| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50 Euro VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.01.2012, 19:34
| #16 |
 |  50 Euro Virus oh, entschuldige, hab dich missverstanden  hier der Log nach dem Neustart : Code:
ATTFilter 19:31:47.0562 0356 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:31:47.0609 0356 ============================================================
19:31:47.0609 0356 Current date / time: 2012/01/06 19:31:47.0609
19:31:47.0609 0356 SystemInfo:
19:31:47.0609 0356
19:31:47.0609 0356 OS Version: 5.1.2600 ServicePack: 2.0
19:31:47.0609 0356 Product type: Workstation
19:31:47.0609 0356 ComputerName: FELIX-7EE248200
19:31:47.0609 0356 UserName: Felix
19:31:47.0609 0356 Windows directory: C:\WINDOWS
19:31:47.0609 0356 System windows directory: C:\WINDOWS
19:31:47.0609 0356 Processor architecture: Intel x86
19:31:47.0609 0356 Number of processors: 1
19:31:47.0609 0356 Page size: 0x1000
19:31:47.0609 0356 Boot type: Normal boot
19:31:47.0609 0356 ============================================================
19:31:48.0015 0356 Initialize success
19:31:51.0109 3900 ============================================================
19:31:51.0109 3900 Scan started
19:31:51.0109 3900 Mode: Manual;
19:31:51.0109 3900 ============================================================
19:31:51.0421 3900 94072070 - ok
19:31:51.0468 3900 Abiosdsk - ok
19:31:51.0562 3900 abp480n5 - ok
19:31:51.0796 3900 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:31:51.0796 3900 ACPI - ok
19:31:51.0968 3900 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:31:51.0968 3900 ACPIEC - ok
19:31:51.0984 3900 adpu160m - ok
19:31:52.0062 3900 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
19:31:52.0078 3900 aec - ok
19:31:52.0171 3900 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
19:31:52.0187 3900 Afc - ok
19:31:52.0250 3900 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
19:31:52.0265 3900 AFD - ok
19:31:52.0328 3900 Aha154x - ok
19:31:52.0359 3900 aic78u2 - ok
19:31:52.0390 3900 aic78xx - ok
19:31:52.0421 3900 AliIde - ok
19:31:52.0515 3900 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:31:52.0625 3900 Ambfilt - ok
19:31:52.0671 3900 amsint - ok
19:31:52.0750 3900 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:31:52.0765 3900 Arp1394 - ok
19:31:52.0781 3900 asc - ok
19:31:52.0812 3900 asc3350p - ok
19:31:52.0828 3900 asc3550 - ok
19:31:52.0875 3900 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:31:52.0890 3900 AsyncMac - ok
19:31:52.0921 3900 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:31:52.0937 3900 atapi - ok
19:31:53.0000 3900 Atdisk - ok
19:31:53.0062 3900 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:31:53.0062 3900 Atmarpc - ok
19:31:53.0125 3900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:31:53.0125 3900 audstub - ok
19:31:53.0140 3900 Scan interrupted by user!
19:31:53.0140 3900 Scan interrupted by user!
19:31:53.0140 3900 Scan interrupted by user!
19:31:53.0140 3900 ============================================================
19:31:53.0140 3900 Scan finished
19:31:53.0140 3900 ============================================================
19:31:53.0140 3608 Detected object count: 0
19:31:53.0140 3608 Actual detected object count: 0
19:31:56.0843 1764 ============================================================
19:31:56.0843 1764 Scan started
19:31:56.0843 1764 Mode: Manual; SigCheck; TDLFS;
19:31:56.0843 1764 ============================================================
19:31:57.0062 1764 94072070 - ok
19:31:57.0093 1764 Abiosdsk - ok
19:31:57.0109 1764 abp480n5 - ok
19:31:57.0156 1764 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:31:58.0359 1764 ACPI - ok
19:31:58.0453 1764 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:31:58.0593 1764 ACPIEC - ok
19:31:58.0656 1764 adpu160m - ok
19:31:58.0828 1764 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
19:31:59.0171 1764 aec - ok
19:31:59.0359 1764 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
19:31:59.0390 1764 Afc ( UnsignedFile.Multi.Generic ) - warning
19:31:59.0390 1764 Afc - detected UnsignedFile.Multi.Generic (1)
19:31:59.0500 1764 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
19:31:59.0546 1764 AFD - ok
19:31:59.0687 1764 Aha154x - ok
19:31:59.0750 1764 aic78u2 - ok
19:31:59.0812 1764 aic78xx - ok
19:31:59.0890 1764 AliIde - ok
19:32:00.0109 1764 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:32:00.0406 1764 Ambfilt - ok
19:32:00.0515 1764 amsint - ok
19:32:00.0562 1764 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:32:00.0687 1764 Arp1394 - ok
19:32:00.0765 1764 asc - ok
19:32:00.0796 1764 asc3350p - ok
19:32:00.0812 1764 asc3550 - ok
19:32:00.0859 1764 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:32:01.0000 1764 AsyncMac - ok
19:32:01.0093 1764 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:32:01.0234 1764 atapi - ok
19:32:01.0296 1764 Atdisk - ok
19:32:01.0359 1764 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:32:01.0484 1764 Atmarpc - ok
19:32:01.0546 1764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:32:01.0687 1764 audstub - ok
19:32:01.0765 1764 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
19:32:01.0781 1764 avgio - ok
19:32:01.0875 1764 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:32:01.0890 1764 avgntflt - ok
19:32:01.0921 1764 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:32:01.0953 1764 avipbb - ok
19:32:01.0984 1764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:32:02.0140 1764 Beep - ok
19:32:02.0296 1764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:32:02.0453 1764 cbidf2k - ok
19:32:02.0500 1764 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:32:02.0625 1764 CCDECODE - ok
19:32:02.0703 1764 cd20xrnt - ok
19:32:02.0750 1764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:32:02.0875 1764 Cdaudio - ok
19:32:02.0921 1764 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:32:03.0046 1764 Cdfs - ok
19:32:03.0140 1764 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:32:03.0265 1764 Cdrom - ok
19:32:03.0265 1764 Changer - ok
19:32:03.0312 1764 CmdIde - ok
19:32:03.0343 1764 Cpqarray - ok
19:32:03.0375 1764 dac2w2k - ok
19:32:03.0390 1764 dac960nt - ok
19:32:03.0437 1764 Defrag32 (573ac4974e59a28ac5815bf56d59822c) C:\WINDOWS\system32\drivers\Defrag32.sys
19:32:03.0453 1764 Defrag32 - ok
19:32:03.0515 1764 Defrag32b (739fd63e6ac4f3940ada9b31b8b5de14) C:\WINDOWS\system32\drivers\Defrag32b.sys
19:32:03.0531 1764 Defrag32b - ok
19:32:03.0593 1764 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:32:03.0734 1764 Disk - ok
19:32:03.0843 1764 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
19:32:04.0046 1764 dmboot - ok
19:32:04.0109 1764 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
19:32:04.0265 1764 dmio - ok
19:32:04.0328 1764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:32:04.0453 1764 dmload - ok
19:32:04.0531 1764 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:32:04.0656 1764 DMusic - ok
19:32:04.0734 1764 dpti2o - ok
19:32:04.0781 1764 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:32:04.0921 1764 drmkaud - ok
19:32:04.0953 1764 EagleNT - ok
19:32:05.0046 1764 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:32:05.0203 1764 Fastfat - ok
19:32:05.0265 1764 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:32:05.0421 1764 Fdc - ok
19:32:05.0468 1764 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
19:32:05.0593 1764 Fips - ok
19:32:05.0687 1764 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:32:05.0812 1764 Flpydisk - ok
19:32:05.0937 1764 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:32:06.0265 1764 FltMgr - ok
19:32:06.0375 1764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:32:06.0484 1764 Fs_Rec - ok
19:32:06.0515 1764 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:32:06.0640 1764 Ftdisk - ok
19:32:06.0750 1764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:32:06.0750 1764 GEARAspiWDM - ok
19:32:06.0796 1764 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:32:06.0937 1764 Gpc - ok
19:32:07.0031 1764 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:32:07.0031 1764 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
19:32:07.0031 1764 HDAudBus - detected UnsignedFile.Multi.Generic (1)
19:32:07.0078 1764 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:32:07.0218 1764 hidusb - ok
19:32:07.0312 1764 hpn - ok
19:32:07.0359 1764 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
19:32:07.0421 1764 HTTP - ok
19:32:07.0453 1764 i2omgmt - ok
19:32:07.0468 1764 i2omp - ok
19:32:07.0515 1764 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:32:07.0656 1764 i8042prt - ok
19:32:07.0765 1764 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:32:07.0890 1764 Imapi - ok
19:32:07.0906 1764 ini910u - ok
19:32:08.0078 1764 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:32:08.0625 1764 IntcAzAudAddService - ok
19:32:08.0718 1764 IntelIde - ok
19:32:08.0750 1764 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:32:08.0890 1764 Ip6Fw - ok
19:32:08.0984 1764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:32:09.0125 1764 IpFilterDriver - ok
19:32:09.0218 1764 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:32:09.0359 1764 IpInIp - ok
19:32:09.0390 1764 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:32:09.0750 1764 IpNat - ok
19:32:09.0859 1764 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:32:09.0968 1764 IPSec - ok
19:32:10.0015 1764 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:32:10.0109 1764 IRENUM - ok
19:32:10.0218 1764 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:32:10.0343 1764 isapnp - ok
19:32:10.0406 1764 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:32:10.0531 1764 Kbdclass - ok
19:32:10.0593 1764 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:32:10.0718 1764 kbdhid - ok
19:32:10.0796 1764 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
19:32:11.0171 1764 kmixer - ok
19:32:11.0234 1764 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
19:32:11.0281 1764 KSecDD - ok
19:32:11.0359 1764 lbrtfdc - ok
19:32:11.0406 1764 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
19:32:11.0437 1764 massfilter - ok
19:32:11.0500 1764 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:32:11.0515 1764 MBAMProtector - ok
19:32:11.0578 1764 MBAMSwissArmy - ok
19:32:11.0625 1764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:32:11.0765 1764 mnmdd - ok
19:32:11.0843 1764 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
19:32:11.0984 1764 Modem - ok
19:32:12.0078 1764 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
19:32:12.0265 1764 Monfilt - ok
19:32:12.0359 1764 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:32:12.0484 1764 Mouclass - ok
19:32:12.0562 1764 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:32:12.0671 1764 mouhid - ok
19:32:12.0734 1764 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:32:12.0875 1764 MountMgr - ok
19:32:12.0953 1764 mraid35x - ok
19:32:13.0000 1764 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:32:13.0406 1764 MRxDAV - ok
19:32:13.0531 1764 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:32:13.0609 1764 MRxSmb - ok
19:32:13.0656 1764 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:32:13.0796 1764 Msfs - ok
19:32:13.0921 1764 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:32:14.0031 1764 MSKSSRV - ok
19:32:14.0062 1764 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:32:14.0187 1764 MSPCLOCK - ok
19:32:14.0296 1764 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:32:14.0406 1764 MSPQM - ok
19:32:14.0468 1764 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:32:14.0578 1764 mssmbios - ok
19:32:14.0718 1764 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
19:32:14.0843 1764 MSTEE - ok
19:32:14.0906 1764 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:32:15.0046 1764 Mup - ok
19:32:15.0156 1764 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:32:15.0265 1764 NABTSFEC - ok
19:32:15.0312 1764 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:32:15.0453 1764 NDIS - ok
19:32:15.0468 1764 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:32:15.0593 1764 NdisIP - ok
19:32:15.0687 1764 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:32:15.0812 1764 NdisTapi - ok
19:32:15.0859 1764 Ndisuio (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:32:16.0203 1764 Ndisuio - ok
19:32:16.0296 1764 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:32:16.0406 1764 NdisWan - ok
19:32:16.0484 1764 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:32:16.0609 1764 NDProxy - ok
19:32:16.0671 1764 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:32:16.0796 1764 NetBIOS - ok
19:32:16.0843 1764 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:32:16.0984 1764 NetBT - ok
19:32:17.0109 1764 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:32:17.0218 1764 NIC1394 - ok
19:32:17.0250 1764 NIOC (660afb141d2b66d46bbce3d0167e693b) C:\WINDOWS\system32\NIOC.SYS
19:32:17.0281 1764 NIOC ( UnsignedFile.Multi.Generic ) - warning
19:32:17.0281 1764 NIOC - detected UnsignedFile.Multi.Generic (1)
19:32:17.0390 1764 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:32:17.0515 1764 Npfs - ok
19:32:17.0562 1764 Ntfs (05ab81909514bfd69cbb1f2c147cf6b9) C:\WINDOWS\system32\drivers\Ntfs.sys
19:32:17.0984 1764 Ntfs - ok
19:32:18.0078 1764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:32:18.0187 1764 Null - ok
19:32:18.0437 1764 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:32:19.0156 1764 nv - ok
19:32:19.0265 1764 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
19:32:19.0296 1764 nvata - ok
19:32:19.0343 1764 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:32:19.0375 1764 NVENETFD - ok
19:32:19.0421 1764 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:32:19.0468 1764 nvnetbus - ok
19:32:19.0562 1764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:32:19.0687 1764 NwlnkFlt - ok
19:32:19.0734 1764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:32:19.0843 1764 NwlnkFwd - ok
19:32:19.0937 1764 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:32:20.0296 1764 ohci1394 - ok
19:32:20.0406 1764 ovt530 (71cffb1e06aa8978a7b4a346c191f8ba) C:\WINDOWS\system32\Drivers\ov530vid.sys
19:32:20.0421 1764 ovt530 ( UnsignedFile.Multi.Generic ) - warning
19:32:20.0421 1764 ovt530 - detected UnsignedFile.Multi.Generic (1)
19:32:20.0484 1764 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
19:32:20.0609 1764 Parport - ok
19:32:20.0703 1764 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:32:20.0828 1764 PartMgr - ok
19:32:20.0859 1764 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:32:20.0984 1764 ParVdm - ok
19:32:21.0062 1764 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
19:32:21.0187 1764 PCI - ok
19:32:21.0281 1764 PCIDump - ok
19:32:21.0328 1764 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:32:21.0453 1764 PCIIde - ok
19:32:21.0546 1764 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:32:21.0671 1764 Pcmcia - ok
19:32:21.0750 1764 PDCOMP - ok
19:32:21.0781 1764 PDFRAME - ok
19:32:21.0796 1764 PDRELI - ok
19:32:21.0828 1764 PDRFRAME - ok
19:32:21.0859 1764 perc2 - ok
19:32:21.0875 1764 perc2hib - ok
19:32:21.0953 1764 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:32:22.0078 1764 PptpMiniport - ok
19:32:22.0187 1764 PQNTDrv (590f057b19488420f720bf6423388775) C:\WINDOWS\system32\drivers\PQNTDrv.sys
19:32:22.0187 1764 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
19:32:22.0187 1764 PQNTDrv - detected UnsignedFile.Multi.Generic (1)
19:32:22.0250 1764 PRISM_USB (d5e90cd0e51130e0a1c3fec82684fb7d) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys
19:32:22.0343 1764 PRISM_USB - ok
19:32:22.0437 1764 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
19:32:22.0562 1764 Processor - ok
19:32:22.0687 1764 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:32:22.0796 1764 PSched - ok
19:32:22.0859 1764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:32:22.0984 1764 Ptilink - ok
19:32:23.0031 1764 ql1080 - ok
19:32:23.0046 1764 Ql10wnt - ok
19:32:23.0078 1764 ql12160 - ok
19:32:23.0093 1764 ql1240 - ok
19:32:23.0125 1764 ql1280 - ok
19:32:23.0156 1764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:32:23.0296 1764 RasAcd - ok
19:32:23.0390 1764 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:32:23.0531 1764 Rasl2tp - ok
19:32:23.0625 1764 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:32:23.0734 1764 RasPppoe - ok
19:32:23.0781 1764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:32:23.0921 1764 Raspti - ok
19:32:24.0015 1764 Rdbss (ed375ce745c42a14f10753f7022ecd6a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:32:24.0406 1764 Rdbss - ok
19:32:24.0500 1764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:32:24.0625 1764 RDPCDD - ok
19:32:24.0671 1764 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:32:24.0812 1764 rdpdr - ok
19:32:24.0906 1764 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
19:32:25.0312 1764 RDPWD - ok
19:32:25.0343 1764 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:32:25.0468 1764 redbook - ok
19:32:25.0546 1764 RT61 (57f390bf7af0f68bb804387cbc3a4f0d) C:\WINDOWS\system32\DRIVERS\RT61.sys
19:32:25.0593 1764 RT61 - ok
19:32:25.0640 1764 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
19:32:25.0656 1764 Scutum50 ( UnsignedFile.Multi.Generic ) - warning
19:32:25.0656 1764 Scutum50 - detected UnsignedFile.Multi.Generic (1)
19:32:25.0734 1764 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:32:26.0109 1764 Secdrv - ok
19:32:26.0171 1764 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:32:26.0281 1764 serenum - ok
19:32:26.0343 1764 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
19:32:26.0453 1764 Serial - ok
19:32:26.0515 1764 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:32:26.0640 1764 Sfloppy - ok
19:32:26.0718 1764 Simbad - ok
19:32:26.0781 1764 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:32:26.0906 1764 SLIP - ok
19:32:27.0000 1764 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:32:27.0109 1764 SONYPVU1 - ok
19:32:27.0140 1764 Sparrow - ok
19:32:27.0187 1764 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
19:32:27.0562 1764 splitter - ok
19:32:27.0671 1764 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
19:32:27.0750 1764 sr - ok
19:32:27.0812 1764 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
19:32:27.0890 1764 Srv - ok
19:32:27.0968 1764 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:32:27.0968 1764 ssmdrv - ok
19:32:28.0046 1764 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
19:32:28.0046 1764 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:32:28.0046 1764 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:32:28.0078 1764 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:32:28.0203 1764 streamip - ok
19:32:28.0281 1764 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:32:28.0406 1764 swenum - ok
19:32:28.0484 1764 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:32:28.0593 1764 swmidi - ok
19:32:28.0640 1764 symc810 - ok
19:32:28.0671 1764 symc8xx - ok
19:32:28.0718 1764 sym_hi - ok
19:32:28.0750 1764 sym_u3 - ok
19:32:28.0796 1764 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:32:28.0921 1764 sysaudio - ok
19:32:29.0046 1764 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:32:29.0125 1764 Tcpip - ok
19:32:29.0171 1764 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:32:29.0296 1764 TDPIPE - ok
19:32:29.0375 1764 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:32:29.0500 1764 TDTCP - ok
19:32:29.0562 1764 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:32:29.0687 1764 TermDD - ok
19:32:29.0750 1764 TosIde - ok
19:32:29.0812 1764 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:32:29.0937 1764 Udfs - ok
19:32:30.0015 1764 ultra - ok
19:32:30.0062 1764 Update (1f03139b77b21c6d84c688798808bc28) C:\WINDOWS\system32\DRIVERS\update.sys
19:32:30.0484 1764 Update - ok
19:32:30.0578 1764 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:32:30.0625 1764 USBAAPL - ok
19:32:30.0781 1764 usbaudio (2f005eb50645d537fff23b472691c269) C:\WINDOWS\system32\drivers\usbaudio.sys
19:32:31.0203 1764 usbaudio - ok
19:32:31.0328 1764 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:32:31.0453 1764 usbccgp - ok
19:32:31.0515 1764 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:32:31.0890 1764 usbehci - ok
19:32:32.0046 1764 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:32:32.0437 1764 usbhub - ok
19:32:32.0609 1764 usbohci (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:32:32.0984 1764 usbohci - ok
19:32:33.0093 1764 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:32:33.0234 1764 usbscan - ok
19:32:33.0343 1764 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:32:33.0468 1764 USBSTOR - ok
19:32:33.0515 1764 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:32:33.0625 1764 VgaSave - ok
19:32:33.0687 1764 ViaIde - ok
19:32:33.0750 1764 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
19:32:33.0875 1764 VolSnap - ok
19:32:33.0968 1764 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:32:34.0078 1764 Wanarp - ok
19:32:34.0125 1764 WDICA - ok
19:32:34.0203 1764 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
19:32:34.0593 1764 wdmaud - ok
19:32:34.0718 1764 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:32:34.0843 1764 WSTCODEC - ok
19:32:34.0921 1764 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:32:34.0937 1764 WudfPf ( UnsignedFile.Multi.Generic ) - warning
19:32:34.0937 1764 WudfPf - detected UnsignedFile.Multi.Generic (1)
19:32:35.0000 1764 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:32:35.0031 1764 WudfRd ( UnsignedFile.Multi.Generic ) - warning
19:32:35.0031 1764 WudfRd - detected UnsignedFile.Multi.Generic (1)
19:32:35.0093 1764 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
19:32:35.0156 1764 ZTEusbmdm6k - ok
19:32:35.0328 1764 ZTEusbnet (9862f9d2ff50ae748ed42c022e6aac15) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
19:32:35.0406 1764 ZTEusbnet - ok
19:32:35.0484 1764 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
19:32:35.0531 1764 ZTEusbnmea - ok
19:32:35.0578 1764 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
19:32:35.0609 1764 ZTEusbser6k - ok
19:32:35.0687 1764 ZTEusbvoice (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
19:32:35.0703 1764 ZTEusbvoice - ok
19:32:35.0734 1764 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
19:32:35.0921 1764 \Device\Harddisk0\DR0 - ok
19:32:35.0921 1764 Boot (0x1200) (40bcd8e6f2f0139cb678b33a81b69c9d) \Device\Harddisk0\DR0\Partition0
19:32:35.0921 1764 \Device\Harddisk0\DR0\Partition0 - ok
19:32:35.0937 1764 Boot (0x1200) (3f699c253e720bf1c133bf5c8677d004) \Device\Harddisk0\DR0\Partition1
19:32:35.0937 1764 \Device\Harddisk0\DR0\Partition1 - ok
19:32:35.0968 1764 Boot (0x1200) (da1a02adade8306271a083cd40b32b7c) \Device\Harddisk0\DR0\Partition2
19:32:35.0968 1764 \Device\Harddisk0\DR0\Partition2 - ok
19:32:35.0968 1764 ============================================================
19:32:35.0968 1764 Scan finished
19:32:35.0968 1764 ============================================================
19:32:36.0078 1604 Detected object count: 9
19:32:36.0078 1604 Actual detected object count: 9
19:32:38.0984 1604 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604 NIOC ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 NIOC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604 ovt530 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 ovt530 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604 Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0000 1604 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0000 1604 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
 |
|
06.01.2012, 19:46
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 50 Euro Virus Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
06.01.2012, 20:19
| #18 |
| | 50 Euro Virus ComboFix-Text :
__________________Combofix Logfile: Code:
ATTFilter ComboFix 12-01-06.01 - Felix 06.01.2012 201035.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.552 [GMT 100]
ausgeführt von cdokumente und einstellungenFelixDesktopComboFix.exe
AV AntiVir Desktop DisabledUpdated {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
cdokumente und einstellungenFelixWINDOWS
ddownloadsCT2776682_BrotherSoft_Extreme.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-06 bis 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-05 2133 . 2012-01-05 2133 -------- d-----w- C_OTL
2012-01-04 1821 . 2012-01-04 1821 -------- d-----w- cprogrammeESET
2012-01-03 2031 . 2012-01-03 2031 -------- d-----w- cdokumente und einstellungenFelixAnwendungsdatenMalwarebytes
2012-01-03 2031 . 2012-01-03 2031 -------- d-----w- cdokumente und einstellungenAll UsersAnwendungsdatenMalwarebytes
2012-01-03 2031 . 2011-12-10 1424 20464 ----a-w- cwindowssystem32driversmbam.sys
2012-01-03 2027 . 2012-01-03 2027 -------- d-----w- cdokumente und einstellungenFelixAnwendungsdatenFree Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . cwindowsSoftwareDistributionDownloada746b2abbbec3e139e29152ba22decd1usp10.dll
[-] 2008-01-12 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . cwindowssystem32usp10.dll
.
[-] 2008-01-12 1928 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . cwindowssystem32mspmsnsv.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
Device Detector=DevDetect.exe -autorun [X]
D-Link Air USB Utility=cprogrammeD-LinkAir USB UtilityAirCFG.exe [2003-07-23 2695168]
avgnt=cprogrammeAviraAntiVir Desktopavgnt.exe [2010-11-10 281768]
NvMediaCenter=cwindowssystem32NvMcTray.dll [2010-04-03 110696]
NvCplDaemon=cwindowssystem32NvCpl.dll [2010-04-03 13670504]
RTHDCPL=RTHDCPL.EXE [2010-03-26 19522592]
MobileConnect=cprogrammeVodafoneVodafone Mobile ConnectBinMobileConnect.exe [2009-04-20 2327552]
SunJavaUpdateSched=cprogrammeGemeinsame DateienJavaJava Updatejusched.exe [2010-05-14 248552]
Adobe Reader Speed Launcher=dprogrammeAdobeReader 9.0ReaderReader_sl.exe [2010-09-23 35760]
Adobe ARM=cprogrammeGemeinsame DateienAdobeARM1.0AdobeARM.exe [2010-09-20 932288]
QuickTime Task=cprogrammeQuickTimeqttask.exe [2010-11-29 421888]
iTunesHelper=dprogrammeiTunesiTunesHelper.exe [2011-04-14 421160]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
CTFMON.EXE=cwindowssystem32CTFMON.EXE [2004-08-04 15360]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
nltide_2=shell32 [X]
nltide_3=advpack.dll [2010-05-04 124928]
.
cdokumente und einstellungenFelixStartmenüProgrammeAutostart
FIFA 10-Registrierung.lnk - dprogrammeEA SPORTSFussball Manager 2004SupportEAregister.exe [2009-9-9 4374800]
Game Alarm.lnk - cgamesGame Alarmgamealarm.exe [2011-1-1 19721728]
OpenOffice.org 3.2.lnk - cprogrammeOpenOffice.org 3programquickstart.exe [2009-12-15 384000]
.
cdokumente und einstellungenAll UsersStartmenüProgrammeAutostart
Image Transfer.lnk - eprogrammeSony CorporationImage TransferSonyTray.exe [2007-8-13 73728]
Ralink Wireless Utility.lnk - cprogrammeRalinkCommonRaUI.exe [2010-5-6 1560576]
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ pdboot.exe0autocheck autochk
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
EnableFirewall= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
%windir%Network Diagnosticxpnetdiag.exe=
%windir%system32sessmgr.exe=
dProgrammeMetin2metin2.bin=
dProgrammeMetin2metin2client.bin=
cProgrammeMessengermsmsgs.exe=
dPES 2010pes2010.exe=
cProgrammeWindows LiveMessengermsnmsgr.exe=
cProgrammeBonjourmDNSResponder.exe=
dProgrammeiTunesiTunes.exe=
.
R2 WZCBDLService;WZCBDL Service;cprogrammeWZCBDL ServiceWZCBDLS.exe [19.03.2002 1115 36864]
R2 AntiVirSchedulerService;Avira AntiVir Planer;cprogrammeAviraAntiVir Desktopsched.exe [06.05.2010 0956 136360]
R2 MBAMService;MBAMService;dtrojaner-board-hilfeMalwarebytes' Anti-Malwarembamservice.exe [03.01.2012 2131 652872]
R2 NIOC;NIOC Service;cwindowssystem32NIOC.sys [27.09.2002 1721 22912]
R2 PDSched;PDScheduler;cprogrammeRaxcoPerfectDiskPDSched.exe [01.06.2006 2006 241731]
R2 Scutum50;Scutum50 NDIS Protocol Driver;cwindowssystem32driversScutum50.sys [06.05.2010 1041 19072]
R2 VMCService;Vodafone Mobile Connect Service;cprogrammeVodafoneVodafone Mobile ConnectBinVMCService.exe [20.04.2009 1620 9216]
R3 MBAMProtector;MBAMProtector;cwindowssystem32driversmbam.sys [03.01.2012 2131 20464]
S3 94072070;94072070; [x]
S3 Ambfilt;Ambfilt;cwindowssystem32driversAmbfilt.sys [06.05.2010 1017 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;cwindowssystem32driversmassfilter.sys [16.09.2010 1925 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;cwindowssystem32driversmbamswissarmy.sys -- cwindowssystem32driversmbamswissarmy.sys []
S3 ovt530;Webcam Classic;cwindowssystem32driversov530vid.sys [08.06.2010 1502 161792]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;cwindowssystem32driversPRISMUSB.sys [06.05.2010 0950 636502]
S3 ZTEusbnet;ZTE USB-NDIS miniport;cwindowssystem32driversZTEusbnet.sys [16.09.2010 1925 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;cwindowssystem32driverszteusbvoice.sys [16.09.2010 1925 105344]
.
--- Andere DiensteTreiber im Speicher ---
.
NewlyCreated - 03942727
Deregistered - 03942727
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = .local
IE Free YouTube to iPhone Converter - cdokumente und einstellungenFelixAnwendungsdatenDVDVideoSoftIEHelpersfreeyoutubetoiphoneconverter.htm
IE Free YouTube to Mp3 Converter - cdokumente und einstellungenFelixAnwendungsdatenDVDVideoSoftIEHelpersfreeyoutubetomp3converter.htm
TCP DhcpNameServer = 192.168.2.1
FF - ProfilePath - cdokumente und einstellungenFelixAnwendungsdatenMozillaFirefoxProfilesbfdh1rq7.default
FF - prefs.js browser.search.defaulturl -
FF - prefs.js browser.search.selectedEngine - Yahoo
FF - prefs.js browser.startup.homepage - www.google.de
FF - Ext Default {972ce4c6-7e08-4474-a285-3208198ce6fd} - dprogrammeMozillaextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext Java Console {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - dprogrammeMozillaextensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext Microsoft .NET Framework Assistant {20a82645-c095-46ed-80e3-08825760534b} - %profile%extensions{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext Microsoft .NET Framework Assistant {20a82645-c095-46ed-80e3-08825760534b} - cwindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
FF - Ext Java Quick Starter jqs@sun.com - cprogrammeJavajre6libdeployjqsff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-QuickStores-Toolbar_is1 - cdokumente und einstellungenFelixAnwendungsdatenQuickStoresToolbarunins000.exe
.
.
.
.
catchme 0.3.1398 W2KXPVista - rootkitstealth malware detector by Gmer, httpwww.gmer.net
Rootkit scan 2012-01-06 2014
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERSS-1-5-21-1292428093-1644491937-725345543-1004SoftwareSecuROMLicense information]
datasecu=hexcb,ed,4f,59,d4,fc,fc,f3,b4,04,cf,a4,84,5d,c2,79,85,83,25,78,0c,
0f,26,86,05,7f,d3,76,e9,43,d1,cf,c4,5d,fa,c1,2d,4f,7a,10,df,d9,e3,44,8d,e1,
rkeysecu=hex83,bb,6c,fe,4c,83,e8,49,6a,69,b7,a2,51,22,83,96
.
Zeit der Fertigstellung 2012-01-06 201547
ComboFix-quarantined-files.txt 2012-01-06 1915
.
Vor Suchlauf 164.737.024 Bytes frei
Nach Suchlauf 171.175.936 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
ccmdconsBOOTSECT.DAT=Microsoft Windows Recovery Console cmdcons
UnsupportedDebug=do not select this debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=Microsoft Windows XP Professional noexecute=optin fastdetect
.
- - End Of File - - 55180116B81B1820C310F67139A541C0
mfG A.Vidal |
|
06.01.2012, 20:22
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus Da stimmt was mit deinem Log nicht. Offensichtlich hast du alle Backslash-Verzeichnistrenner => \ entfernt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 20:27
| #20 |
| | 50 Euro Virus Hmm, ich habe nichts verändert, ich schick nochmal die Textdatei, die automatisch im Ordner "C" gespeichert wurde Combofix Logfile: Code:
ATTFilter ComboFix 12-01-06.01 - Felix 06.01.2012 20:10:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.552 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Felix\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Felix\WINDOWS
d:\downloads\CT2776682_BrotherSoft_Extreme.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-06 bis 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-05 21:33 . 2012-01-05 21:33 -------- d-----w- C:\_OTL
2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\programme\ESET
2012-01-03 20:31 . 2012-01-03 20:31 -------- d-----w- c:\dokumente und einstellungen\Felix\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2012-01-03 20:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 20:27 . 2012-01-03 20:27 -------- d-----w- c:\dokumente und einstellungen\Felix\Anwendungsdaten\Free Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\usp10.dll
[-] 2008-01-12 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . c:\windows\system32\usp10.dll
.
[-] 2008-01-12 19:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"D-Link Air USB Utility"="c:\programme\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
c:\dokumente und einstellungen\Felix\Startmenü\Programme\Autostart\
FIFA 10-Registrierung.lnk - d:\programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe [2009-9-9 4374800]
Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2011-1-1 19721728]
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Image Transfer.lnk - e:\programme\Sony Corporation\Image Transfer\SonyTray.exe [2007-8-13 73728]
Ralink Wireless Utility.lnk - c:\programme\Ralink\Common\RaUI.exe [2010-5-6 1560576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\Metin2\\metin2.bin"=
"d:\\Programme\\Metin2\\metin2client.bin"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\PES 2010\\pes2010.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
.
R?2 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [19.03.2002 11:15 36864]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.05.2010 09:56 136360]
R2 MBAMService;MBAMService;d:\trojaner-board-hilfe\Malwarebytes' Anti-Malware\mbamservice.exe [03.01.2012 21:31 652872]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27.09.2002 17:21 22912]
R2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 20:06 241731]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [06.05.2010 10:41 19072]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 16:20 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.01.2012 21:31 20464]
S3 94072070;94072070; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06.05.2010 10:17 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.09.2010 19:25 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [08.06.2010 15:02 161792]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [06.05.2010 09:50 636502]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [16.09.2010 19:25 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [16.09.2010 19:25 105344]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 03942727
*Deregistered* - 03942727
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPhone Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\programme\Mozilla\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-QuickStores-Toolbar_is1 - c:\dokumente und einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 20:14
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1644491937-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:cb,ed,4f,59,d4,fc,fc,f3,b4,04,cf,a4,84,5d,c2,79,85,83,25,78,0c,
0f,26,86,05,7f,d3,76,e9,43,d1,cf,c4,5d,fa,c1,2d,4f,7a,10,df,d9,e3,44,8d,e1,\
"rkeysecu"=hex:83,bb,6c,fe,4c,83,e8,49,6a,69,b7,a2,51,22,83,96
.
Zeit der Fertigstellung: 2012-01-06 20:15:47
ComboFix-quarantined-files.txt 2012-01-06 19:15
.
Vor Suchlauf: 164.737.024 Bytes frei
Nach Suchlauf: 171.175.936 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 55180116B81B1820C310F67139A541C0
mfG A.Vidal |
|
06.01.2012, 20:33
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= -
Driver::
94072070
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> 50 Euro Virus |
|
06.01.2012, 21:34
| #22 |
| | 50 Euro Virus Combofix Logfile: Code:
ATTFilter ComboFix 12-01-06.01 - Felix 06.01.2012 21:20:51.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.517 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Felix\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Felix\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_94072070
-------\Service_94072070
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-06 bis 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-06 20:26 . 2012-01-06 20:26 -------- d-----w- c:\windows\system32\wbem\snmp
2012-01-06 20:26 . 2012-01-06 20:26 -------- d-----w- c:\windows\system32\xircom
2012-01-06 20:26 . 2012-01-06 20:26 -------- d-----w- c:\programme\microsoft frontpage
2012-01-05 21:33 . 2012-01-05 21:33 -------- d-----w- C:\_OTL
2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\programme\ESET
2012-01-03 20:31 . 2012-01-03 20:31 -------- d-----w- c:\dokumente und einstellungen\Felix\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2012-01-03 20:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 20:27 . 2012-01-03 20:27 -------- d-----w- c:\dokumente und einstellungen\Felix\Anwendungsdaten\Free Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\usp10.dll
[-] 2008-01-12 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . c:\windows\system32\usp10.dll
.
[-] 2008-01-12 19:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"D-Link Air USB Utility"="c:\programme\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
c:\dokumente und einstellungen\Felix\Startmenü\Programme\Autostart\
FIFA 10-Registrierung.lnk - d:\programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe [2009-9-9 4374800]
Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2011-1-1 19721728]
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Image Transfer.lnk - e:\programme\Sony Corporation\Image Transfer\SonyTray.exe [2007-8-13 73728]
Ralink Wireless Utility.lnk - c:\programme\Ralink\Common\RaUI.exe [2010-5-6 1560576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\Metin2\\metin2.bin"=
"d:\\Programme\\Metin2\\metin2client.bin"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\PES 2010\\pes2010.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.05.2010 09:56 136360]
R2 MBAMService;MBAMService;d:\trojaner-board-hilfe\Malwarebytes' Anti-Malware\mbamservice.exe [03.01.2012 21:31 652872]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27.09.2002 17:21 22912]
R2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 20:06 241731]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [06.05.2010 10:41 19072]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 16:20 9216]
R2 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [19.03.2002 11:15 36864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.01.2012 21:31 20464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06.05.2010 10:17 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.09.2010 19:25 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [08.06.2010 15:02 161792]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [06.05.2010 09:50 636502]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [16.09.2010 19:25 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [16.09.2010 19:25 105344]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPhone Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\programme\Mozilla\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 21:28
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3764)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
d:\programme\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\games\Game Alarm\Updater.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
e:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Ralink\Common\RaRegistry.exe
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-06 21:30:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-06 20:30
ComboFix2.txt 2012-01-06 19:15
.
Vor Suchlauf: 171.651.072 Bytes frei
Nach Suchlauf: 112.922.624 Bytes frei
.
- - End Of File - - CC3E72FF5856BFBF5E27C4A4A5DD538D
mfG A.Vidal |
|
06.01.2012, 21:53
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 22:48
| #24 |
| | 50 Euro Virus OSAM : OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:01:02 on 06.01.2012 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.21256 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\pdboot.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys "Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\Felix\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys "NIOC Service" (NIOC) - "D-Link Corporation" - C:\WINDOWS\system32\NIOC.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "Scutum50 NDIS Protocol Driver" (Scutum50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\Scutum50.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "Webcam Classic" (ovt530) - "OmniVision Technologies, Inc." - C:\WINDOWS\System32\Drivers\ov530vid.sys "Windows Driver Foundation - User-mode Driver Framework Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WudfPf.sys "Windows Driver Foundation - User-mode Driver Framework Reflector" (WudfRd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wudfrd.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshserviceobj.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Image Transfer.lnk" - ? - E:\Programme\Sony Corporation\Image Transfer\SonyTray.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\Ralink\Common\RaUI.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\desktop.ini "FIFA 10-Registrierung.lnk" - "Leader Technologies" - D:\Programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe (Shortcut exists | File exists) "Game Alarm.lnk" - "Europe Support Ltd. N.V." - C:\Games\Game Alarm\gamealarm.exe (Shortcut exists | File exists) "OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "D-Link Air USB Utility" - "D-Link" - C:\Programme\D-Link\Air USB Utility\AirCFG.exe "Device Detector" - ? - DevDetect.exe -autorun (File not found) "iTunesHelper" - "Apple Inc." - "D:\Programme\iTunes\iTunesHelper.exe" "MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Trojaner-Board-Hilfe\Malwarebytes' Anti-Malware\mbamservice.exe "NMSAccess" (NMSAccess) - ? - E:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe "PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe "Portable Media Serial Number Service" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\mspmsnsv.dll "Ralink Registry Writer" (RalinkRegistryWriter) - "Ralink Technology, Corp." - C:\Programme\Ralink\Common\RaRegistry.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Driver Foundation - User-mode Driver Framework" (WudfSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\WUDFSvc.dll "Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe "Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WZCBDL Service" (WZCBDLService) - "D-Link" - C:\Programme\WZCBDL Service\WZCBDLS.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/CODE] GMER : GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-06 22:23:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\00000066 Maxtor_6V160E0 rev.VA111900
Running: gmer.exe; Driver: C:\DOKUME~1\Felix\LOKALE~1\Temp\pgacraow.sys
---- System - GMER 1.0.15 ----
SSDT EEDF57D4 ZwClose
SSDT EEDF578E ZwCreateKey
SSDT EEDF57DE ZwCreateSection
SSDT EEDF5784 ZwCreateThread
SSDT EEDF5793 ZwDeleteKey
SSDT EEDF579D ZwDeleteValueKey
SSDT EEDF57CF ZwDuplicateObject
SSDT EEDF57A2 ZwLoadKey
SSDT EEDF5770 ZwOpenProcess
SSDT EEDF5775 ZwOpenThread
SSDT EEDF57AC ZwReplaceKey
SSDT EEDF57A7 ZwRestoreKey
SSDT EEDF57E3 ZwSetContextThread
SSDT EEDF5798 ZwSetValueKey
SSDT EEDF577F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4464380, 0x566445, 0xE8000020]
? C:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- EOF - GMER 1.0.15 ----
aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 22:28:34
-----------------------------
22:28:34.156 OS Version: Windows 5.1.2600 Service Pack 2
22:28:34.156 Number of processors: 1 586 0x5F02
22:28:34.156 ComputerName: FELIX-7EE248200 UserName: Felix
22:28:34.468 Initialize success
22:31:07.468 AVAST engine defs: 12010601
22:31:22.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
22:31:22.812 Disk 0 Vendor: Maxtor_6V160E0 VA111900 Size: 152626MB BusType: 3
22:31:22.812 Disk 0 MBR read successfully
22:31:22.812 Disk 0 MBR scan
22:31:22.875 Disk 0 Windows XP default MBR code
22:31:22.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10001 MB offset 63
22:31:22.906 Disk 0 Partition - 00 0F Extended LBA 71006 MB offset 20482875
22:31:22.921 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 71617 MB offset 165903255
22:31:22.937 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71006 MB offset 20482938
22:31:22.937 Disk 0 scanning sectors +312576705
22:31:23.000 Disk 0 scanning C:\WINDOWS\system32\drivers
22:31:40.593 Service scanning
22:31:42.359 Modules scanning
22:31:59.000 Disk 0 trace - called modules:
22:31:59.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
22:31:59.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8678dab8]
22:31:59.015 3 CLASSPNP.SYS[f763d05b] -> nt!IofCallDriver -> \Device\00000067[0x867ab268]
22:31:59.015 5 ACPI.sys[f74b2620] -> nt!IofCallDriver -> \Device\00000066[0x866f9030]
22:31:59.265 AVAST engine scan C:\WINDOWS
22:32:14.796 AVAST engine scan C:\WINDOWS\system32
22:37:15.328 AVAST engine scan C:\WINDOWS\system32\drivers
22:37:40.593 AVAST engine scan C:\Dokumente und Einstellungen\Felix
22:42:44.406 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:43:13.953 Scan finished successfully
22:45:53.562 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Felix\Desktop\MBR.dat"
22:45:53.562 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Felix\Desktop\aswMBR.txt"
|
|
06.01.2012, 23:19
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 13:50
| #26 |
| | 50 Euro Virus Der Scann mit SUPERAntiSpyware hat leider nicht funktioniert, die anderen beiden aber doch, hier die logs : malewarebytes-log : Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.06.05 Windows XP Service Pack 2 x86 NTFS Internet Explorer 7.0.5730.13 Felix :: FELIX-7EE248200 [administrator] Protection: Disabled 06.01.2012 23:23:42 mbam-log-2012-01-06 (23-23-42).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238637 Time elapsed: 50 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=7.00.6000.21256 (vista_ldr.100414-0533)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f6f5bce04eb1e244850d733064802690
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 11:02:20
# local_time=2012-01-07 12:02:20 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775125 100 93 545675 62462670 154973 0
# compatibility_mode=8192 67108863 100 0 228149 228149 0 0
# scanned=80547
# found=13
# cleaned=0
# scan_time=8325
C:\_OTL\MovedFiles\01052012_223350\C_Programme\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
D:\Mp3 to WMA Converter.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\Programme\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
D:\Programme\msn messenger.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
D:\Programme\Setup19_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
|
|
07.01.2012, 16:00
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus Ein paar Adware Funde und isolierte Schädling im Q-Ordner von OTL. SASW fehlt noch
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 19:48
| #28 | |
| | 50 Euro VirusZitat:
wie gesagt, SASW funktioniert irgendwie nicht, ich weiss nicht wieso, habe die Anleitung genau befolgt. du meintest, dass ich meinen IE updaten sollte und mir das SP3 runterladen soll, könntest du mir diesbezüglich eventuell downloadlinks empfehlen ? mfG A.Vidal |
|
07.01.2012, 20:23
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus Das kann meinetwegen alles weg. Was genau an SUPERAntiSpyware funktioniert nicht? Können wir auch später noch versuchen, erstmal Updates für WindowsXP einspieln:
Achte beim Setup des IE8 wieder dadrauf, dass vorher möglichst alle Programme beendet und der Virenscanner deaktiviert wurde. Im Setup selbst bitte nicht an dem Verbesserungsprogramm teilnehmen (oder wie MS das nennt) und auch KEINE Updates über das Setup installieren. Die installieren wir später, ich sag dir dann wie. Melde dich wenn der IE8 drauf ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 50 Euro Virus |
| 0x00000001, 50 euro virus, antivir, avira, bho, bildschirm, bonjour, c:\windows\system32\rundll32.exe, cdburnerxp, conduit, converter, crypto, einstellungen, euro, firefox, format, helper, iexplore.exe, koyote, logfile, metin2, mp3, ntdll.dll, plug-in, realtek, required, rundll, scan, sched.exe, security, security update, software, starten, trojaner-board, udp, version=1.0, virus, vodafone, win32k.sys, windows, windows xp, wma |
Linear-Darstellung
