Trojaner-Board - mehrere Trojaner gefunden durch Malwarebytes Antimalware

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - mehrere Trojaner gefunden durch Malwarebytes Antimalware (https://www.trojaner-board.de/110276-mehrere-trojaner-gefunden-malwarebytes-antimalware.html)

Code:

ComboFix 12-02-24.02 - Christian 24.02.2012  19:27:59.1.1 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1013.367 [GMT 1:00]

ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-24 bis 2012-02-24  ))))))))))))))))))))))))))))))

.

.

2012-02-24 18:38 . 2012-02-24 18:38        --------        d-----w-        c:\users\Christian\AppData\Local\temp

2012-02-24 13:14 . 2012-02-24 13:14        --------        d-----w-        C:\_OTL

2012-02-23 16:16 . 2012-02-23 16:16        --------        d-----w-        c:\users\Anita Schmitt\AppData\Roaming\Avira

2012-02-21 15:37 . 2012-02-21 15:37        --------        d-----w-        c:\program files\ESET

2012-02-20 22:17 . 2012-02-20 22:17        --------        d-----w-        c:\users\Christian\AppData\Roaming\Avira

2012-02-20 22:12 . 2012-01-31 07:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-02-20 22:12 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-02-20 22:12 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-02-20 22:12 . 2012-02-20 22:12        --------        d-----w-        c:\programdata\Avira

2012-02-20 22:12 . 2012-02-20 22:12        --------        d-----w-        c:\program files\Avira

2012-02-20 21:02 . 2012-02-20 21:02        19416        ----a-w-        c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2012-02-20 21:02 . 2012-02-20 21:02        2106216        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-02-20 21:02 . 2012-02-20 21:02        134104        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-02-16 13:12 . 2011-12-14 02:56        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-02-14 20:20 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-14 20:20 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-02-14 20:19 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2012-01-26 12:23 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-26 12:23 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-26 12:23 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-01-26 12:23 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-01-26 12:23 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-26 12:23 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-20 22:10 . 2011-05-16 18:41        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-31 16:42 . 2011-12-30 21:12        30256        ----a-w-        c:\windows\system32\drivers\GRD.sys

2011-12-30 21:09 . 2011-12-30 20:09        49016        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys

2011-12-10 14:24 . 2011-12-31 16:58        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-20 21:02 . 2012-02-20 21:02        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

.

c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Mousometer.lnk - c:\program files\Mousometer\mousometer.exe [2008-11-17 344064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk

backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Anita Schmitt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]

path=c:\users\Anita Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk

backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-29 19:59        937920        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-16 20:04        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-17 00:15        221184        ----a-w-        c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-02-13 12:02        564496        ----a-w-        c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-02-13 12:06        2196240        ----a-w-        c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40        155648        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

2009-11-24 09:07        323640        ----a-w-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2009-11-24 09:07        323640        ----a-w-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2006-12-03 00:32        167936        ----a-w-        c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-11-08 18:32        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 15:21]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:01]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:01]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

mStart Page = 

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\97s6gqsg.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

AddRemove-Toblo - c:\program files\Toblo\Uninstall Toblo.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-24 19:38

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-02-24  19:42:34

ComboFix-quarantined-files.txt  2012-02-24 18:42

.

Vor Suchlauf: 13 Verzeichnis(se), 54.038.269.952 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 53.979.451.392 Bytes frei

.

- - End Of File - - 789B5FE955B26902CFEC261C9F9BF04E

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-02-24 21:05:01

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHV2120BH_PL rev.892C

Running: w4sc6mrr.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\afkcapog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            871E3C36                                                                                         ZwCreateSection

SSDT            871E3C40                                                                                         ZwRequestWaitReplyPort

SSDT            871E3C3B                                                                                         ZwSetContextThread

SSDT            871E3C45                                                                                         ZwSetSecurityObject

SSDT            871E3C4A                                                                                         ZwSystemDebugControl

SSDT            871E3BD7                                                                                         ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    824C6998 4 Bytes  [36, 3C, 1E, 87]

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                    824C6CBC 4 Bytes  [40, 3C, 1E, 87]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                    824C6CF0 4 Bytes  [3B, 3C, 1E, 87]

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                    824C6D54 4 Bytes  [45, 3C, 1E, 87]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                    824C6D9C 4 Bytes  [4A, 3C, 1E, 87]

.text           ...                                                                                              
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641c78965                      

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641c78965 (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:31:39 on 24.02.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 10.0.2
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"camfilt2" (camfilt2) - "Guillemot Corporation" - C:\Windows\System32\DRIVERS\camfilt2.sys

"catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys  (File not found)

"Hercules Classic Silver" (SNPSTD3) - "Sonix Co. Ltd." - C:\Windows\System32\DRIVERS\snpstd3.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{1F77B17B-F531-44DB-ACA4-76ABB5010A28} "AIMP2: ShellExt" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Mousometer.lnk" - ? - C:\Program Files\Mousometer\mousometer.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----

"Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"LIDIL hpzll5ha" - "Hewlett-Packard Company" - C:\Windows\system32\hpzll5ha.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-02-24 21:35:32

-----------------------------

21:35:32.790    OS Version: Windows 6.0.6002 Service Pack 2

21:35:32.790    Number of processors: 1 586 0xE08

21:35:32.790    ComputerName: ANITASCHMITT-PC  UserName: Christian

21:36:32.600    Initialize success

21:38:06.418    AVAST engine defs: 12022401

21:38:46.026    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2

21:38:46.026    Disk 0 Vendor: FUJITSU_MHV2120BH_PL 892C Size: 114473MB BusType: 3

21:38:46.057    Disk 0 MBR read successfully

21:38:46.057    Disk 0 MBR scan

21:38:46.073    Disk 0 unknown MBR code

21:38:46.073    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       109176 MB offset 63

21:38:46.120    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         5294 MB offset 223592670

21:38:46.120    Disk 0 scanning sectors +234436545

21:38:46.198    Disk 0 scanning C:\Windows\system32\drivers

21:38:58.943    Service scanning

21:39:33.902    Modules scanning

21:39:42.248    Disk 0 trace - called modules:

21:39:42.264    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 

21:39:42.794    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e6aac8]

21:39:42.794    3 CLASSPNP.SYS[833a48b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84368030]

21:39:44.042    AVAST engine scan C:\Windows

21:39:48.676    AVAST engine scan C:\Windows\system32

21:44:00.179    AVAST engine scan C:\Windows\system32\drivers

21:44:20.771    AVAST engine scan C:\Users\Christian

21:47:35.459    AVAST engine scan C:\ProgramData

21:48:47.141    Scan finished successfully

21:51:14.795    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\Logs\MBR.dat"

21:51:14.810    The log file has been saved successfully to "C:\Users\Christian\Desktop\Logs\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Frage: wo befinden sich die viren überhaupt....wenn ich jetzt die Daten auf eine andere Festplatte/ rechner ziehen, dann sind sie ja immer noch da:kaffee:

Diese Frage macht so keinen Sinn, nur wenn du davon ausgehst, dass bei einem Befall des Rechners auch gleich jede Datei befallen ist. Das ist so aber nicht der Fall. Oder hab ich dich völlig falsch verstanden?

Wenn nicht stell solche Fragen bitte einfach später, ich mag es nicht in der Analyse unterbrochen zu werden

Während aswMBR den Scan gemacht hat, ist ne Meldung von Antivir reingekommen, und zwar wurde 3* "TR/Crypt.EPACK.Gen2" und 1* "TR/Crypt.XPACK.Gen" gefunden. Scan mit antivir und Malwarebytes läuft noch, Logs kommen später
Hier der aswMBR Log:

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-02-26 01:45:42

-----------------------------

01:45:42.577    OS Version: Windows 6.0.6002 Service Pack 2

01:45:42.577    Number of processors: 1 586 0xE08

01:45:42.577    ComputerName: ANITASCHMITT-PC  UserName: Christian

01:46:47.410    Initialize success

01:48:15.368    AVAST engine defs: 12022502

01:48:31.842    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2

01:48:31.842    Disk 0 Vendor: FUJITSU_MHV2120BH_PL 892C Size: 114473MB BusType: 3

01:48:31.873    Disk 0 MBR read successfully

01:48:31.889    Disk 0 MBR scan

01:48:31.967    Disk 0 Windows VISTA default MBR code

01:48:31.982    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       109176 MB offset 63

01:48:32.029    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         5294 MB offset 223592670

01:48:32.076    Disk 0 scanning sectors +234436545

01:48:32.216    Disk 0 scanning C:\Windows\system32\drivers

01:49:06.817    Service scanning

01:49:57.579    Modules scanning

01:50:18.780    Disk 0 trace - called modules:

01:50:18.811    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 

01:50:19.326    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85322ac8]

01:50:19.357    3 CLASSPNP.SYS[833ac8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84368030]

01:50:21.198    AVAST engine scan C:\Windows

01:50:43.568    AVAST engine scan C:\Windows\system32

01:58:19.026    AVAST engine scan C:\Windows\system32\drivers

01:58:51.084    AVAST engine scan C:\Users\Christian

02:03:22.758    AVAST engine scan C:\ProgramData

02:05:31.349    Scan finished successfully

02:07:34.183    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\Logs\MBR.dat"

02:07:34.183    The log file has been saved successfully to "C:\Users\Christian\Desktop\Logs\aswMBR2.txt"

Ok, Antivir hatte irgendwie nur 50 Dateien gescannt ( der Scan kam irgendwie automatisch, ohne dass ich etwas getan habe). Malewarebytes hat nichts ergeben. Eset ist am laufen. Sollte ich nochmal nen Scan mit OTL machen?

Eset Log hat auch nichts gefunden:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3a40966510ef9e4582755ac5b137f956

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-21 05:37:33

# local_time=2012-02-21 06:37:33 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 66719 66719 0 0

# compatibility_mode=4096 16777215 100 0 69069 69069 0 0

# compatibility_mode=5892 16776638 100 100 52387999 167371799 0 0

# compatibility_mode=8192 67108863 100 0 4004 4004 0 0

# scanned=174684

# found=0

# cleaned=0

# scan_time=6781

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3a40966510ef9e4582755ac5b137f956

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-23 07:54:39

# local_time=2012-02-23 08:54:39 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 247841 247841 0 0

# compatibility_mode=4096 16777215 100 0 250191 250191 0 0

# compatibility_mode=5892 16776638 100 100 52569121 167552921 0 0

# compatibility_mode=8192 67108863 100 0 185126 185126 0 0

# scanned=175051

# found=0

# cleaned=0

# scan_time=6686

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3a40966510ef9e4582755ac5b137f956

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-26 01:56:13

# local_time=2012-02-26 02:56:13 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 485403 485403 0 0

# compatibility_mode=4096 16777215 100 0 487753 487753 0 0

# compatibility_mode=5892 16776638 100 100 52806683 167790483 0 0

# compatibility_mode=8192 67108863 100 0 422688 422688 0 0

# scanned=170851

# found=0

# cleaned=0

# scan_time=6817

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Ich hatte heute Nacht schon nen Malwarebyte Scan gemacht:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.25.06
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Christian :: ANITASCHMITT-PC [Administrator]
 

26.02.2012 02:08:38

mbam-log-2012-02-26 (02-08-38).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 359873

Laufzeit: 3 Stunde(n), 52 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

ok, SuperSpyAnti hat mehrere Cookies als "Bedrohung" (?) gemeldet....soll ich die einfach löschen?

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/26/2012 at 08:12 PM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8279

Trace Rules Database Version: 6091
 

Scan type       : Complete Scan

Total Scan Time : 02:32:03
 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)
 

Memory items scanned      : 622

Memory threats detected   : 0

Registry items scanned    : 36171

Registry threats detected : 0

File items scanned        : 200497

File threats detected     : 82
 

Adware.Tracking Cookie

        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\HNXWCVV4.txt [ Cookie:anita schmitt@ad.yieldmanager.com/ ]

        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YO5C5K5.txt [ Cookie:anita schmitt@atdmt.com/ ]

        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWK1ERC1.txt [ Cookie:anita schmitt@apmebf.com/ ]

        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\P8054EOM.txt [ Cookie:anita schmitt@yadro.ru/ ]

        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\0S8QOA97.txt [ Cookie:anita schmitt@fl01.ct2.comclick.com/ ]

        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKDG385Y.txt [ Cookie:anita schmitt@2o7.net/ ]

        C:\USERS\ANITA SCHMITT\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYVB6HE4.txt [ Cookie:anita schmitt@adfarm1.adition.com/ ]

        .atdmt.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]

        .msnportal.112.2o7.net [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\QTXZQE6D.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        tracking.mlsat02.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wjk4ggczwhq.stats.esomniture.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .paypal.112.2o7.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .yadro.ru [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        tracking.tchibo.de [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wjkoqhdpmeq.stats.esomniture.com [ C:\USERS\ANITA SCHMITT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVN7CN31.DEFAULT\COOKIES.SQLITE ]

Sieht ok aus, da wurden nur Cookies gefunden. Die können weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?