Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antispyware Soft - Trojaner und Probleme mit dem IE (https://www.trojaner-board.de/86098-antispyware-soft-trojaner-probleme-ie.html)

Hana 14.05.2010 13:59
Antispyware Soft - Trojaner und Probleme mit dem IE
 
Hallo,
bin ganz neu hier angemeldet und habe mich jetzt hier zu meinem Problem durchs Forum gelesen. Mein Antivir hat mir vor einer Woche immer wieder angezeigt, dass ich mir einen Trojaner eingefangen hätte und vorgestern hat sich dann das Programm Antispyware Soft selbst installiert. Darauf habe ich durch folgene Anleitung http://www.trojaner-board.de/85165-a...entfernen.html den Trojaner entfernt. Habe auch den CCleaner danach durchgeführt. Einige Stunden später hatte ich schon wieder den Trojaner auf meinem PC, jetzt führe ich erneut mit Malware Anti-Bytes die Entfernung durch. Aber wie kann ich den Trojaner endgültig von meinem PC entfernen?

Zusätzlich habe ich noch ein Problem mit meinem Internet Explorer, dass ich auch erst seit kurzer Zeit habe. Trotzdem ich Firefox verwende, öffnen sich ständig Werbefenster mit dem IE, darunter auch Pornoseiten u.ä.

Ich wäre sehr dankbar wenn mir einer dabei helfen könnte.
Bin absoluter Neuling in diesem Gebiet und wenn ich eine Log-Datei senden soll, müsste ich noch erfahren mit welchem Programm ich das tun soll.

Vielen lieben Dank schon im Vorraus.

cosinus 14.05.2010 14:08
Hallo und :hallo:

Zitat:
Einige Stunden später hatte ich schon wieder den Trojaner auf meinem PC, jetzt führe ich erneut mit Malware Anti-Bytes die Entfernung durch. Aber wie kann ich den Trojaner endgültig von meinem PC entfernen?
Bitte die Logs von Malwarebytes posten.

Hana 14.05.2010 14:27
------ Das ist die Log-Datei vom ersten mal -------



Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

12.05.2010 18:18:32
mbam-log-2010-05-12 (18-18-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 268170
Laufzeit: 58 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 19
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\popsicle.comadvpro (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popsicle.comadvpro.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\glukpyyt (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urrqpnsys (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L29NJGF0\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L29NJGF0\kkemu[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYECG4A8\fwevpovto[1].VIR (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\0.7515104193698587.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\4885.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\5B6C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\6_ldry3no.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\AB1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\FB71.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\xjgal.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\miragge.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\iluybafdu\fwxwyertssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\q1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\4_pinnew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\60325cahp25ca1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Roaming\sdra64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\teste1_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\0.15564033266196786.exE (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Aline\AppData\Local\Temp\pmlmmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\svchosty.exe (Trojan.Agent) -> Quarantined and deleted successfully.



------- Das ist die zweite als der Trojaner wiederkam ------



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

13.05.2010 22:12:24
mbam-log-2010-05-13 (22-12-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 268057
Laufzeit: 1 Stunde(n), 8 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yaaawvsys (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RWX2V4H\fwevpovto[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RWX2V4H\kkemu[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5F3FTM0B\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRO0T647\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRO0T647\kkemu[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRO0T647\oriqbjdp[1].htm (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\1your_exe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\6_ldry3no.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\ivqntxmn.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\qjqfu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\xjgal.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\yfws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\miragge.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\q1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\2_load.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Roaming\sdra64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\teste1_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\0.9437827297056945.exE (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Aline\AppData\Local\Temp\rqonll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\svchosty.exe (Trojan.Agent) -> Quarantined and deleted successfully.




----- Und das ist die ganz aktuelle ----



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.05.2010 15:20:18
mbam-log-2010-05-14 (15-20-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 116429
Laufzeit: 19 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\ytukm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Aline\AppData\Local\Temp\0.8381125814737194.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

cosinus 14.05.2010 16:39
Igitt einige heftige Sachen sind dabei. mach bitte Logs mit GMER und OSAM aber sei Dir bewusst, dass bei diesen Funden ein format C: mit Neuinstallation sicherer wäre.

Hana 14.05.2010 17:38
Also C neuzuinstallieren, wäre dann die 2. Lösung die ich einschlagen würde, da ich mir dies nicht selbst zutraue und dafür dann wohl einen Fachmann aufsuchen müsste.
Mit dem Program GMER hab ich ein problem, da es immer während dem scan abstürzt. Ich habe es genau nach der Anweisung durchgeführt und alle Anwendungen und sonstiges ausgeschaltet. Ich werde jetzt damit noch weiter probieren.

hier wäre jetzt mal die Logdatei für OSAM:

Zitat:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:18:06 on 14.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Erweiterte Garantie.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"Recovery DVD Creator.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found)
"ecamsqce" (ecamsqce) - ? - C:\Windows\System32\drivers\umliwmu.sys (File found, but it contains no detailed information)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver" (RTL8187B) - ? - C:\Windows\System32\DRIVERS\wg111v3.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"pxrdipow" (pxrdipow) - ? - C:\Users\Aline\AppData\Local\Temp\pxrdipow.sys (Hidden registry entry, rootkit activity | File not found)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfvfs02.sys
"ytukm" (ytukm) - ? - C:\Windows\system32\drivers\ytukm.sys (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"M5T8QL3YW3" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe
"SmpcSys" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
"WindowsSystemGuard" - ? - C:\Users\Public\winsvcn.exe (File not found)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Herbert\mbam.exe" /runcleanupscript

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru





Vielen Dank schon jetzt für die Hilfe.

cosinus 14.05.2010 17:47
Zitat:
"ecamsqce" (ecamsqce) - ? - C:\Windows\System32\drivers\umliwmu.sys (File found, but it contains no detailed information)
"pxrdipow" (pxrdipow) - ? - C:\Users\Aline\AppData\Local\Temp\pxrdipow.sys (Hidden registry entry, rootkit activity | File not found)
"ytukm" (ytukm) - ? - C:\Windows\system32\drivers\ytukm.sys (Hidden registry entry, rootkit activity | File not found)
"M5T8QL3YW3" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe
Die Einträge bitte mit OSAM (siehe Anleitung im Artikel) deaktivieren + löschen (delete from storage), danach ein neues OSAM Log posten. Ich brauch auch noch das von GMER.

Hana 14.05.2010 19:27
Das ist die Logdata für GMER


Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-14 20:23:17
Windows 6.0.6002 Service Pack 2
Running: igkk0nhl.exe; Driver: C:\Users\Aline\AppData\Local\Temp\pxrdipow.sys


---- System - GMER 1.0.15 ----

SSDT 9C1D573C ZwCreateThread
SSDT 9C1D5728 ZwOpenProcess
SSDT 9C1D572D ZwOpenThread
SSDT 9C1D5737 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 81EC7984 4 Bytes [3C, 57, 1D, 9C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EC7B54 4 Bytes [28, 57, 1D, 9C] {SUB [EDI+0x1d], DL; PUSHF }
.text ntkrnlpa.exe!KeSetEvent + 40D 81EC7B70 4 Bytes [2D, 57, 1D, 9C]
.text ntkrnlpa.exe!KeSetEvent + 621 81EC7D84 4 Bytes [37, 57, 1D, 9C]
.OnlSol C:\Windows\System32\Drivers\eshqyah.sys unknown last code section [0x8074E000, 0x45D04, 0xE0000060]
.xreloc C:\Windows\System32\drivers\sfsync04.sys unknown last section [0x8A329000, 0xC5E, 0x40000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2156] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [69D5F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [0041844E] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowPos] [0041857A] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ShowWindow] [004184C8] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [004183D4] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [0041844E] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW] [0041844E] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\ole32.dll [USER32.dll!ShowWindow] [004184C8] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\wininet.dll [USER32.dll!CreateWindowExW] [0041844E] C:\Users\Aline\AppData\Local\Temp\Shd.exe
IAT C:\Users\Aline\AppData\Local\Temp\Shd.exe[2228] @ C:\Windows\system32\wininet.dll [USER32.dll!SetWindowPos] [0041857A] C:\Users\Aline\AppData\Local\Temp\Shd.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) 

---- EOF - GMER 1.0.15 ----
Und hier die für OSAM, allerdings "M5T8QL3YW3" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe lässt sich nicht entfernen, da sie nach jedem Löschen sich selbst wiederherstellt, bzw. einfach wieder da ist.


Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:19:14 on 14.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Erweiterte Garantie.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"Recovery DVD Creator.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver" (RTL8187B) - ? - C:\Windows\System32\DRIVERS\wg111v3.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfvfs02.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"M5T8QL3YW3" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe
"SmpcSys" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
"WindowsSystemGuard" - ? - C:\Users\Public\winsvcn.exe  (File not found)
(Disabled) "M5T8QL3YW3" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Herbert\mbam.exe" /runcleanupscript

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 14.05.2010 21:12
Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
files to replace with dummy:
C:\Users\Aline\AppData\Local\Temp\Shd.exe
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken

Hana 14.05.2010 21:39
Hier die Logdatei von Avenger:



Zitat:
Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Users\Aline\AppData\Local\Temp\Shd.exe" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.


Die zip datei lässt sich nur leider auf der Upload seite nicht hochladen :(
Es erfolgt keine weiterleitung zur Linkseite.

cosinus 14.05.2010 21:43
Versuch mit OSAM den genannten Eintrag jetzt bitte nochmal zu deaktivieren.

Hana 15.05.2010 10:20
Der Eintrag hat sich nun entfernen gelassen :-)

Hier der neue Log von OSAM

Zitat:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:36:04 on 15.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Erweiterte Garantie.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"Recovery DVD Creator.job" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\Aline\AppData\Local\Temp\Shd.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver" (RTL8187B) - ? - C:\Windows\System32\DRIVERS\wg111v3.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfvfs02.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SmpcSys" - "Packard Bell BV" - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
"WindowsSystemGuard" - ? - C:\Users\Public\winsvcn.exe (File not found)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Herbert\mbam.exe" /runcleanupscript

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 16.05.2010 18:11
Ok. Kannst Du bitte nochmal die backup.zip versuchen hochzuladen? Wenns nicht geht, kannst Du sie auch bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hana 05.06.2010 22:50
Hallo,
leider konnte ich mich in den letzten 2 Wochen nicht melden, da nun auch mein Internet den Geist aufgegeben hatte. :(

Hier ist die backup.zip :

hxxp://www.file-upload.net/download-2577011/backup.zip.html

cosinus 05.06.2010 23:28
Ok, danke.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hana 06.06.2010 07:36
Hier ist der Log von SUPERAntiSpyware:
Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/06/2010 at 02:51 AM

Application Version : 4.38.1004

Core Rules Database Version : 5036
Trace Rules Database Version: 2848

Scan type : Complete Scan
Total Scan Time : 02:08:55

Memory items scanned : 574
Memory threats detected : 0
Registry items scanned : 6700
Registry threats detected : 1
File items scanned : 160618
File threats detected : 195

Adware.Tracking Cookie
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ad.zanox[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz1.91449.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.ultra-pornstars[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.teensnow[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@abyssteens[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@doubleclick[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www1.12finder[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ww251.smartadserver[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads.whaleads[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.monstersextube[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@momspornmovies[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.famouspornstars[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ad.yieldmanager[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@xm.xtendmedia[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@apmebf[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@pornhub[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@dc.tremormedia[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.banghornymom[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads1.adultadvertising[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.mafioporno[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ar.atwola[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz7.91456.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@unitymedia[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adfarm1.adition[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tracking.quisma[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@webmasterplan[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@de.sitestat[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz10.91485.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@libri.112.2o7[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tracking.mlsat02[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@eas.apm.emediate[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tradedoubler[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@galleries1.adult-empire[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.mafioporno[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@atdmt[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@teenandteen[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@pornomatureonline[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ultra-pornstars[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@xiti[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@at.atwola[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@mygfsex[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@counter10.sextracker[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@advertise[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.tubeporngigs[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@abysspornstars[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.maturelikesex[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@fullsexmovies[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@content.yieldmanager[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@youngpornmovies[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@porn[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.ideal-teens[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@maturesexthumbnails[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@12finder[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.maturesextube[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.alcoporn[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@pornake[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.newsexworld[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.momporndaily[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@famouspornstars[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@content.yieldmanager[5].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@guj.122.2o7[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@servedby.adxpower[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ideal-teens[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@teenpornsexy[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz10.91423.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.inthecrack[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@onpornstar[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@xxlporntube[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.bbwsexmovs[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ad.adition[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@serving-sys[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz3.91423.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@overture[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@zanox-affiliate[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@freepornet[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.onpornstar[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tacoda[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@zanox[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adtech[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@associatedcontent.112.2o7[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@teenstime[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@bs.serving-sys[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads.weownthetraffic[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@sextracker[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@nemo-pornstars[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@trafficholder[4].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@smallteensworld[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@zieltrack[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@fuck[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@abyssteens[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz5.91449.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.fuck[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@rts.pgmediaserve[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@track.adform[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@momporndaily[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@momsxxxporn[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@yadro[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads.medienhaus[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@teensnow[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@imrworldwide[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adultadworld[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.zanox-affiliate[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz10.91449.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads.ctasnet[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.onpornstar[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@zedo[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.teenandteen[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@mediaplex[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@banghornymom[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adserving.claxon[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@invitemedia[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@go.trafficshop[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@abysspornstars[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@brightpornstars[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.xxxautomat[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@atwola[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@smartadserver[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@traffictrack[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@amznshopbop.122.2o7[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clickpayz10.91456.blueseek[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.maturesexthumbnails[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@onpornstar[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@counter4.sextracker[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@olderporntube[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@magicteenies[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.hardsextube[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.xxx-999-xxx[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@dev.hardsextube[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@in.getclicky[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@maturelikesex[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@pornorama[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.homemadeteentube[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@galleries.doubleteamedteens[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.alphaporno[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@iliketeen[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@yourtopteens[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.freshsextv[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@spartateen[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@clicksor[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@de.sitestat[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tracking.hannoversche[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.18pornmovies[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@myniceteen[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@openxxx.viragemedia[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tribalfusion[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@rotator.adjuggler[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adserver.hardsextube[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@teenextrem[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads.crakmedia[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.youngpornmovies[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@smallteensworld[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.teenpornsexy[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adultfriendfinder[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@18pornmovies[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@alphaporno[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@access.caliteens[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.madfucktube[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adxpansion[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@bestpornoxxx[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@caliteens[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@xxlporntube[4].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.fpctraffic2[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tracking.mindshare[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@hardsextube[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads.watchmygf[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.fullsexmovies[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@sexalligator[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@track.adform[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ad.ad-srv[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.teenextrem[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@tracking.gonetwork[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@de.sitestat[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.etracker[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@newteeny[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@xxxcounter[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@sexlist[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@cunttt[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@todayporntube[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ads.associatedcontent[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@toplist[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@monstersextube[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@counter15.sextracker[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@admarketplace[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@vidzteens[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adbrite[2].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@banner.33drugs[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@myroitracking[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@www.homemadeteentube[3].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@ad.adserver01[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@bridge2.admarketplace[1].txt
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@adultadincome[1].txt

Adware.Flash Tracking Cookie
C:\Users\Aline\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8GE3EBBV\BC.YOUPORN.COM
C:\Users\Aline\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8GE3EBBV\STATIC.YOUPORN.COM
C:\Users\Aline\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8GE3EBBV\OBJECTS.TREMORMEDIA.COM

Malware.Trace
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
HKU\S-1-5-21-794981123-484876576-4281820997-1002\Software\M5T8QL3YW3
und hier von Malwarebytes:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4171

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

06.06.2010 00:39:36
mbam-log-2010-06-06 (00-39-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 15131
Laufzeit: 2 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:46 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131