Mal wieder ein Virus?

lena-laura · 12.04.2012, 01:23

Hallo mal wieder,

habe eben schon in der anderen Kategorie gepostet und bin nun hierher verwiesen worden.
Ich habe einen provisorischen Scan mit Malware durchgeführt, es wurde etwas gefunden, ich habe dies unter Quarantäne gestellt.
Vor einiger Zeit hatte ich den 50 Euro Virus drauf und seither "kleinere" Probleme.
Ich habe das aber wie gesagt alles schon in der anderen Kat gepostet.
Weiß jetzt grad gar nicht genau, wie ich das Problem beschreiben soll.
Mir wurde jetzt nah gelegt, ich solle nun hier posten...und dabei weiß ich gar nicht, ob ich eigentlich einen Virus draufhabe.
Habe jetzt mal alles ausgeführt, was angefordert ist und hier nun der DDS.txt und im Anhang dann die anderen Sachen.
Hoffe dass die Zip Datei funktioniert.
Sorry, wenn ich grad so unglaublich unklar schreibe. Bin grad selber etwas verwirrt.

LG

Lena-Laura

Code:

ATTFilter

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.2.0
Run by lena-laura at 0:30:45 on 2012-04-12
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2039.982 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\CISVC.EXE
C:\windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\windows\System32\tcpsvcs.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\FILSHtray\FILSHtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = 
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\lena-laura\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Userinit] c:\users\lena-laura\appdata\roaming\appconf32.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [HotKeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [FILSHtray] "c:\program files\filshtray\FILSHtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>] 
StartupFolder: c:\users\lena-l~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\lena-l~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{10D8D06D-13E7-46A5-AEC4-38C5609E3260} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\1462F40284F6473507F647 : DhcpNameServer = 192.168.12.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\353686E656C6C60257E64602351657265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\3636C6 : DhcpNameServer = 217.68.161.141 217.68.161.171
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\65966716C646960284F64756C6021303 : DhcpNameServer = 192.168.1.33
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\65966716C646960284F64756C60293 : DhcpNameServer = 192.168.1.33
TCP: Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}\75C414E4D2133444030393 : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lena-laura\appdata\roaming\mozilla\firefox\profiles\ztgpl636.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lena-laura\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\lena-laura\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - b0a1e4500000000000000625d3f6b5b0
FF - user.js: extensions.softonic_i.instlDay - 15399
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.51:14:30
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-1 11608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2010-5-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-1 269480]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-2-25 219136]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-1 66616]
R2 iprip;RIP-Überwachung;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-14 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-8-13 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-14 52224]
.
=============== Created Last 30 ================
.
2012-04-11 13:17:25	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:11:00	7384	----a-w-	c:\users\lena-laura\appdata\roaming\BAcroIEHelpe101.dll
2012-04-11 13:11:00	226808	----a-w-	c:\users\lena-laura\appdata\roaming\AcroIEHelpe101.dll
2012-04-11 02:10:27	--------	d-----w-	c:\users\lena-laura\appdata\roaming\11009
2012-04-10 23:02:45	--------	d-----w-	c:\users\lena-laura\appdata\local\{F863156E-F87C-496F-B226-C7DDAE68E633}
2012-04-10 23:02:32	--------	d-----w-	c:\users\lena-laura\appdata\local\{F025FC7C-40A5-4051-AAA9-E0C028AE904A}
2012-04-10 23:00:43	--------	d-----w-	c:\users\lena-laura\appdata\local\{EE6A1AB8-9E47-4E9F-9169-AC4A88785E2A}
2012-04-10 23:00:29	--------	d-----w-	c:\users\lena-laura\appdata\local\{D581E52F-86D8-4DD7-AF56-E656EEECC13C}
2012-04-09 15:33:44	--------	d-----w-	c:\users\lena-laura\appdata\roaming\11008
2012-04-09 15:33:37	7384	----a-w-	c:\users\lena-laura\appdata\roaming\BAcroIEHelpe099.dll
2012-04-09 15:00:18	--------	d-----w-	c:\users\lena-laura\appdata\roaming\UAs
2012-04-08 20:06:53	--------	d-----w-	c:\users\lena-laura\appdata\roaming\11007
2012-04-08 20:06:32	264	----a-w-	c:\users\lena-laura\appdata\roaming\srvblck5.tmp
2012-04-08 20:06:25	--------	d-----w-	c:\users\lena-laura\appdata\roaming\xmldm
2012-04-08 20:06:24	--------	d-----w-	c:\users\lena-laura\appdata\roaming\kock
2012-04-08 03:27:23	--------	d-----w-	c:\users\lena-laura\appdata\roaming\HpUpdate
2012-04-08 03:27:15	--------	d-----w-	c:\windows\Hewlett-Packard
2012-04-07 16:07:53	--------	d-----w-	c:\users\lena-laura\appdata\local\{0F687047-71DC-499C-9399-34C7414D9952}
2012-04-07 01:51:33	--------	d-----w-	c:\program files\VS Revo Group
2012-04-07 01:44:41	--------	d-----w-	c:\program files\CCleaner
2012-04-06 10:39:07	--------	d-----w-	c:\programdata\Mediafour
2012-04-06 10:37:50	--------	d-----w-	c:\program files\Mediafour
2012-04-04 19:36:09	--------	d-----w-	c:\users\lena-laura\appdata\local\{1A7B5EB3-7759-41FE-AA09-79525CBC2E2D}
2012-04-04 19:35:00	--------	d-----w-	c:\users\lena-laura\appdata\local\{81A290BE-954A-4168-806C-81CA377D7DE2}
2012-04-04 19:25:37	--------	d-----w-	c:\users\lena-laura\appdata\local\{02F6304D-037F-4A4C-8003-5437EE5FA85D}
2012-04-03 18:10:31	--------	d-----r-	c:\users\lena-laura\appdata\roaming\Brother
2012-03-31 00:09:10	--------	d-----w-	c:\users\lena-laura\appdata\local\{4CB2A80D-8224-4701-B414-6843804829AD}
2012-03-24 21:14:13	--------	d-----w-	c:\program files\MixMeister BPM Analyzer
2012-03-18 15:22:48	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 15:22:48	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-15 02:02:04	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-15 02:02:00	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 15:33:42	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 15:33:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 15:32:43	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:32:43	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:32:42	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 15:32:37	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 15:32:36	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:32:36	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-04-11 15:19:05	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 00:51:03	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-02-11 00:51:03	567184	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-10 17:23:09	152576	----a-w-	c:\windows\system32\msclmd.dll
.
============= FINISH:  0:33:52,34 ===============

Chris4You · 12.04.2012, 06:35

Hi,

das hier sollte Dein Problem sein:
uRun: [Userinit] c:\users\lena-laura\appdata\roaming\appconf32.exe

Bitte ab sofort nichts mehr mit Hombeanking etc., von einem sauberen Rechner aus alle entsprechenden Passwörter ändern (wird wahrscheinlich ein Banker-Trojaner sein!)

Poste bitte noch mal ein OTL-Log:
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

lena-laura · 12.04.2012, 11:58

hi chris,

otl funktioniert leider nicht. hängt sich immer wieder auf und ich bekomme keine rückmeldung. was nun?

lg

lena-laura

lena-laura · 12.04.2012, 12:23

hi chris,

ich nochmal.
hab`s jetzt nochmal im abgesichterten modus versucht und siehe da...es hat geklappt.
im anhang die otl.txt und extras.txt datei.
hoffe, das ist ok, dass ich die beide als anhang mitschicke und nicht hier reinkopiere.

lg
lena-laura

Chris4You · 12.04.2012, 13:15

Hi,

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [Userinit] C:\Users\lena-laura\AppData\Roaming\appconf32.exe ()
[2012.04.11 04:10:27 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\11009
[2012.04.09 17:33:44 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\11008
[2012.04.09 17:00:18 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\UAs
[2012.04.08 22:06:53 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\11007
[2012.04.08 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\xmldm
[2012.04.08 22:06:24 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\kock
[2012.04.12 12:52:17 | 000,000,016 | ---- | M] () -- C:\Users\lena-laura\AppData\Roaming\blckdom.res

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

Panda-TLD4-Killer
Den Killler auf das Desktop runterladen:
TDSS-Killer
Starte den Killer, den anschließenden Neustart erlauben!
Falls die Sicherheitslösung mosert, bitte ausschalten oder yorkyt.exe als Ausnahme zulassen!
Nach dem Reboot sollte der Killer von alleine starten (Please wait... Running...),
nicht unterbrechen, nichts am Rechner machen (Laufzeit ca. 5 Minuten).
Wird etwas gefunden, (Detected and requested some bad files) zuerst das Log posten (liegt da wo die Exe liegt, also auf dem Desktop), ->poste den Inhalt der yorkyt.exe.log.
Falls Freigabe erteilt Ja auswählen, der Rechner wird neu gestartet und die erkannten (verseuchten) Treiber ausgetauscht, die TLD-Files gelöscht (yorkyt startet wieder automatisch, nicht unterbrechen!).
Poste nach der Bereinigung noch mal das Log...

chris

lena-laura · 12.04.2012, 22:01

So!

Hier erstmal das OTL Log

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
C:\Users\lena-laura\AppData\Roaming\appconf32.exe moved successfully.
C:\Users\lena-laura\AppData\Roaming\11009\components folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\11009 folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\11008\components folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\11008 folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\UAs folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\11007\components folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\11007 folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\xmldm folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\kock folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\blckdom.res moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lena-laura
->Temp folder emptied: 105406 bytes
->Temporary Internet Files folder emptied: 3476675 bytes
->Java cache emptied: 16652 bytes
->FireFox cache emptied: 131089943 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8633 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10595908 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 139,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 04122012_225305

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

lena-laura · 13.04.2012, 12:14

Wie krass ist das denn bitte?!
Ja, surfe mit Firefox...aber ich kann dir nicht sagen ob mit NO Script / WOT, weil ich nämlich schlicht keine Ahnung habe, was das überhaupt ist. Lerne aber gerne dazu.
Habe alternativ noch Opera drauf.
Hier erstmal das neue Log

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\USERS\LENA-LAURA\APPDATA\ROAMING\11012\components folder moved successfully.
C:\USERS\LENA-LAURA\APPDATA\ROAMING\11012 folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\UAs folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\xmldm folder moved successfully.
Folder C:\Users\lena-laura\AppData\Roaming\11012\ not found.
C:\Users\lena-laura\AppData\Roaming\blckdom.res moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lena-laura
->Temp folder emptied: 30700846 bytes
->Temporary Internet Files folder emptied: 1742132 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 419634288 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3165 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 217934 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 431,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 04132012_130710

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

hab grad hitman durchlaufen lassen...komme hier aber irgendwie nicht zurecht. wo ist das log? und wenn ich auf "weiter" drücke, dann will der die funde löschen, was aber nicht geht, da kein produktschlüssel. soll ich einfach schließen?

Chris4You · 13.04.2012, 21:43

Hi,

das log kannst Du als XML-File speichern u. hier posten.
Weiterhin kannst Du über Hitman eine 30-Tage Testlizenz anfordern (Reiter "Lizence"), die dann auch die Malware killt...

chris

lena-laura · 13.04.2012, 22:18

DANKE!!! ;-)

So, hier jetzt aber...
Ich habe bereits irgendwann mal einen Gästeaccount eingerichtet...wozu brauche ich den aber eigentlich?
Und kannst du mir das bitte mit dem WOT ect mal erklären?
Ich nichts kapieren ;-)
Danke!

Code:

ATTFilter

<?xml version="1.0"?>
-<Log filesProcessed="13696" timeSpentInSecs="435" date="2012-04-13T23:06:02" version="3.6.0.152" scan="Normal" computer="PC">-<Item status="Deleted" score="101.0" malwareName="Malware" type="Malware">-<Scanners><Scanner name="Gen:Variant.Zusy.4130 (Engine A)" id="G Data"/><Scanner name="Trojan.PWS.Spy.14273" id="DrWeb"/><Scanner name="Trojan-Spy.Win32.Farko!IK" id="Ikarus"/></Scanners><File hash="F2DFE404F8BB7B813765555D3CFE380C82949FDE41781F976E69F3A269D82342" path="C:\Users\lena-laura\AppData\Roaming\AcroIEHelpe102.dll"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Cookies\5Y2EGWV3.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Cookies\JHP9UIKP.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Cookies\RDZDMBQV.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Cookies\SRS1DANH.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Cookies\XEOJH7KQ.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.123-template.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.360yield.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.ad-srv.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.adc-serv.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.adition.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.adnet.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.adserver01.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.dyntracker.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.velmedia.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.vidics.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ad.zanox.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adbrite.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads-lb.creative-serving.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.ad4game.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.adk2.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.cinamuse.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.cineble.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.cinemaden.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.crakmedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.creative-serving.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.filmlush.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.flixaddict.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.glispa.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.gorillavid.in"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.immobilienscout24.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.itshd.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.linguee.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.lzjl.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.moviease.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.movielush.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.movpod.in"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.profitsdeluxe.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.pubmatic.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.pushplay.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.reelhd.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.reelvidz.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.saymedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.spinsoft.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.thatsmusical.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.ventivmedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ads.webme.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adserver.adreactor.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adserver.adtechus.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adserver.advertisingbox.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adserver.gb5.motorpresse.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adserver.gunaxin.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adserver.yopi.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adtech.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adultadworld.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adultfriendfinder.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:advertstream.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:adviva.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:apmebf.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:at.atwola.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:banners.fuckbookhookups.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:bookofsex.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:bs.serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:burstnet.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:bwincom.122.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:casalemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:clicksor.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:collective-media.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:content.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:de.partypoker.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:de.sitestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:dmtracker.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:eas.apm.emediate.eu"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:eas4.emediate.eu"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:emjcd.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ero-advertising.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:exoclick.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:fastclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:fitnessexperten.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:fuckbookhookups.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:gr.burstnet.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:guj.122.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:h.atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:in.getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:invitemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:james.adbutler.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:kontera.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:livejasmin.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:livesexasian.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:media6degrees.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:mediaplex.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:mm.chitika.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:myroitracking.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:partypoker.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:porn2hd.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:pornkino.eu"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:pornmovieswatch.org"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:porntubest.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:questionmarket.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:registration.livejasmin.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:revsci.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ru4.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:sexkino.to"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:smartadserver.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:specificclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:statcounter.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:static.getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:statse.webtrendslive.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:track.adform.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:track.effiliation.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:track.senzapudore.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:track.webtrekk.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:tradedoubler.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:tribalfusion.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:uk.at.atwola.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:userporn.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:ww251.smartadserver.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:www.etracker.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:www.googleadservices.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:www.sexkino.to"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:xiti.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:yadro.ru"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:yieldmanager.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\cookies.sqlite:zedo.com"/></Item>-<Item status="Quarantiend" score="111.0" malwareName="Trojan" type="Malware">-<Scanners><Scanner name="Trojan.MulDrop3.44950" id="DrWeb"/></Scanners><File hash="5DFF403E1EBD8E01F86C43FBC466F03E8A4BACFA995C8078D9B3584E72640934" path="C:\Users\lena-laura\Downloads\yorkyt.exe"/></Item></Log>

lena-laura · 13.04.2012, 22:21

hä? ich glaube hier ist was falsch gelaufen...schicke dir die datei mal im anhang mit.
kannst du die öffnen?

Chris4You · 13.04.2012, 22:46

Hi,

hihi, Dr. web hat yorky erkannt, allerdings war immer noch ein Passwortspy drauf:
<Scanner name="Trojan.PWS.Spy.14273" 2342" path="C:\Users\lena-laura\AppData\Roaming\AcroIEHelpe102.dll"/>
sollte jetzt aber sauber sein...

So, zurück zum Guest-Accout.
Das ist ein Account mit verminderten Rechten, d.h. er kann z.B. keine SW installieren. Damit hat es Malware deutlich schwerer sich im System festzusetzen. Mit WOT und NoScript sind Addons gemeint, die du für Firefox installieren kannst (Firefox->Add-ons->suchen&installieren)...
WOT=WebOfTrust zeigt dir z.B. bei suche über Google die Sicherheit einer Ergebnisseite an, NoScript verhindert erstmal die Scriptausführung und muß "per" Hand pro Seite (wenn sie nicht funktioniert) freigeschaltet werden. (Hintergrund: einiges wird über scripte in das system "eingeschleust")...

So der notebook-akku ist fertig,
bye,
chris

Mal wieder ein Virus?

Plagegeister aller Art und deren Bekämpfung: Mal wieder ein Virus?