BKA-Ucash-Virus auf Laptop mit Windows XP SP 3

kluksch · 20.03.2012, 18:50

Also erst mal ein ganz dickes Lob für die schnelle Unterstützung.Bin deinen Anweisungen gefolgt. Hier die OTL.txt :

NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 21:08:09 | 013,095,560 | R--- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\***\MpSetup.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/19 19:02:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/19 19:02:32 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 16:08:52 | 000,156,672 | ---- | M] () -- C:\WINDOWS\System32\0.6424138583905752h7i.exe
[2012/03/18 13:14:28 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/17 21:10:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/17 14:58:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/19 16:09:04 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\0.6424138583905752h7i.exe
[2012/01/16 21:48:14 | 000,000,338 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2011/10/28 21:23:11 | 000,042,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/10/28 21:08:37 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2011/10/28 21:08:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/16 22:34:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2004/04/23 03:29:28 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Extensa.ini
[2004/03/01 16:55:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/01 14:59:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/03/01 14:56:10 | 000,017,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\frmupgr.sys
[2004/03/01 14:56:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btw_ci.dll
[2004/03/01 14:56:08 | 000,051,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwusb.sys
[2004/03/01 14:54:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/01 14:52:33 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/03/01 14:51:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/03/01 14:51:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/03/01 14:45:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/03/01 14:45:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/03/01 14:45:20 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/03/01 14:39:38 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/01 14:39:37 | 001,969,664 | ---- | C] () -- C:\WINDOWS\PQDISK.EXE
[2004/03/01 14:39:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2004/03/01 14:39:37 | 000,000,240 | ---- | C] () -- C:\WINDOWS\PQDISK.INI
[2004/03/01 14:38:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/03/01 14:34:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/01 14:33:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/03/01 14:29:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/01 14:28:54 | 000,178,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,325,808 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980/01/01 00:00:00 | 000,320,408 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,052,668 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,044,242 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/28 21:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\f-secure
[2011/10/28 21:33:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GHISLER
[2012/01/24 17:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011/10/28 21:21:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2011/10/28 21:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2012/01/18 21:37:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2003/06/06 11:33:58 | 000,000,000 | ---D | M] -- C:\I386
[2004/03/01 14:13:28 | 000,000,000 | ---D | M] -- C:\ACERNB
[2011/10/31 20:27:54 | 000,000,000 | -HSD | M] -- C:\FOUND.000
[2011/11/01 22:14:30 | 000,000,000 | -HSD | M] -- C:\FOUND.001
[2004/03/01 14:13:32 | 000,000,000 | ---D | M] -- C:\BOOK
[2004/03/01 14:13:32 | 000,000,000 | ---D | M] -- C:\SYSINFO
[2004/03/01 14:14:16 | 000,000,000 | ---D | M] -- C:\DRV
[2011/11/02 19:17:42 | 000,000,000 | -HSD | M] -- C:\FOUND.002
[2011/11/12 17:08:02 | 000,000,000 | -HSD | M] -- C:\FOUND.003
[2011/11/23 19:47:38 | 000,000,000 | -HSD | M] -- C:\FOUND.004
[2004/03/01 14:13:30 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2004/03/01 14:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2004/03/01 14:35:30 | 000,000,000 | R--D | M] -- C:\Programme
[2004/03/01 14:39:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2004/03/01 14:51:50 | 000,000,000 | ---D | M] -- C:\Program Files
[2004/03/01 14:56:22 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2004/03/01 14:56:26 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2004/03/01 14:56:28 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2004/03/01 14:56:32 | 000,000,000 | ---D | M] -- C:\DOCS
[2004/03/01 16:55:30 | 000,000,000 | -HSD | M] -- C:\Recycled
[2011/10/28 21:33:00 | 000,000,000 | ---D | M] -- C:\totalcmd

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2004/08/04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2011/10/28 22:49:20 | 023,898,261 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2004/08/04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2011/10/28 22:49:20 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/04/02 12:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2004/08/04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2011/10/28 22:49:20 | 023,898,261 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2004/08/04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2011/10/28 22:49:20 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/04/02 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008/04/14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2003/04/02 12:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallKB826939$\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2003/04/02 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003/04/02 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/03/01 14:28:38 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2004/03/01 14:28:38 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/03/01 14:28:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 08:54:44 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/01/21 16:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2011/12/17 20:43:24 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2011/12/18 14:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2008/04/14 04:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 04:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

Invalid Environment Variable: %USERPROFILE%\*.*

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe

< End of report >

So,das ist sie. Du sagtest nochwas von einem zweiten Log? Oder ist das schon in der OTL.txt integriert?Wenn nein,unter welchem Pfad finde ich die Datei?

Vielen Dank für die schnelle und unkomplizierte Hilfe .

BKA-Ucash-Virus auf Laptop mit Windows XP SP 3

Plagegeister aller Art und deren Bekämpfung: BKA-Ucash-Virus auf Laptop mit Windows XP SP 3

BKA-Ucash-Virus auf Laptop mit Windows XP SP 3

Ähnliche Themen: BKA-Ucash-Virus auf Laptop mit Windows XP SP 3