| |
| |||||||
Log-Analyse und Auswertung: Firefox öffnet neue Tabs mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.05.2010, 11:49
| #16 |
 |  Firefox öffnet neue Tabs mit Werbung Das wird noch geblockt: Code:
ATTFilter 12:36:35 Mario IP-BLOCK 83.133.119.139
12:36:35 Mario IP-BLOCK 83.133.119.139
12:36:35 Mario IP-BLOCK 83.133.119.139
12:36:35 Mario IP-BLOCK 83.133.119.139
12:36:43 Mario IP-BLOCK 83.133.119.139
12:36:59 Mario IP-BLOCK 83.133.119.139
12:36:59 Mario IP-BLOCK 83.133.119.139
12:36:59 Mario IP-BLOCK 83.133.119.139
12:36:59 Mario IP-BLOCK 83.133.119.139
12:37:07 Mario IP-BLOCK 83.133.119.139
12:37:15 Mario IP-BLOCK 83.133.119.139
12:37:23 Mario IP-BLOCK 83.133.119.139
12:37:23 Mario IP-BLOCK 83.133.119.139
12:37:23 Mario IP-BLOCK 83.133.119.139
12:37:23 Mario IP-BLOCK 83.133.119.139
12:37:40 Mario IP-BLOCK 83.133.119.139
12:37:40 Mario IP-BLOCK 83.133.119.139
12:37:40 Mario IP-BLOCK 83.133.119.139
12:37:48 Mario IP-BLOCK 83.133.119.139
12:37:48 Mario IP-BLOCK 83.133.119.139
12:38:04 Mario IP-BLOCK 83.133.119.139
12:38:04 Mario IP-BLOCK 83.133.119.139
12:38:04 Mario IP-BLOCK 83.133.119.139
12:38:04 Mario IP-BLOCK 83.133.119.139
12:38:12 Mario IP-BLOCK 83.133.119.139
12:46:14 Mario IP-BLOCK 83.133.119.139
12:46:14 Mario IP-BLOCK 83.133.119.139
12:46:14 Mario IP-BLOCK 83.133.119.139
12:46:22 Mario IP-BLOCK 83.133.119.139
12:46:22 Mario IP-BLOCK 83.133.119.139
12:46:38 Mario IP-BLOCK 83.133.119.139
12:46:38 Mario IP-BLOCK 83.133.119.139
12:46:38 Mario IP-BLOCK 83.133.119.139
12:46:38 Mario IP-BLOCK 83.133.119.139
12:46:46 Mario IP-BLOCK 83.133.119.139
12:47:02 Mario IP-BLOCK 83.133.119.139
12:47:02 Mario IP-BLOCK 83.133.119.139
12:47:02 Mario IP-BLOCK 83.133.119.139
12:47:02 Mario IP-BLOCK 83.133.119.139
12:47:10 Mario IP-BLOCK 83.133.119.139
12:47:18 Mario IP-BLOCK 83.133.119.139
12:47:18 Mario IP-BLOCK 83.133.119.139
12:47:26 Mario IP-BLOCK 83.133.119.139
12:47:26 Mario IP-BLOCK 83.133.119.139
12:47:26 Mario IP-BLOCK 83.133.119.139
12:47:42 Mario IP-BLOCK 83.133.119.139
12:47:42 Mario IP-BLOCK 83.133.119.139
12:47:42 Mario IP-BLOCK 83.133.119.139
12:47:50 Mario IP-BLOCK 83.133.119.139
12:47:50 Mario IP-BLOCK 83.133.119.139
|
|
03.05.2010, 14:18
| #18 |
| | Firefox öffnet neue Tabs mit Werbung Antivir nochmal laufen lassen und anti malware ebenfalls.
__________________Antivir hatte noch was gefunden: Nochmal eine volmgrx.sys in windows/winsxs/... sowie Crypt.ZPack.Gen und dldr.stration.gen Hab die entfernt und seit 2 Stunden ruhe. Ich sag mal vorsichtig Danke für deine Hilfe in der Hoffnung das nix weiter passiert. |
|
03.05.2010, 14:28
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox öffnet neue Tabs mit Werbung Poste bitte die Logfiles komplett!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.05.2010, 14:52
| #20 |
| | Firefox öffnet neue Tabs mit WerbungCode:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-03 15:51:38
Windows 6.1.7600
Running: y5cmvqwg.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uglcypod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C393F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C222D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C391DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C396F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C3A1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 81C8B8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 81CAB3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spax.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE PCIIDEX.SYS!DllUnload 8B874606 5 Bytes JMP 843E41D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9002D000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 9067FCA0 5 Bytes JMP 8562A1D8
.text peauth.sys 98D52C9D 28 Bytes CALL B25C1097
.text peauth.sys 98D52CC1 28 Bytes CALL B25C10BB
PAGE peauth.sys 98D58E20 101 Bytes [89, 23, 70, C3, 8B, 24, CC, ...]
PAGE peauth.sys 98D5902C 102 Bytes [10, 80, AB, 08, 86, 56, C7, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 98E2C000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 98E2C123 629 Bytes [75, E2, 98, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 98E2C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 98E2C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 98E2C4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1552] SHELL32.dll!SHFileOperationW 765D9708 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [8B64CECE] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8B64CF22] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B61F90E] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B61FF9C] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8B61F3E6] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B620178] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B61F1D4] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 843E15B8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 850A41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977} 855B61F8
Device \Driver\volmgr \Device\VolMgrControl 843E31F8
Device \Driver\usbuhci \Device\USBPDO-0 856361F8
Device \Driver\PCI_PNP5360 \Device\00000051 spax.sys
Device \Driver\usbuhci \Device\USBPDO-1 856361F8
Device \Driver\usbehci \Device\USBPDO-2 85628470
Device \Driver\usbuhci \Device\USBPDO-3 856361F8
Device \Driver\usbuhci \Device\USBPDO-4 856361F8
Device \Driver\usbuhci \Device\USBPDO-5 856361F8
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-6 856361F8
Device \Driver\volmgr \Device\HarddiskVolume1 843E31F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 85628470
Device \Driver\volmgr \Device\HarddiskVolume2 843E31F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 85518470
Device \Driver\cdrom \Device\CdRom1 85518470
Device \Driver\atapi \Device\Ide\IdePort0 843E61F8
Device \Driver\atapi \Device\Ide\IdePort1 843E61F8
Device \Driver\atapi \Device\Ide\IdePort2 843E61F8
Device \Driver\atapi \Device\Ide\IdePort3 843E61F8
Device \Driver\atapi \Device\Ide\IdePort4 843E61F8
Device \Driver\atapi \Device\Ide\IdePort5 843E61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 843E61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 843E61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6 843E61F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 855B61F8
Device \Driver\sptd \Device\3167720360 spax.sys
Device \Driver\usbuhci \Device\USBFDO-0 856361F8
Device \Driver\usbuhci \Device\USBFDO-1 856361F8
Device \Driver\usbehci \Device\USBFDO-2 85628470
Device \Driver\NetBT \Device\NetBT_Tcpip_{90CD409F-4B02-4458-AEF5-9A1D58AC1267} 855B61F8
Device \Driver\usbuhci \Device\USBFDO-3 856361F8
Device \Driver\usbuhci \Device\USBFDO-4 856361F8
Device \Driver\usbuhci \Device\USBFDO-5 856361F8
Device \Driver\usbuhci \Device\USBFDO-6 856361F8
Device \Driver\usbehci \Device\USBFDO-7 85628470
Device \Driver\adc0rn5f \Device\Scsi\adc0rn5f1Port6Path0Target0Lun0 857061F8
Device \Driver\adc0rn5f \Device\Scsi\adc0rn5f1 857061F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{32C17511-1BC4-49D3-A99D-7A78BB541D10}\Connection@Name isatap.{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{32C17511-1BC4-49D3-A99D-7A78BB541D10}?\Device\{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{32C17511-1BC4-49D3-A99D-7A78BB541D10}"?"{10A19763-DD68-4591-A1FB-9D453A2DB415}"?"{BC8E02EB-F09F-4B82-93F7-7018E9217252}"?"{C4E288D5-8521-4920-9292-2D30DAE4634C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{32C17511-1BC4-49D3-A99D-7A78BB541D10}?\Device\TCPIP6TUNNEL_{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\TCPIP6TUNNEL_{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\TCPIP6TUNNEL_{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{32C17511-1BC4-49D3-A99D-7A78BB541D10}@InterfaceName isatap.{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{32C17511-1BC4-49D3-A99D-7A78BB541D10}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge 1
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Mo?, ?Mai ?03 ?10, 01:45:44???????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 5205
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2549
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x2F 0xE7 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x0C 0xFC 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x2F 0xE7 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x0C 0xFC 0x93 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 06CD48B22DF6FA5CF2C020EDA912256D8D096951455A2FF4156D54C2F47D7FF9C442383BC6631CB31938A69869A4404810FD88433ED808568BAFCCA1F7AB9CD5B598A65DD0C383C002C35A79CCFDF212305B20B20977368EEDD70D3924DE27E77B8497AFA8A4B1A3E94D9F8318F0EB56655F1412756A3E390C1A9997EF501479DDCE517B0EE3AAF0B2521FDF739EE11B48DD0E04B53B2364583EBDFEB710D8C5C8D2DF4126B5F532E0E3C3686F800BD217BCFBE15F476E93699D0864BBFE6F7C4C0211B2F79F1EE49CA7BEACFA61A6E9B3F40F376C3EAF3DFB2A49F19C5257C11C5FF9B6F07DB479B35583F06C6174BCA495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC793337395FC060B9B8CA946D55454998C526EA5A4C18E45D4A00AF0C44BD131B52BC8A16018798D08C72DB65838F359A118762E1A70048443B2963E93EAA87249680EF1242F2C84B594EADB91F045179EA463970795C46F3033D8F2C9EA41A19543113CA6A5618D1C1911767D33AF7CDAEE5FB0078A8898F57B8E16945AA64C7385E639320D8B2811080671EB49D06A1E081FCBB40B7BFAF922ACC6A751384F5192D9372EFF4476CAF753340B66E5AF025C8D184CC2C195E343586AC57091E5
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:51:04 on 03.05.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "At1.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At10.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At11.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At12.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At13.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At14.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At15.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At16.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At17.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At18.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At19.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At2.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At20.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At21.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At22.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At23.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At24.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At25.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At26.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At27.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At28.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At29.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At3.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At30.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At31.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At32.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At33.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At34.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At35.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At36.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At37.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At38.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At39.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At4.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At40.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At41.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At42.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At43.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At44.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At45.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At46.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At47.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At48.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) "At5.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At6.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At7.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At8.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "At9.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "adc0rn5f" (adc0rn5f) - "Advanced Micro Devices" - C:\Windows\system32\drivers\adc0rn5f.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Mario\AppData\Local\Temp\catchme.sys (File not found) "ijrrq" (ijrrq) - ? - C:\Windows\system32\drivers\ijrrq.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "OHCI-konformer 1394-Hostcontroller" (1394ohci) - ? - C:\Windows\system32\DRIVERS\1394ohci.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "uglcypod" (uglcypod) - ? - C:\Users\Mario\AppData\Local\Temp\uglcypod.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" - "O&O Software GmbH" - C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "UnlockerAssistant" - ? - "C:\Program Files\Unlocker\UnlockerAssistant .exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Oki OPDMN094 Language Monitor" - "Oki Data Corporation" - C:\Windows\system32\Opdmn094.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "N" (N) - ? - C:\Users\Mario\AppData\Local\Temp\N.exe (File not found) "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Program Files\OO Software\Defrag\oodag.exe "OZAMLPV" (OZAMLPV) - ? - C:\Users\Mario\AppData\Local\Temp\OZAMLPV.exe (File not found) "QSIQQP" (QSIQQP) - ? - C:\Users\Mario\AppData\Local\Temp\QSIQQP.exe (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
03.05.2010, 15:00
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Ich meinte eigentlich die letzten von Antivir und malwarebytes...bitte nachreichen. Zitat:
__________________ --> Firefox öffnet neue Tabs mit Werbung |
|
03.05.2010, 16:33
| #22 |
| | Firefox öffnet neue Tabs mit Werbung OSAM konnte glaub alles bis auf 1 fixen. Hatte nur Probleme danach Win7 zu starten, aber mit DVD gings dann. Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:31:24 on 03.05.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe (Disabled) "At1.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At10.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At11.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At12.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At13.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At14.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At15.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At16.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At17.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At18.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At19.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At2.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At20.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At21.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At22.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At23.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At24.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At25.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At26.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At27.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At28.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At29.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At3.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At30.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At31.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At32.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At33.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At34.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At35.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At36.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At37.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At38.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At39.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At4.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At40.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At41.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At42.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At43.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At44.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At45.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At46.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At47.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At48.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At5.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At6.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At7.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At8.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At9.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a9biz203" (a9biz203) - "Advanced Micro Devices" - C:\Windows\system32\drivers\a9biz203.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Mario\AppData\Local\Temp\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "OHCI-konformer 1394-Hostcontroller" (1394ohci) - ? - C:\Windows\system32\DRIVERS\1394ohci.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys (Disabled) "ijrrq" (ijrrq) - ? - C:\Windows\system32\drivers\ijrrq.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" - "O&O Software GmbH" - C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Oki OPDMN094 Language Monitor" - "Oki Data Corporation" - C:\Windows\system32\Opdmn094.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "N" (N) - ? - C:\Users\Mario\AppData\Local\Temp\N.exe (File not found) "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Program Files\OO Software\Defrag\oodag.exe (Disabled) "OZAMLPV" (OZAMLPV) - ? - C:\Users\Mario\AppData\Local\Temp\OZAMLPV.exe (File not found) (Disabled) "QSIQQP" (QSIQQP) - ? - C:\Users\Mario\AppData\Local\Temp\QSIQQP.exe (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4053
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
03.05.2010 14:23:58
mbam-log-2010-05-03 (14-23-58).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 207950
Laufzeit: 23 Minute(n), 37 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 3. Mai 2010 13:33
Es wird nach 2062283 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : Mario
Computername : MARIO-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 19.04.2010 10:47:39
AVSCAN.DLL : 10.0.3.0 56168 Bytes 19.04.2010 10:47:39
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 16:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 09:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 17:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 15:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 14:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 09:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:47:32
VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 10:47:32
VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 10:47:32
VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 10:47:32
VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 10:47:32
VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 10:47:32
VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 10:47:32
VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 10:47:32
VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 10:47:33
VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 10:48:13
VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 10:48:05
VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 10:48:09
VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 10:48:13
VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 17:57:01
VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 23:41:39
VBASE020.VDF : 7.10.7.3 2048 Bytes 30.04.2010 23:41:39
VBASE021.VDF : 7.10.7.4 2048 Bytes 30.04.2010 23:41:39
VBASE022.VDF : 7.10.7.5 2048 Bytes 30.04.2010 23:41:39
VBASE023.VDF : 7.10.7.6 2048 Bytes 30.04.2010 23:41:39
VBASE024.VDF : 7.10.7.7 2048 Bytes 30.04.2010 23:41:40
VBASE025.VDF : 7.10.7.8 2048 Bytes 30.04.2010 23:41:40
VBASE026.VDF : 7.10.7.9 2048 Bytes 30.04.2010 23:41:41
VBASE027.VDF : 7.10.7.10 2048 Bytes 30.04.2010 23:41:41
VBASE028.VDF : 7.10.7.11 2048 Bytes 30.04.2010 23:41:42
VBASE029.VDF : 7.10.7.12 2048 Bytes 30.04.2010 23:41:42
VBASE030.VDF : 7.10.7.13 2048 Bytes 30.04.2010 23:41:42
VBASE031.VDF : 7.10.7.16 43520 Bytes 30.04.2010 23:41:43
Engineversion : 8.2.1.224
AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 10:48:08
AESCRIPT.DLL : 8.1.3.27 1294714 Bytes 24.04.2010 10:48:07
AESCN.DLL : 8.1.5.0 127347 Bytes 25.02.2010 16:38:41
AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 10:48:09
AERDL.DLL : 8.1.4.6 541043 Bytes 17.04.2010 10:47:50
AEPACK.DLL : 8.2.1.1 426358 Bytes 31.03.2010 13:04:30
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17.03.2010 09:09:46
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 17.04.2010 10:47:48
AEHELP.DLL : 8.1.11.3 242039 Bytes 01.04.2010 23:12:54
AEGEN.DLL : 8.1.3.7 373106 Bytes 17.04.2010 10:47:39
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 10:48:04
AECORE.DLL : 8.1.13.1 188790 Bytes 01.04.2010 23:12:48
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 10:48:03
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 09:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 09:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 14:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 19.04.2010 10:47:39
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 19.04.2010 10:47:39
AVARKT.DLL : 10.0.0.14 227176 Bytes 19.04.2010 10:47:39
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 07:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 10:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 13:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 12:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 11:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 19.04.2010 10:47:39
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Beginn des Suchlaufs: Montag, 3. Mai 2010 13:33
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UnlockerAssistant .exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '368' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\' <Media>
Ende des Suchlaufs: Montag, 3. Mai 2010 13:51
Benötigte Zeit: 17:56 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
13590 Verzeichnisse wurden überprüft
216067 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
216067 Dateien ohne Befall
988 Archive wurden durchsucht
0 Warnungen
0 Hinweise
|
|
03.05.2010, 16:37
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Ok. Du solltest aber Malwarebytes immer aktualisieren, bevor Du einen Scan startest. Wir müssten jetzt bei Datenbank Version 4061 oder so sein.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2010, 17:07
| #24 |
| | Firefox öffnet neue Tabs mit WerbungCode:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:55:11, on 03.05.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}: NameServer = 217.0.43.33 217.0.43.17 O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: N - Unknown owner - C:\Users\Mario\AppData\Local\Temp\N.exe (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe -- End of file - 3074 bytes Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:00:17 on 03.05.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe (Disabled) "At1.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At10.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At11.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At12.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At13.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At14.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At15.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At16.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At17.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At18.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At19.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At2.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At20.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At21.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At22.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At23.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At24.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At25.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At26.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At27.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At28.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At29.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At3.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At30.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At31.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At32.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At33.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At34.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At35.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At36.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At37.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At38.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At39.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At4.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At40.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At41.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At42.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At43.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At44.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At45.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At46.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At47.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At48.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found) (Disabled) "At5.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At6.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At7.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At8.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) (Disabled) "At9.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a9biz203" (a9biz203) - "Advanced Micro Devices" - C:\Windows\system32\drivers\a9biz203.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Mario\AppData\Local\Temp\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "OHCI-konformer 1394-Hostcontroller" (1394ohci) - ? - C:\Windows\system32\DRIVERS\1394ohci.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys (Disabled) "ijrrq" (ijrrq) - ? - C:\Windows\system32\drivers\ijrrq.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" - "O&O Software GmbH" - C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Oki OPDMN094 Language Monitor" - "Oki Data Corporation" - C:\Windows\system32\Opdmn094.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "N" (N) - ? - C:\Users\Mario\AppData\Local\Temp\N.exe (File not found) "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Program Files\OO Software\Defrag\oodag.exe (Disabled) "OZAMLPV" (OZAMLPV) - ? - C:\Users\Mario\AppData\Local\Temp\OZAMLPV.exe (File not found) (Disabled) "QSIQQP" (QSIQQP) - ? - C:\Users\Mario\AppData\Local\Temp\QSIQQP.exe (File not found) ===[ Logfile end ]=========================================[ Logfile end Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4061
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
03.05.2010 18:06:21
mbam-log-2010-05-03 (18-06-21).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 208604
Laufzeit: 26 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20100429-181838-646.dll (Adware.BHO) -> Quarantined and deleted successfully.
Mich irritiert noch die N.exe. Sollte ich nun eigentlich alle von dir genannten Daten in OSAM auch noch löschen oder nur deaktivieren? |
|
03.05.2010, 18:02
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Den Eintrag zur N.exe muss mir durch die Lappen gegangen sein, aber der ist eh unwirksam, da die Datei nicht mehr da ist. Den kannst Du auch mit OSAM löschen. Alle schon deaktivierten Einträge bitte noch dauerhaft löschen (delete from storage)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Firefox öffnet neue Tabs mit Werbung |
| 0 bytes, adobe, antivir, antivir guard, avg, avira, bho, controlset002, desktop, firefox, firefox.exe, google, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, locker, logfile, malwarebytes, malwarebytes' anti-malware, mozilla, mozilla thunderbird, neue tabs, neue tabs mit werbung, notification, ntdll.dll, object, plug-in, registry, scan, shell32.dll, software, svchost.exe, system, tabs mit werbung, temp, tunnel, usbport.sys, werbung, öffnet |
Linear-Darstellung
