebenen Sprachen ;o)
Wähle 1 im nächsten Menü um "Suche" auszuwählen. Bestätige mit Enter.
Während der Suche nichts am Rechner machen, nur auf Programmaufforderung!
Nach dem Durchlauf sollte sich der Editor mit dem Log (fixnavi.txt) öffnen,
Inhalt kopieren und in Thread einfügen.
Das Log findest Du auch im Hauptverzeichnis (z.B.: "C:\").
http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe

chris

Hi,
habs jetzt endlich hinbekommen.Gab ein paar Probleme mit dem Ausführen der "navilog1.exe".Ich nehme mal an die drei "aokag.dat" Dateien müssen noch weg,oder?
Gruß


Search Navipromo version 3.7.6 began on 07.04.2009 at 21:50:32,62

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Program Files\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft® Windows Vista™ Business ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER :*** ( Not Administrator ! )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:173 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:186 Go (Free:49 Go)
E:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)


Search done in normal mode


*** Search folders in "C:\Windows" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1" ***


*** Search folders in "C:\ProgramData" ***


*** Search folders in "c:\users\***\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Search folders in "C:\Users\***\AppData\Local\virtualstore\Program Files" ***


*** Search folders in "C:\Users\***\AppData\Local\virtualstore\Program Files" ***



*** Search folders in "C:\Users\***\AppData\Local" ***



*** Search folders in "C:\Users\***\AppData\Local" ***




*** Search folders in "C:\Users\***\AppData\Roaming" ***


*** Search folders in "C:\Users\***\appdata\roaming" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : h**p://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\Windows\system32" *

* Scan in "C:\Users\***\AppData\Local\Microsoft" *

* Scan in "C:\Users\***\AppData\Local\virtualstore\windows\system32" *

* Scan in "C:\Users\***\AppData\Local" *

* Scan in "C:\Users\***\AppData\Local" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\Windows\system32" :


* In "C:\Users\***\AppData\Local\Microsoft" :


* In "C:\Users\***\AppData\Local\virtualstore\windows\system32" :


* In "C:\Users\***\AppData\Local" :

aokag.dat found !
aokag_nav.dat found !
aokag_navps.dat found !

* In "C:\Users\***\AppData\Local" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 07.04.2009 at 22:02:56,68 ***

Hi,

ja und das bewerkstelligen wir über:
Navilog:
Starte das Programm und wähle Option 2 aus!
Der Rechner wird nun neu gestartet, bestätige den ggf. den Neustart.
Beim Neustart läuft NaviFix automatisch an (nichts am Rechner machen bis der Scan zu Ende ist!).
Ist NaviFix beendet, öffnet sich wieder ein Editorfenster mit dem Log, das abkopieren und
Posten ggf. Zwischenspeichern.

chris

Navipromo Removal version 3.7.6 started on 08.04.2009 at 8:43:14,14

Fix running from C:\Program Files\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft® Windows Vista™ Business ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : *** ( Not Administrator ! )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:173 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:186 Go (Free:49 Go)
E:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)


Automatic removal
with Catchme and GNS results


Cleanning stage done on Reboot


*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\Windows\System32" *


* Deletion in "C:\Users\***\AppData\Local\Microsoft" *


* Deletion in "C:\Users\***\AppData\Local\virtualstore\windows\system32" *


* Deletion in "C:\Users\***\AppData\Local" *


* Deletion in "C:\Users\***\AppData\Local" *



*** Deleting folders in "C:\Windows" ***


*** Deleting folders in "C:\Program Files" ***


*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1" ***


*** Deleting folders in "C:\ProgramData" ***


*** Deleting folders in c:\users\***\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Deleting folders in "C:\Users\***\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Deleting folders in "C:\Users\***\AppData\Local\virtualstore\Program Files" ***


*** Deleting folders in "C:\Users\***\AppData\Local\virtualstore\Program Files" ***


*** Deleting folders in "C:\Users\***\AppData\Local" ***


*** Deleting folders in "C:\Users\***\AppData\Local" ***


*** Deleting folders in "C:\Users\***\AppData\Roaming" ***


*** Deleting folders in "C:\Users\***\appdata\roaming" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\Windows\Temp done !
Cleaning of C:\Users\***\AppData\Local\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\Windows\system32" *


* In "C:\Users\***\AppData\Local\Microsoft" *


* In "C:\Users\***\AppData\Local\virtualstore\windows\system32" *


* In "C:\Users\***\AppData\Local" *


aokag.dat found !
Copy aokag.dat done !
aokag.dat deleted !

aokag_nav.dat found !
Copy aokag_nav.dat done !
aokag_nav.dat deleted !

aokag_navps.dat found !
Copy aokag_navps.dat done !
aokag_navps.dat deleted !


* In "C:\Users\***\AppData\Local" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
Montorgueil Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !


*** Search others known folders and files ***



*** Cleaning stage complete on 08.04.2009 at 8:47:04,56 ***

Hi,

bitte noch ein neues HJ-Log, was macht der Rechner?

chris

Scheint alles wieder einwandfrei zu funktionieren.Keine Werbung mehr und FF bleibt auch nicht mehr hängen
Bin ich geheilt???


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:34, on 08.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Spiele\Pokerstars\PokerStars.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://h**p://partnerpage.google.com...mb&ibd=0071218
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E0208AA-712A-4D03-800E-E8BC33659C75} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Online\osCheck.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Spiele\Pokerstars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10439 bytes

Hi,

ob Du geheilt bist, kann ich zwar nicht sagen, der Rechner bzw. das Log sieht gut aus.

Das hier ist zwar noch da, soll aber nach virustotal ja ungefährlich sein:
Unbekannt

Code: Alles auswählenAufklappen

ATTFilter

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
         

chris

Hi Chris4You,
danke für die schnellen Antworten und die guten Anleitungen.
Gruß
mortinator