| |
| |||||||
Log-Analyse und Auswertung: Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder daWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.06.2012, 07:00
| #9 |
 |  Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da Ok, hab es so gemacht, herzlichen Dank für die Erstellung des Skripts! Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named amqfou7s was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amqfou7s deleted successfully.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Program Files\Winload\tbWinl.dll moved successfully.
HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://ecosia.de/" removed from browser.startup.homepage
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
File H:\GSLoader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Folder C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1\ not found.
ADS C:\Program Files\Cake Poker 2.0:MID deleted successfully.
========== FILES ==========
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@ moved successfully.
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U folder moved successfully.
C:\Program Files\Winload folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: Sarah
->Temp folder emptied: 623280781 bytes
->Temporary Internet Files folder emptied: 709230681 bytes
->Java cache emptied: 9337454 bytes
->FireFox cache emptied: 100609457 bytes
->Flash cache emptied: 102856 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18155160 bytes
RecycleBin emptied: 3057363527 bytes
Total Files Cleaned = 4,309.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: postgres
User: Public
User: Sarah
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.47.0 log created on 06122012_075340
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Magnetiseur Hallo, ich habe noch eine andere Frage. Ein USB-Stick ist ziemlich sicher auch infiziert (ist seit einigen Tagen nicht mehr lesbar) und bei zwei anderen ist das auch möglich. Habe versucht, hier im Forum Tipps zu finden, wie ich da vorgehe, bin aber nach wie vor unsicher: Kann/darf ich die jetzt in diesen PC stecken und kann ich sie dann mit Antivir (geht das damit?) überprüfen (oder gibts bessere Programme?). Und kann/darf ich den nicht mehr lesbaren an diesem Rechner gefahrlos formatieren? Wenns dafür schon das genau passende Thema hier im Forum gibt, hab ich es nicht gefunden und wäre sehr dankbar für den Link. Und natürlich - wie gehts jetzt mit dem Rechner weiter? Vielen Dank und viele Grüße, Magnetiseur |
| Themen zu Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da |
| 80000000.@, 800000cb.@, administrator, alternate, anti-malware, antivir, conduit, dateisystem, entfernen, explorer, forum, heuristiks/extra, heuristiks/shuriken, infizierte, live, live security platinum, malwarebyte auswertung, malwarebytes, platinum, plug-in, plötzlich, programm, quarantäne, rechner, rootkit.0access, searchscopes, security, service, speicher, taskhost.exe, thema, trojan.sirefef, trojan.small, version, version=1.0, winload toolbar |
Baum-Darstellung