| |
| |||||||
Log-Analyse und Auswertung: Werbefenster öffent sich automatisch in Firefox?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
28.02.2010, 01:40
| #1 |
| |  Werbefenster öffent sich automatisch in Firefox? Hallo zusammen, ich hoffe einer von euch kann mir helfen! Seit kurzem öffnet sich automatisch immer ein Werbefenster in Firefox, so dass die von mir aufgerufene Seite überdeckt wird von einer Werbung und erst durch das klicken des Buttons "skip this ad" weggeklickt werden kann. Danke schon einmal für eure Hilfe und anbei meine Logfile, Werther Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:35:59, on 28.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lenovo\TrackPoint\tp4serv.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\Programme\Lenovo\AwayTask\AwaySch.EXE C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\ThinkPad\Utilities\DOZESVC.EXE C:\Programme\Intel\WiFi\bin\EvtEng.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\lotus\notes\ntmulti.exe C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe C:\Programme\Lenovo\System Update\SUService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\Lidl_Fotos\dd.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://izarc.org/donate.html O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: flvdirect - {f4d92dd0-9d7a-c41f-2ac2-05a602621129} - C:\WINDOWS\system32\aC554QRJQ7bjGo.dll O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544928.dll O4 - HKLM\..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Device Detector 2.lnk = C:\Programme\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programme\lotus\notes\ntmulti.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- End of file - 9322 bytes |
|
28.02.2010, 02:07
| #2 | ||
 |  Werbefenster öffent sich automatisch in Firefox?Zitat:
 > Download Malwarebytes und mache einen "Fast Scan". Poste das Log. > Diese Datei: C:\WINDOWS\system32\aC554QRJQ7bjGo.dll bei VirusTotal - Kostenloser online Viren- und Malwarescanner hochladen, prüfen lassen und Log posten. > Scan mit HijackThis und "fixe" diese Einträge (Kästchen ankreuzen und auf "fix checked" klicken) Zitat:
|
|
28.02.2010, 09:32
| #3 |
| | Werbefenster öffent sich automatisch in Firefox? Danke erst einmal, MalwareHero!
__________________zu 1. Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3805 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28.02.2010 09:32:07 mbam-log-2010-02-28 (09-32-02).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 114892 Laufzeit: 5 minute(s), 58 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 9 Infizierte Dateien: 43 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rlx-f_26gbfy (Adware.LoudMo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\FLV Direct Player (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window (Adware.BHO.FL) -> No action taken. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLV Direct Player (Adware.FLVPlayer) -> No action taken. Infizierte Dateien: C:\WINDOWS\system32\rlX-F_26GBFy.exe (Adware.LoudMo) -> No action taken. C:\Programme\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\dskinliteu.dll (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\player.dat (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\preload.swf (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin.xml (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp (Adware.BHO.FL) -> No action taken. C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp (Adware.BHO.FL) -> No action taken. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> No action taken. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> No action taken. zu 2. Das kam dabei raus: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.02.22 Riskware.AdWare.Win32.EZula!IK AhnLab-V3 5.0.0.2 2010.02.22 - AntiVir 8.2.1.172 2010.02.22 - Antiy-AVL 2.0.3.7 2010.02.22 - Authentium 5.2.0.5 2010.02.22 - Avast 4.8.1351.0 2010.02.22 - AVG 9.0.0.730 2010.02.22 - BitDefender 7.2 2010.02.22 - CAT-QuickHeal 10.00 2010.02.22 - ClamAV 0.96.0.0-git 2010.02.22 - Comodo 4026 2010.02.22 - DrWeb 5.0.1.12222 2010.02.22 - eSafe 7.0.17.0 2010.02.22 - eTrust-Vet 35.2.7318 2010.02.22 - F-Prot 4.5.1.85 2010.02.22 - F-Secure 9.0.15370.0 2010.02.22 - Fortinet 4.0.14.0 2010.02.21 - GData 19 2010.02.22 - Ikarus T3.1.1.80.0 2010.02.22 not-a-virus:AdWare.Win32.EZula Jiangmin 13.0.900 2010.02.22 - K7AntiVirus 7.10.980 2010.02.22 - Kaspersky 7.0.0.125 2010.02.22 - McAfee 5900 2010.02.22 - McAfee+Artemis 5900 2010.02.22 - McAfee-GW-Edition 6.8.5 2010.02.22 - Microsoft 1.5406 2010.02.22 - NOD32 4888 2010.02.22 - Norman 6.04.08 2010.02.22 - nProtect 2009.1.8.0 2010.02.22 - Panda 10.0.2.2 2010.02.21 - PCTools 7.0.3.5 2010.02.22 - Rising 22.34.01.03 2010.02.11 - Sophos 4.50.0 2010.02.22 - Sunbelt 5692 2010.02.22 - Symantec 20091.2.0.41 2010.02.22 Suspicious.Insight TheHacker 6.5.1.6.205 2010.02.22 - TrendMicro 9.120.0.1004 2010.02.22 - VBA32 3.12.12.2 2010.02.22 - ViRobot 2010.2.22.2196 2010.02.22 - VirusBuster 5.0.27.0 2010.02.22 - weitere Informationen File size: 1249280 bytes MD5 : 68437f19f2d76ce0a3f11063c596b836 SHA1 : 5e43d16c6863095c14d11590c47ef7201685b694 SHA256: 1582a3280a4a514c1a9bee3faca2f1ceb1377525b2dafe6e322b08e74473bad1 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xE6CB1 timedatestamp.....: 0x4B631ADD (Fri Jan 29 18:29:01 2010) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xFBCBC 0xFC000 6.66 536cd376352a705f94983506924574a9 .rdata 0xFD000 0x188A9 0x19000 4.94 b37e07321c28835812d212403d039dc4 .data 0x116000 0x5954 0x1000 5.42 8dc67231bebd001a6bd6f6148d7c041e .reloc 0x11C000 0x197F4 0x1A000 6.13 022d27f21163b1490d0475a75bafd446 ( 7 imports ) > kernel32.dll: GetProcAddress, LoadLibraryA, MultiByteToWideChar, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, GetCurrentThreadId, LoadLibraryW, WideCharToMultiByte > msvcp60.dll: _peek@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEHXZ, _get@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEHXZ, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@CAPBGXZ@4GB, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, __Tidy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEX_N@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBGABV10@@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@2IB, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@@Z, __Freeze@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXXZ, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@PBG@Z, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@XZ, __Mstd@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@0@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IG@Z, __Eos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __Split@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXXZ, __Xran@std@@YAXXZ, __Grow@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAE_NI_N@Z, __Copy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __Xlen@std@@YAXXZ, _max_size@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, _substr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_AV12@II@Z, _find_last_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, __0logic_error@std@@QAE@ABV01@@Z, __0out_of_range@std@@QAE@ABV01@@Z, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@PBGABV_$allocator@G@1@@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _erase@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@II@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, _find_first_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, _find_first_not_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z, __1locale@std@@QAE@XZ, __Global@_Locimp@locale@std@@0PAV123@A, __Init@locale@std@@CAPAV_Locimp@12@XZ, _do_narrow@_$ctype@G@std@@MBEDGD@Z, _do_narrow@_$ctype@G@std@@MBEPBGPBG0DPAD@Z, _do_widen@_$ctype@G@std@@MBEGD@Z, _do_widen@_$ctype@G@std@@MBEPBDPBD0PAG@Z, _do_toupper@_$ctype@G@std@@MBEGG@Z, _do_toupper@_$ctype@G@std@@MBEPBGPAGPBG@Z, _do_tolower@_$ctype@G@std@@MBEGG@Z, _do_tolower@_$ctype@G@std@@MBEPBGPAGPBG@Z, _do_scan_not@_$ctype@G@std@@MBEPBGFPBG0@Z, _do_scan_is@_$ctype@G@std@@MBEPBGFPBG0@Z, _do_is@_$ctype@G@std@@MBE_NFG@Z, _do_is@_$ctype@G@std@@MBEPBGPBG0PAF@Z, __0bad_cast@std@@QAE@ABV01@@Z, __1bad_cast@std@@UAE@XZ, __1ctype_base@std@@UAE@XZ, __1facet@locale@std@@UAE@XZ, ___7bad_cast@std@@6B@, __1_Locinfo@std@@QAE@XZ, _Getctype, __0_Locinfo@std@@QAE@PBD@Z, ___7_$ctype@G@std@@6B@, ___7ctype_base@std@@6B@, ___7facet@locale@std@@6B@, __Iscloc@locale@std@@QBE_NXZ, __Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z, __Id_cnt@id@locale@std@@0HA, _id@_$ctype@G@std@@2V0locale@2@A, __1_$ctype@G@std@@UAE@XZ, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __1_$basic_istream@DU_$char_traits@D@std@@@std@@UAE@XZ, __1ios_base@std@@UAE@XZ, __1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ, ___7_$basic_istream@DU_$char_traits@D@std@@@std@@6B@, __1_$basic_filebuf@DU_$char_traits@D@std@@@std@@UAE@XZ, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _open@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z, ___7_$basic_ifstream@DU_$char_traits@D@std@@@std@@6B@, __0_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z, __0_$basic_istream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N@Z, ___7_$basic_ios@DU_$char_traits@D@std@@@std@@6B@, __0ios_base@std@@IAE@XZ, ___8_$basic_ifstream@DU_$char_traits@D@std@@@std@@7B@, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@DABV10@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __0runtime_error@std@@QAE@ABV01@@Z, __1runtime_error@std@@UAE@XZ, ___7runtime_error@std@@6B@, __8std@@YA_NPBGABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV_$allocator@G@1@@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIABV12@II@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z, _assign@_$char_traits@G@std@@SAXAAGABG@Z, __Nullstr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@CAPBGXZ, __Refcnt@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEAAEPBG@Z, _copy@_$char_traits@G@std@@SAPAGPAGPBGI@Z, _capacity@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, _c_str@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEPBGXZ, _size@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIABV12@I@Z, __1logic_error@std@@UAE@XZ, ___7out_of_range@std@@6B@, ___7logic_error@std@@6B@, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, ___D_$basic_ofstream@GU_$char_traits@G@std@@@std@@QAEXXZ, __1_$basic_ostream@GU_$char_traits@G@std@@@std@@UAE@XZ, ___D_$basic_ifstream@GU_$char_traits@G@std@@@std@@QAEXXZ, __1_$basic_istream@GU_$char_traits@G@std@@@std@@UAE@XZ, __1_$basic_streambuf@GU_$char_traits@G@std@@@std@@UAE@XZ, _close@_$basic_filebuf@GU_$char_traits@G@std@@@std@@QAEPAV12@XZ, ___7_$basic_filebuf@GU_$char_traits@G@std@@@std@@6B@, __6std@@YAAAV_$basic_ostream@GU_$char_traits@G@std@@@0@AAV10@PBG@Z, __6std@@YAAAV_$basic_ostream@GU_$char_traits@G@std@@@0@AAV10@ABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@@Z, ___7_$basic_ostream@GU_$char_traits@G@std@@@std@@6B@, ___7_$basic_ofstream@GU_$char_traits@G@std@@@std@@6B@, __0_$basic_ostream@GU_$char_traits@G@std@@@std@@QAE@PAV_$basic_streambuf@GU_$char_traits@G@std@@@1@_N1@Z, ___8_$basic_ofstream@GU_$char_traits@G@std@@@std@@7B@, __1_$basic_ios@GU_$char_traits@G@std@@@std@@UAE@XZ, ___7_$basic_istream@GU_$char_traits@G@std@@@std@@6B@, __1_$basic_filebuf@GU_$char_traits@G@std@@@std@@UAE@XZ, _getline@std@@YAAAV_$basic_istream@GU_$char_traits@G@std@@@1@AAV21@AAV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@1@@Z, _setstate@_$basic_ios@GU_$char_traits@G@std@@@std@@QAEXH_N@Z, _open@_$basic_filebuf@GU_$char_traits@G@std@@@std@@QAEPAV12@PBDH@Z, ___7_$basic_ifstream@GU_$char_traits@G@std@@@std@@6B@, __0_$basic_filebuf@GU_$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z, __0_$basic_istream@GU_$char_traits@G@std@@@std@@QAE@PAV_$basic_streambuf@GU_$char_traits@G@std@@@1@_N@Z, ___7_$basic_ios@GU_$char_traits@G@std@@@std@@6B@, ___8_$basic_ifstream@GU_$char_traits@G@std@@@std@@7B@, __1_$basic_ofstream@GU_$char_traits@G@std@@@std@@UAE@XZ, __1_$basic_streambuf@DU_$char_traits@D@std@@@std@@UAE@XZ, _close@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@XZ, ___7_$basic_filebuf@DU_$char_traits@D@std@@@std@@6B@, _getline@std@@YAAAV_$basic_istream@DU_$char_traits@D@std@@@1@AAV21@AAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __1_$basic_ifstream@DU_$char_traits@D@std@@@std@@UAE@XZ, __0Init@ios_base@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, _seekg@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@V_$fpos@H@2@@Z, __0runtime_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, _tellg@_$basic_istream@DU_$char_traits@D@std@@@std@@QAE_AV_$fpos@H@2@XZ, _seekg@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z, __0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ, _what@logic_error@std@@UBEPBDXZ, __Fpz@std@@3_JB, _read@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADH@Z, _max_size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, ___D_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __1_$basic_ostream@DU_$char_traits@D@std@@@std@@UAE@XZ, _write@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z, ___7_$basic_ostream@DU_$char_traits@D@std@@@std@@6B@, _clear@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, ___7_$basic_ofstream@DU_$char_traits@D@std@@@std@@6B@, __0_$basic_ostream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N1@Z, ___8_$basic_ofstream@DU_$char_traits@D@std@@@std@@7B@, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@G@Z > msvcrt.dll: __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z, fwrite, _fdopen, _terminate@@YAXXZ, _except_handler3, __1type_info@@UAE@XZ, __CxxFrameHandler, strcpy, strlen, __2@YAPAXI@Z, wcslen, memcmp, swprintf, __0exception@@QAE@ABV0@@Z, _CxxThrowException, time, _purecall, _ltow, _ultow, wcstol, _errno, wcstoul, atof, __1exception@@UAE@XZ, __0exception@@QAE@ABQBD@Z, memmove, fclose, _wfopen, rand, _ftol, wcsftime, localtime, gmtime, wcscpy, _beginthreadex, difftime, _wstat, memchr, isalnum, tolower, fopen, _snprintf, fprintf, fread, ftell, fseek, fputc, isalpha, isspace, strncmp, strchr, free, __dllonexit, _onexit, _initterm, malloc, _adjust_fdiv > ole32.dll: CoUnmarshalInterface, CoMarshalInterThreadInterfaceInStream > oleaut32.dll: -, -, -, -, - > urlmon.dll: UrlMkSetSessionOption > user32.dll: ShowWindow, IsWindow ( 1 exports ) > DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer TrID : File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 24576  7MpkxP4uDCzjbdAY0weICeIYJGXWzx15GeKw2NrRD4TXTXtn2zgOXj7QkbuhYV5AY7QeSHiXT9V+7QQuhsigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set zu 3. habe ich gemacht LG Werther |
|
28.02.2010, 15:01
| #4 | ||
| | Werbefenster öffent sich automatisch in Firefox?Zitat:
Wie du das machst ist in der Anleitung hier angegeben: http://www.trojaner-board.de/51187-a...i-malware.html > Wenn nicht absolut erwünscht, deinstallieren: C:\Programme\FLV Direct Player > Lade dir dieses Tool auf dein Desktop: http://jpshortstuff.247fixes.com/SystemLook.exe Doppelklick auf die Datei. Ins Fenster kopierst du genau diesen Befehl: Zitat:
> Download: Super Anti Spyware http://www.trojaner-board.de/51871-a...tispyware.html und führe es nach der Anleitung aus. Poste das Log. > Nachdem du die Fünde von Malwarebytes und SUPERAntiSpyware beseitigst hast poste ein neues Hijackthislog. Das Problem sollte danach beseitigt sein. lg. |
|
28.02.2010, 17:44
| #5 |
| | Werbefenster öffent sich automatisch in Firefox? Hey malwareHero, anbei die Logs zu den von dir empfohlenen Schritten! Schon einmal herzlichen Dank: zu 1.) Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3805 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28.02.2010 15:54:47 mbam-log-2010-02-28 (15-54-47).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 190882 Laufzeit: 46 minute(s), 20 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rlx-f_26gbfy (Adware.LoudMo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Programme\Free WAV to MP3 Converter\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rlX-F_26GBFy.exe (Adware.LoudMo) -> Quarantined and deleted successfully. zu 2.) schon deinstalliert! zu 3.) SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 15:55 on 28/02/2010 by Sebastian Barth (Administrator - Elevation successful) ========== filefind ========== Searching for "aC554QRJQ7bjGo.dll" No files found. ========== regfind ========== Searching for "aC554QRJQ7bjGo.dll " No data found. -=End Of File=- zu 4.) zu 5. Hijackthislog SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/28/2010 at 05:16 PM Application Version : 4.34.1000 Core Rules Database Version : 4624 Trace Rules Database Version: 2436 Scan type : Complete Scan Total Scan Time : 01:14:16 Memory items scanned : 715 Memory threats detected : 0 Registry items scanned : 5547 Registry threats detected : 0 File items scanned : 73054 File threats detected : 10 Adware.Tracking Cookie C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@atdmt[1].txt C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@bs.serving-sys[2].txt C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@doubleclick[1].txt C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@msnportal.112.2o7[1].txt C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@serving-sys[2].txt Trojan.Agent/Gen-Trashur C:\PROGRAMME\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20100228-092306-853.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C80C23F-2F54-4C8D-9264-A4AE9BE47321}\RP49\A0005539.DLL Trojan.Agent/Gen-Nullo[Short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C80C23F-2F54-4C8D-9264-A4AE9BE47321}\RP49\A0005621.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C80C23F-2F54-4C8D-9264-A4AE9BE47321}\RP49\A0005622.EXE Unclassified.Unknown Origin D:\EIGENE DATEIEN -ALT\INSTALL FILES\TRANSKRIBTION\MAXQDA\KEYGEN.NFO Danke Werther |
|
01.03.2010, 16:39
| #6 |
| | Werbefenster öffent sich automatisch in Firefox? Ist leider immer noch da!  |
|
01.03.2010, 17:48
| #7 | |
| |  Werbefenster öffent sich automatisch in Firefox?Zitat:
Bitte dieses Log posten: http://www.trojaner-board.de/74910-a...tion-tool.html und sage mir mal, woher das kommt: Unclassified.Unknown Origin D:\EIGENE DATEIEN -ALT\INSTALL FILES\TRANSKRIBTION\MAXQDA\KEYGEN.NFO lg. |
|
| Themen zu Werbefenster öffent sich automatisch in Firefox? |
| adobe, antivir, antivir guard, avg, avira, bho, browser, desktop, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, lenovo, logfile, mozilla, mozilla thunderbird, olympus, plug-in, registry, rundll, senden, sich automatisch, software, system, thinkvantage registry monitor service, werbefenster, werbung, windows, windows xp, öffnet sich automatisch |
Hybrid-Darstellung
