fertig

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
File 504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/proeWildfire%203.0/i486_nt/obj/pvx_install.exe not found.
Starting removal of ActiveX control {1ED48504-8834-11D5-AC75-0008C73FD642}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ED48504-8834-11D5-AC75-0008C73FD642}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ED48504-8834-11D5-AC75-0008C73FD642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32a5e8a0-ad06-11de-910d-00238b0b7982}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b5944-630d-11de-ab8f-00238b0b7982}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
File H:\APOTEKA\\\\\\BRENINA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
File H:\APOTEKA\\\\\\BRENINA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{680b5944-630d-11de-ab8f-00238b0b7982}\ not found.
File H:\APOTEKA\\\\\\BRENINA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4f3379-3ef0-11df-b683-00238b0b7982}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af4f3379-3ef0-11df-b683-00238b0b7982}\ not found.
File I:\BOMBOM\dokazehehe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4f3379-3ef0-11df-b683-00238b0b7982}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af4f3379-3ef0-11df-b683-00238b0b7982}\ not found.
File I:\BOMBOM\dokazehehe.exe not found.
C:\Users\mts\AppData\Roaming\lowsec folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\System32\drivers\yviityx.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: mts
->Temp folder emptied: 1653813825 bytes
->Temporary Internet Files folder emptied: 854897224 bytes
->Java cache emptied: 78170954 bytes
->FireFox cache emptied: 35915082 bytes
->Google Chrome cache emptied: 55951095 bytes
->Flash cache emptied: 2465 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123139937 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.672,00 mb
 
 
OTL by OldTimer - Version 3.2.3.0 log created on 04302010_201248

Files\Folders moved on Reboot...
C:\Users\mts\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
         

Ok, jetzt bitte einen Scan mit SUPERAntiSpyware machen.

ok, hier der superanzispyware log. scheint einiges gefunden zu haben...

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/30/2010 at 10:24 PM

Application Version : 4.35.1000

Core Rules Database Version : 4872
Trace Rules Database Version: 2684

Scan type       : Complete Scan
Total Scan Time : 01:29:23

Memory items scanned      : 620
Memory threats detected   : 0
Registry items scanned    : 8722
Registry threats detected : 0
File items scanned        : 64271
File threats detected     : 72

Adware.Tracking Cookie
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atwola[3].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@apmebf[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tradedoubler[3].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@mediaplex[3].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@doubleclick[3].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ptc.112.2o7[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@advertising[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@serving-sys[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@ad.yieldmanager[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@ww251.smartadserver[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@2o7[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@ad.71i[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@adserver.71i[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@adtech[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@aolde.122.2o7[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@de.at.atwola[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@at.atwola[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@atdmt[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@bs.serving-sys[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@content.yieldmanager[3].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@doubleclick[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@im.banner.t-online[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@kontera[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@pro-market[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@questionmarket[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@teltarifdeonlineverlaggmbh.112.2o7[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@sevenoneintermedia.112.2o7[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@smartadserver[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@stats.bmw[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@statse.webtrendslive[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@tacoda[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@tradedoubler[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@traffictrack[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\Low\mts@xiti[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@advertising[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@www.zanox-affiliate[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@www.etracker[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ad.yieldmanager[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ad.zanox[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@traffictrack[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@2o7[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@track.adform[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@adfarm1.adition[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ad.71i[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@adserver.71i[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@apmebf[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ar.atwola[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atdmt[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atwola[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@atwola[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@bs.serving-sys[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@content.yieldmanager[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@content.yieldmanager[3].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@doubleclick[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@doubleclick[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@mediaplex[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@overture[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@ptc.112.2o7[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@serving-sys[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@sevenoneintermedia.112.2o7[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tacoda[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tracking.mindshare[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tracking.quisma[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tradedoubler[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tradedoubler[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@tto2.traffictrack[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@unitymedia[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@webmasterplan[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@zanox-affiliate[1].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@zanox[2].txt
	C:\Users\mts\AppData\Roaming\Microsoft\Windows\Cookies\mts@zbox.zanox[2].txt

Application.Agent/Gen-TempZ
         

Die Funde von SUPERAntiSpyware sind nur Cookies, also ungefährlich.
Damit sollten wir durch sein


Abschließende Maßnahmen:

1. OTL Cleanup:

• Um die verwendeten Tools zu entfernen, kannst du die CleanUp-Funktion von OTL nutzen
• Öffne OTL und klicke auf den CleanUp Button

2. Updates prüfen:

• Hinweis: dies ist nur ein Stardarttext. Nicht alle Punkte treffen bei Dir zu.
• Microsoft Updates
  • Besuche mit dem InternetExplorer die Microsoft Windows Update Seite und lade alle wichtigen Updates herunter
• Acrobat Reader
  • Entferne die alte Version von Acrobat Reader über Systemsteuerung ---> Software
  • Lade Dir die aktuelle Version (9.1) herunter oder...
  • ... installiere den kostenlosen Foxit Reader
• Java
  • Beende alle Programme
  • Deinstalliere über Systemsteuerung ---> Software alle potentiell veralteten Java-Versionen
  • Lade Dir hier die aktuelle Java-Version herunter und installiere sie

3. Infizierte Systemwiederherstellungspunkte löschen:

Lösche alle Systemwiederherstellungspunkte, sie könnten infiziert sein:

• Deaktiviere die Systemsteuerung:
  • Start -> Systemsteuerung -> System, Register Systemwiederherstellung
  • Setze einen Haken vor: 'Systemwiederherstellung auf allen Laufwerken deaktivieren'
  • Klicke auf OK
• Reboote Deinen PC.
• Aktiviere die Systemwiederherstellung nach obigem Schema (optional)