| |
| |||||||
Log-Analyse und Auswertung: Virus, der alle Virenscans killtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.07.2011, 22:22
| #31 |
 |  Virus, der alle Virenscans killt Ich hoffe, es war deine Absicht, den Kerio-Ordner komplett zu löschen? Combofix Logfile: Code:
ATTFilter ComboFix 11-07-12.09 - User 12.07.2011 23:04:59.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2046.1478 [GMT 2:00]
ausgeführt von:: h:\dokumente und einstellungen\User\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: h:\dokumente und einstellungen\User\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"H:\avenger.exe"
"h:\windows\system32\drivers\fwdrv.sys"
"h:\windows\system32\drivers\SSHDRV82.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\avenger.exe
h:\programme\Kerio
h:\programme\Kerio\Personal Firewall 4\assist.exe
h:\programme\Kerio\Personal Firewall 4\cfgconv.exe
h:\programme\Kerio\Personal Firewall 4\ChangeLog.rtf
h:\programme\Kerio\Personal Firewall 4\Config\charts.dat
h:\programme\Kerio\Personal Firewall 4\Config\ids.cfg
h:\programme\Kerio\Personal Firewall 4\Config\kpf.cfg
h:\programme\Kerio\Personal Firewall 4\Config\kpf.cfg.bak
h:\programme\Kerio\Personal Firewall 4\Config\update.cfg
h:\programme\Kerio\Personal Firewall 4\DbgHelp\dbghelp.dll
h:\programme\Kerio\Personal Firewall 4\gkh.dll
h:\programme\Kerio\Personal Firewall 4\kfe.dll
h:\programme\Kerio\Personal Firewall 4\kpf4-cz.chm
h:\programme\Kerio\Personal Firewall 4\kpf4-de.chm
h:\programme\Kerio\Personal Firewall 4\kpf4-en.chm
h:\programme\Kerio\Personal Firewall 4\kpf4gui.exe
h:\programme\Kerio\Personal Firewall 4\kpf4ss.exe
h:\programme\Kerio\Personal Firewall 4\logs\debug.log
h:\programme\Kerio\Personal Firewall 4\logs\debug.log.idx
h:\programme\Kerio\Personal Firewall 4\logs\error.log
h:\programme\Kerio\Personal Firewall 4\logs\error.log.idx
h:\programme\Kerio\Personal Firewall 4\logs\ids.log
h:\programme\Kerio\Personal Firewall 4\logs\ids.log.idx
h:\programme\Kerio\Personal Firewall 4\logs\network.log
h:\programme\Kerio\Personal Firewall 4\logs\network.log.idx
h:\programme\Kerio\Personal Firewall 4\logs\system.log
h:\programme\Kerio\Personal Firewall 4\logs\system.log.idx
h:\programme\Kerio\Personal Firewall 4\logs\warning.log
h:\programme\Kerio\Personal Firewall 4\logs\warning.log.idx
h:\programme\Kerio\Personal Firewall 4\logs\web.log
h:\programme\Kerio\Personal Firewall 4\logs\web.log.idx
h:\programme\Kerio\Personal Firewall 4\server.dbk
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_cz.klf
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_de.klf
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_en.klf
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_fr.klf
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_hu.klf
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_it.klf
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_nl.klf
h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_pl.klf
h:\windows\assembly\GAC_MSIL\desktop.ini
h:\windows\system32\drivers\fwdrv.sys
h:\windows\system32\drivers\SSHDRV82.sys
J:\Autorun.inf
O:\Autorun.inf
P:\Autorun.inf
.
h:\windows\system32\drivers\SSHDRV82.sys . . . ist infiziert!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FWDRV
-------\Legacy_SSHDRV82
-------\Service_fwdrv
-------\Service_SSHDRV82
-------\Legacy_KPF4
-------\Legacy_KPF4
-------\Service_KPF4
-------\Service_KPF4
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-12 bis 2011-07-12 ))))))))))))))))))))))))))))))
.
.
2011-07-13 06:34 . 2011-07-13 01:13 -------- d-----w- H:\_OTL
2011-07-12 20:22 . 2008-04-13 18:40 62976 ----a-w- h:\windows\system32\drivers\cdrom.sys
2011-07-12 15:35 . 2011-07-12 15:35 -------- d-----w- h:\dokumente und einstellungen\User\Anwendungsdaten\Avira
2011-07-12 15:33 . 2011-06-17 10:35 61960 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2011-07-12 15:33 . 2011-06-17 10:35 137656 ----a-w- h:\windows\system32\drivers\avipbb.sys
2011-07-12 15:33 . 2009-09-29 16:12 45416 ----a-w- h:\windows\system32\drivers\avgntdd.sys
2011-07-12 15:33 . 2009-09-29 16:12 22360 ----a-w- h:\windows\system32\drivers\avgntmgr.sys
2011-07-12 15:33 . 2011-07-12 15:33 -------- d-----w- h:\programme\Avira
2011-07-12 15:33 . 2011-07-12 15:33 -------- d-----w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-07-12 06:44 . 2008-04-13 18:40 62976 -c--a-w- h:\windows\system32\dllcache\cdrom.sys
2011-07-11 23:58 . 2011-05-29 07:11 39984 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2011-07-11 23:58 . 2011-05-29 07:11 22712 ----a-w- h:\windows\system32\drivers\mbam.sys
2011-07-08 19:54 . 2011-07-08 21:15 -------- d-----w- h:\programme\Panda Security
2011-07-08 16:54 . 2011-07-08 16:54 -------- d--h--w- h:\windows\PIF
2011-07-08 16:39 . 2011-07-11 23:58 -------- d-----w- h:\programme\Malwarebytes' Anti-Malware
2011-07-08 15:18 . 2011-07-08 15:18 -------- d-----w- h:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes
2011-07-08 15:18 . 2011-07-08 15:18 -------- d-----w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-07-08 15:08 . 2011-07-08 15:11 -------- d-----w- h:\dokumente und einstellungen\Administrator
2011-07-08 14:52 . 2011-07-08 14:52 -------- d-----w- h:\dokumente und einstellungen\User\Anwendungsdaten\QuickScan
2011-07-08 14:10 . 2011-07-12 07:09 -------- d-----w- h:\programme\TrojanHunter 5.3
2011-07-08 13:50 . 2011-07-08 13:50 -------- d-----w- h:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GreatBarcodeGenerator.com
2011-07-05 07:08 . 2011-07-05 07:08 11776 ----a-w- h:\programme\Mozilla Firefox\plugins\nprjplug.dll
2011-07-05 07:08 . 2011-07-05 07:08 -------- d-----w- h:\programme\Gemeinsame Dateien\xing shared
2011-07-05 07:07 . 2011-07-05 07:07 105472 ----a-w- h:\programme\Mozilla Firefox\plugins\nprpjplug.dll
2011-06-23 22:10 . 2011-04-21 13:37 105472 -c----w- h:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 07:07 . 2008-04-01 19:35 348160 ----a-w- h:\windows\system32\msvcr71.dll
2011-05-04 02:52 . 2010-04-28 06:10 472808 ----a-w- h:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2008-01-26 10:31 73728 ----a-w- h:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-01-05 12:02 692736 ----a-w- h:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- h:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-10-28 01:14 456320 ----a-w- h:\windows\system32\drivers\mrxsmb.sys
2011-04-28 08:42 . 2008-01-19 15:17 3835624 ----a-w- h:\windows\system32\SpoonUninstall.exe
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- h:\windows\system32\drivers\mup.sys
2003-11-25 14:41 . 2003-11-25 14:41 1681920 -c--a-w- h:\programme\InstantCopy.msi
2003-10-16 08:48 . 2003-10-16 08:48 1822520 ------w- h:\programme\instmsiw.exe
2003-10-16 08:48 . 2003-10-16 08:48 1708856 ------w- h:\programme\instmsi.exe
2003-10-16 08:48 . 2003-10-16 08:48 50176 ------w- h:\programme\InstantCopy.exe
2011-06-16 04:32 . 2011-07-09 09:06 142296 ----a-w- h:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"HP Software Update"="h:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="h:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="h:\programme\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="h:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="h:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="h:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="h:\programme\real\realplayer\update\realsched.exe" [2011-07-05 273544]
"avgnt"="h:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"z:\\Dragon Age\\bin_ship\\daorigins.exe"=
"z:\\Dragon Age\\DAOriginsLauncher.exe"=
"h:\dokumente und einstellungen\User\Anwendungsdaten\Facebook\facebook.exe"= h:\dokumente und einstellungen\User\Anwendungsdaten\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"z:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"h:\\Programme\\Steam\\Steam.exe"=
"h:\\Programme\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"h:\\Programme\\Bonjour\\mDNSResponder.exe"=
"h:\\Programme\\iTunes\\iTunes.exe"=
.
R0 DiskSec;Magix Volume Filter Driver;h:\windows\system32\drivers\disksec.sys [22.12.2010 12:28 14208]
R2 AntiVirSchedulerService;Avira AntiVir Planer;h:\programme\Avira\AntiVir Desktop\sched.exe [12.07.2011 17:33 136360]
R2 FreeAgentGoNext Service;Seagate Service;z:\sync\FreeAgentService.exe [25.09.2009 23:32 189736]
R3 RRNetCapMP;RRNetCapMP;h:\windows\system32\drivers\rrnetcap.sys [01.04.2011 10:22 31848]
R3 SndTAudio;SndTAudio;h:\windows\system32\drivers\SndTAudio.sys [09.11.2009 20:15 23096]
R3 SndTVideo;SndTVideo;h:\windows\system32\drivers\SndTVideo.sys [09.11.2009 20:15 3768]
S2 gupdate1c9cdab2a076840;Google Update Service (gupdate1c9cdab2a076840);h:\programme\Google\Update\GoogleUpdate.exe [05.05.2009 19:58 133104]
S3 1199536707;Virtual Bus for Microsoft ACPI-Compliant System; [x]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;z:\dragon age\bin_ship\daupdatersvc.service.exe [15.12.2009 22:07 25832]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\programme\MAGIX\Common\Database\bin\fbserver.exe [30.06.2008 19:27 1527900]
S3 gupdatem;Google Update-Dienst (gupdatem);h:\programme\Google\Update\GoogleUpdate.exe [05.05.2009 19:58 133104]
S3 HTCAND32;HTC Device Driver;h:\windows\system32\drivers\ANDROIDUSB.sys [12.06.2010 00:44 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;h:\windows\system32\drivers\mbamswissarmy.sys [12.07.2011 01:58 39984]
S3 RRNetCap;RRNetCap Service;h:\windows\system32\drivers\rrnetcap.sys [01.04.2011 10:22 31848]
S3 SMServer;SMServer;h:\windows\system32\snmvtsvc.exe [09.11.2009 22:17 110592]
S3 UPnPService;UPnPService;h:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [30.06.2008 19:28 544768]
S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [03.11.2009 13:00 691696]
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-12 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-12 h:\windows\Tasks\Google Software Updater.job
- h:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 17:56]
.
2011-07-12 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\programme\Google\Update\GoogleUpdate.exe [2009-05-05 17:58]
.
2011-07-12 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\programme\Google\Update\GoogleUpdate.exe [2009-05-05 17:58]
.
2011-07-10 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1614895754-839522115-1004Core.job
- h:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-08 09:03]
.
2011-07-12 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1614895754-839522115-1004UA.job
- h:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-08 09:03]
.
2011-07-12 h:\windows\Tasks\PCCT - MAGIX AG.job
- h:\programme\MAGIX\PC_Check_Tuning_2010_Download-Version\MxTray.exe [2010-12-22 08:13]
.
2011-07-12 h:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1614895754-839522115-1004.job
- h:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-12 h:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1614895754-839522115-1004.job
- h:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - h:\dokumente und einstellungen\User\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video - h:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - h:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - h:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ch6nvy61.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-12 23:12
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
h:\windows\$NtUninstallKB48765$:SummaryInformation 0 bytes hidden from API
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32*]
"Class"=hex:45,fe,6b,d8,22,e6,cc,1a,c8,eb,a0,d6,f1,de,f7,8a,0d,ea,bf,e5,ce,13,
16,01,b4,01,cd,5d,ef,8b,f8,28,b4,01,6f,b3,64,87,9a,1b,17,c7,a2,f3,9b,ab,ef,\
"ThreadingModel"="Apartment"
@="h:\\WINDOWS\\system32\\OLE32.DLL"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32*]
"Class"=hex:f6,88,3f,03,a4,0b,ec,35,87,ed,d5,e5,2b,32,24,55,32,c9,1b,6e,dc,72,
b2,8c,1c,dc,90,da,ce,1f,53,ff,35,81,28,e5,91,2b,fe,97,11,5e,dd,5f,8b,79,35,\
"ThreadingModel"="Apartment"
@="h:\\WINDOWS\\system32\\OLE32.DLL"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32*]
"Class"=hex:e4,de,d5,e6,31,14,b8,31,18,f6,7c,91,8c,6d,3d,73,1f,0a,53,26,04,96,
d0,04,fc,5d,12,4c,23,53,cd,9f,df,96,b7,6a,8a,f6,4d,77,d3,f1,16,1d,de,39,2d,\
"ThreadingModel"="Apartment"
@="h:\\WINDOWS\\system32\\OLE32.DLL"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32*]
"Class"=hex:e0,f3,f4,85,8b,31,3c,f9,00,d6,5b,c5,14,ce,55,89,bd,2f,26,d5,3b,80,
90,37,03,f7,64,c6,47,cb,5e,b4,1c,85,28,bb,58,f0,16,d0,b0,5f,5c,41,6a,17,a4,\
"ThreadingModel"="Apartment"
@="h:\\WINDOWS\\system32\\OLE32.DLL"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32*]
"Class"=hex:50,30,76,f1,17,eb,2b,80,88,08,36,3f,15,01,9e,22,21,a0,9f,45,78,f5,
60,d6,15,65,06,e3,23,45,2c,42,b2,31,c3,f1,94,68,11,67,e1,b1,34,56,00,2d,da,\
"ThreadingModel"="Apartment"
@="h:\\WINDOWS\\system32\\OLE32.DLL"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32*]
"Class"=hex:bf,80,f4,9f,20,45,a0,09,e7,a3,eb,fc,8d,56,d1,06,c5,1c,6f,eb,66,90,
ae,f9,4a,7e,8a,06,f9,aa,06,1b,59,82,89,70,4f,60,9a,81,ee,86,91,81,5c,a3,3c,\
"ThreadingModel"="Apartment"
@="h:\\WINDOWS\\system32\\OLE32.DLL"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32*]
"Class"=hex:a8,45,04,e0,3c,4a,b6,e2,aa,07,8e,3d,20,1f,98,e4,5b,8d,e8,27,ab,3d,
6c,35,c0,13,d4,52,87,ff,99,02,3a,58,8a,1c,a0,ad,1c,c6,9c,e4,39,cf,fd,fe,f3,\
"ThreadingModel"="Apartment"
@="h:\\WINDOWS\\system32\\OLE32.DLL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\*PNPc2c3\0000]
@DACL=(02 0000)
"Service"="1199536707"
"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"
"Class"="System"
"DeviceDesc"="PCI bus"
"Mfg"="Technologies Inc"
"LocationInformation"="on Microsoft ACPI-Compliant System"
"ConfigFlags"=dword:00000000
"Capabilities"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
h:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
h:\programme\Bonjour\mDNSResponder.exe
h:\windows\system32\wdfmgr.exe
h:\programme\Canon\CAL\CALMAIN.exe
h:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-12 23:16:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-12 21:16
ComboFix2.txt 2011-07-12 20:29
.
Vor Suchlauf: 3.746.443.264 Bytes frei
Nach Suchlauf: 3.718.696.960 Bytes frei
.
- - End Of File - - DAE132390B8C7E7F9FC31744A0A477BF
|
|
12.07.2011, 22:25
| #32 |
| | Virus, der alle Virenscans killt Und plötzlich meldet sich die Windows Firewall.. hatte ich doch immer deaktiviert seit Jahr und Tag
__________________ |
|
12.07.2011, 22:25
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus, der alle Virenscans killt Wieso war Kerio denn noch installiert?
__________________ Es wurde nicht als PFW aufgeführt und demnach ging ich von einen Rest bzw. einer fehlgeschlagenen Deinstallation aus. Wie auch immer, ohne Kerio ist dein Rechner besser dran. Verwende die Windows-Firewall. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
12.07.2011, 23:22
| #34 |
| | Virus, der alle Virenscans killt Sooo... hier das GMER-Log. Ich habe den Scanvorgang abgebrochen. Das Programm untersucht ja JEDE einzelne Datei! Falls das bis hier nicht ausreicht, lasse ich den Scan heute Nacht komplett laufen. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-13 00:11:33
Windows 5.1.2600 Service Pack 3
Running: u63sdlfo.exe; Driver: H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys
---- System - GMER 1.0.15 ----
SSDT BA686BDE ZwCreateKey
SSDT BA686BD4 ZwCreateThread
SSDT BA686BE3 ZwDeleteKey
SSDT BA686BED ZwDeleteValueKey
SSDT BA686BF2 ZwLoadKey
SSDT BA686BC0 ZwOpenProcess
SSDT BA686BC5 ZwOpenThread
SSDT BA686BFC ZwReplaceKey
SSDT BA686BF7 ZwRestoreKey
SSDT BA686BE8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050485C 4 Bytes CALL 990AB0CC
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB80C8360, 0x307AC7, 0xE8000020]
.text cdrom.sys BA219000 5 Bytes [43, 02, C7, 43, 0C]
.text cdrom.sys BA219006 43 Bytes [00, 80, 00, 75, 19, 8B, 45, ...]
.text cdrom.sys BA219033 89 Bytes [89, 43, 14, C6, 43, 0A, 06, ...]
.text cdrom.sys BA21908D 59 Bytes JMP BA218FAC \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
.text cdrom.sys BA2190C9 42 Bytes [74, 41, 81, FF, 48, 00, 07, ...]
.text ...
? H:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious PE modification
? H:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? H:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text H:\programme\real\realplayer\update\realsched.exe[2808] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text H:\Programme\Mozilla Firefox\firefox.exe[3844] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00401410 H:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfLowerIrql] 185D8BE6
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KeGetCurrentIrql] AC0FCE8B
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfRaiseIrql] 5D3218CB
---- Devices - GMER 1.0.15 ----
Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\Disk \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 B921C890
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) B2B6F000-B2B78000 (36864 bytes)
---- Threads - GMER 1.0.15 ----
Thread System [4:2000] B921D6F0
Thread System [4:2004] B921D6F0
Thread System [4:3168] B2B73D20
Thread System [4:3264] B2B73D20
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x21 0x0F 0xF1 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x01 0xFD 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0xE2 0x73 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA8 0x64 0xDA 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x21 0x0F 0xF1 0xA4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x01 0xFD 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0xE2 0x73 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA8 0x64 0xDA 0x0C ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@Class 0x45 0xFE 0x6B 0xD8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@Class 0xF6 0x88 0x3F 0x03 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@Class 0xE4 0xDE 0xD5 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@Class 0xE0 0xF3 0xF4 0x85 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@Class 0x50 0x30 0x76 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@Class 0xBF 0x80 0xF4 0x9F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@Class 0xA8 0x45 0x04 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
---- EOF - GMER 1.0.15 ----
Und hier OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:15:24 on 13.07.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 5.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl "Avira AntiVir Personal" - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - H:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - H:\Programme\QuickTime\QTSystem\QuickTime.cpl "TSSMPM" - "Teleca Sweden AB" - H:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AFS2k" (AFS2K) - "Oak Technology Inc." - H:\WINDOWS\system32\drivers\AFS2K.sys "AnyDVD" (AnyDVD) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\AnyDVD.sys "Aspi32" (Aspi32) - "Adaptec" - H:\WINDOWS\system32\drivers\Aspi32.sys "avgio" (avgio) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avipbb.sys "Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPANEL.SYS "catchme" (catchme) - ? - H:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - H:\WINDOWS\system32\drivers\Changer.sys (File not found) "DiskSec" (DiskSec) - "MAGIX" - H:\WINDOWS\system32\drivers\DiskSec.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyDelay.sys "gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\gdrv.sys "i2omgmt" (i2omgmt) - ? - H:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - H:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - H:\WINDOWS\system32\drivers\mbamswissarmy.sys "mbr" (mbr) - ? - H:\DOKUME~1\User\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCIDump" (PCIDump) - ? - H:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - H:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - H:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - H:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - H:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pwacqaoc" (pwacqaoc) - ? - H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - H:\WINDOWS\System32\Drivers\PxHelp20.sys "RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys "RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys "SndTAudio" (SndTAudio) - "Windows (R) Codename Longhorn DDK provider" - H:\WINDOWS\System32\drivers\SndTAudio.sys "SndTVideo" (SndTVideo) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\System32\DRIVERS\SndTVideo.sys "SSHDRV61" (SSHDRV61) - ? - H:\WINDOWS\system32\drivers\SSHDRV61.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPanel.sys "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - H:\WINDOWS\System32\drivers\tbhsd.sys "Virtual Bus for Microsoft ACPI-Compliant System" (1199536707) - ? - H:\WINDOWS\system32\drivers\1199536707.sys (File not found) "WDICA" (WDICA) - ? - H:\WINDOWS\system32\drivers\WDICA.sys (File not found) "ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)" (ZD1211BU(ZyDAS)) - "ZyDAS Technology Corporation" - H:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - H:\WINDOWS\system32\Rundll32.exe H:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - H:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll {F5D92341-0A64-11D0-9956-0000E8096023} "CD Copy Shell Extension" - ? - (File not found | COM-object registry key not found) {F5D92342-0A64-11D0-9956-0000E8096023} "CD Wizard Shell Extension" - ? - (File not found | COM-object registry key not found) {ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - "Revenger inc." - H:\Programme\iColorFolder\CMExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll {FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dMCShell.dll {88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - H:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - h:\programme\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - H:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - H:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "PartyPoker.com" - ? - H:\Programme\PartyGaming\PartyPoker\RunApp.exe (File not found) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - H:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [Logon] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "H:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - H:\Programme\Hp\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "H:\Programme\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "H:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "H:\programme\real\realplayer\update\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - H:\WINDOWS\system32\AdobePDF.dll "HP Discovery Port Monitor (HP Officejet 6500 E710a-f)" - "Hewlett-Packard Co." - H:\WINDOWS\system32\HPDiscoPM5512.dll "hpzlnt07" - "HP" - H:\WINDOWS\system32\hpzlnt07.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Adobe Version Cue CS2" (Adobe Version Cue CS2) - ? - H:\WINDOWS\system32\drivers\Adobe Version Cue CS2.sys (File not found) "Anwendungsverwaltung" (AppMgmt) - ? - H:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\sched.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - H:\Programme\Canon\CAL\CALMAIN.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - H:\Programme\Bonjour\mDNSResponder.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - Z:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - H:\Programme\MAGIX\Common\Database\bin\fbserver.exe "getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - H:\Programme\NOS\bin\getPlus_HelperSvc.exe "Google Software Updater" (gusvc) - "Google" - H:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9cdab2a076840)" (gupdate1c9cdab2a076840) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - H:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - ? - H:\Programme\Java\jre6\bin\jqs.exe (File not found) "NBService" (NBService) - "Nero AG" - H:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - H:\WINDOWS\system32\drivers\rpcapd.sys (File not found) "Seagate Service" (FreeAgentGoNext Service) - "Seagate Technology LLC" - Z:\Sync\FreeAgentService.exe "SMServer" (SMServer) - "SMServer" - H:\WINDOWS\system32\snmvtsvc.exe "UPnPService" (UPnPService) - "Magix AG" - H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - H:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
12.07.2011, 23:25
| #35 |
| | Virus, der alle Virenscans killt Und der MBR MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x020110f8 Kernel Drivers (total 132): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E6000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xBA330000 PartMgr.sys 0xBA4BC000 DiskSec.sys 0xBA0C8000 VolSnap.sys 0xB9F30000 atapi.sys 0xBA0D8000 jraid.sys 0xB9F18000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xBA0E8000 disk.sys 0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9EF8000 fltmgr.sys 0xB9EE6000 sr.sys 0xBA108000 PxHelp20.sys 0xB9ECF000 KSecDD.sys 0xB9E42000 Ntfs.sys 0xB9E15000 NDIS.sys 0xBA118000 Combo-Fix.sys 0xB9DFB000 Mup.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB80C8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB80B4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA4B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB8090000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA340000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB8068000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB804F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys 0xBA1D8000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA594000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB803B000 \SystemRoot\system32\DRIVERS\parport.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA378000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA208000 \SystemRoot\System32\Drivers\AFS2K.SYS 0xB8024000 \SystemRoot\System32\Drivers\AnyDVD.sys 0xBA5E0000 \SystemRoot\System32\Drivers\ElbyDelay.sys 0xBA380000 \SystemRoot\System32\Drivers\ElbyCDFL.sys 0xBA218000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA228000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB8001000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA388000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xBA73A000 \SystemRoot\system32\DRIVERS\SndTVideo.sys 0xBA238000 \SystemRoot\system32\drivers\SndTAudio.sys 0xB7FDD000 \SystemRoot\system32\drivers\portcls.sys 0xBA248000 \SystemRoot\system32\drivers\drmk.sys 0xBA258000 \SystemRoot\system32\drivers\tbhsd.sys 0xBA73B000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB7FC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA278000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA288000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA390000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB7FB5000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA298000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA398000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA3A0000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA2A8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA3A8000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA2B8000 \SystemRoot\system32\DRIVERS\rrnetcap.sys 0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB7F57000 \SystemRoot\system32\DRIVERS\update.sys 0xB9DD7000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA2F8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5E6000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xB4853000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xB96EE000 \??\H:\WINDOWS\system32\drivers\SSHDRV61.sys 0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7EC000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA3D0000 \SystemRoot\System32\drivers\vga.sys 0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA3E0000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA564000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB4626000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB45CD000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB457D000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB4557000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB4535000 \SystemRoot\System32\drivers\afd.sys 0xB96DE000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xB96CE000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA3F0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB450A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB449A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB96BE000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA3F8000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xBA400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xBA408000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xB4474000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xBA588000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB967E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA5F6000 \??\H:\Programme\Avira\AntiVir Desktop\avgio.sys 0xB484F000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB484B000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xBA430000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xB91F6000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB43AA000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA616000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB468C000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA470000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA6FB000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBF596000 \SystemRoot\System32\ATMFD.DLL 0xB411D000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xB4142000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB3E98000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB3DBB000 \SystemRoot\system32\drivers\wdmaud.sys 0xB9276000 \SystemRoot\system32\drivers\sysaudio.sys 0xBA5C0000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xBA5C2000 \SystemRoot\System32\Drivers\TBPanel.SYS 0xB3D9B000 \SystemRoot\System32\Drivers\Aspi32.SYS 0xB3B24000 \SystemRoot\System32\Drivers\HTTP.sys 0xB39DC000 \SystemRoot\system32\DRIVERS\srv.sys 0xBA460000 \??\H:\ComboFix\catchme.sys 0xBA612000 \??\H:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xB293E000 \??\H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 36): 0 System Idle Process 4 System 880 H:\WINDOWS\system32\smss.exe 928 csrss.exe 952 H:\WINDOWS\system32\winlogon.exe 996 H:\WINDOWS\system32\services.exe 1008 H:\WINDOWS\system32\lsass.exe 1200 H:\WINDOWS\system32\svchost.exe 1268 svchost.exe 1392 H:\WINDOWS\system32\svchost.exe 1548 svchost.exe 1644 svchost.exe 1804 H:\WINDOWS\system32\spoolsv.exe 1872 H:\Programme\Avira\AntiVir Desktop\sched.exe 1972 svchost.exe 728 H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 780 H:\Programme\Bonjour\mDNSResponder.exe 1364 Z:\Sync\FreeAgentService.exe 1808 H:\WINDOWS\system32\svchost.exe 124 H:\WINDOWS\system32\svchost.exe 592 wdfmgr.exe 1488 H:\Programme\Canon\CAL\CALMAIN.exe 632 alg.exe 2732 H:\Programme\HP\HP Software Update\hpwuschd2.exe 2748 H:\Programme\iTunes\iTunesHelper.exe 2796 H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 2808 H:\Programme\Real\RealPlayer\Update\realsched.exe 2824 H:\Programme\Avira\AntiVir Desktop\avgnt.exe 3248 H:\Programme\iPod\bin\iPodService.exe 3792 H:\WINDOWS\explorer.exe 3844 H:\Programme\Mozilla Firefox\firefox.exe 2892 H:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE 2208 H:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE 552 H:\Programme\HTC\HTC Sync\Sync Manager\SyncIndicator.exe 908 H:\Programme\Mozilla Firefox\plugin-container.exe 1540 H:\Dokumente und Einstellungen\User\Desktop\MBRCheck.exe \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\Z: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHD321KJ, Rev: CP100-12 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
|
13.07.2011, 08:52
| #36 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus, der alle Virenscans killtZitat:
__________________ --> Virus, der alle Virenscans killt |
|
13.07.2011, 09:54
| #37 |
| | Virus, der alle Virenscans killt Scheint geklappt zu haben! |
|
13.07.2011, 19:58
| #39 |
| | Virus, der alle Virenscans killt Hallo Arne, war tagsüber unterwegs, daher erst jetzt... Frage: Benötigst du den KOMPLETTEN GMER Log? Ich habe nach 40 Minuten wieder abgebrochen. Hier ist er: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-13 20:54:18
Windows 5.1.2600 Service Pack 3
Running: u63sdlfo.exe; Driver: H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys
---- System - GMER 1.0.15 ----
SSDT BA7E12F6 ZwCreateKey
SSDT BA7E12EC ZwCreateThread
SSDT BA7E12FB ZwDeleteKey
SSDT BA7E1305 ZwDeleteValueKey
SSDT BA7E130A ZwLoadKey
SSDT BA7E12D8 ZwOpenProcess
SSDT BA7E12DD ZwOpenThread
SSDT BA7E1314 ZwReplaceKey
SSDT BA7E130F ZwRestoreKey
SSDT BA7E1300 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB86F4360, 0x307AC7, 0xE8000020]
.text cdrom.sys B9716000 5 Bytes [43, 02, C7, 43, 0C]
.text cdrom.sys B9716006 43 Bytes [00, 80, 00, 75, 19, 8B, 45, ...]
.text cdrom.sys B9716033 89 Bytes [89, 43, 14, C6, 43, 0A, 06, ...]
.text cdrom.sys B971608D 59 Bytes JMP B9715FAC \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
.text cdrom.sys B97160C9 42 Bytes [74, 41, 81, FF, 48, 00, 07, ...]
.text ...
? H:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious PE modification
---- User code sections - GMER 1.0.15 ----
.text H:\programme\real\realplayer\update\realsched.exe[1372] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfLowerIrql] 185D8BE6
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KeGetCurrentIrql] AC0FCE8B
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfRaiseIrql] 5D3218CB
---- Devices - GMER 1.0.15 ----
Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\Disk \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 BA2CE890
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) BA2F8000-BA301000 (36864 bytes)
---- Threads - GMER 1.0.15 ----
Thread System [4:112] BA2FCD20
Thread System [4:116] BA2FCD20
Thread System [4:120] BA2CF6F0
Thread System [4:124] BA2CF6F0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x21 0x0F 0xF1 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x01 0xFD 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0xE2 0x73 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA8 0x64 0xDA 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x21 0x0F 0xF1 0xA4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x01 0xFD 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0xE2 0x73 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA8 0x64 0xDA 0x0C ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@Class 0x45 0xFE 0x6B 0xD8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@Class 0xF6 0x88 0x3F 0x03 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@Class 0xE4 0xDE 0xD5 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@Class 0xE0 0xF3 0xF4 0x85 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@Class 0x50 0x30 0x76 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@Class 0xBF 0x80 0xF4 0x9F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@Class 0xA8 0x45 0x04 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
---- EOF - GMER 1.0.15 ----
|
|
13.07.2011, 20:01
| #40 |
| | Virus, der alle Virenscans killt Und Osam OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:58:56 on 13.07.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 5.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl "Avira AntiVir Personal" - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - H:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - H:\Programme\QuickTime\QTSystem\QuickTime.cpl "TSSMPM" - "Teleca Sweden AB" - H:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AFS2k" (AFS2K) - "Oak Technology Inc." - H:\WINDOWS\system32\drivers\AFS2K.sys "AnyDVD" (AnyDVD) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\AnyDVD.sys "Aspi32" (Aspi32) - "Adaptec" - H:\WINDOWS\system32\drivers\Aspi32.sys "avgio" (avgio) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avipbb.sys "Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPANEL.SYS "catchme" (catchme) - ? - H:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - H:\WINDOWS\system32\drivers\Changer.sys (File not found) "DiskSec" (DiskSec) - "MAGIX" - H:\WINDOWS\system32\drivers\DiskSec.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyDelay.sys "gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\gdrv.sys "i2omgmt" (i2omgmt) - ? - H:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - H:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - H:\WINDOWS\system32\drivers\mbamswissarmy.sys "PCIDump" (PCIDump) - ? - H:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - H:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - H:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - H:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - H:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pwacqaoc" (pwacqaoc) - ? - H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - H:\WINDOWS\System32\Drivers\PxHelp20.sys "RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys "RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys "SndTAudio" (SndTAudio) - "Windows (R) Codename Longhorn DDK provider" - H:\WINDOWS\System32\drivers\SndTAudio.sys "SndTVideo" (SndTVideo) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\System32\DRIVERS\SndTVideo.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPanel.sys "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - H:\WINDOWS\System32\drivers\tbhsd.sys "Virtual Bus for Microsoft ACPI-Compliant System" (1199536707) - ? - H:\WINDOWS\system32\drivers\1199536707.sys (File not found) "WDICA" (WDICA) - ? - H:\WINDOWS\system32\drivers\WDICA.sys (File not found) "ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)" (ZD1211BU(ZyDAS)) - "ZyDAS Technology Corporation" - H:\WINDOWS\System32\DRIVERS\zd1211Bu.sys (Disabled) "SSHDRV61" (SSHDRV61) - ? - H:\WINDOWS\system32\drivers\SSHDRV61.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - H:\WINDOWS\system32\Rundll32.exe H:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - H:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll {F5D92341-0A64-11D0-9956-0000E8096023} "CD Copy Shell Extension" - ? - (File not found | COM-object registry key not found) {F5D92342-0A64-11D0-9956-0000E8096023} "CD Wizard Shell Extension" - ? - (File not found | COM-object registry key not found) {ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - "Revenger inc." - H:\Programme\iColorFolder\CMExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll {FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dMCShell.dll {88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - H:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - h:\programme\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - H:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - H:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "PartyPoker.com" - ? - H:\Programme\PartyGaming\PartyPoker\RunApp.exe (File not found) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - H:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [Logon] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "H:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - H:\Programme\Hp\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "H:\Programme\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "H:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "H:\programme\real\realplayer\update\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - H:\WINDOWS\system32\AdobePDF.dll "HP Discovery Port Monitor (HP Officejet 6500 E710a-f)" - "Hewlett-Packard Co." - H:\WINDOWS\system32\HPDiscoPM5512.dll "hpzlnt07" - "HP" - H:\WINDOWS\system32\hpzlnt07.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Adobe Version Cue CS2" (Adobe Version Cue CS2) - ? - H:\WINDOWS\system32\drivers\Adobe Version Cue CS2.sys (File not found) "Anwendungsverwaltung" (AppMgmt) - ? - H:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\sched.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - H:\Programme\Canon\CAL\CALMAIN.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - H:\Programme\Bonjour\mDNSResponder.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - Z:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - H:\Programme\MAGIX\Common\Database\bin\fbserver.exe "getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - H:\Programme\NOS\bin\getPlus_HelperSvc.exe "Google Software Updater" (gusvc) - "Google" - H:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9cdab2a076840)" (gupdate1c9cdab2a076840) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - H:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - ? - H:\Programme\Java\jre6\bin\jqs.exe (File not found) "NBService" (NBService) - "Nero AG" - H:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - H:\WINDOWS\system32\drivers\rpcapd.sys (File not found) "Seagate Service" (FreeAgentGoNext Service) - "Seagate Technology LLC" - Z:\Sync\FreeAgentService.exe "SMServer" (SMServer) - "SMServer" - H:\WINDOWS\system32\snmvtsvc.exe "UPnPService" (UPnPService) - "Magix AG" - H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - H:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
13.07.2011, 20:17
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus, der alle Virenscans killt Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.07.2011, 22:57
| #42 |
| | Virus, der alle Virenscans killt PUH! Ich habe definitiv zu viel Zeugs auf der Platte! Der Scan mit dem SUPERAntiSpyware hat über eine Stunde gedauert! Und er hat 36 Dateien gefunden!  Jetzt sind sie in Quarantäne. Kann cih sie löschen, bevor ich den nächsten Scan mache?SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/13/2011 at 11:51 PM Application Version : 4.55.1000 Core Rules Database Version : 7403 Trace Rules Database Version: 5215 Scan type : Complete Scan Total Scan Time : 01:25:42 Memory items scanned : 402 Memory threats detected : 0 Registry items scanned : 8267 Registry threats detected : 0 File items scanned : 116108 File threats detected : 36 Adware.Tracking Cookie H:\Dokumente und Einstellungen\User\Cookies\user@forum.usenext[1].txt .apmebf.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ] .mediaplex.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ] .mediaplex.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ] .adfarm1.adition.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ] .doubleclick.net [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ] .ads.quartermedia.de [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .ads.quartermedia.de [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .ads.quartermedia.de [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .apmebf.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .mediaplex.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .doubleclick.net [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .smartadserver.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .smartadserver.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .smartadserver.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] ad.yieldmanager.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] rotator.adjuggler.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] rotator.adjuggler.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] adsrv.admediate.net [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] adsrv.admediate.net [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .webmasterplan.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .atdmt.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] ad.yieldmanager.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .bs.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .imrworldwide.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .imrworldwide.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .adfarm1.adition.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] .adfarm1.adition.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] ad3.adfarm1.adition.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ] |
|
13.07.2011, 23:10
| #43 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus, der alle Virenscans killt Das sind nur Cookies die sind eh harmlos.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2011, 23:20
| #44 |
| | Virus, der alle Virenscans killt Puh! Ein Glück! Den Malwarescan lasse ich heute Nacht durchlaufen, muss jetzt noch ein bisschen am Rechner arbeiten. Auf jeden Fall schon einmal VIELEN DANK für deine freundliche und kompetente Hilfe! Noch eine Frage: Ich habe zur Zeit folgende Schutzprogramme installiert: - Avira free - MAGIX PC Check & Tuning 2010 Kerio habe ich nicht mehr, und auf deine Empfehlung hin auch nicht mehr neu installiert. Mit dem CC-Cleaner räume ich regelmäßig auf. Welche Empfehlungen hast du zum künftigen Schutz? Ich habe ja nun einige neue Programme auf dem Rechner (Superantispyware, Malwarebytes...) Taugt Avira, oder sollte ich auf McAfe, Kaspersky und Co zurückgreifen? Vielen Dank Oliver |
|
13.07.2011, 23:21
| #45 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus, der alle Virenscans killtZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus, der alle Virenscans killt |
| 100ksearches, abbruch, aufsetzen, autostart, avira, beschädigung, browser, datei, desktop, ergebnis, fehlermeldung, firefox, forum, gmer, icon, killt, links, log-datei, malwarebytes, neu aufsetzen, nicht möglich, online-virenscanner, port, programm, redirect, required, scan, sekunden, temp, udp, virus |
Linear-Darstellung
