| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MBAM findet Malware: C:\DelUS.bat - Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
02.01.2012, 14:07
| #1 |
 |  MBAM findet Malware: C:\DelUS.bat - Was tun? Nach der unglaublichen Suche nach dem "Report"-Button hab ich das aus dem Log entnehmen können: Code:
ATTFilter 13:59:31.0453 5368 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:59:31.0640 5368 ============================================================
13:59:31.0640 5368 Current date / time: 2012/01/02 13:59:31.0640
13:59:31.0640 5368 SystemInfo:
13:59:31.0640 5368
13:59:31.0640 5368 OS Version: 5.1.2600 ServicePack: 3.0
13:59:31.0640 5368 Product type: Workstation
13:59:31.0640 5368 ComputerName: MALSAM
13:59:31.0640 5368 UserName: Georg Malsam
13:59:31.0640 5368 Windows directory: C:\windows
13:59:31.0640 5368 System windows directory: C:\windows
13:59:31.0640 5368 Processor architecture: Intel x86
13:59:31.0640 5368 Number of processors: 2
13:59:31.0640 5368 Page size: 0x1000
13:59:31.0640 5368 Boot type: Normal boot
13:59:31.0640 5368 ============================================================
13:59:33.0250 5368 Initialize success
14:00:23.0312 2740 ============================================================
14:00:23.0312 2740 Scan started
14:00:23.0312 2740 Mode: Manual; SigCheck; TDLFS;
14:00:23.0312 2740 ============================================================
14:00:25.0281 2740 3xHybrid (1ac06930b96e1b2515abc3a598e0fca7) C:\windows\system32\DRIVERS\3xHybrid.sys
14:00:26.0015 2740 3xHybrid - ok
14:00:26.0171 2740 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\windows\system32\DRIVERS\61883.sys
14:00:26.0859 2740 61883 - ok
14:00:26.0921 2740 Abiosdsk - ok
14:00:26.0937 2740 abp480n5 - ok
14:00:26.0968 2740 acedrv10 (553ba53445795cbc0d4f9fa37eb855a6) C:\windows\system32\drivers\acedrv10.sys
14:00:27.0093 2740 acedrv10 - ok
14:00:27.0125 2740 acehlp10 (8ce00b6a46962a1808b19cd1dae5170c) C:\windows\system32\drivers\acehlp10.sys
14:00:27.0234 2740 acehlp10 - ok
14:00:27.0281 2740 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\windows\system32\DRIVERS\ACPI.sys
14:00:27.0437 2740 ACPI - ok
14:00:27.0484 2740 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\windows\system32\drivers\ACPIEC.sys
14:00:27.0625 2740 ACPIEC - ok
14:00:27.0656 2740 adpu160m - ok
14:00:27.0687 2740 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
14:00:27.0828 2740 aec - ok
14:00:27.0859 2740 AegisP (4b66e250c94c92522c33a759d5d273cb) C:\windows\system32\DRIVERS\AegisP.sys
14:00:27.0875 2740 AegisP ( UnsignedFile.Multi.Generic ) - warning
14:00:27.0875 2740 AegisP - detected UnsignedFile.Multi.Generic (1)
14:00:27.0906 2740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
14:00:27.0968 2740 AFD - ok
14:00:28.0078 2740 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\windows\system32\DRIVERS\AGRSM.sys
14:00:28.0218 2740 AgereSoftModem - ok
14:00:28.0234 2740 Aha154x - ok
14:00:28.0250 2740 aic78u2 - ok
14:00:28.0250 2740 aic78xx - ok
14:00:28.0281 2740 AliIde - ok
14:00:28.0281 2740 amsint - ok
14:00:28.0328 2740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
14:00:28.0500 2740 Arp1394 - ok
14:00:28.0515 2740 asc - ok
14:00:28.0531 2740 asc3350p - ok
14:00:28.0546 2740 asc3550 - ok
14:00:28.0593 2740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
14:00:28.0718 2740 AsyncMac - ok
14:00:28.0734 2740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
14:00:28.0875 2740 atapi - ok
14:00:28.0875 2740 Atdisk - ok
14:00:28.0968 2740 ati2mtag (74a245800424f70ff4822ab0d20a1db5) C:\windows\system32\DRIVERS\ati2mtag.sys
14:00:29.0078 2740 ati2mtag - ok
14:00:29.0109 2740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
14:00:29.0234 2740 Atmarpc - ok
14:00:29.0281 2740 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
14:00:29.0406 2740 audstub - ok
14:00:29.0437 2740 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\windows\system32\DRIVERS\avc.sys
14:00:29.0578 2740 Avc - ok
14:00:29.0625 2740 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\windows\system32\DRIVERS\avgntflt.sys
14:00:29.0640 2740 avgntflt - ok
14:00:29.0656 2740 avipbb (475fbb85956534720858ae72010c0a43) C:\windows\system32\DRIVERS\avipbb.sys
14:00:29.0671 2740 avipbb - ok
14:00:29.0687 2740 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
14:00:29.0703 2740 avkmgr - ok
14:00:29.0750 2740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
14:00:29.0906 2740 Beep - ok
14:00:29.0953 2740 BlueletAudio (31ff5b87c1dd907613cc613224b8e303) C:\windows\system32\DRIVERS\blueletaudio.sys
14:00:29.0968 2740 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
14:00:29.0968 2740 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
14:00:30.0015 2740 BT (9da8abc4885aff4793d4aa420e40bb12) C:\windows\system32\DRIVERS\btnetdrv.sys
14:00:30.0062 2740 BT ( UnsignedFile.Multi.Generic ) - warning
14:00:30.0062 2740 BT - detected UnsignedFile.Multi.Generic (1)
14:00:30.0078 2740 Btcsrusb (bdf2c32c14ef7ab75ddcc3394d6f80d4) C:\windows\system32\Drivers\btcusb.sys
14:00:30.0093 2740 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
14:00:30.0093 2740 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
14:00:30.0093 2740 BTHidEnum (0448968ba21acde511c19f3c0296e23b) C:\windows\system32\DRIVERS\vbtenum.sys
14:00:30.0109 2740 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
14:00:30.0109 2740 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
14:00:30.0140 2740 BTHidMgr (f408264f6ad1dc7e7bdd4837440f115d) C:\windows\system32\Drivers\BTHidMgr.sys
14:00:30.0140 2740 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
14:00:30.0140 2740 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
14:00:30.0171 2740 BTNetFilter (6b05fdc0cfc3753b520d2d4176cc32d0) C:\WINDOWS\system32\drivers\BTNetFilter.sys
14:00:30.0171 2740 BTNetFilter ( UnsignedFile.Multi.Generic ) - warning
14:00:30.0171 2740 BTNetFilter - detected UnsignedFile.Multi.Generic (1)
14:00:30.0218 2740 CardReaderFilter (66b71dd7794d3b8a88ccb645896d3e53) C:\windows\system32\Drivers\USBCRFT.SYS
14:00:30.0234 2740 CardReaderFilter ( UnsignedFile.Multi.Generic ) - warning
14:00:30.0234 2740 CardReaderFilter - detected UnsignedFile.Multi.Generic (1)
14:00:30.0265 2740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
14:00:30.0437 2740 cbidf2k - ok
14:00:30.0468 2740 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
14:00:30.0609 2740 CCDECODE - ok
14:00:30.0625 2740 cd20xrnt - ok
14:00:30.0671 2740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
14:00:30.0812 2740 Cdaudio - ok
14:00:30.0828 2740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
14:00:30.0984 2740 Cdfs - ok
14:00:31.0015 2740 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\windows\system32\drivers\cdrbsdrv.sys
14:00:31.0031 2740 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
14:00:31.0031 2740 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
14:00:31.0046 2740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
14:00:31.0250 2740 Cdrom - ok
14:00:31.0250 2740 Changer - ok
14:00:31.0296 2740 CmdIde - ok
14:00:31.0375 2740 cmudax (53c90d77476edd52b3abafca8d5d01db) C:\windows\system32\drivers\cmudax.sys
14:00:31.0515 2740 cmudax - ok
14:00:31.0546 2740 Cpqarray - ok
14:00:31.0562 2740 dac2w2k - ok
14:00:31.0578 2740 dac960nt - ok
14:00:31.0625 2740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
14:00:31.0765 2740 Disk - ok
14:00:31.0828 2740 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\windows\system32\drivers\dmboot.sys
14:00:32.0015 2740 dmboot - ok
14:00:32.0031 2740 dmio (53720ab12b48719d00e327da470a619a) C:\windows\system32\drivers\dmio.sys
14:00:32.0203 2740 dmio - ok
14:00:32.0250 2740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
14:00:32.0406 2740 dmload - ok
14:00:32.0437 2740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
14:00:32.0578 2740 DMusic - ok
14:00:32.0609 2740 dpti2o - ok
14:00:32.0640 2740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
14:00:32.0765 2740 drmkaud - ok
14:00:32.0796 2740 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
14:00:32.0937 2740 Fastfat - ok
14:00:32.0953 2740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
14:00:33.0109 2740 Fdc - ok
14:00:33.0156 2740 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\windows\system32\DRIVERS\fetnd5b.sys
14:00:33.0187 2740 FETNDISB - ok
14:00:33.0218 2740 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\windows\system32\drivers\Fips.sys
14:00:33.0343 2740 Fips - ok
14:00:33.0375 2740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
14:00:33.0531 2740 Flpydisk - ok
14:00:33.0578 2740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
14:00:33.0718 2740 FltMgr - ok
14:00:33.0750 2740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
14:00:33.0875 2740 Fs_Rec - ok
14:00:33.0921 2740 Ftdisk (8f1955ce42e1484714b542f341647778) C:\windows\system32\DRIVERS\ftdisk.sys
14:00:34.0078 2740 Ftdisk - ok
14:00:34.0093 2740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
14:00:34.0234 2740 Gpc - ok
14:00:34.0265 2740 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\windows\system32\drivers\HdAudio.sys
14:00:34.0375 2740 HdAudAddService - ok
14:00:34.0406 2740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
14:00:34.0531 2740 HDAudBus - ok
14:00:34.0578 2740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
14:00:34.0718 2740 HidUsb - ok
14:00:34.0734 2740 hpn - ok
14:00:34.0781 2740 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys
14:00:34.0906 2740 HPZid412 - ok
14:00:34.0937 2740 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys
14:00:34.0984 2740 HPZipr12 - ok
14:00:35.0015 2740 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys
14:00:35.0046 2740 HPZius12 - ok
14:00:35.0093 2740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
14:00:35.0171 2740 HTTP - ok
14:00:35.0187 2740 i2omgmt - ok
14:00:35.0203 2740 i2omp - ok
14:00:35.0234 2740 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\windows\system32\DRIVERS\i8042prt.sys
14:00:35.0359 2740 i8042prt - ok
14:00:35.0390 2740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
14:00:35.0515 2740 Imapi - ok
14:00:35.0531 2740 ini910u - ok
14:00:35.0578 2740 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\windows\system32\DRIVERS\intelide.sys
14:00:35.0687 2740 IntelIde - ok
14:00:35.0718 2740 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\windows\system32\DRIVERS\intelppm.sys
14:00:35.0859 2740 intelppm - ok
14:00:35.0906 2740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
14:00:36.0062 2740 Ip6Fw - ok
14:00:36.0093 2740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:00:36.0234 2740 IpFilterDriver - ok
14:00:36.0250 2740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
14:00:36.0375 2740 IpInIp - ok
14:00:36.0406 2740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
14:00:36.0546 2740 IpNat - ok
14:00:36.0578 2740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
14:00:36.0687 2740 IPSec - ok
14:00:36.0718 2740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
14:00:36.0859 2740 IRENUM - ok
14:00:36.0890 2740 isapnp (6dfb88f64135c525433e87648bda30de) C:\windows\system32\DRIVERS\isapnp.sys
14:00:37.0031 2740 isapnp - ok
14:00:37.0062 2740 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\windows\system32\DRIVERS\kbdclass.sys
14:00:37.0218 2740 Kbdclass - ok
14:00:37.0234 2740 kbdhid (b6d6c117d771c98130497265f26d1882) C:\windows\system32\DRIVERS\kbdhid.sys
14:00:37.0375 2740 kbdhid - ok
14:00:37.0406 2740 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
14:00:37.0546 2740 kmixer - ok
14:00:37.0578 2740 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
14:00:37.0671 2740 KSecDD - ok
14:00:37.0687 2740 lbrtfdc - ok
14:00:37.0734 2740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
14:00:37.0875 2740 mnmdd - ok
14:00:37.0921 2740 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\windows\system32\drivers\Modem.sys
14:00:38.0046 2740 Modem - ok
14:00:38.0093 2740 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\windows\system32\drivers\MODEMCSA.sys
14:00:38.0218 2740 MODEMCSA - ok
14:00:38.0250 2740 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\windows\system32\DRIVERS\mouclass.sys
14:00:38.0531 2740 Mouclass - ok
14:00:38.0578 2740 mouhid (66a6f73c74e1791464160a7065ce711a) C:\windows\system32\DRIVERS\mouhid.sys
14:00:38.0718 2740 mouhid - ok
14:00:38.0734 2740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
14:00:38.0875 2740 MountMgr - ok
14:00:38.0906 2740 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\windows\system32\DRIVERS\MPE.sys
14:00:39.0046 2740 MPE - ok
14:00:39.0062 2740 mraid35x - ok
14:00:39.0078 2740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
14:00:39.0218 2740 MRxDAV - ok
14:00:39.0281 2740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
14:00:39.0375 2740 MRxSmb - ok
14:00:39.0421 2740 MSDV (1477849772712bac69c144dcf2c9ce81) C:\windows\system32\DRIVERS\msdv.sys
14:00:39.0562 2740 MSDV - ok
14:00:39.0593 2740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
14:00:39.0734 2740 Msfs - ok
14:00:39.0765 2740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
14:00:39.0890 2740 MSKSSRV - ok
14:00:39.0906 2740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
14:00:40.0031 2740 MSPCLOCK - ok
14:00:40.0062 2740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
14:00:40.0218 2740 MSPQM - ok
14:00:40.0250 2740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
14:00:40.0375 2740 mssmbios - ok
14:00:40.0406 2740 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
14:00:40.0593 2740 MSTEE - ok
14:00:40.0640 2740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
14:00:40.0671 2740 Mup - ok
14:00:40.0687 2740 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
14:00:40.0843 2740 NABTSFEC - ok
14:00:40.0875 2740 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
14:00:41.0000 2740 NDIS - ok
14:00:41.0031 2740 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
14:00:41.0187 2740 NdisIP - ok
14:00:41.0218 2740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
14:00:41.0250 2740 NdisTapi - ok
14:00:41.0281 2740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
14:00:41.0421 2740 Ndisuio - ok
14:00:41.0453 2740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
14:00:41.0578 2740 NdisWan - ok
14:00:41.0609 2740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
14:00:41.0656 2740 NDProxy - ok
14:00:41.0671 2740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
14:00:41.0812 2740 NetBIOS - ok
14:00:41.0828 2740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
14:00:41.0968 2740 NetBT - ok
14:00:42.0015 2740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
14:00:42.0156 2740 NIC1394 - ok
14:00:42.0187 2740 nm (1e421a6bcf2203cc61b821ada9de878b) C:\windows\system32\DRIVERS\NMnt.sys
14:00:42.0328 2740 nm - ok
14:00:42.0343 2740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
14:00:42.0484 2740 Npfs - ok
14:00:42.0515 2740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
14:00:42.0687 2740 Ntfs - ok
14:00:42.0734 2740 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
14:00:42.0859 2740 NTSIM ( UnsignedFile.Multi.Generic ) - warning
14:00:42.0859 2740 NTSIM - detected UnsignedFile.Multi.Generic (1)
14:00:42.0906 2740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
14:00:43.0031 2740 Null - ok
14:00:43.0078 2740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
14:00:43.0218 2740 NwlnkFlt - ok
14:00:43.0250 2740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
14:00:43.0390 2740 NwlnkFwd - ok
14:00:43.0437 2740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
14:00:43.0562 2740 ohci1394 - ok
14:00:43.0593 2740 Parport (f84785660305b9b903fb3bca8ba29837) C:\windows\system32\DRIVERS\parport.sys
14:00:43.0734 2740 Parport - ok
14:00:43.0750 2740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
14:00:43.0875 2740 PartMgr - ok
14:00:43.0921 2740 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\windows\system32\drivers\ParVdm.sys
14:00:44.0062 2740 ParVdm - ok
14:00:44.0078 2740 PCI (387e8dedc343aa2d1efbc30580273acd) C:\windows\system32\DRIVERS\pci.sys
14:00:44.0218 2740 PCI - ok
14:00:44.0234 2740 PCIDump - ok
14:00:44.0281 2740 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\windows\system32\DRIVERS\pciide.sys
14:00:44.0406 2740 PCIIde - ok
14:00:44.0437 2740 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\windows\system32\drivers\Pcmcia.sys
14:00:44.0593 2740 Pcmcia - ok
14:00:44.0609 2740 PDCOMP - ok
14:00:44.0625 2740 PDFRAME - ok
14:00:44.0640 2740 PDRELI - ok
14:00:44.0656 2740 PDRFRAME - ok
14:00:44.0671 2740 perc2 - ok
14:00:44.0687 2740 perc2hib - ok
14:00:44.0750 2740 phc700 (8a3a05186cc4a9198581a0a09d38e959) C:\windows\system32\DRIVERS\phc700.sys
14:00:44.0843 2740 phc700 - ok
14:00:44.0875 2740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
14:00:45.0000 2740 PptpMiniport - ok
14:00:45.0062 2740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
14:00:45.0187 2740 Ptilink - ok
14:00:45.0265 2740 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys
14:00:45.0265 2740 PxHelp20 - ok
14:00:45.0281 2740 ql1080 - ok
14:00:45.0296 2740 Ql10wnt - ok
14:00:45.0312 2740 ql12160 - ok
14:00:45.0328 2740 ql1240 - ok
14:00:45.0343 2740 ql1280 - ok
14:00:45.0390 2740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
14:00:45.0531 2740 RasAcd - ok
14:00:45.0578 2740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
14:00:45.0703 2740 Rasl2tp - ok
14:00:45.0734 2740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
14:00:45.0875 2740 RasPppoe - ok
14:00:45.0906 2740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
14:00:46.0046 2740 Raspti - ok
14:00:46.0062 2740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
14:00:46.0203 2740 Rdbss - ok
14:00:46.0218 2740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
14:00:46.0359 2740 RDPCDD - ok
14:00:46.0421 2740 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys
14:00:46.0468 2740 RDPWD - ok
14:00:46.0484 2740 redbook (ed761d453856f795a7fe056e42c36365) C:\windows\system32\DRIVERS\redbook.sys
14:00:46.0625 2740 redbook - ok
14:00:46.0656 2740 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
14:00:46.0781 2740 ROOTMODEM - ok
14:00:46.0843 2740 RT2500USB (6f6ce24f243458c92b54e0016ad46bd7) C:\windows\system32\DRIVERS\rt2500usb.sys
14:00:46.0875 2740 RT2500USB - ok
14:00:46.0906 2740 RT25USBAP (3fb98d6e8099431805373efe31e6211a) C:\windows\system32\DRIVERS\rt25usbap.sys
14:00:46.0953 2740 RT25USBAP ( UnsignedFile.Multi.Generic ) - warning
14:00:46.0968 2740 RT25USBAP - detected UnsignedFile.Multi.Generic (1)
14:00:47.0015 2740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
14:00:47.0140 2740 Secdrv - ok
14:00:47.0187 2740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
14:00:47.0328 2740 serenum - ok
14:00:47.0343 2740 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\windows\system32\DRIVERS\serial.sys
14:00:47.0468 2740 Serial - ok
14:00:47.0515 2740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
14:00:47.0656 2740 Sfloppy - ok
14:00:47.0671 2740 Simbad - ok
14:00:47.0703 2740 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
14:00:47.0828 2740 SLIP - ok
14:00:47.0875 2740 smrtdrv (947154112d318885026dedeaa13489ca) C:\windows\system32\DRIVERS\smrtdrv.sys
14:00:47.0937 2740 smrtdrv - ok
14:00:47.0953 2740 Sparrow - ok
14:00:47.0968 2740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
14:00:48.0093 2740 splitter - ok
14:00:48.0125 2740 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\windows\system32\DRIVERS\sr.sys
14:00:48.0250 2740 sr - ok
14:00:48.0296 2740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
14:00:48.0375 2740 Srv - ok
14:00:48.0406 2740 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
14:00:48.0437 2740 ssmdrv - ok
14:00:48.0515 2740 StillCam (a2dbcc4c8860449df1ab758ea28b4de0) C:\windows\system32\DRIVERS\serscan.sys
14:00:48.0671 2740 StillCam - ok
14:00:48.0750 2740 StkCMini (36565318396a9d0a880687d1bb9c7f79) C:\windows\system32\Drivers\StkCMini.sys
14:00:48.0859 2740 StkCMini - ok
14:00:48.0906 2740 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
14:00:49.0046 2740 streamip - ok
14:00:49.0062 2740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
14:00:49.0187 2740 swenum - ok
14:00:49.0218 2740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
14:00:49.0343 2740 swmidi - ok
14:00:49.0390 2740 symc810 - ok
14:00:49.0406 2740 symc8xx - ok
14:00:49.0421 2740 sym_hi - ok
14:00:49.0437 2740 sym_u3 - ok
14:00:49.0453 2740 Synnetdrv - ok
14:00:49.0546 2740 SynnetdrvMP - ok
14:00:49.0593 2740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
14:00:49.0718 2740 sysaudio - ok
14:00:49.0765 2740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
14:00:49.0781 2740 Tcpip - ok
14:00:49.0828 2740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
14:00:50.0000 2740 TDPIPE - ok
14:00:50.0015 2740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
14:00:50.0187 2740 TDTCP - ok
14:00:50.0203 2740 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
14:00:50.0343 2740 TermDD - ok
14:00:50.0375 2740 TosIde - ok
14:00:50.0421 2740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
14:00:50.0562 2740 Udfs - ok
14:00:50.0578 2740 ultra - ok
14:00:50.0625 2740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
14:00:50.0781 2740 Update - ok
14:00:50.0828 2740 usbaudio (e919708db44ed8543a7c017953148330) C:\windows\system32\drivers\usbaudio.sys
14:00:50.0968 2740 usbaudio - ok
14:00:50.0984 2740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
14:00:51.0140 2740 usbccgp - ok
14:00:51.0171 2740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
14:00:51.0312 2740 usbehci - ok
14:00:51.0328 2740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
14:00:51.0453 2740 usbhub - ok
14:00:51.0500 2740 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
14:00:51.0609 2740 usbprint - ok
14:00:51.0625 2740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
14:00:51.0765 2740 usbscan - ok
14:00:51.0781 2740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:00:51.0921 2740 USBSTOR - ok
14:00:51.0937 2740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
14:00:52.0062 2740 usbuhci - ok
14:00:52.0093 2740 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\windows\system32\DRIVERS\usb8023.sys
14:00:52.0218 2740 USB_RNDIS - ok
14:00:52.0265 2740 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\windows\system32\DRIVERS\VComm.sys
14:00:52.0265 2740 VComm ( UnsignedFile.Multi.Generic ) - warning
14:00:52.0265 2740 VComm - detected UnsignedFile.Multi.Generic (1)
14:00:52.0312 2740 VcommMgr (ef0d45ed806b0c9ae9756bfeecb077ed) C:\windows\system32\Drivers\VcommMgr.sys
14:00:52.0328 2740 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
14:00:52.0328 2740 VcommMgr - detected UnsignedFile.Multi.Generic (1)
14:00:52.0343 2740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
14:00:52.0468 2740 VgaSave - ok
14:00:52.0484 2740 ViaIde - ok
14:00:52.0515 2740 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\windows\system32\drivers\VolSnap.sys
14:00:52.0640 2740 VolSnap - ok
14:00:52.0671 2740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
14:00:52.0796 2740 Wanarp - ok
14:00:52.0812 2740 wanatw - ok
14:00:52.0859 2740 wbscr (67014473f902f3023f892c3a0950958a) C:\windows\system32\drivers\wbscr.sys
14:00:52.0953 2740 wbscr - ok
14:00:52.0984 2740 WDICA - ok
14:00:53.0000 2740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
14:00:53.0140 2740 wdmaud - ok
14:00:53.0218 2740 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
14:00:53.0359 2740 WSTCODEC - ok
14:00:53.0484 2740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
14:00:53.0562 2740 WudfPf - ok
14:00:53.0578 2740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
14:00:53.0609 2740 WudfRd - ok
14:00:53.0703 2740 XUIF (93692d6b2fcbb63f517642048f5295fb) C:\windows\system32\Drivers\x10ufx2.sys
14:00:53.0750 2740 XUIF - ok
14:00:53.0781 2740 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
14:00:54.0015 2740 \Device\Harddisk0\DR0 - ok
14:00:54.0031 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:00:54.0125 2740 \Device\Harddisk1\DR1 - ok
14:00:54.0140 2740 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR20
14:00:54.0562 2740 \Device\Harddisk2\DR20 - ok
14:00:54.0578 2740 Boot (0x1200) (88cf71f213c8966f5d66c6b48ff1d3ed) \Device\Harddisk0\DR0\Partition0
14:00:54.0578 2740 \Device\Harddisk0\DR0\Partition0 - ok
14:00:54.0578 2740 Boot (0x1200) (87a6b203482080c2cc02d6ad51763528) \Device\Harddisk0\DR0\Partition1
14:00:54.0578 2740 \Device\Harddisk0\DR0\Partition1 - ok
14:00:54.0609 2740 Boot (0x1200) (cbb82fd373513d784e3d1dc83ed24c18) \Device\Harddisk0\DR0\Partition2
14:00:54.0609 2740 \Device\Harddisk0\DR0\Partition2 - ok
14:00:54.0625 2740 Boot (0x1200) (8b2343d0c054973e47439cf958f3eec8) \Device\Harddisk1\DR1\Partition0
14:00:54.0625 2740 \Device\Harddisk1\DR1\Partition0 - ok
14:00:54.0640 2740 Boot (0x1200) (cc7a0cf4fd660b0701c273e42f01bb77) \Device\Harddisk2\DR20\Partition0
14:00:54.0640 2740 \Device\Harddisk2\DR20\Partition0 - ok
14:00:54.0640 2740 ============================================================
14:00:54.0640 2740 Scan finished
14:00:54.0640 2740 ============================================================
14:00:54.0750 0868 Detected object count: 13
14:00:54.0750 0868 Actual detected object count: 13
14:02:08.0031 0868 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0031 0868 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0031 0868 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0031 0868 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0031 0868 BT ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0031 0868 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0031 0868 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0046 0868 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0046 0868 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0046 0868 BTNetFilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 BTNetFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0046 0868 CardReaderFilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 CardReaderFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0046 0868 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0046 0868 NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0046 0868 RT25USBAP ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0046 0868 RT25USBAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0062 0868 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0062 0868 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0062 0868 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0062 0868 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
 x.x  Bin gespannt auf die nächsten Schritte. Gruß, Juri9 |
|
02.01.2012, 14:20
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | MBAM findet Malware: C:\DelUS.bat - Was tun?Zitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
02.01.2012, 15:25
| #3 | |
| | MBAM findet Malware: C:\DelUS.bat - Was tun?Zitat:
Aber was soll's, das ist das Log von ComboFix: Code:
ATTFilter ComboFix 12-01-02.01 - Georg Malsam 02.01.2012 14:57:31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.543 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Georg Malsam\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\Setup.exe
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Georg Malsam\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-02 bis 2012-01-02 ))))))))))))))))))))))))))))))
.
.
2012-01-01 21:35 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-01-01 21:34 . 2012-01-01 21:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU
2012-01-01 21:20 . 2006-09-26 12:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2012-01-01 21:20 . 2004-12-20 15:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2011-12-29 15:02 . 2011-12-29 15:02 -------- d-----w- c:\programme\ESET
2011-12-21 17:23 . 2011-12-28 18:33 -------- d-----w- c:\dokumente und einstellungen\All Users\CyberLink
2011-12-21 16:58 . 2011-12-21 17:03 -------- d-----w- c:\windows\uninstall
2011-12-21 16:23 . 2011-12-21 16:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
2011-12-21 16:23 . 2011-12-21 16:23 -------- d-----w- c:\programme\SmartSound Software
2011-12-21 16:22 . 2011-12-21 16:22 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Startmenü
2011-12-18 15:56 . 2011-12-18 15:56 -------- d-----w- c:\dokumente und einstellungen\Georg Malsam\Lokale Einstellungen\Anwendungsdaten\FILSH_Media_GmbH
2011-12-18 15:56 . 2011-12-18 15:56 -------- d-----w- c:\programme\FILSHtray
2011-12-04 19:36 . 2011-12-04 19:37 -------- d-----w- C:\InDesign CS2 Tryout
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 20:45 . 2005-01-27 08:31 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2011-12-10 14:24 . 2010-07-25 06:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 16:17 . 2011-11-07 20:51 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-23 14:40 . 2005-01-27 03:59 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 06:51 . 2011-05-18 15:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2005-01-27 03:59 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2005-01-27 03:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2005-01-27 03:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-01-27 03:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-01-27 03:59 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-01-27 03:59 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-04 00:50 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2004-08-04 00:50 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-19 15:56 . 2011-11-07 20:51 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 15:56 . 2011-11-07 20:51 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-18 11:13 . 2005-01-27 03:59 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-01-26 20:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-12 07:13 . 2011-04-06 10:35 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-11-09 17049736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 344064]
"Dit"="Dit.exe" [2004-07-20 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"Keyboard Status"="c:\progra~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 411648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2005-02-21 118926]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"phc700"="c:\windows\vphc700.exe" [2005-07-20 339968]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"UVS10 Preload"="c:\programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="f:\quicktime\qttask.exe" [2011-10-24 421888]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"FILSHtray"="c:\programme\FILSHtray\FILSHtray.exe" [2011-12-16 596992]
"UpdatePDRShortCut"="f:\cyberlink\PowerDirector10\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"TrayServer"="f:\magix\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe" [2008-08-07 90112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Georg Malsam\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BlueSoleil.lnk - c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-2-21 1048576]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-4-29 65588]
TrayMin700.exe.lnk - c:\programme\Philips\SPC 700NC PC Camera\TrayMin700.exe [2011-3-15 278528]
VideoCam Suite.lnk - c:\programme\Gemeinsame Dateien\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-2-19 349600]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"f:\\Programme\\TRNY2\\NYT2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Programme\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Dokumente und Einstellungen\\Georg Malsam\\Lokale Einstellungen\\Anwendungsdaten\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [07.11.2011 21:51 36000]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27.07.2007 09:13 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27.07.2007 11:46 251680]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [07.11.2011 21:51 86224]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [24.05.2011 10:33 1840128]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [14.02.2005 19:51 666368]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [27.01.2005 07:37 1272000]
R3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [15.03.2011 07:52 541568]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [27.01.2005 09:37 19928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.02.2011 10:15 136176]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [27.01.2005 09:31 17408]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [26.04.2011 13:54 2702848]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [12.02.2011 10:15 136176]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [22.04.2004 10:38 2432]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [29.07.2011 08:19 1521544]
S3 Synnetdrv;SynchronEyes network Service;c:\windows\system32\DRIVERS\Synnetdrv.sys --> c:\windows\system32\DRIVERS\Synnetdrv.sys [?]
S3 SynnetdrvMP;SynnetdrvMP;c:\windows\system32\DRIVERS\Synnetdrv.sys --> c:\windows\system32\DRIVERS\Synnetdrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 76391944
*Deregistered* - 76391944
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8ea12e10ab68.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-02-12 09:15]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450094404-4060576230-1036702018-1008Core1cc9186a9965a70.job
- c:\dokumente und einstellungen\Georg Malsam\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-01-20 15:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
Trusted Zone: popcap.com\www
TCP: DhcpNameServer = 62.117.1.25 89.16.129.25
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://cache-static.scoyo.com/LMS/dp/dpLaunchPlugin.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://gamescenter.kabeleins.de/online/online2/insaniquarium/oberongamesloader.cab
FF - ProfilePath - c:\dokumente und einstellungen\Georg Malsam\Anwendungsdaten\Mozilla\Firefox\Profiles\cllljynt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-SolutoService
AddRemove-KeyStat - c:\windows\unin0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-02 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JD-00HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-22
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-01-02 15:20:14
ComboFix-quarantined-files.txt 2012-01-02 14:20
.
Vor Suchlauf: 10 Verzeichnis(se), 21.198.655.488 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 21.616.812.032 Bytes frei
.
- - End Of File - - 2DA30849EED573427C0566CB9A57F34A
|
|
| Themen zu MBAM findet Malware: C:\DelUS.bat - Was tun? |
| administrator, ahnung, anti-malware, autostart, dateien, dateisystem, delus.bat, entfernt, explorer, fund, gelöscht, guten, heuristiks/extra, heuristiks/shuriken, komplett, logdatei, malware, malwarebytes, malwarebytes anti-malware, mbam, quarantäne, scan, seite, service, service pack 3, speicher, version, virus, was tun?, windows xp |
Hybrid-Darstellung
