Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   mehrere Trojaner gefunden durch Malwarebytes Antimalware (https://www.trojaner-board.de/110276-mehrere-trojaner-gefunden-malwarebytes-antimalware.html)

AC9 24.02.2012 19:48

Code:

ComboFix 12-02-24.02 - Christian 24.02.2012  19:27:59.1.1 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1013.367 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-24 bis 2012-02-24  ))))))))))))))))))))))))))))))
.
.
2012-02-24 18:38 . 2012-02-24 18:38        --------        d-----w-        c:\users\Christian\AppData\Local\temp
2012-02-24 13:14 . 2012-02-24 13:14        --------        d-----w-        C:\_OTL
2012-02-23 16:16 . 2012-02-23 16:16        --------        d-----w-        c:\users\Anita Schmitt\AppData\Roaming\Avira
2012-02-21 15:37 . 2012-02-21 15:37        --------        d-----w-        c:\program files\ESET
2012-02-20 22:17 . 2012-02-20 22:17        --------        d-----w-        c:\users\Christian\AppData\Roaming\Avira
2012-02-20 22:12 . 2012-01-31 07:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-02-20 22:12 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-20 22:12 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-02-20 22:12 . 2012-02-20 22:12        --------        d-----w-        c:\programdata\Avira
2012-02-20 22:12 . 2012-02-20 22:12        --------        d-----w-        c:\program files\Avira
2012-02-20 21:02 . 2012-02-20 21:02        19416        ----a-w-        c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-20 21:02 . 2012-02-20 21:02        2106216        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-20 21:02 . 2012-02-20 21:02        134104        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-16 13:12 . 2011-12-14 02:56        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-14 20:20 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-14 20:20 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys
2012-02-14 20:19 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-01-26 12:23 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-01-26 12:23 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll
2012-01-26 12:23 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-01-26 12:23 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-01-26 12:23 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-01-26 12:23 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 22:10 . 2011-05-16 18:41        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 16:42 . 2011-12-30 21:12        30256        ----a-w-        c:\windows\system32\drivers\GRD.sys
2011-12-30 21:09 . 2011-12-30 20:09        49016        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2011-12-10 14:24 . 2011-12-31 16:58        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-20 21:02 . 2012-02-20 21:02        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mousometer.lnk - c:\program files\Mousometer\mousometer.exe [2008-11-17 344064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Anita Schmitt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\users\Anita Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59        937920        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 00:15        221184        ----a-w-        c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-02-13 12:02        564496        ----a-w-        c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 12:06        2196240        ----a-w-        c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40        155648        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2009-11-24 09:07        323640        ----a-w-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 09:07        323640        ----a-w-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-12-03 00:32        167936        ----a-w-        c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-08 18:32        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 15:21]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:01]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page =
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\97s6gqsg.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-Toblo - c:\program files\Toblo\Uninstall Toblo.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-24 19:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-24  19:42:34
ComboFix-quarantined-files.txt  2012-02-24 18:42
.
Vor Suchlauf: 13 Verzeichnis(se), 54.038.269.952 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 53.979.451.392 Bytes frei
.
- - End Of File - - 789B5FE955B26902CFEC261C9F9BF04E


cosinus 24.02.2012 19:52

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


AC9 24.02.2012 21:07

GMER:
Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-24 21:05:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHV2120BH_PL rev.892C
Running: w4sc6mrr.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\afkcapog.sys


---- System - GMER 1.0.15 ----

SSDT            871E3C36                                                                                        ZwCreateSection
SSDT            871E3C40                                                                                        ZwRequestWaitReplyPort
SSDT            871E3C3B                                                                                        ZwSetContextThread
SSDT            871E3C45                                                                                        ZwSetSecurityObject
SSDT            871E3C4A                                                                                        ZwSystemDebugControl
SSDT            871E3BD7                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                                                                    824C6998 4 Bytes  [36, 3C, 1E, 87]
.text          ntkrnlpa.exe!KeSetEvent + 539                                                                    824C6CBC 4 Bytes  [40, 3C, 1E, 87]
.text          ntkrnlpa.exe!KeSetEvent + 56D                                                                    824C6CF0 4 Bytes  [3B, 3C, 1E, 87]
.text          ntkrnlpa.exe!KeSetEvent + 5D1                                                                    824C6D54 4 Bytes  [45, 3C, 1E, 87]
.text          ntkrnlpa.exe!KeSetEvent + 619                                                                    824C6D9C 4 Bytes  [4A, 3C, 1E, 87]
.text          ...                                                                                             

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641c78965                     
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641c78965 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----


AC9 24.02.2012 21:33

OSAM:
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:31:39 on 24.02.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"camfilt2" (camfilt2) - "Guillemot Corporation" - C:\Windows\System32\DRIVERS\camfilt2.sys
"catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys  (File not found)
"Hercules Classic Silver" (SNPSTD3) - "Sonix Co. Ltd." - C:\Windows\System32\DRIVERS\snpstd3.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{1F77B17B-F531-44DB-ACA4-76ABB5010A28} "AIMP2: ShellExt" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Mousometer.lnk" - ? - C:\Program Files\Mousometer\mousometer.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzll5ha" - "Hewlett-Packard Company" - C:\Windows\system32\hpzll5ha.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


AC9 24.02.2012 21:55

aswMBR:
Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-24 21:35:32
-----------------------------
21:35:32.790    OS Version: Windows 6.0.6002 Service Pack 2
21:35:32.790    Number of processors: 1 586 0xE08
21:35:32.790    ComputerName: ANITASCHMITT-PC  UserName: Christian
21:36:32.600    Initialize success
21:38:06.418    AVAST engine defs: 12022401
21:38:46.026    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:38:46.026    Disk 0 Vendor: FUJITSU_MHV2120BH_PL 892C Size: 114473MB BusType: 3
21:38:46.057    Disk 0 MBR read successfully
21:38:46.057    Disk 0 MBR scan
21:38:46.073    Disk 0 unknown MBR code
21:38:46.073    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      109176 MB offset 63
21:38:46.120    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        5294 MB offset 223592670
21:38:46.120    Disk 0 scanning sectors +234436545
21:38:46.198    Disk 0 scanning C:\Windows\system32\drivers
21:38:58.943    Service scanning
21:39:33.902    Modules scanning
21:39:42.248    Disk 0 trace - called modules:
21:39:42.264    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:39:42.794    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e6aac8]
21:39:42.794    3 CLASSPNP.SYS[833a48b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84368030]
21:39:44.042    AVAST engine scan C:\Windows
21:39:48.676    AVAST engine scan C:\Windows\system32
21:44:00.179    AVAST engine scan C:\Windows\system32\drivers
21:44:20.771    AVAST engine scan C:\Users\Christian
21:47:35.459    AVAST engine scan C:\ProgramData
21:48:47.141    Scan finished successfully
21:51:14.795    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\Logs\MBR.dat"
21:51:14.810    The log file has been saved successfully to "C:\Users\Christian\Desktop\Logs\aswMBR.txt"


cosinus 24.02.2012 23:19

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

AC9 25.02.2012 00:22

Frage: wo befinden sich die viren überhaupt....wenn ich jetzt die Daten auf eine andere Festplatte/ rechner ziehen, dann sind sie ja immer noch da:kaffee:

cosinus 25.02.2012 00:55

Diese Frage macht so keinen Sinn, nur wenn du davon ausgehst, dass bei einem Befall des Rechners auch gleich jede Datei befallen ist. Das ist so aber nicht der Fall. Oder hab ich dich völlig falsch verstanden?

Wenn nicht stell solche Fragen bitte einfach später, ich mag es nicht in der Analyse unterbrochen zu werden

AC9 26.02.2012 02:21

Während aswMBR den Scan gemacht hat, ist ne Meldung von Antivir reingekommen, und zwar wurde 3* "TR/Crypt.EPACK.Gen2" und 1* "TR/Crypt.XPACK.Gen" gefunden. Scan mit antivir und Malwarebytes läuft noch, Logs kommen später
Hier der aswMBR Log:

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 01:45:42
-----------------------------
01:45:42.577    OS Version: Windows 6.0.6002 Service Pack 2
01:45:42.577    Number of processors: 1 586 0xE08
01:45:42.577    ComputerName: ANITASCHMITT-PC  UserName: Christian
01:46:47.410    Initialize success
01:48:15.368    AVAST engine defs: 12022502
01:48:31.842    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
01:48:31.842    Disk 0 Vendor: FUJITSU_MHV2120BH_PL 892C Size: 114473MB BusType: 3
01:48:31.873    Disk 0 MBR read successfully
01:48:31.889    Disk 0 MBR scan
01:48:31.967    Disk 0 Windows VISTA default MBR code
01:48:31.982    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      109176 MB offset 63
01:48:32.029    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        5294 MB offset 223592670
01:48:32.076    Disk 0 scanning sectors +234436545
01:48:32.216    Disk 0 scanning C:\Windows\system32\drivers
01:49:06.817    Service scanning
01:49:57.579    Modules scanning
01:50:18.780    Disk 0 trace - called modules:
01:50:18.811    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
01:50:19.326    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85322ac8]
01:50:19.357    3 CLASSPNP.SYS[833ac8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84368030]
01:50:21.198    AVAST engine scan C:\Windows
01:50:43.568    AVAST engine scan C:\Windows\system32
01:58:19.026    AVAST engine scan C:\Windows\system32\drivers
01:58:51.084    AVAST engine scan C:\Users\Christian
02:03:22.758    AVAST engine scan C:\ProgramData
02:05:31.349    Scan finished successfully
02:07:34.183    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\Logs\MBR.dat"
02:07:34.183    The log file has been saved successfully to "C:\Users\Christian\Desktop\Logs\aswMBR2.txt"


AC9 26.02.2012 13:04

Ok, Antivir hatte irgendwie nur 50 Dateien gescannt ( der Scan kam irgendwie automatisch, ohne dass ich etwas getan habe). Malewarebytes hat nichts ergeben. Eset ist am laufen. Sollte ich nochmal nen Scan mit OTL machen?

AC9 26.02.2012 14:59

Eset Log hat auch nichts gefunden:
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3a40966510ef9e4582755ac5b137f956
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-21 05:37:33
# local_time=2012-02-21 06:37:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 66719 66719 0 0
# compatibility_mode=4096 16777215 100 0 69069 69069 0 0
# compatibility_mode=5892 16776638 100 100 52387999 167371799 0 0
# compatibility_mode=8192 67108863 100 0 4004 4004 0 0
# scanned=174684
# found=0
# cleaned=0
# scan_time=6781
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3a40966510ef9e4582755ac5b137f956
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-23 07:54:39
# local_time=2012-02-23 08:54:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 247841 247841 0 0
# compatibility_mode=4096 16777215 100 0 250191 250191 0 0
# compatibility_mode=5892 16776638 100 100 52569121 167552921 0 0
# compatibility_mode=8192 67108863 100 0 185126 185126 0 0
# scanned=175051
# found=0
# cleaned=0
# scan_time=6686
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3a40966510ef9e4582755ac5b137f956
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 01:56:13
# local_time=2012-02-26 02:56:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 485403 485403 0 0
# compatibility_mode=4096 16777215 100 0 487753 487753 0 0
# compatibility_mode=5892 16776638 100 100 52806683 167790483 0 0
# compatibility_mode=8192 67108863 100 0 422688 422688 0 0
# scanned=170851
# found=0
# cleaned=0
# scan_time=6817


cosinus 26.02.2012 16:00

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

AC9 26.02.2012 16:11

Ich hatte heute Nacht schon nen Malwarebyte Scan gemacht:
Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.25.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Christian :: ANITASCHMITT-PC [Administrator]

26.02.2012 02:08:38
mbam-log-2012-02-26 (02-08-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359873
Laufzeit: 3 Stunde(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


AC9 26.02.2012 20:39

ok, SuperSpyAnti hat mehrere Cookies als "Bedrohung" (?) gemeldet....soll ich die einfach löschen?
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/26/2012 at 08:12 PM

Application Version : 5.0.1144

Core Rules Database Version : 8279
Trace Rules Database Version: 6091

Scan type      : Complete Scan
Total Scan Time : 02:32:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 622
Memory threats detected  : 0
Registry items scanned    : 36171
Registry threats detected : 0
File items scanned        : 200497
File threats detected    : 82

Adware.Tracking Cookie
        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\HNXWCVV4.txt [ Cookie:anita schmitt@ad.yieldmanager.com/ ]
        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YO5C5K5.txt [ Cookie:anita schmitt@atdmt.com/ ]
        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWK1ERC1.txt [ Cookie:anita schmitt@apmebf.com/ ]
        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\P8054EOM.txt [ Cookie:anita schmitt@yadro.ru/ ]
        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\0S8QOA97.txt [ Cookie:anita schmitt@fl01.ct2.comclick.com/ ]
        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKDG385Y.txt [ Cookie:anita schmitt@2o7.net/ ]
        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYVB6HE4.txt [ Cookie:anita schmitt@adfarm1.adition.com/ ]
        .atdmt.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjk4ggczwhq.stats.esomniture.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkoqhdpmeq.stats.esomniture.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]


cosinus 26.02.2012 21:04

Sieht ok aus, da wurden nur Cookies gefunden. Die können weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131