Verdacht auf Malware

wunderkind87 · 10.06.2011, 17:21

Hallo Thomsch,

sorry wenn ich mich hier einmische, aber hab gestern die selbe Meldung über Google wie du bekommen, mein Malwarebytes-Log fiel aber (Gott sei Dank) negativ aus. Aber als Laie (der wirklich nicht viel von solchen Dingen versteht) würde ich mal sagen dass dir das Service Pack 3 mal ganz dringend fehlt.

(BTW, könnte mir auch irgendwer die Sicherheit dass da nix böses ist in dem Thread den ich aufgemacht habe geben bitte.

)

cosinus · 10.06.2011, 22:05

Zitat:

Zitat von wunderkind87

würde ich mal sagen dass dir das Service Pack 3 mal ganz dringend fehlt.

Gibt noch kein SP3 für Vista

@thomsch3:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\Thomas Schmidt\AppData\Local\{*
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

thomsch3 · 11.06.2011, 12:40

Hier das Log nach dem Fix

Zitat:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ .
File move failed. C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Thomas Schmidt\AppData\Local\{007EAD0D-4235-40D8-9368-8A146059E7F7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{01155D83-3816-4D97-90C4-810302E8A294} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{043DB7FD-D8E3-48D5-BC8A-C00DDB6BFABF} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{0474944C-3476-45CF-BC66-49A1B9902450} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{04ACB000-4221-400F-A638-640144EE18C5} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{05DA59DC-6788-4876-BC01-A5113DCE879B} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{0E838953-F44B-4FA8-9D85-2061272673F4} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{11B14956-CE00-4F17-9CCF-793AC5125D9A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{11B82EF0-2EAC-4A90-BBCC-011B24D96669} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{154DE9F8-529B-4390-A314-F7EF7A043B23} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{170D0045-EB6F-479C-B460-9DB6C2DF285E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{179A8A6B-9A1D-4669-ADF7-4FDCFBB0C42B} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{185D1C83-AD2F-447C-B9E6-8FA9BDF7CC94} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{18933589-066E-44BF-8C02-454940B86A62} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{18C43A50-64BC-45B8-AA82-9EA7EEC29C13} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{1CBEB39C-6C03-459C-A076-50E7DEE57131} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{23EF82D6-076B-4C1D-803F-9DAC0D441E85} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{26821C59-AFE7-4F69-8893-F626DCC8DC0C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{27022CD9-140B-4966-BAFC-13368CB4EA89} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{29B3D37F-0A5A-47D5-930D-0E6E1610B8C0} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{29E69F77-4195-490A-8773-FC3745E334A7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{30C1B95A-5B78-4E67-9F27-F0DAB9DE7DEA} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3241FFB6-804F-45D2-81E8-533A7C76DF95} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{34393D73-E64E-4ED8-A31D-C57D00F79E41} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{354BAE03-2D88-4922-9E93-E111D4BC83CD} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3AD32200-B2A5-4638-BD4E-9EF2F69496C7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3DE05618-8F38-4C8B-9847-49708BC2DAE7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3F0ACAB0-33D4-4C67-81E6-86A92CA170DA} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3FB5B74E-F000-4F3C-B853-F3982CFEB5FD} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{49D52C3A-8D06-46CD-854D-4D8F1D3FFCE6} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{508220DD-2C59-4BE6-A9DD-09CCA412D320} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{536D5044-CE3A-4D72-9D1E-004DF5573C33} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5486072D-CC65-453E-AA70-902A9096B2C2} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{57D9FAE0-0A87-4750-895F-4C1FF647B34D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5A30E875-7AC3-4F36-98D1-EC727957E255} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5A85776A-08A7-4F4F-9A5C-06435633B053} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5B009CD6-AF38-4BE2-809F-61DD5CB5E780} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{60D06F46-B75C-4401-ADCD-ADCE6CF30D4A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{65F68D5D-4C0E-4B7F-B565-0192DC040BFD} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6689A909-AE54-4DAC-9432-50EF39360601} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6883770E-7510-434B-83D7-F16CD391B361} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6CAB87B6-0D90-46B8-A2D5-6A7D4BA2DFF1} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6CD5151D-403E-4A9F-BE2E-23857795A34E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6D1F31D9-E261-40CA-8B7B-18F50B904870} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6F4B14A7-4923-4E80-A8A2-5F1553761824} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{709D21C4-43BE-4372-ACFF-3FC8718C7477} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{71ABDEA6-16E6-4142-9FDE-AD9F83535DD3} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{7493AD8F-D272-438F-8934-84152A57CB72} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{7537243C-B794-4FE9-B449-1841968F6473} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{800842E9-BE46-4130-88C3-0BEFB917638D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8080DA22-1CE8-498B-917A-855589BC034F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8327BC78-A4AC-4F00-8166-0B7E8342F112} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{83600A4B-DD38-4D67-B9FA-0BF7621FC297} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{87EBC3E2-6DD5-471F-A6E8-6919496FBA76} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{88700BF9-0DC5-4A42-BC43-9D3BCEEA5404} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8AA5B8CA-8B86-44E8-808B-0C1A43832A1A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8C195778-357A-4988-9E41-55CFE3DCD3B5} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{90BAD25D-2D69-4C82-8D69-99BDE62EE2FE} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{90E76C6B-56DE-49AE-98F0-15042C4845A3} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{91394053-1E4D-4601-B143-0C97E8F1276E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9390AAA7-7829-49DA-AB4C-1D769E099536} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9731722D-988A-461C-964F-6666798ABEBB} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{98D67A8E-349D-4DEB-96EF-E39DD5DF2F36} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9973BD31-4B71-4FC1-AF35-605E044B8EA1} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9D24DE92-0E15-4F4F-967A-9F39B4DC485F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9FDDEF95-7272-4520-A179-B65E04D7E33C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A147C06F-4837-44CE-85F3-39ACB08F204A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A1706C2C-1E0C-40BA-8FA1-20A2D0846D93} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A1A6D409-EAB5-454B-98AC-3A264BB2C24F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A1F5FCB1-AE5D-4A0F-8DB3-A9B7163118AC} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A78FD6F6-E3C9-49B1-8D48-9E4CF3DD2841} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A83A50AF-44A8-4AEB-B847-B4232DC34028} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{AA492281-E00D-4523-82AC-577F46A09339} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{AC7729D6-48C6-4A81-8970-C6A802829872} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{B358ADBC-AF77-4F3E-BB79-57116FAF6693} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{BB14A324-03CC-4A01-97A7-09C5B80EDAEF} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C08341B5-98DB-403A-8BE7-65DC1808CA90} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C3F0CD89-7204-4939-8E3A-B7542F897897} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C55720E6-3B29-483F-BFBB-3F1BA8C3635F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C774A096-9687-47E2-875D-B2D149CE8D0C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C79CDB9D-50EA-4A25-9F10-DB88914A5192} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CA0FFA28-5546-4B18-A8DE-BE2464A7064C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CA447037-74A1-4ED5-B28C-96AD2940762D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CBA75D09-5019-4EE1-8FAB-BAAAABB0596F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CEBD3CB1-687A-49D0-A565-BE15EC96C8E2} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D10E358D-DEC6-4170-8F23-E61E61A1694D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D3848DDC-4CBF-4D66-A243-5C86E7755821} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D5488BD2-24CC-474A-9D6C-A5EA9D616340} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D5AC0041-0E88-436B-989E-80ED9667BA17} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DC66617C-D1EC-4A9A-8B41-B4AC9951F992} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DD7A840D-4BCC-4E7B-A7CE-1384B2C95A77} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DEA47A68-E31D-4E6E-97FC-2B5C42A39C09} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DEB255DE-A957-474C-B066-40E48DD8A924} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{E44110FA-9CA2-443F-ABF5-F73F2A315409} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{E60E6188-2AB3-48BB-96A2-1F534DD4FC15} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{E88EE326-B6C2-41E7-8363-17ADF67844AB} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EA576239-1765-4626-945C-E86D5BE38019} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EC19D54B-097D-4B6E-84A8-92850C06773D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{ECA99AFE-172E-4448-BB9A-8807C5B80401} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{ECC1A8F3-EF86-4AAF-9F24-4FFEC0B3FADA} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EE639E41-6CE2-4B1C-BF21-69B3C91DB730} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EF4FF1E3-1F6A-48E3-9FF1-BA36CD94073C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F0E2E251-6EBF-45E9-87CF-8C9D1AA3CA1B} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F138363A-F06D-4739-A4E7-20B9AEBE55C4} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F28AA4D7-D3B7-428B-9E5B-AFA854198E7E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F63845E9-F40C-4AD4-B1B7-870F9C96DA3D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F82556D1-EEEB-42AA-A17E-8BBFB7F99C12} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{FA7FDF81-49FA-48D2-A984-EBEE47BF71D7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{FCDDD6CF-1A4F-427E-83E8-0E404E7EAC74} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{FFBCAB28-DD18-4263-9552-C7D632A49F80} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06112011_133351

Files\Folders moved on Reboot...
File move failed. C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Verdacht auf Malware

Plagegeister aller Art und deren Bekämpfung: Verdacht auf Malware