| |
| |||||||
Log-Analyse und Auswertung: bka virus +logfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
12.06.2011, 20:16
| #1 |
| /// Malware-holic   |  bka virus +logfiles starte im abgesicherten modus ohne netzwerk, ist bei pc start meist mit f8 zu erreichen, dort versuchs erneut. falls combofix den pc neustarten sollte, achte darauf erneut im abgesicherten modus zu starten. dann neustart und den inhalt von combofix.txt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 21:16
| #2 |
 | bka virus +logfiles Combofix Logfile:
__________________Code:
ATTFilter ComboFix 11-06-11.01 - erix 12.06.2011 22:56:12.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3067.2630 [GMT 2:00]
ausgeführt von:: c:\users\erix\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\Recycle.Bin
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\chrome.manifest
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\chrome\content\_cfg.js
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\chrome\content\overlay.xul
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\install.rdf
c:\users\erix\AppData\Roaming\Adobe\plugs
c:\users\erix\AppData\Roaming\Adobe\plugs\mmc244.exe
c:\users\erix\AppData\Roaming\Adobe\plugs\mmc586532.txt
c:\users\erix\AppData\Roaming\Adobe\shed
c:\users\erix\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\erix\AppData\Roaming\Aslih
c:\users\erix\AppData\Roaming\Aslih\neaq.exe
c:\users\erix\AppData\Roaming\Cigoi
c:\users\erix\AppData\Roaming\Cigoi\xifil.tmp
c:\users\erix\AppData\Roaming\Dyyno
c:\users\erix\AppData\Roaming\Dyyno\dyyno.xml
c:\users\erix\AppData\Roaming\Emabk
c:\users\erix\AppData\Roaming\Emabk\omep.wir
c:\users\erix\AppData\Roaming\Fuupzy
c:\users\erix\AppData\Roaming\Fuupzy\foawr.exe
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-12 bis 2011-06-12 ))))))))))))))))))))))))))))))
.
.
2011-06-12 21:02 . 2011-06-12 21:02 -------- d-----w- c:\users\erix\AppData\Local\temp
2011-06-12 21:02 . 2011-06-12 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 18:42 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-06-12 18:42 . 2011-06-12 12:48 -------- d-----w- C:\_OTL
2011-06-09 15:58 . 2011-06-09 17:44 -------- d-----w- c:\users\erix\AppData\Roaming\styler2go
2011-06-08 21:32 . 2011-06-08 21:32 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-06-08 02:39 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59017971-2C56-412D-A497-6FA51A86F991}\mpengine.dll
2011-06-07 16:08 . 2011-06-07 16:08 -------- d-----w- c:\users\erix\AppData\Local\Redlynx
2011-06-06 13:14 . 2011-06-06 13:14 -------- d-----w- c:\users\erix\AppData\Roaming\Cobra Mobile
2011-06-06 13:14 . 2011-06-06 13:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-06 13:14 . 2011-06-06 13:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-06 13:14 . 2011-06-06 13:14 -------- d-----w- c:\program files\OpenAL
2011-05-31 11:12 . 2011-06-06 20:57 -------- d-----w- c:\programdata\Steam
2011-05-30 08:14 . 2009-12-15 02:46 24192 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2011-05-30 08:14 . 2009-12-15 02:46 13712 ----a-w- c:\windows\system32\sporder.dll
2011-05-30 08:14 . 2009-12-15 02:46 724608 ----a-w- c:\windows\system32\bmutil.dll
2011-05-30 08:14 . 2009-12-15 02:46 480384 ----a-w- c:\windows\system32\bmnet.dll
2011-05-30 08:14 . 2009-12-15 02:46 308352 ----a-w- c:\windows\system32\bminstall.dll
2011-05-30 08:14 . 2009-12-15 02:46 13184 ----a-w- c:\windows\system32\drivers\BMLoad.sys
2011-05-30 08:14 . 2009-12-15 02:46 132224 ----a-w- c:\windows\system32\bmdumpd.bin
2011-05-30 08:14 . 2010-02-11 03:29 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbser.sys
2011-05-30 08:14 . 2010-02-11 03:29 10240 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-05-30 08:14 . 2010-02-11 03:29 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2011-05-30 08:14 . 2010-02-11 03:29 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2011-05-30 08:13 . 2011-05-30 08:13 -------- d-----w- c:\program files\congstar
2011-05-28 18:52 . 2011-05-28 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 01:25 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 09:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 10:41 . 2011-05-19 10:41 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-05-02 23:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-05-02 23:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 13:49 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-02 22:32 . 2011-05-02 22:32 0 ----a-w- c:\users\erix\AppData\Local\Ohogomizih.bin
2011-04-11 13:12 . 2011-04-11 13:06 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-11 13:12 . 2011-04-11 13:05 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-11 13:12 . 2010-10-13 10:33 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-11 13:06 . 2010-10-13 10:23 138056 ----a-w- c:\users\erix\AppData\Roaming\PnkBstrK.sys
2011-04-11 13:05 . 2011-04-11 13:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-09 06:02 . 2011-05-11 00:43 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 00:43 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 02:58 . 2011-05-11 00:43 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58 . 2011-05-11 00:43 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58 . 2011-05-11 00:43 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57 . 2011-05-11 00:43 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57 . 2011-05-11 00:43 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 02:57 . 2011-05-11 00:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57 . 2011-05-11 00:43 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-17 17:31 . 2010-07-28 12:27 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2011-04-14 16:40 . 2011-05-02 08:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2010-07-28 3557888]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-28 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-30 192512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\erix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\erix\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MCtlSvc.lnk - c:\program files\congstar\Internetmanager\Bin\mcserver.exe [2011-5-30 89600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^erix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\erix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 01:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROCCAT Pyra Mouse]
2009-12-07 21:54 528384 ----a-w- c:\program files\ROCCAT\Pyra Mouse\PyraMonitor.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 15:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-04-27 15:00 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vSide Pulse]
2010-10-25 02:59 226816 ----a-w- c:\program files\vSide\Pulse\vSidePulse.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-06 697328]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-07-28 22528]
R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2010-07-28 3447296]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2010-02-11 106880]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2010-02-11 106880]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2010-02-11 106880]
R3 k57nd60x;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-11 10240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 13184]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Visit in &3D using ExitReality - hxxp://3d.exitreality.com/TransmogrifyPage.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\erix\AppData\Roaming\Mozilla\Firefox\Profiles\539gp8u2.default\
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-4E3E0230AEBB4E96 - c:\recycle.bin\Recycle.Bin.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-Adobe_ID0ENQBO - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
AddRemove-UDK-9d7dc962-781a-4cdd-b5bd-33183dbba396 - c:\program files\WHITE\Binaries\UnSetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-113096624-3595036245-992598717-1000\Software\SecuROM\License information*]
"datasecu"=hex:ec,cc,44,b2,bc,f4,08,33,5f,2b,e1,f0,bf,e7,3c,02,fa,ac,e9,d6,12,
ed,6f,9f,14,54,19,80,25,32,19,4c,d9,95,bc,25,27,da,5f,2c,32,85,a8,6b,b6,62,\
"rkeysecu"=hex:64,5b,9b,9f,bc,9a,4f,6f,c3,5f,b3,70,80,27,9e,26
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(444)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
Zeit der Fertigstellung: 2011-06-12 23:05:00
ComboFix-quarantined-files.txt 2011-06-12 21:05
.
Vor Suchlauf: 23 Verzeichnis(se), 304.548.556.800 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 304.376.897.536 Bytes frei
.
- - End Of File - - 20AB008427D8A7C97C35EE67B808B63F
P.S.: Virus trat nochmals auf, habe dann die fix.txt nochmals ausgeführt P.P.S.: wenn ich einen Link von google.de öffnen will, öffnet sich immer die selbe seite (irgend ein design verzeichnis oder so!?, zusammenhang?) |
|
| Themen zu bka virus +logfiles |
| bka virus, canon, doppelklick, entweder, gefunde, launch, logfile, logfiles, mozilla thunderbird, nvlddmkm.sys, oldtimer, otlpe, plug-in, reatogo, sched.exe, searchplugins, sptd.sys, start menu, virus, webcheck, windows |
Hybrid-Darstellung
