![]() |
Virus Backdoor Hallo ich habe eine problem bei mir öffen sich ständig der Internet explorer mein pc stürzt einfach ab ich habe was runtergeladen und danach hatte ich den virus Hier mein Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:32, on 20.12.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Users\*****\AppData\Local\Temp\Omx.exe C:\Windows\Explorer.EXE C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\FRITZ!DSL\StCenter.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\Onyhab.exe C:\Users\*****\AppData\Local\Temp\Rar$EX00.524\HijackThis.exe C:\Users\*****\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: (no name) - {B1B220C1-A503-59BD-F413-02B53A2C8954} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0 \Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [JP595IR86O] C:\Users\*****\AppData\Local\Temp\Omx.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [9rogj] C:\Users\*****\AppData\Local\Temp\8k95w6t.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User 'Default user') O4 - Startup: FRITZ!DSL Internet.lnk = C:\Program Files\FRITZ!DSL\FritzDsl.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3 \Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416- 8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1 \MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3 \Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357- 2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D59A61CF-2D8B-4DE7-B383-8AD9D9114525}: NameServer = 213.73.91.35,62.2.100.201 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: juaw98rajewifhausihuggdd - {B1B220C1-A503-59BD-F413-02B53A2C8954} - (no file) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\avupgsvc.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ! DSL\IGDCTRL.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 11178 bytes |
Schon wieder ein anderer Rechner? :D Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
|
HIER DIE OTL LOGS: Nr 1OTL Logfile: Code: OTL logfile created on: 21.12.2010 16:02:16 - Run 3 |
Ich wollte erst den Vollscan mit mbam sehen... |
OTL LOG : Nr 2OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 21.12.2010 16:02:16 - Run 3 |
OK Hier ist der Maleware bytes log : Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5366 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 21.12.2010 20:08:09 mbam-log-2010-12-21 (20-08-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Durchsuchte Objekte: 371515 Laufzeit: 2 Stunde(n), 47 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 3 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 11 Infizierte Registrierungswerte: 11 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 38 Infizierte Speicherprozesse: c:\Users\*****\AppData\Local\Temp\Omx.exe (Rootkit.Agent) -> 1412 -> No action taken. c:\Users\*****\AppData\Local\Temp\Om2.exe (Rootkit.Agent) -> 2644 -> No action taken. c:\Windows\Onyhab.exe (Rootkit.Agent) -> 6012 -> No action taken. Infizierte Speichermodule: c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (Adware.WidgiToolbar) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Rootkit.Agent) -> Value: JP595IR86O -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E07C3A02-5DE0-949B-1612-45C6271678C4} (Trojan.Dropper) -> Value: {E07C3A02-5DE0-949B-1612-45C6271678C4} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\RegistryMonitor2 (Malware.Trace) -> Value: RegistryMonitor2 -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\*****\AppData\Local\Temp\Omx.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\Om2.exe (Rootkit.Agent) -> No action taken. c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (Adware.WidgiToolbar) -> No action taken. c:\Windows\Onyhab.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe (Trojan.Dropper) -> No action taken. c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\niul.exe (Trojan.Dropper) -> No action taken. c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\uvsyyd.exe (Trojan.Dropper) -> No action taken. c:\Users\*****\AppData\Local\mesnSqc.dll (Trojan.Hiloti) -> No action taken. c:\Users\*****\AppData\Local\Temp\hywgxge.exe (Trojan.Dropper) -> No action taken. c:\Users\*****\AppData\Local\Temp\ifdla.exe (Trojan.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\19792079 (Spyware.Passwords.XGen) -> No action taken. c:\Users\*****\AppData\Local\Temp\okyqih.exe (Backdoor.Bot) -> No action taken. c:\Users\*****\AppData\Local\Temp\Om0.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\Om1.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\Omv.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\Omw.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\Omy.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\Omz.exe (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\sshnas21.dll (Rootkit.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\tmvspdwr.exe (Trojan.FakeAV.Gen) -> No action taken. c:\Users\*****\AppData\Local\Temp\cw69l3b7x9i9o6.exe (Trojan.Ertfor) -> No action taken. c:\Users\*****\AppData\Local\Temp\xt.exe (Adware.FlvTube) -> No action taken. c:\Users\*****\AppData\Local\Temp\BA24.tmp (Trojan.Agent) -> No action taken. c:\Users\*****\AppData\Local\Temp\nsmABA4.tmp\_tbp.exe (Trojan.Hiloti) -> No action taken. c:\Users\*****\AppData\Local\Temp\vtorjfuji\kgomopaaffm.exe (Trojan.FakeAV.Gen) -> No action taken. c:\Users\*****\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\xouv.exe (Trojan.Dropper) -> No action taken. c:\Windows\Onyhaa.exe (Rootkit.Agent) -> No action taken. c:\Windows\system\dwm.exe (Backdoor.Bot) -> No action taken. c:\Windows\System32\if86lp.dll (Trojan.Ertfor) -> No action taken. c:\Windows\System32\sshnas21.dll (Rootkit.Agent) -> No action taken. c:\Windows\Temp\E48D.tmp (Trojan.Agent) -> No action taken. c:\Windows\Temp\xclw\setup.exe (Backdoor.Bot) -> No action taken. c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken. c:\program files\dealio toolbar\widgihelper.exe (Adware.WidgiToolbar) -> No action taken. c:\program files\youtube downloader toolbar\widgihelper.exe (Adware.WidgiToolbar) -> No action taken. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken. c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> No action taken. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken. |
Zitat:
|
Hab sie jetzt gelöscht |
Dann brauch ich jetzt neue OTL-Logs. |
OTL LOG EXTRAS: OTL Logfile: Code: OTL logfile created on: 22.12.2010 21:36:05 - Run 4 |
OTL LOG NR 2:OTL Logfile: Code: OTL logfile created on: 22.12.2010 21:36:05 - Run 4 |
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code: :OTL Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. |
Ok hab ich gemacht: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{E07C3A02-5DE0-949B-1612-45C6271678C4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E07C3A02-5DE0-949B-1612-45C6271678C4}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\9rogj deleted successfully. C:\Users\hannes\AppData\Roaming\Pynyk folder moved successfully. C:\Users\hannes\AppData\Roaming\Myoq folder moved successfully. C:\found.001 folder moved successfully. C:\Users\hannes\AppData\Roaming\updates folder moved successfully. C:\Users\hannes\AppData\Local\Windows folder moved successfully. C:\Users\hannes\AppData\Local\Server folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 13903317 bytes ->Temporary Internet Files folder emptied: 210319 bytes ->Java cache emptied: 12119233 bytes ->FireFox cache emptied: 18633729 bytes ->Flash cache emptied: 405 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: hannes ->Temp folder emptied: 759527566 bytes ->Temporary Internet Files folder emptied: 43355833 bytes ->Java cache emptied: 71651052 bytes ->FireFox cache emptied: 101647112 bytes ->Flash cache emptied: 19793 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1224704 bytes %systemroot%\System32 .tmp files removed: 1610800 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4857095 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 981,00 mb OTL by OldTimer - Version 3.2.4.1 log created on 12222010_225623 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
wenn ich ComboFix ausführe bekomme ich einen blauer Bildschirm wo steht a problem has been detected on your computer und mein computer macht neustart |
Alle Zeitangaben in WEZ +1. Es ist jetzt 21:39 Uhr. |
Copyright ©2000-2025, Trojaner-Board