Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MS Removal Tool

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.04.2011, 13:48   #16
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Schade, GMER stürzt ab.


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 14:46:13 on 12.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\*\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pwloaaod" (pwloaaod) - ? - C:\Users\*\AppData\Local\Temp\pwloaaod.sys  (Hidden registry entry, rootkit activity | File not found)
"pxjabejg" (pxjabejg) - ? - C:\Windows\System32\drivers\ljwqoo.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D} "Sorcerer Shell Extension" - "Software 2000 Limited" - C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006SX.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - http://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\avsniff.dll / http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\rufsi.dll / http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - http://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
"Translate this web page with Babylon" - ? - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - "Babylon Ltd." - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} "Babylon IE plugin" - "Babylon Ltd." - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
{2EECD738-5844-4a99-B4B6-146BF802613B} "CescrtHlpr Object" - "Babylon BHO" - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OfficeManager Terminerinnerung.lnk" - ? - C:\Program Files\TVG\DasTelefonbuch Gelbe Seiten Map & Route\win32\officemanager\OMAlarm.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - C:\Users\*\AppData\Local\Apps\2.0\HD0Z4920.JG8\7Y9M4GYD.9C7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"STAMPIT-Tray" - ? - C:\Program Files\STAMPIT\Binary\Stray.exe
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\FRITZWLANMini.exe
"Babylon Client" - "Babylon Ltd." - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"BabylonToolbar" - "Babylon Ltd." - "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"Corel Graphics Suite 1117" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=012310 serial=DR11CTD-9999999-KHM
"CorelDRAW Graphics Suite 11b" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=020311 serial=DR11WBL-2155586-LXG
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"starter4g" - "4G Systems GmbH & Co. KG" - C:\Windows\starter4g.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP CLJ2600n LM" - "Zenographics, Inc." - C:\Windows\system32\ZLHP2600.DLL
"HP LaserJet P1006 Language Monitor" - "Software 2000 Limited" - C:\Windows\system32\HP1006LM.DLL
"HP Master Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPBMMON.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_a35e6b9.dll  (File found, but it contains no detailed information)
"CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"TVG OnlineUpdate-Service" (TVGOnlineUpdateSvc) - ? - C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe  (File found, but it contains no detailed information)
"WTGService" (WTGService) - ? - C:\Program Files\XSManager\WTGService.exe  (File found, but it contains no detailed information)
"XS Stick Service" (XS Stick Service) - "4G Systems GmbH & Co. KG" - C:\Windows\service4g.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - none  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---


MBRCheck:

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	MEDIONPC
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		MEDIONPC
System Product Name:		MS-7501
Logical Drives Mask:		0x000000fc

Kernel Drivers (total 116):
  0x82C13000 \SystemRoot\system32\ntkrnlpa.exe
  0x82FCD000 \SystemRoot\system32\hal.dll
  0x80408000 \SystemRoot\system32\kdcom.dll
  0x8040F000 \SystemRoot\system32\PSHED.dll
  0x80420000 \SystemRoot\system32\BOOTVID.dll
  0x80428000 \SystemRoot\system32\CLFS.SYS
  0x80469000 \SystemRoot\system32\CI.dll
  0x80549000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805C5000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8060A000 \SystemRoot\system32\drivers\acpi.sys
  0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
  0x80661000 \SystemRoot\system32\drivers\pci.sys
  0x80688000 \SystemRoot\System32\drivers\partmgr.sys
  0x80697000 \SystemRoot\system32\drivers\volmgr.sys
  0x806A6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x806F0000 \SystemRoot\system32\DRIVERS\amdide.sys
  0x806F7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x80705000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80715000 \SystemRoot\system32\drivers\atapi.sys
  0x8071D000 \SystemRoot\system32\drivers\ataport.SYS
  0x8073B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8076D000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8077D000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x80787000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x83200000 \SystemRoot\system32\drivers\ndis.sys
  0x8330B000 \SystemRoot\system32\drivers\msrpc.sys
  0x83336000 \SystemRoot\system32\drivers\NETIO.SYS
  0x83804000 \SystemRoot\System32\drivers\tcpip.sys
  0x838EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x83A05000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x83B15000 \SystemRoot\system32\drivers\volsnap.sys
  0x83B56000 \SystemRoot\System32\Drivers\mup.sys
  0x83B65000 \SystemRoot\System32\drivers\ecache.sys
  0x83B8C000 \SystemRoot\system32\drivers\disk.sys
  0x83B9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x83BBE000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x83BC6000 \SystemRoot\system32\drivers\crcdisk.sys
  0x83909000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
  0x8394C000 \SystemRoot\system32\DRIVERS\storport.sys
  0x83BE6000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x83BF1000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x83371000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x839D0000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x805D2000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x839F1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x9180F000 \??\C:\Windows\system32\drivers\acehlp10.sys
  0x9184B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x91863000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x9186D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x918AB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x918BA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x918CD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x918D8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91907000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x91912000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91929000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91934000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x91957000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91966000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x9197A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x9198F000 \SystemRoot\system32\DRIVERS\tap0901.sys
  0x91996000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x919A6000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x919B1000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x919B3000 \SystemRoot\system32\DRIVERS\ks.sys
  0x919DD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x919E7000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x91C03000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x91C38000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x91C49000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x91C52000 \SystemRoot\System32\Drivers\Null.SYS
  0x91C59000 \SystemRoot\System32\Drivers\Beep.SYS
  0x91C60000 \SystemRoot\System32\drivers\vga.sys
  0x91C6C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x91C8D000 \SystemRoot\System32\drivers\watchdog.sys
  0x91C99000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x91CA1000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x91CAC000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x91CBA000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x91CC3000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x91CD9000 \SystemRoot\system32\DRIVERS\smb.sys
  0x91CED000 \SystemRoot\system32\drivers\afd.sys
  0x91D35000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x91D4A000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x91D4C000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x91D7E000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x91D94000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x91DA2000 \SystemRoot\system32\DRIVERS\fwlanusb.sys
  0x92206000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92242000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9224C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x92263000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9226C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9227C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x92283000 \SystemRoot\system32\DRIVERS\netr28u.sys
  0x92313000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9231B000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x92343000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x92359000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x92366000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x92370000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
  0x9BA80000 \SystemRoot\System32\win32k.sys
  0x923B3000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9BC90000 \SystemRoot\System32\drivers\dxg.sys
  0x9BCC0000 \SystemRoot\System32\TSDDD.dll
  0x9BD40000 \SystemRoot\System32\framebuf.dll
  0x923BD000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x923E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x91DE3000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x83BCF000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8398D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9D809000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9D842000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9D85A000 \??\C:\Users\*\AppData\Local\Temp\pwloaaod.sys
  0x77580000 \Windows\System32\ntdll.dll

Processes (total 26):
       0 System Idle Process
       4 System
     356 C:\Windows\System32\smss.exe
     428 csrss.exe
     464 csrss.exe
     472 C:\Windows\System32\wininit.exe
     516 C:\Windows\System32\winlogon.exe
     548 C:\Windows\System32\services.exe
     568 C:\Windows\System32\lsass.exe
     576 C:\Windows\System32\lsm.exe
     732 C:\Windows\System32\svchost.exe
     792 C:\Windows\System32\svchost.exe
     828 C:\Windows\System32\svchost.exe
     908 C:\Windows\System32\svchost.exe
     936 C:\Windows\System32\svchost.exe
     968 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\svchost.exe
    1704 C:\Windows\explorer.exe
    1808 C:\Program Files\Mozilla Firefox\firefox.exe
     432 C:\Windows\explorer.exe
    1412 C:\Users\*\Voreingestellte Ordner\Downloads\osam_autorun_manager_5_0_portable\osam.exe
    2044 C:\Windows\System32\notepad.exe
    1736 C:\Users\*\Voreingestellte Ordner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000090`0ac89c00  (FAT32)

PhysicalDrive0 Model Number: WDC WD6400AACS-00G8B1, Rev: 05.0

      Size  Device Name          MBR Status
  --------------------------------------------
    596 GB  \\.\PhysicalDrive0   RE: Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         

Alt 12.04.2011, 13:49   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Zitat:
"pwloaaod" (pwloaaod) - ? - C:\Users\*\AppData\Local\Temp\pwloaaod.sys (Hidden registry entry, rootkit activity | File not found)
"pxjabejg" (pxjabejg) - ? - C:\Windows\System32\drivers\ljwqoo.sys (File not found)
Sieht aus als wenn das zu GMER gehört, deaktivier und lösch das aber lieber mal mit OSAM.
__________________

__________________

Alt 12.04.2011, 14:29   #18
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



So, deaktiviert und gelöscht.


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 15:28:07 on 12.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\*\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
(Disabled) "pxjabejg" (pxjabejg) - ? - C:\Windows\System32\drivers\ljwqoo.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D} "Sorcerer Shell Extension" - "Software 2000 Limited" - C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006SX.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - http://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\avsniff.dll / http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\rufsi.dll / http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - http://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
"Translate this web page with Babylon" - ? - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - "Babylon Ltd." - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} "Babylon IE plugin" - "Babylon Ltd." - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
{2EECD738-5844-4a99-B4B6-146BF802613B} "CescrtHlpr Object" - "Babylon BHO" - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OfficeManager Terminerinnerung.lnk" - ? - C:\Program Files\TVG\DasTelefonbuch Gelbe Seiten Map & Route\win32\officemanager\OMAlarm.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - C:\Users\*\AppData\Local\Apps\2.0\HD0Z4920.JG8\7Y9M4GYD.9C7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"STAMPIT-Tray" - ? - C:\Program Files\STAMPIT\Binary\Stray.exe
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\FRITZWLANMini.exe
"Babylon Client" - "Babylon Ltd." - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"BabylonToolbar" - "Babylon Ltd." - "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"Corel Graphics Suite 1117" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=012310 serial=DR11CTD-9999999-KHM
"CorelDRAW Graphics Suite 11b" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=020311 serial=DR11WBL-2155586-LXG
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"starter4g" - "4G Systems GmbH & Co. KG" - C:\Windows\starter4g.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP CLJ2600n LM" - "Zenographics, Inc." - C:\Windows\system32\ZLHP2600.DLL
"HP LaserJet P1006 Language Monitor" - "Software 2000 Limited" - C:\Windows\system32\HP1006LM.DLL
"HP Master Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPBMMON.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_a35e6b9.dll  (File found, but it contains no detailed information)
"CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"TVG OnlineUpdate-Service" (TVGOnlineUpdateSvc) - ? - C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe  (File found, but it contains no detailed information)
"WTGService" (WTGService) - ? - C:\Program Files\XSManager\WTGService.exe  (File found, but it contains no detailed information)
"XS Stick Service" (XS Stick Service) - "4G Systems GmbH & Co. KG" - C:\Windows\service4g.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - none  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
__________________

Alt 12.04.2011, 14:40   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.04.2011, 09:19   #20
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6348

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.04.2011 09:57:44
mbam-log-2011-04-13 (09-57-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 364840
Laufzeit: 1 Stunde(n), 18 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 13.04.2011, 12:18   #21
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Code:
ATTFilter
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/12/2011 at 04:36 PM

Application Version : 4.50.1002

Core Rules Database Version : 6815
Trace Rules Database Version: 4627

Scan type       : Complete Scan
Total Scan Time : 00:46:45

Memory items scanned      : 375
Memory threats detected   : 0
Registry items scanned    : 10873
Registry threats detected : 1
File items scanned        : 23474
File threats detected     : 1

Trojan.Agent/Gen
	[BabylonToolbar] C:\PROGRAM FILES\BABYLONTOOLBAR\BABYLONTOOLBAR\1.4.19.19\BABYLONTOOLBARSRV.EXE
	C:\PROGRAM FILES\BABYLONTOOLBAR\BABYLONTOOLBAR\1.4.19.19\BABYLONTOOLBARSRV.EXE
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2011 at 12:48 PM

Application Version : 4.50.1002

Core Rules Database Version : 6824
Trace Rules Database Version: 4636

Scan type       : Complete Scan
Total Scan Time : 02:25:19

Memory items scanned      : 865
Memory threats detected   : 0
Registry items scanned    : 10894
Registry threats detected : 0
File items scanned        : 193322
File threats detected     : 1

Adware.Tracking Cookie
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@doubleclick[2].txt
         

Alt 13.04.2011, 12:49   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Babylon kann nervig sein, ist aber AFAIK kein Schädling.
Ansonsten nur ein Cookie.
Rechner wieder ok?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.04.2011, 13:25   #23
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Ja!

Vielen vielen Dank für deine Hilfe!

Alt 13.04.2011, 13:37   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu MS Removal Tool
adobe, anti-malware, appdata, auftrag, avgntflt.sys, babylon toolbar, babylontoolbar, becker, cache, ccsetup, code, conduit, cyberghost, dateien, deutsche post, excel.exe, explorer, files, firefox, google chrome, hallo zusammen, install.exe, intranet, java, location, microsoft, microsoft office word, minute, mozilla, mozilla thunderbird, office 2007, oldtimer, otl.exe, pdfforge, pdfforge toolbar, picasa, plug-in, removal, roaming, rootkit.tdss.gen, runonce, saver, sched.exe, search the web, searchplugins, security update, service, service pack 2, shell32.dll, shortcut, skype.exe, software, start menu, studio, temp, tool, version, visual studio, zusammen




Ähnliche Themen: MS Removal Tool


  1. MS removal Tool vollständig entfernen
    Log-Analyse und Auswertung - 21.07.2011 (72)
  2. erst ms removal tool und nun sheur3
    Log-Analyse und Auswertung - 23.06.2011 (22)
  3. Ms Removal tool
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (1)
  4. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  5. MS Removal Tool - dwn.exe + csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (11)
  6. Befall mit MS Removal Tool
    Log-Analyse und Auswertung - 26.04.2011 (18)
  7. Endgültige Beseitigung von MS Removal Tool
    Log-Analyse und Auswertung - 20.04.2011 (1)
  8. MS Removal Tool auf Vista
    Log-Analyse und Auswertung - 17.04.2011 (19)
  9. Trojaner, Viren und MS Removal Tool etc.
    Antiviren-, Firewall- und andere Schutzprogramme - 16.04.2011 (8)
  10. MS Removal Tool wehrt sich -.-
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (5)
  11. MS Removal Tool entfernen
    Anleitungen, FAQs & Links - 27.03.2011 (2)
  12. BitDefender-Stuxnet-Removal-Tool.exe
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (15)
  13. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  14. boot - removal tool
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (4)

Zum Thema MS Removal Tool - Schade, GMER stürzt ab. OSAM Logfile: Code: Alles auswählen Aufklappen ATTFilter Report of OSAM : Autorun Manager v5.0.11926.0 http://www.online-solutions.ru/en/ Saved at 14:46:13 on 12.04.2011 OS: Windows Vista Home Premium Edition - MS Removal Tool...
Archiv
Du betrachtest: MS Removal Tool auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.