| |
| |||||||
Log-Analyse und Auswertung: Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.TdssWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
13.11.2009, 23:06
| #1 |
 |  Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss Teil 6: Code:
ATTFilter ((((((((((((((((((((((((((((( SnapShot@2009-08-14_13.06.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2006-10-09 14:05 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2006-09-29 11:34 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2006-09-29 11:34 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2006-03-24 12:00 . 2009-06-15 10:43 82944 c:\windows\system32\tlntsess.exe
+ 2006-03-24 12:00 . 2009-06-15 10:43 78848 c:\windows\system32\telnet.exe
- 2006-09-29 11:50 . 2008-07-09 07:37 26488 c:\windows\system32\spupdsvc.exe
+ 2006-09-29 11:50 . 2008-05-06 14:16 26488 c:\windows\system32\spupdsvc.exe
- 2006-10-16 12:11 . 2008-07-08 13:00 18808 c:\windows\system32\spmsg.dll
+ 2006-10-16 12:11 . 2009-05-26 11:40 18808 c:\windows\system32\spmsg.dll
+ 2009-10-03 06:19 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-03 06:19 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 44544 c:\windows\system32\pngfilt.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 44544 c:\windows\system32\pngfilt.dll
- 2006-03-24 12:00 . 2009-04-17 12:47 60920 c:\windows\system32\perfc009.dat
+ 2006-03-24 12:00 . 2009-10-25 08:50 60920 c:\windows\system32\perfc009.dat
- 2006-11-07 20:03 . 2009-06-29 15:55 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 20:03 . 2009-08-29 07:24 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 27648 c:\windows\system32\jsproxy.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 02:26 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 02:26 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2006-03-24 12:00 . 2009-08-29 07:24 44544 c:\windows\system32\iernonce.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 44544 c:\windows\system32\iernonce.dll
- 2006-03-24 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2006-03-24 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 10:58 . 2009-08-29 07:24 63488 c:\windows\system32\icardie.dll
- 2006-10-17 10:58 . 2009-06-29 15:55 63488 c:\windows\system32\icardie.dll
+ 2009-11-10 11:22 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2009-09-02 08:10 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-09-02 08:10 . 2009-03-30 08:33 96104 c:\windows\system32\drivers\avipbb.sys
+ 2009-09-02 08:10 . 2009-02-13 10:29 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2009-09-02 08:10 . 2009-07-28 14:33 55656 c:\windows\system32\drivers\avgntflt.sys
+ 2009-09-02 08:10 . 2009-02-13 10:17 45416 c:\windows\system32\drivers\avgntdd.sys
+ 2006-09-29 11:34 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-09-29 11:34 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-15 10:43 . 2009-06-15 10:43 82944 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-15 10:43 . 2009-06-15 10:43 78848 c:\windows\system32\dllcache\telnet.exe
- 2006-03-24 12:00 . 2009-06-29 15:55 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-05-09 07:29 . 2009-06-29 15:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 07:29 . 2009-08-29 07:24 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-05-09 07:29 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-09 07:29 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-03-24 12:00 . 2009-06-29 15:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-20 16:49 . 2009-06-29 15:55 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 16:49 . 2009-08-29 07:24 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-03-24 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-03-24 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 09:55 . 2009-08-29 07:24 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 09:55 . 2009-06-29 15:55 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-06-29 15:55 . 2009-06-29 15:55 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 15:55 . 2009-08-29 07:24 17408 c:\windows\system32\dllcache\corpol.dll
+ 2006-03-24 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-08-14 13:12 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-08-14 13:12 . 2008-04-14 02:23 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-08-14 13:12 . 2008-04-14 02:22 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-08-14 13:12 . 2008-04-14 02:23 26624 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-08-14 13:12 . 2008-04-14 02:23 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-08-14 13:12 . 2008-04-14 02:23 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-08-14 13:12 . 2008-04-14 02:22 88576 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-08-14 13:12 . 2008-04-14 02:22 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-08-14 13:12 . 2008-04-14 01:58 25216 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-08-14 13:12 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-08-14 13:12 . 2008-04-14 02:22 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-08-14 13:12 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-08-14 13:12 . 2006-03-24 12:00 12160 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-06-10 14:13 . 2009-06-10 14:13 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2006-11-29 16:30 . 2009-11-13 18:56 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2006-11-29 16:30 . 2009-08-14 08:35 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2006-11-29 16:30 . 2009-11-13 18:56 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-29 16:30 . 2009-08-14 08:35 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-29 16:30 . 2009-08-14 08:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-11-29 16:30 . 2009-11-13 18:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-24 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
- 2006-03-24 12:00 . 2008-04-14 02:22 85504 c:\windows\system32\avifil32.dll
+ 2006-03-24 12:00 . 2009-06-10 14:13 85504 c:\windows\system32\avifil32.dll
+ 2006-03-24 12:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2006-03-24 12:00 . 2008-04-14 02:22 58880 c:\windows\system32\atl.dll
+ 2006-03-24 12:00 . 2008-04-14 02:22 48128 c:\windows\system32\arirtje.exe
+ 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-13 18:58 . 2007-04-13 18:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-13 19:30 . 2007-04-13 19:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-29 17:11 . 2009-06-24 10:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-07 16:36 . 2009-06-24 10:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
- 2006-09-29 11:32 . 2007-01-02 14:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2006-09-29 11:32 . 2009-06-23 20:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2006-09-29 11:32 . 2009-06-23 20:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2006-09-29 11:32 . 2007-01-02 14:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2006-09-29 11:32 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2006-09-29 11:32 . 2009-06-23 20:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2006-09-29 11:32 . 2009-06-23 20:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2006-09-29 11:32 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-09-10 17:37 . 2009-09-10 17:37 24064 c:\windows\Installer\254ec74.msi
+ 2009-10-22 12:11 . 2009-06-29 15:55 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-22 12:11 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-22 12:11 . 2009-06-29 15:55 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-22 12:11 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-22 12:11 . 2009-06-29 15:55 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a9965736\System.Drawing.Design.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_fa56831c\CustomMarshalers.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_52c07143\System.Drawing.Design.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_b32c79f5\CustomMarshalers.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-08-14 17:48 . 2008-04-14 02:22 58880 c:\windows\$NtUninstallKB973507$\atl.dll
+ 2009-08-14 17:48 . 2008-04-14 02:22 85504 c:\windows\$NtUninstallKB971557$\avifil32.dll
+ 2009-09-02 18:19 . 2008-10-23 10:06 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-09-02 18:19 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-08-14 17:49 . 2008-04-14 02:23 80384 c:\windows\$NtUninstallKB960859$\tlntsess.exe
+ 2009-08-14 17:49 . 2008-04-14 02:23 78336 c:\windows\$NtUninstallKB960859$\telnet.exe
+ 2009-08-14 17:48 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB973869\update\spcustom.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB973869\spmsg.dll
+ 2009-08-14 17:46 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-08-14 17:46 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973354\update\spcustom.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB973354\spmsg.dll
+ 2009-09-10 22:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2009-09-10 22:17 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 85504 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-08-14 17:49 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-08-14 17:49 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-15 11:13 . 2009-06-15 11:13 82944 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-15 11:13 . 2009-06-15 11:13 78848 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-09-10 22:18 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-10 22:18 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB956744\update\spcustom.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB956744\spmsg.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-08-14 13:12 . 2006-03-24 12:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-08-14 13:12 . 2006-03-24 12:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2006-09-29 11:32 . 2009-06-29 09:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2006-09-29 11:32 . 2007-01-02 14:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-09-03 13:07 . 2009-09-03 13:07 2494 c:\windows\Installer\{69640730-B830-4C24-BB5C-222DA1260548}\ARPPRODUCTICON.exe
- 2008-12-27 11:09 . 2008-12-27 11:09 2494 c:\windows\Installer\{69640730-B830-4C24-BB5C-222DA1260548}\ARPPRODUCTICON.exe
+ 2009-09-11 05:23 . 2009-09-11 05:23 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-09-29 11:34 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2006-09-29 11:34 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2006-09-29 11:34 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2006-03-24 12:00 . 2009-04-09 23:01 413544 c:\windows\system32\wmspdmod.dll
+ 2006-03-24 12:00 . 2009-07-13 08:08 286720 c:\windows\system32\wmpdxm.dll
- 2006-03-24 12:00 . 2008-04-14 02:22 132096 c:\windows\system32\wkssvc.dll
+ 2006-03-24 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 233472 c:\windows\system32\webcheck.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 233472 c:\windows\system32\webcheck.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 105984 c:\windows\system32\url.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 105984 c:\windows\system32\url.dll
- 2006-03-24 12:00 . 2009-04-17 12:47 396256 c:\windows\system32\perfh009.dat
+ 2006-03-24 12:00 . 2009-10-25 08:50 396256 c:\windows\system32\perfh009.dat
- 2006-03-24 12:00 . 2009-06-29 15:55 102912 c:\windows\system32\occache.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 102912 c:\windows\system32\occache.dll
|
|
13.11.2009, 23:08
| #2 |
| | Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss Teil 7:
__________________Code:
ATTFilter + 2006-03-24 12:00 . 2009-08-05 08:59 206336 c:\windows\system32\mswebdvd.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 671232 c:\windows\system32\mstime.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 671232 c:\windows\system32\mstime.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 193024 c:\windows\system32\msrating.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 193024 c:\windows\system32\msrating.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 477696 c:\windows\system32\mshtmled.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-07 20:03 . 2009-08-29 07:24 459264 c:\windows\system32\msfeeds.dll
- 2006-11-07 20:03 . 2009-06-29 15:55 459264 c:\windows\system32\msfeeds.dll
- 2006-03-24 12:00 . 2008-05-09 10:54 512000 c:\windows\system32\jscript.dll
+ 2006-03-24 12:00 . 2009-08-13 15:15 512000 c:\windows\system32\jscript.dll
+ 2006-10-17 10:57 . 2009-08-29 07:24 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 10:57 . 2009-06-29 15:55 268288 c:\windows\system32\iertutil.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 385024 c:\windows\system32\iedkcs32.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 10:27 . 2009-08-29 07:24 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 10:27 . 2009-06-29 15:55 380928 c:\windows\system32\ieapfltr.dll
- 2006-03-24 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2006-03-24 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 230400 c:\windows\system32\ieaksie.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 230400 c:\windows\system32\ieaksie.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 153088 c:\windows\system32\ieakeng.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 153088 c:\windows\system32\ieakeng.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 133120 c:\windows\system32\extmgr.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 133120 c:\windows\system32\extmgr.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 214528 c:\windows\system32\dxtrans.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 214528 c:\windows\system32\dxtrans.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 347136 c:\windows\system32\dxtmsft.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 347136 c:\windows\system32\dxtmsft.dll
+ 2006-09-29 11:34 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2006-09-29 11:34 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2006-09-29 11:34 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2006-03-24 12:00 . 2009-04-09 23:01 413544 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-03-24 12:00 . 2009-07-13 08:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 832512 c:\windows\system32\dllcache\wininet.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 105984 c:\windows\system32\dllcache\url.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 105984 c:\windows\system32\dllcache\url.dll
+ 2009-09-10 06:52 . 2009-06-21 21:45 153088 c:\windows\system32\dllcache\triedit.dll
+ 2006-03-24 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-03-24 12:00 . 2008-10-03 10:03 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 08:59 . 2009-08-05 08:59 206336 c:\windows\system32\dllcache\mswebdvd.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-09 07:29 . 2009-08-29 07:24 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 07:29 . 2009-06-29 15:55 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-05-09 10:54 . 2008-05-09 10:54 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:54 . 2009-08-13 15:15 512000 c:\windows\system32\dllcache\jscript.dll
+ 2006-09-29 11:33 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
- 2007-05-09 07:29 . 2009-06-29 15:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 07:29 . 2009-08-29 07:24 268288 c:\windows\system32\dllcache\iertutil.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 07:29 . 2009-08-29 07:24 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-05-09 07:29 . 2009-06-29 15:55 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-03-24 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-03-24 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-08-14 13:12 . 2008-04-14 02:23 513024 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-08-14 13:12 . 2009-06-29 15:55 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 580096 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 297472 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-08-14 13:12 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-08-14 13:12 . 2008-04-14 02:22 171520 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-08-14 13:12 . 2009-02-09 11:21 111104 c:\windows\system32\dllcache\cache\services.exe
+ 2009-08-14 13:12 . 2008-04-14 02:22 187904 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-08-14 13:12 . 2009-02-09 10:51 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 409088 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 438272 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-08-14 13:12 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-08-14 13:12 . 2008-04-14 02:22 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-08-14 13:12 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-08-14 13:12 . 2008-04-14 02:22 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 846848 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 175616 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-08-14 13:12 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\cache\aec.sys
+ 2006-03-24 12:00 . 2009-08-29 07:24 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-03-24 12:00 . 2009-06-29 15:55 124928 c:\windows\system32\advpack.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 124928 c:\windows\system32\advpack.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-13 18:58 . 2007-04-13 18:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-13 18:56 . 2007-04-13 18:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-13 19:30 . 2007-04-13 19:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2006-09-29 11:32 . 2009-06-23 19:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2006-09-29 11:32 . 2004-07-19 16:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2006-09-29 11:32 . 2009-06-23 20:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2006-09-29 11:32 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2009-11-05 21:08 . 2009-11-05 21:08 219648 c:\windows\Installer\2d3fe4f.msi
+ 2009-09-02 08:08 . 2009-09-02 08:08 228352 c:\windows\Installer\1d736.msi
+ 2009-10-22 12:11 . 2009-06-29 15:55 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-22 12:11 . 2009-05-26 11:40 388984 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-22 12:11 . 2009-05-26 11:40 234872 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-22 12:11 . 2009-06-29 15:55 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-22 12:11 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-22 12:11 . 2009-06-29 15:55 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-22 12:11 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-22 12:11 . 2009-06-29 15:55 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2006-09-29 11:32 . 2009-08-18 08:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ecac3950\System.Drawing.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_541ecd20\System.Drawing.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB973869$\spuninst\updspapi.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2009-08-14 17:46 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB973815$\spuninst\updspapi.dll
+ 2009-08-14 17:46 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe
+ 2009-08-14 17:46 . 2008-04-14 02:22 205312 c:\windows\$NtUninstallKB973815$\mswebdvd.dll
+ 2009-09-10 22:18 . 2008-05-06 14:16 388984 c:\windows\$NtUninstallKB973768$\spuninst\updspapi.dll
+ 2009-09-10 22:18 . 2008-05-06 14:16 234872 c:\windows\$NtUninstallKB973768$\spuninst\spuninst.exe
+ 2009-09-10 22:18 . 2006-10-09 15:18 178176 c:\windows\$NtUninstallKB973768$\ehkeyctl.dll
+ 2009-08-14 17:48 . 2006-03-24 12:00 278528 c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll
+ 2009-08-14 17:48 . 2007-07-27 08:41 382840 c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll
+ 2009-08-14 17:48 . 2007-07-27 06:16 234872 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB973507$\spuninst\updspapi.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB973354$\spuninst\updspapi.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe
+ 2009-09-10 22:17 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2009-09-10 22:17 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2009-09-10 22:17 . 2008-05-09 10:54 512000 c:\windows\$NtUninstallKB971961$\jscript.dll
+ 2009-08-14 17:48 . 2008-04-14 02:22 132096 c:\windows\$NtUninstallKB971657$\wkssvc.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB971557$\spuninst\updspapi.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe
+ 2009-09-02 18:19 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-09-02 18:19 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-09-10 22:18 . 2007-07-27 08:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-10 22:18 . 2007-07-27 06:16 234872 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-08-14 17:49 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB960859$\spuninst\updspapi.dll
+ 2009-08-14 17:49 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2009-09-10 22:18 . 2008-04-14 02:22 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-10 22:18 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-10 22:18 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2009-08-14 17:48 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB956744$\spuninst\updspapi.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe
+ 2009-08-14 17:48 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB973869\update\updspapi.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB973869\spuninst.exe
+ 2009-08-14 17:46 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2009-08-14 17:46 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2009-08-14 17:46 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 206336 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-08-14 17:48 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB973354\update\updspapi.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB973354\update\update.exe
+ 2009-08-14 17:48 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB973354\spuninst.exe
+ 2009-09-10 22:17 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2009-09-10 22:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-09-10 22:17 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2009-09-10 06:52 . 2009-08-13 15:03 512000 c:\windows\$hf_mig$\KB971961\SP3QFE\jscript.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB971657\update\update.exe
|
|
13.11.2009, 23:10
| #3 |
| | Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss Teil 8:
__________________Code:
ATTFilter + 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB971557\update\updspapi.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB971557\spuninst.exe
+ 2009-08-14 17:49 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2009-08-14 17:49 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-08-14 17:49 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2009-09-10 22:18 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-10 22:18 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-10 22:18 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-10 06:52 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2009-08-14 17:48 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB956744\update\updspapi.dll
+ 2009-08-14 17:48 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2009-08-14 17:48 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB956744\spuninst.exe
+ 2009-10-22 08:00 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2006-09-29 11:34 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
- 2006-03-24 12:00 . 2008-06-11 01:58 2330624 c:\windows\system32\WMVCore.dll
+ 2006-03-24 12:00 . 2009-06-08 20:24 2330624 c:\windows\system32\WMVCore.dll
+ 2006-03-24 12:00 . 2009-07-13 08:08 5537792 c:\windows\system32\wmp.dll
- 2006-03-24 12:00 . 2007-04-30 06:20 5537792 c:\windows\system32\wmp.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 1168384 c:\windows\system32\urlmon.dll
+ 2006-03-24 12:00 . 2009-07-17 16:15 1441792 c:\windows\system32\query.dll
- 2006-03-24 12:00 . 2008-04-14 02:22 1441792 c:\windows\system32\query.dll
- 2006-03-24 12:00 . 2009-02-09 11:21 2147840 c:\windows\system32\ntoskrnl.exe
+ 2006-03-24 12:00 . 2009-08-04 17:26 2147840 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 00:50 . 2009-02-09 11:21 2026496 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 00:50 . 2009-08-04 17:25 2026496 c:\windows\system32\ntkrnlpa.exe
+ 2006-09-29 11:30 . 2009-06-10 07:19 2066432 c:\windows\system32\mstscax.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 3598336 c:\windows\system32\mshtml.dll
+ 2006-11-07 20:03 . 2009-08-29 07:24 6067200 c:\windows\system32\ieframe.dll
- 2006-11-07 20:03 . 2009-07-19 13:25 6067200 c:\windows\system32\ieframe.dll
+ 2006-09-29 11:34 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2006-03-24 12:00 . 2008-06-11 01:58 2330624 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-03-24 12:00 . 2009-06-08 20:24 2330624 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-03-24 12:00 . 2009-07-13 08:08 5537792 c:\windows\system32\dllcache\wmp.dll
- 2006-03-24 12:00 . 2007-04-30 06:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:15 . 2009-07-17 16:15 1441792 c:\windows\system32\dllcache\query.dll
+ 2008-10-16 07:07 . 2009-08-04 20:56 2191488 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 07:07 . 2009-08-04 17:25 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 07:07 . 2009-02-09 11:21 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 07:07 . 2009-08-04 17:26 2068352 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 07:07 . 2009-02-10 17:03 2068352 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 07:07 . 2009-02-09 11:21 2147840 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 07:07 . 2009-08-04 17:26 2147840 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-09-29 11:30 . 2009-06-10 07:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-08-14 17:38 . 2009-07-10 13:26 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-03-24 12:00 . 2009-08-29 07:24 3598336 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-09 07:29 . 2009-07-19 13:25 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 07:29 . 2009-08-29 07:24 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 1571840 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-08-14 13:12 . 2009-02-09 11:21 2147840 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-08-14 13:12 . 2009-02-09 11:21 2026496 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-08-14 13:12 . 2009-07-19 13:25 3597824 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-08-14 13:12 . 2009-03-21 14:06 1063424 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-08-14 13:12 . 2008-04-14 02:22 1036800 c:\windows\system32\dllcache\cache\explorer.exe
+ 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-13 19:35 . 2007-04-13 19:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-13 19:35 . 2007-04-13 19:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 18:50 . 2007-04-13 18:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2006-09-29 11:32 . 2007-01-02 14:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2006-09-29 11:32 . 2009-06-29 09:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2006-09-29 11:32 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2006-09-29 11:32 . 2009-06-23 20:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2006-09-29 11:32 . 2009-06-23 20:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2006-09-29 11:32 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2006-09-29 11:32 . 2007-01-02 14:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2006-09-29 11:32 . 2009-06-29 09:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-11-10 11:19 . 2009-11-10 11:19 1861632 c:\windows\Installer\12c28c5.msi
+ 2009-09-03 13:07 . 2009-09-03 13:07 1333248 c:\windows\Installer\101c04.msi
+ 2009-10-22 12:11 . 2009-06-29 15:55 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-22 12:11 . 2009-07-19 13:25 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-22 12:11 . 2009-07-19 13:25 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2008-10-16 07:07 . 2009-08-04 20:56 2191488 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 07:07 . 2009-08-04 17:25 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 07:07 . 2009-02-09 11:21 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 07:07 . 2009-08-04 17:26 2068352 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 07:07 . 2009-02-10 17:03 2068352 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 07:07 . 2009-08-04 17:26 2147840 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-16 07:07 . 2009-02-09 11:21 2147840 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-22 12:11 . 2009-10-22 12:11 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ecd76b9f\System.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_deda26e0\System.Xml.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_5ec0b4e9\System.Windows.Forms.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b59ee94e\System.Design.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f7c9fc6b\mscorlib.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_155a61de\System.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_f4dffa5c\System.Xml.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_834bc6a0\System.Windows.Forms.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_b13f16d8\System.Design.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_14291889\mscorlib.dll
- 2007-07-13 06:18 . 2007-07-13 06:18 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-22 12:11 . 2009-10-22 12:11 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-13 06:18 . 2007-07-13 06:18 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-22 12:09 . 2009-10-22 12:09 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-22 07:34 . 2008-09-22 07:34 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-22 07:51 . 2008-09-22 07:51 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-09-11 05:23 . 2009-09-11 05:23 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-08-14 17:48 . 2007-04-30 06:20 5537792 c:\windows\$NtUninstallKB973540_WM9$\wmp.dll
+ 2009-08-14 17:48 . 2008-04-14 02:22 1314816 c:\windows\$NtUninstallKB973354$\msoe.dll
+ 2009-09-10 22:18 . 2008-06-11 01:58 2330624 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2009-08-14 17:48 . 2008-04-14 02:22 2061824 c:\windows\$NtUninstallKB956744$\mstscax.dll
+ 2009-07-10 16:54 . 2009-07-10 16:54 1315328 c:\windows\$hf_mig$\KB973354\SP3QFE\msoe.dll
+ 2009-08-14 17:38 . 2009-06-09 15:21 2067968 c:\windows\$hf_mig$\KB956744\SP3QFE\lhmstscx.dll
+ 2006-09-29 12:35 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2009-08-10 19:08 . 2009-08-10 19:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 12:09 . 2009-08-10 12:09 17254912 c:\windows\Installer\f0622c.msp
+ 2009-09-03 13:07 . 2009-09-03 13:07 14100480 c:\windows\Downloaded Installations\{2BF666D8-A79B-475A-889C-83C2A89E0AE9}\Turbo Lister 2.msi
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SetIcon"="\Programme\SMSC\SetIcon.exe" [2004-04-28 42496]
"LanguageShortcut"="c:\programme\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"TVEService"="c:\programme\Home Cinema\TV Enhance\TVEService.exe" [2006-10-19 151552]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2006-06-21 93640]
"wlconfig"="c:\programme\WLAN Monitor\wlconfig.exe" [2006-03-06 1347584]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-02-24 2372760]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-09 40960]
"SetDefPrt"="c:\programme\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 864256]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
" Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-09 16236032]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-06 1617920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
OpenOffice.org 2.4.lnk - c:\programme\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programme\\WS_FTP\\WS_FTP95.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08.08.2009 19:21 64288]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [10.10.2006 16:06 11264]
R2 accsvc;AccSys WiFi Component;c:\programme\Gemeinsame Dateien\AccSys\accsvc.exe [11.12.2006 22:52 147456]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [02.09.2009 09:10 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 12:17 1179232]
R2 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe [31.10.2006 13:16 1441280]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [23.10.2006 11:50 282709]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [23.10.2006 11:50 122971]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [17.10.2006 11:28 1105664]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [23.10.2006 11:37 7040]
S3 DMSKSSRh;DMSKSSRh;\??\c:\dokume~1\FAMILI~1\LOKALE~1\Temp\DMSKSSRh.sys --> c:\dokume~1\FAMILI~1\LOKALE~1\Temp\DMSKSSRh.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Inhalt des "geplante Tasks" Ordners
2009-11-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mWindow Title = Arcor AG & Co. KG
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Download with GetRight - c:\programme\GetRight\GRdownload.htm
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\programme\GetRight\GRbrowse.htm
IE: {{1F958B09-3312-7f0e-9723-4C1324C57B20} - c:\programme\Internet Radio\Radio.exe
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\a3oos0kq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 20:37
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x86ECC170]<<
kernel: MBR read successfully
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
Zeit der Fertigstellung: 2009-11-13 20:43
ComboFix-quarantined-files.txt 2009-11-13 19:43
ComboFix2.txt 2009-08-14 13:13
Vor Suchlauf: 14 Verzeichnis(se), 30.081.675.264 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 30.053.453.824 Bytes frei
- - End Of File - - AB372784D2DE5EC6A7542CD4F2864CB6
|
|
13.11.2009, 23:32
| #4 |
  | Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter c:\windows\system32\drivers\xfilt_2.sys
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\system32\lsdelete.exe (Sollte zu Ad-Aware gehören)
Da scheint was zu sein: (Gmer  >>UNKNOWN [0x86ECC170]<< Das können wir nur per Adresse rückverfolgen... RootkitRevealer scannen lassen * Lade bitte RootkitRevealer (http://www.microsoft.com/technet/sys...tRevealer.mspx) runter und entpacke das Archiv in einen eigenen Ordner, z.B. C  rogrammerootkitrevealer.* Starte in diesem Ordner RootkitReavealer.exe. Alle anderen Programme schließen. * Starte durch Klick auf "Scan". * Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern, und hier im forum posten. chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
13.11.2009, 23:51
| #5 |
| | Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss Danke Chris. hab Java inzwischen neu installiert. Firefox 3.5 funktioniert wieder :-) (ohne dass ich ihn gemäß der Liste deinstallieren musste, sogar die alten Tabs waren noch da :-) ) zu den Dateien: c:\windows\system32\drivers\xfilt_2.sys ist nicht zu finden, nur xfilt.sys, dafür folgende Auswertung: Code:
ATTFilter
MD5: fcbc27869092850cdb75139f3818653a
First received: 2009.10.24 10:08:33 UTC
Datum 2009.10.24 10:08:33 UTC [>20D]
Ergebnisse 0/41
Permalink: analisis/0c3dede71f7e391fda7e0687be5b8a4cfa609bd1c8d8c85a3f32d15b03c3141d-1256378913
Datei xfilt.sys empfangen 2009.11.13 22:38:41 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/41 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 43 und 62 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.13 -
Comodo 2944 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7120 2009.11.13 -
F-Prot 4.5.1.85 2009.11.13 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5801 2009.11.13 -
McAfee+Artemis 5801 2009.11.13 -
McAfee-GW-Edition 6.8.5 2009.11.13 -
Microsoft 1.5202 2009.11.13 -
NOD32 4605 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.069 2009.11.13 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2035 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.13 -
weitere Informationen
File size: 11264 bytes
MD5...: fcbc27869092850cdb75139f3818653a
SHA1..: 315715d57d33e6cffcf42eae4745f3449b179a93
SHA256: 0c3dede71f7e391fda7e0687be5b8a4cfa609bd1c8d8c85a3f32d15b03c3141d
ssdeep: 96:4C5DmW5WHhPZhgyymecwoUcD8L3C+vKHplqxXxndMUlZ3I9zwIZmgDr0UBwaO
Zi:NAWMHhxhgy/elcDn+9xhSkYfDY6waO
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5005
timedatestamp.....: 0x43fc388c (Wed Feb 22 10:10:20 2006)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x149c 0x1600 5.93 8a63239ee220ee23642a38228104eeda
.rdata 0x3000 0x115 0x200 2.97 d86b34e9dcca3fc60711e4d4df1f7aff
.data 0x4000 0x6f4 0x600 1.12 6b8727057957992d76dbf5b48bec943f
INIT 0x5000 0x3ba 0x400 5.11 f4340f29056e2aa44c8a80f92bb45c87
.rsrc 0x6000 0x390 0x400 3.07 0107b9d54f8cde0bc522aa508fc7cc69
.reloc 0x7000 0x18a 0x200 4.23 93816375129ade2987495a5a85db0d15
( 2 imports )
> ntoskrnl.exe: wcsncmp, wcslen, IoBuildSynchronousFsdRequest, ExFreePoolWithTag, ObfReferenceObject, IoAttachDeviceToDeviceStack, IoCreateDevice, ExAllocatePoolWithTag, IoDeleteDevice, IoDetachDevice, ObfDereferenceObject, PoStartNextPowerIrp, IoInvalidateDeviceRelations, wcscpy, IoInitializeTimer, IoGetDeviceProperty, IofCompleteRequest, IoStartTimer, IoStopTimer, RtlCopyUnicodeString, KeTickCount, KeBugCheckEx, PoCallDriver, KeInitializeEvent, KeWaitForSingleObject, KeSetEvent, IoInvalidateDeviceState, IofCallDriver
> HAL.dll: WRITE_PORT_UCHAR, READ_PORT_ULONG, WRITE_PORT_ULONG, KeStallExecutionProcessor, READ_PORT_UCHAR
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: VIA Technologies,Inc
copyright....: VIA Technologies,Inc 2004-2007
product......: VIA filter driver
description..: ATA/ATAPI devices hot-plug monitor
original name: xfilt.sys
internal name: xfilt.sys
file version.: 5.1.3790.140
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch
c:\windows\system32\drivers\SBREDrv.sys Code:
ATTFilter MD5: 72aecf54aac22b20956d08610972b5a1
First received: 2009.05.31 12:23:03 UTC
Datum 2009.11.12 01:35:26 UTC [+1D]
Ergebnisse 0/41
Permalink: analisis/44941435d74a59528fdd8bf22b21fb90e1b2cc2262867870e507b5406a56e4f4-1257989726
Datei SBREDrv.sys empfangen 2009.11.13 22:42:54 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/40 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 43 und 62 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.10 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.10 -
Antiy-AVL 2.0.3.7 2009.11.10 -
Authentium 5.2.0.5 2009.11.10 -
Avast 4.8.1351.0 2009.11.10 -
AVG 8.5.0.423 2009.11.10 -
BitDefender 7.2 2009.11.10 -
CAT-QuickHeal 10.00 2009.11.10 -
ClamAV 0.94.1 2009.11.10 -
Comodo 2905 2009.11.10 -
DrWeb 5.0.0.12182 2009.11.10 -
eSafe 7.0.17.0 2009.11.10 -
eTrust-Vet 35.1.7113 2009.11.10 -
F-Prot 4.5.1.85 2009.11.10 -
Fortinet 3.120.0.0 2009.11.10 -
GData 19 2009.11.10 -
Ikarus T3.1.1.74.0 2009.11.10 -
Jiangmin 11.0.800 2009.11.10 -
K7AntiVirus 7.10.892 2009.11.09 -
Kaspersky 7.0.0.125 2009.11.10 -
McAfee 5797 2009.11.09 -
McAfee+Artemis 5797 2009.11.09 -
McAfee-GW-Edition 6.8.5 2009.11.10 -
Microsoft 1.5202 2009.11.10 -
NOD32 4592 2009.11.10 -
Norman 6.03.02 2009.11.09 -
nProtect 2009.1.8.0 2009.11.10 -
Panda 10.0.2.2 2009.11.09 -
PCTools 7.0.3.5 2009.11.10 -
Prevx 3.0 2009.11.13 -
Rising 22.21.01.09 2009.11.10 -
Sophos 4.47.0 2009.11.10 -
Sunbelt 3.2.1858.2 2009.11.10 -
Symantec 1.4.4.12 2009.11.10 -
TheHacker 6.5.0.2.064 2009.11.09 -
TrendMicro 9.0.0.1003 2009.11.10 -
VBA32 3.12.10.11 2009.11.09 -
ViRobot 2009.11.10.2029 2009.11.10 -
VirusBuster 4.6.5.0 2009.11.09 -
weitere Informationen
File size: 93360 bytes
MD5...: 72aecf54aac22b20956d08610972b5a1
SHA1..: 8882c6f0a905b5803f8cd949db84bf91dbc0089b
SHA256: 44941435d74a59528fdd8bf22b21fb90e1b2cc2262867870e507b5406a56e4f4
ssdeep: 1536:OfUKVr5ckUcL4GwccxDOUm8w7EidnLqDOF5dDh2SLRiXB:k1VlnUABwckaL
LnRdDhA
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x12d85
timedatestamp.....: 0x49efd5f8 (Thu Apr 23 02:44:08 2009)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xccc9 0xcd00 6.40 c544b125367514cf26da569b1a875390
.rdata 0xd180 0x2f54 0x2f80 5.04 30729ac3c679759e4be79e55ef14f90d
.data 0x10100 0x2c09 0x2c80 0.44 47db23557a98a200013be409b6d57a7f
INIT 0x12d80 0x9a4 0xa00 5.54 b246d7800d8feb9d299aa69756823ad8
.rsrc 0x13780 0x504 0x580 3.78 b54423d746afda050b045e091f9e4341
.reloc 0x13d00 0x1530 0x1580 6.28 25ce3394a4f0901b26c697ac54af82f4
( 2 imports )
> ntoskrnl.exe: ExFreePoolWithTag, ZwWriteFile, ExAllocatePool, RtlInitUnicodeString, IoFreeIrp, IoFreeMdl, KeSetEvent, KeWaitForSingleObject, KeInitializeEvent, KeGetCurrentThread, IoAllocateIrp, MmBuildMdlForNonPagedPool, IoAllocateMdl, memcpy, IofCompleteRequest, IoDeleteDevice, IoDeleteSymbolicLink, ObfDereferenceObject, KeReleaseSemaphore, RtlUnicodeStringToAnsiString, ZwCreateFile, ObReferenceObjectByHandle, ObOpenObjectByPointer, ZwSetInformationFile, ZwOpenFile, PsLookupProcessByProcessId, MmIsAddressValid, KeServiceDescriptorTable, PsTerminateSystemThread, KeSetPriorityThread, PsCreateSystemThread, KeInitializeSemaphore, wcsstr, IoCreateSymbolicLink, IoCreateDevice, PsGetVersion, strrchr, KeBugCheckEx, _wcsnicmp, IoGetBaseFileSystemDeviceObject, IofCallDriver, KeUnstackDetachProcess, KeStackAttachProcess, RtlCompareUnicodeString, ZwQueryObject, ZwDuplicateObject, ZwOpenProcess, PsGetCurrentProcessId, ZwQuerySystemInformation, strncmp, ZwReadFile, strncpy, _vsnprintf, _snprintf, RtlTimeToTimeFields, ExSystemTimeToLocalTime, KeQuerySystemTime, _stricmp, _strnicmp, RtlCopyUnicodeString, ZwQueryValueKey, ZwOpenKey, ZwSetValueKey, _snwprintf, KeDetachProcess, KeAttachProcess, MmMapLockedPagesSpecifyCache, MmGetPhysicalAddress, PsLookupThreadByThreadId, RtlAnsiStringToUnicodeString, RtlInitAnsiString, _strupr, _strlwr, KeDelayExecutionThread, RtlVolumeDeviceToDosName, ObfReferenceObject, IoGetDeviceObjectPointer, wcschr, wcsncmp, _wcsicmp, wcsrchr, strchr, strstr, RtlAppendUnicodeToString, KeClearEvent, IoCreateNotificationEvent, ZwQuerySection, RtlInitString, ZwRequestWaitReplyPort, ZwConnectPort, KeTickCount, memset, ZwQueryInformationFile, IoGetCurrentProcess, ZwClose, RtlUnwind, IoReleaseCancelSpinLock
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
sigcheck:
publisher....: Sunbelt Software
copyright....: Copyright (c) 2002-2006 Sunbelt Software. All rights reserved.
product......: CounterSpy
description..: Anti-Rootkit Engine
original name: SBRE.sys
internal name: SBRE.sys
file version.: 3.1.2745
comments.....: n/a
signers......: SUNBELT SOFTWARE DISTRIBUTION
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 12:25 PM 4/23/2009
verified.....: -
c:\windows\system32\lsdelete.exe Code:
ATTFilter MD5: ecc60d89980c47b7fcc27c798c4f6d02
First received: 2009.10.27 12:36:57 UTC
Datum 2009.11.10 10:17:29 UTC [>3D]
Ergebnisse 0/40
Permalink: analisis/4120e7bbc7dc5031a1ebe1992f86db0883c97117ee7a7ef72fd5004c0197bf80-1257848249
Datei lsdelete.exe empfangen 2009.11.13 22:46:55 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/40 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 3.
Geschätzte Startzeit ist zwischen 61 und 87 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.10 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.10 -
Antiy-AVL 2.0.3.7 2009.11.10 -
Authentium 5.2.0.5 2009.11.10 -
Avast 4.8.1351.0 2009.11.10 -
AVG 8.5.0.423 2009.11.10 -
BitDefender 7.2 2009.11.10 -
CAT-QuickHeal 10.00 2009.11.10 -
ClamAV 0.94.1 2009.11.10 -
Comodo 2905 2009.11.10 -
DrWeb 5.0.0.12182 2009.11.10 -
eSafe 7.0.17.0 2009.11.10 -
eTrust-Vet 35.1.7113 2009.11.10 -
F-Prot 4.5.1.85 2009.11.10 -
Fortinet 3.120.0.0 2009.11.10 -
GData 19 2009.11.10 -
Ikarus T3.1.1.74.0 2009.11.10 -
Jiangmin 11.0.800 2009.11.10 -
K7AntiVirus 7.10.892 2009.11.09 -
Kaspersky 7.0.0.125 2009.11.10 -
McAfee 5797 2009.11.09 -
McAfee+Artemis 5797 2009.11.09 -
McAfee-GW-Edition 6.8.5 2009.11.10 -
Microsoft 1.5202 2009.11.10 -
NOD32 4592 2009.11.10 -
Norman 6.03.02 2009.11.09 -
nProtect 2009.1.8.0 2009.11.10 -
Panda 10.0.2.2 2009.11.09 -
PCTools 7.0.3.5 2009.11.10 -
Prevx 3.0 2009.11.13 -
Rising 22.21.01.09 2009.11.10 -
Sophos 4.47.0 2009.11.10 -
Sunbelt 3.2.1858.2 2009.11.10 -
Symantec 1.4.4.12 2009.11.10 -
TheHacker 6.5.0.2.064 2009.11.09 -
TrendMicro 9.0.0.1003 2009.11.10 -
VBA32 3.12.10.11 2009.11.09 -
ViRobot 2009.11.10.2029 2009.11.10 -
VirusBuster 4.6.5.0 2009.11.09 -
weitere Informationen
File size: 15880 bytes
MD5...: ecc60d89980c47b7fcc27c798c4f6d02
SHA1..: be4b0ca7c3d0b935239c7d9bd54498976ae3a316
SHA256: 4120e7bbc7dc5031a1ebe1992f86db0883c97117ee7a7ef72fd5004c0197bf80
ssdeep: 192:n2O1JIzcmFGZ4ujHnBaoHmei1Q9sJwF93BvyowJL/aMjGwP7PM20e+ebM8JM
wPI:LOc5nnBjHVMQ9sJwFbYJLWwXbJQ
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x22f0
timedatestamp.....: 0x496f34ab (Thu Jan 15 13:05:47 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1362 0x1400 5.78 e700c1b5c2353a10b2db729b156207e1
.rdata 0x3000 0x3ac 0x400 4.63 2d47414238d9b93e57a78a157c9d3919
.data 0x4000 0x998 0xa00 3.05 fa1b42f5935800f3f30682d2b1422656
.rsrc 0x5000 0x1b4 0x200 5.09 af5e12250c526d183544eef9776736bc
( 1 imports )
> ntdll.dll: RtlCreateHeap, NtTerminateProcess, RtlFreeHeap, RtlInitUnicodeString, RtlDestroyHeap, NtDisplayString, ZwClose, ZwDelayExecution, memcpy, wcscat, ZwReadFile, wcslen, ZwSetInformationFile, memset, RtlAllocateHeap, ZwDeleteFile, ZwOpenFile, ZwQueryInformationFile, wcscpy, NtQuerySystemTime, _snwprintf, strlen, strcpy, RtlUnicodeStringToAnsiString, ZwCreateFile, RtlTimeToTimeFields, ZwWriteFile, strcat
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: Lavasoft AB
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 10:51 PM 10/23/2009
verified.....: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Es folgt der RootkitRevealer. |
|
14.11.2009, 09:57
| #6 |
| | Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss RootkitRevealer log: Code:
ATTFilter HKU\S-1-5-21-599095648-1470845599-2590934013-1007\Console 13.11.2009 20:43 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 29.09.2006 13:04 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 29.09.2006 13:04 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\swearware\backup\winsock2 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 14.08.2009 13:34 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 14.08.2009 13:34 0 bytes Security mismatch.
C:\Dateien\***\Webseiten\Jugendchor***\Kopie von neu 27102009\Dateien\Artikel,-Maerchenhafte-Geschichten-und-schoene-alte-Volkslieder-_arid,1228169_regid,1_puid,2_pageid,4492-Dateien\puid1_pageid6_regid10_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsb 25.10.2008 09:29 3.32 KB Hidden from Windows API.
C:\Dateien\***\Webseiten\Jugendchor***\Kopie von neu 27102009\Dateien\Artikel,-Maerchenhafte-Geschichten-und-schoene-alte-Volkslieder-_arid,1228169_regid,1_puid,2_pageid,4492-Dateien\puid1_pageid6_regid10_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsb 25.10.2008 09:29 6.29 KB Hidden from Windows API.
C:\Dateien\***\Webseiten\Jugendchor***\Kopie von neu 27102009\Dateien\Artikel,-Maerchenhafte-Geschichten-und-schoene-alte-Volkslieder-_arid,1228169_regid,1_puid,2_pageid,4492-Dateien\puid1_pageid6_regid10_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsb 25.10.2008 09:29 5.73 KB Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 13.07.2007 06:16 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 13.07.2007 06:16 111.50 KB Visible in Windows API, but not in MFT or directory index.
Geändert von Joe007 (14.11.2009 um 10:06 Uhr) |
|
14.11.2009, 21:23
| #7 |
| | Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss Hi, das mit JAVA war notwendig, war total veraltet. Da scheinen Crosslinks auf der HD zu sein: Festplatte prüfen (XP): Arbeitsplatz-Datenträger mit Rechts Anklicken->Eigenschaften->Extras->Jetzt Prüfen: Beide Kästchen anklicken das dort ein Haken erscheint -> dann OK. Falls eine Fehlermeldung kommt ,diese mit Ja bestätigen und alle Fenster schliessen. Neustart Durchführen der Datenträger wird dann beim Neustart überprüft (das kann sehr lange gehen) Das Log vom RootkitRevealer scheint nicht vollständig zu sein, wir probieren jetzt noch Avira-Rootkitscanner, wenn der auch nicht tut, dann scannen wir von CD aus... Avira, Antirootkit Downloade Avira Antirootkit und Scanne dein system, poste das logfile. http://dl.antivir.de/down/windows/antivir_rootkit.zip chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (14.11.2009 um 21:28 Uhr) |
|
| Themen zu Werde Virus/Trojaner nicht los - vermtl. Win32.Trojan.Tdss |
| antivir, antivir guard, aufgehängt, combofix, content.ie5, dateien, diverse, einstellungen, firefox, firewall, google, hängt, index, infiziert, logfiles, malwarebytes, microsoft, mozilla, namen, net.net, neue tabs, neustart, programm, scan, software, suche, system, temp, trojaner-board, virus, virus/trojaner, windows |
Hybrid-Darstellung
