Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Suisa-Virus legt PC lam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.04.2012, 09:52   #1
mritter
 
Suisa-Virus legt PC lam - Standard

Suisa-Virus legt PC lam



Guten Tag allerseits


Ich bin neu hier im Forum und habe folgendes Problem:
Wie schon bei anderen habe ich seit Samstag einen Rechner mit dem Suisa-Virus/Trojaner. Hier im Forum bin ich auch schon auf einen Thread gestossen "SUISA Virus blockiert jeden Windows 7 Modus " der mein Problem behandelt. Komme da aber leider nicht weiter.


1. Suisa-Meldung ist als Vollbild auf dem Bildschirm zu sehen.
2. Via 2. Rechner konnte ich übers Netzwerk auf die infiszierte Kiste zugreifen und entdeckte eine Datei "C:\Users\ws\AppData\Roaming\soundblaster_fx648.exe". Die Datei fand ich in jedem User-Verzeichniss.
3. Datei gelöscht und Rechner neu gebootet.
4. Suisa-Meldung ist nicht mehr aufgetaucht. Jedoch habe ich nun einen schwarzen Bildschirm. Task-Manager kommt jedoch wenn ich mich als Admin anmelde.
5. Ich habe nun gemäss dem oben gefundenen Thread das OTLPE Tool runter geladen, auf CD gebrannt und den PC davon gebootet.
6. Nun habe ich einen Scan gemacht und ein Logfile erhalten.

Kann mir nun jemad mit dem Log weiter helfen? Ich weiss nicht allzuviel damit anzufangen. Ich sehe nur dass einige Registry einträge noch etwas merkwürdig sind.



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/16/2012 9:19:39 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive C: | 2.00 Gb Total Space | 1.65 Gb Free Space | 82.78% Space Free | Partition Type: NTFS
Drive I: | 290.92 Gb Total Space | 244.90 Gb Free Space | 84.18% Space Free | Partition Type: NTFS
Drive J: | 5.16 Gb Total Space | 0.66 Gb Free Space | 12.77% Space Free | Partition Type: NTFS
Drive K: | 996.19 Mb Total Space | 380.48 Mb Free Space | 38.19% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/21 04:34:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/27 05:53:56 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto] -- I:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/01/27 05:53:56 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled] -- I:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/01/27 05:53:56 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/01/27 05:53:56 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/01/27 05:53:54 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto] -- I:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/07 10:05:52 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand] -- I:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/08/20 12:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto] -- I:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/02 11:16:26 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto] -- I:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2010/06/10 06:39:26 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto] -- I:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/05/05 21:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) [Auto] -- I:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2010/04/28 05:39:28 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand] -- I:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2010/03/16 12:37:08 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto] -- I:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/24 07:29:52 | 002,066,968 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/07/24 07:29:38 | 000,174,616 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/03 11:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto] -- I:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/02/21 02:17:16 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\ProgramData\Symantec\Definitions\VirusDefs\20120308.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/21 02:17:16 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\ProgramData\Symantec\Definitions\VirusDefs\20120308.033\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/04 03:01:06 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 03:01:06 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/02/21 03:50:00 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/02/08 02:02:31 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/27 05:54:00 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/01/27 05:53:58 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/01/27 05:53:58 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System] -- I:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/01/27 05:53:58 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/01/27 05:53:56 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled] -- I:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/01/27 05:53:56 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/01/27 05:53:52 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/01/27 05:53:52 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/01/27 05:53:52 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/02 11:16:56 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- I:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/08/02 11:16:46 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot] -- I:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/08/02 11:16:44 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System] -- I:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/08/02 11:16:42 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- I:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2010/03/08 12:31:04 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/10/01 11:15:06 | 000,206,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2009/07/24 07:30:10 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/22 05:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- I:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\dadmin_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\dadmin_ON_I\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\dadmin_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\dadmin_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\mr_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\mr_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\mr_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\ws_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\ws_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\ws_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/02/07 12:29:28 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - I:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - I:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [5kS43ADO0bzprWo]  File not found
O4 - HKLM..\Run: [accrdsub] I:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] I:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ccApp] I:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [File Sanitizer] I:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [picon] I:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKU\mr_ON_I..\Run: [5kS43ADO0bzprWo]  File not found
O4 - HKU\ws_ON_I..\Run: [5kS43ADO0bzprWo]  File not found
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\dadmin_ON_I\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\dadmin_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\dadmin_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\dadmin_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\LocalService_ON_I\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\mr_ON_I\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\mr_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mr_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\mr_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\mr_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\mr_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\mr_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\NetworkService_ON_I\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\systemprofile_ON_I\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\ws_ON_I\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\ws_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ws_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\ws_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\ws_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\ws_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\ws_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab (ActiveWebParts Illustration Viewer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.65.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ritterag.local
O20 - HKLM Winlogon: Shell - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\mr_ON_I Winlogon: Shell - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKU\mr_ON_I Winlogon: UserInit - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKU\ws_ON_I Winlogon: Shell - (C:\Users\ws\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKU\ws_ON_I Winlogon: UserInit - (C:\Users\ws\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - I:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B7DP0lwl-gyOj-zQe1-T8DI-cr3qllv4OfBp} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/12 12:21:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtml.tlb
[2012/04/12 12:21:27 | 001,799,168 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2012/04/12 12:21:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2012/04/12 12:21:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/04/12 12:21:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/04/12 12:21:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jsproxy.dll
[2012/04/12 12:21:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2012/04/12 12:18:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntkrnlpa.exe
[2012/04/12 12:18:56 | 003,913,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntoskrnl.exe
[2010/08/25 13:59:08 | 000,004,096 | ---- | C] ( ) -- I:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/16 02:08:49 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/04/16 01:33:42 | 000,007,605 | ---- | M] () -- I:\Users\dadmin\AppData\Local\Resmon.ResmonCfg
[2012/04/16 01:31:34 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 01:31:34 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 01:29:04 | 000,657,438 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2012/04/16 01:29:04 | 000,618,714 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/04/16 01:29:04 | 000,130,810 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2012/04/16 01:29:04 | 000,107,034 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/04/16 01:24:09 | 2786,521,088 | -HS- | M] () -- I:\hiberfil.sys
[2012/04/13 00:41:06 | 000,002,441 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/02 05:40:15 | 000,000,014 | ---- | M] () -- I:\Windows\hpmssnpjt.ini
[2012/03/29 03:52:55 | 000,001,113 | ---- | M] () -- I:\Users\ws\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
 
========== Files Created - No Company Name ==========
 
[2012/04/16 01:33:42 | 000,007,605 | ---- | C] () -- I:\Users\dadmin\AppData\Local\Resmon.ResmonCfg
[2012/02/22 10:12:07 | 000,000,014 | ---- | C] () -- I:\Windows\hpmssnpjt.ini
[2011/08/30 03:00:19 | 000,001,849 | ---- | C] () -- I:\Users\ws\AppData\Roaming\GhostObjGAFix.xml
[2011/06/20 04:43:15 | 000,033,134 | ---- | C] () -- I:\Users\ws\AppData\Roaming\UserTile.png
[2011/06/07 02:41:22 | 000,252,928 | ---- | C] () -- I:\Windows\System32\DShowRdpFilter.dll
[2011/06/07 02:40:10 | 000,066,048 | ---- | C] () -- I:\Windows\System32\PrintBrmUi.exe
[2011/02/23 05:13:33 | 000,000,011 | ---- | C] () -- I:\Windows\LexDeltaUpd.ini
[2011/02/22 13:15:00 | 000,153,088 | ---- | C] () -- I:\Windows\System32\UNWISE.EXE
[2011/02/22 13:15:00 | 000,028,672 | ---- | C] () -- I:\Windows\System32\hlduinst.exe
[2011/02/22 13:15:00 | 000,006,836 | ---- | C] () -- I:\Windows\System32\UNWISE.INI
[2011/02/08 02:53:51 | 000,116,736 | ---- | C] () -- I:\Windows\System32\qvredmonnt.dll
[2011/02/08 01:58:47 | 001,060,864 | ---- | C] () -- I:\Windows\System32\MFC71.DLL
[2011/02/08 01:45:05 | 000,004,222 | RHS- | C] () -- I:\ProgramData\ntuser.pol
[2011/02/07 21:11:07 | 000,657,438 | ---- | C] () -- I:\Windows\System32\perfh007.dat
[2011/02/07 21:11:07 | 000,295,922 | ---- | C] () -- I:\Windows\System32\perfi007.dat
[2011/02/07 21:11:07 | 000,130,810 | ---- | C] () -- I:\Windows\System32\perfc007.dat
[2011/02/07 21:11:07 | 000,038,104 | ---- | C] () -- I:\Windows\System32\perfd007.dat
[2011/02/07 20:22:04 | 000,134,592 | ---- | C] () -- I:\Windows\System32\igfcg500.bin
[2011/02/07 12:32:45 | 000,003,120 | ---- | C] () -- I:\Windows\System32\drivers\wdfffi.sys
[2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- I:\Windows\System32\igcompkrng500.bin
[2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- I:\Windows\System32\igkrng500.bin
[2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- I:\Windows\System32\igfcg500m.bin
[2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- I:\Windows\System32\GfxUI.exe.config
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- I:\Windows\System32\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- I:\Windows\System32\iglhcp32.dll
[2010/06/10 06:39:28 | 000,000,256 | ---- | C] () -- I:\Windows\System32\DPSCEL.dll.hpsign
[2010/06/10 06:39:26 | 000,000,256 | ---- | C] () -- I:\Windows\System32\DPFPApi.dll.hpsign
[2010/06/10 06:39:26 | 000,000,256 | ---- | C] () -- I:\Windows\System32\DPClback.dll.hpsign
[2010/06/10 06:19:48 | 000,000,256 | ---- | C] () -- I:\Windows\System32\DPFPApiUI.dll.hpsign
[2010/06/10 06:19:06 | 000,000,256 | ---- | C] () -- I:\Windows\System32\DPPassFilter.dll.hpsign
[2010/06/10 06:19:06 | 000,000,256 | ---- | C] () -- I:\Windows\System32\DPCrProv.dll.hpsign
[2010/04/28 05:39:40 | 000,329,272 | ---- | C] () -- I:\Windows\System32\flcdlmsg.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,410,064 | ---- | C] () -- I:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,618,714 | ---- | C] () -- I:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- I:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,034 | ---- | C] () -- I:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- I:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- I:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- I:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- I:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 001,498,564 | ---- | C] () -- I:\Windows\System32\igkrng400.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/02/08 01:35:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2011/02/08 01:35:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2011/02/08 01:35:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2011/02/08 01:35:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2011/02/08 01:35:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2011/02/07 12:30:47 | 000,000,000 | ---D | M] -- I:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}
[2011/11/25 01:31:38 | 000,032,640 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/02/08 02:21:37 | 000,000,000 | -HSD | M] -- I:\$RECYCLE.BIN
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\Documents and Settings
[2011/02/08 01:35:18 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2011/02/08 01:35:58 | 000,000,000 | RHSD | M] -- I:\HP
[2011/02/08 02:12:29 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2012/01/04 02:28:44 | 000,000,000 | R--D | M] -- I:\Program Files
[2011/06/01 02:06:12 | 000,000,000 | ---D | M] -- I:\Program1
[2011/05/31 09:19:01 | 000,000,000 | -H-D | M] -- I:\ProgramData
[2011/02/21 03:56:53 | 000,000,000 | ---D | M] -- I:\ProgramFiles
[2011/02/08 01:35:18 | 000,000,000 | -HSD | M] -- I:\Programme
[2009/07/25 08:54:41 | 000,000,000 | -HSD | M] -- I:\Recovery
[2011/02/08 01:36:34 | 000,000,000 | ---D | M] -- I:\SWSETUP
[2012/04/12 12:18:48 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2011/02/08 01:36:26 | 000,000,000 | -H-D | M] -- I:\system.sav
[2011/02/22 13:09:22 | 000,000,000 | ---D | M] -- I:\totalcmd
[2011/07/22 00:43:33 | 000,000,000 | R--D | M] -- I:\Users
[2012/04/14 00:43:00 | 000,000,000 | ---D | M] -- I:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_dda3f0f09bf1f8b2\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/07 21:17:15 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2011/02/07 21:16:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2011/02/07 21:16:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2011/02/07 21:17:15 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/03 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- I:\SWSETUP\Drivers\MSD\Intel\iaStor.sys
[2010/03/03 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- I:\Windows\System32\drivers\iaStor.sys
[2010/03/03 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- I:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010/03/03 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- I:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/02/07 21:20:31 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- I:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 01:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2011/02/07 21:20:31 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/02/07 21:20:31 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- I:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 01:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2011/02/07 21:20:31 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- I:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- I:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- I:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011/02/07 21:17:15 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2011/02/07 21:17:15 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- I:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- I:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- I:\Windows\system32\fontext.dll
[2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- I:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---


Ich konnte das Problem selber beheben. Die Kiste läuft wieder einwandfrei.
Sobald ich heute Abend Zeit habe, poste ich die Details.

Alt 17.04.2012, 13:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Virus legt PC lam - Standard

Suisa-Virus legt PC lam



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 17.04.2012, 22:17   #3
mritter
 
Suisa-Virus legt PC lam - Standard

Suisa-Virus legt PC lam



Abgesicherter Modus ging nicht. Auch da kam die Suisa-Meldung.

Ich habe folgendes gemacht:

1. download: hxxp://oldtimer.geekstogo.com/OTLPENet.exe
2. Auf CD gebrannt
3. Von CD gebootet
4. OTLPE starten
5. Benutzerdefinierter Scan mit folgendem Code

Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
6. Danach habe ich folgende Fixes definiert:

Code:
ATTFilter
:OTL
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O4 - HKLM..\Run: [accrdsub] I:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKU\mr_ON_I..\Run: [5kS43ADO0bzprWo]  File not found
O4 - HKU\ws_ON_I..\Run: [5kS43ADO0bzprWo]  File not found
O20 - HKLM Winlogon: Shell - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKU\mr_ON_I Winlogon: Shell - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKU\mr_ON_I Winlogon: UserInit - (C:\Users\mr\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKU\ws_ON_I Winlogon: Shell - (C:\Users\ws\AppData\Roaming\soundblaster_fx648.exe) -  File not found
O20 - HKU\ws_ON_I Winlogon: UserInit - (C:\Users\ws\AppData\Roaming\soundblaster_fx648.exe) -  File not found
:Files
C:\Users\ws\AppData\Roaming\soundblaster_fx648.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         
7. PC neu gestartet
8. Anmelden und rechtsklick auf den Desktop, ansicht, symbole einblenden.

Alles wieder da. Läuft einwandfrei.
__________________

Alt 18.04.2012, 13:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Virus legt PC lam - Standard

Suisa-Virus legt PC lam



Wo hast du das Fixlog?
Hast du dir die Zeilen zum Fixen selbst hergeleitet?

Funktioniert der normale Modus wieder uneingeschränkt?
Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.04.2012, 21:04   #5
mritter
 
Suisa-Virus legt PC lam - Standard

Suisa-Virus legt PC lam



Das Fixlöog habe ich mir selber zusammen gebastelt.

Bis jetzt funktioniert alles ohne Probleme.
Ich konnte keine Verschwundenen Ordner oder Startmenüeinträge feststellen.


Alt 18.04.2012, 22:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Virus legt PC lam - Standard

Suisa-Virus legt PC lam



Du solltest das Fixlog posten!
__________________
--> Suisa-Virus legt PC lam

Antwort

Themen zu Suisa-Virus legt PC lam
adobe, antivirus, bho, bildschirm, datei gelöscht, defender, disabletaskmgr, error, explorer, firefox, format, home, kis, launch, logfile, microsoft, netzwerk, neu, nvidia, nvstor.sys, problem, registry, rundll, scan, security, software, suisa otl, suisa virus, symantec, task-manager, version=1.0, winlogon.exe



Ähnliche Themen: Suisa-Virus legt PC lam


  1. Suisa 2.03 Virus durch Windowszurücksetzung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (6)
  2. Suisa Virus sperrt Laptop bei Internetempfang
    Log-Analyse und Auswertung - 06.09.2012 (33)
  3. SUISA Trojaner legt Windows Vista lahm
    Log-Analyse und Auswertung - 04.09.2012 (33)
  4. Virus Suisa auf Windows XP
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (13)
  5. Suisa Virus entfernen (Malwarebytes Log im Post)
    Log-Analyse und Auswertung - 12.07.2012 (8)
  6. Suisa Virus
    Log-Analyse und Auswertung - 06.07.2012 (9)
  7. Suisa Virus legt HP Pavillion dv7 mit Windows7 lahm
    Log-Analyse und Auswertung - 30.06.2012 (7)
  8. SUISA Virus Windows XP Professional eingefahren
    Log-Analyse und Auswertung - 24.06.2012 (1)
  9. Suisa Virus
    Log-Analyse und Auswertung - 15.06.2012 (1)
  10. SUISA VIRUS Windows XP
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (8)
  11. Suisa Virus blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (2)
  12. SUISA-Virus auf Windows Vista
    Log-Analyse und Auswertung - 15.05.2012 (10)
  13. suisa Virus
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (3)
  14. SUISA virus blockiert windows xp
    Plagegeister aller Art und deren Bekämpfung - 01.05.2012 (14)
  15. Suisa virus und reatogo-x-pe error
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (7)
  16. Suisa Virus in Windows 7
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (1)
  17. SUISA Virus blockiert jeden Windows 7 Modus
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (23)

Zum Thema Suisa-Virus legt PC lam - Guten Tag allerseits Ich bin neu hier im Forum und habe folgendes Problem: Wie schon bei anderen habe ich seit Samstag einen Rechner mit dem Suisa-Virus/Trojaner. Hier im Forum bin - Suisa-Virus legt PC lam...
Archiv
Du betrachtest: Suisa-Virus legt PC lam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.