Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.06.2010, 15:09   #1
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Hi,
ich habe ein Problem, mit den oben genannten Viren. Diese kann ich nämlich leider nicht in Quarantäne verschieben. Bisher sind noch keine Probleme am PC aufgetreten doch ich habe etwas Angst um meinen PC .
BItte helft mir

Alt 19.06.2010, 15:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 19.06.2010, 16:43   #3
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Danke für die schnelle Antwort ich war vorhin leider afk, doch bin nun dabei Malewarebytes durchlaufen zu lassen OTL Logfiles poste ich dann
mfg
__________________

Alt 19.06.2010, 17:23   #4
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4215

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.06.2010 18:16:33
mbam-log-2010-06-19 (18-10-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 218245
Laufzeit: 26 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Das ist der LOg von Malwarebytes der von OTL folgt

Alt 19.06.2010, 17:31   #5
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.06.2010 18:28:22 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Paddy\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 46,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 929,50 Gb Total Space | 858,84 Gb Free Space | 92,40% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 930,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PADDY-PC
Current User Name: Paddy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Paddy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paddy\Desktop\Nostale\NosTale\nostalex.dat (Entwell)
PRC - C:\Users\Paddy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Paddy\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\program files (x86)\g data\antivirus\avk\avk.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Paddy\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\vbscript.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntdsapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3697.dll ()
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G DATA Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\SysWOW64\tpm.msc ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Fujitsu Technology Solutions ? IT products, solutions and services [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Fujitsu Technology Solutions ? IT products, solutions and services [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll⤀ File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll⤀ File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKCU..\Run: [Halo2] C:\Users\Paddy\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Windows Firewall Manager] C:\Users\Public\winscdvn.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\Paddy\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Paddy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Paddy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - c:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.19 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Paddy\AppData\Roaming\Malwarebytes
[2010.06.19 17:30:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.19 17:30:51 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.19 17:30:51 | 000,000,000 | ---D | C] -- C:\Users\Paddy\Desktop\Malwarebytes' Anti-Malware
[2010.06.19 17:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.13 18:06:16 | 000,000,000 | ---D | C] -- C:\Users\Paddy\Desktop\Nostale
[2010.06.11 18:47:21 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010.06.11 18:47:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010.06.11 18:27:18 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.11 18:27:18 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.11 18:27:17 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.11 18:27:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.11 18:18:58 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.06.11 18:18:58 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.06.11 18:18:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.06.11 18:18:57 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.06.11 18:18:57 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.06.11 18:18:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.06.11 18:18:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.06.11 18:18:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.06.11 18:18:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.06.11 18:18:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.06.09 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB
[2010.06.09 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\Paddy\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.09 20:01:10 | 000,000,000 | ---D | C] -- C:\Users\Paddy\Documents\DVDVideoSoft
[2010.06.09 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.06.09 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.05.29 18:22:17 | 000,000,000 | ---D | C] -- C:\Users\Paddy\Desktop\eDgMt2
[1 C:\Users\Paddy\*.tmp files -> C:\Users\Paddy\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.19 18:29:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.19 18:28:41 | 001,572,864 | -HS- | M] () -- C:\Users\Paddy\NTUSER.DAT
[2010.06.19 18:02:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4089150985-3875359072-2864405765-1001UA.job
[2010.06.19 17:30:54 | 000,000,689 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.19 17:29:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.19 14:58:54 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 14:58:54 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 14:55:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.19 14:55:34 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.19 14:55:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.19 14:55:34 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.19 14:55:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.19 14:50:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.19 14:50:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.19 14:50:50 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.13 20:29:06 | 007,121,139 | -H-- | M] () -- C:\Users\Paddy\AppData\Local\IconCache.db
[2010.06.13 20:02:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4089150985-3875359072-2864405765-1001Core.job
[2010.06.13 18:07:55 | 000,001,148 | ---- | M] () -- C:\Users\Paddy\Desktop\Nostale - Verknüpfung.lnk
[2010.06.13 17:24:52 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.11 19:25:17 | 000,000,647 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010.06.09 20:05:53 | 000,002,322 | ---- | M] () -- C:\Users\Paddy\Desktop\Google Chrome.lnk
[2010.06.09 20:01:13 | 000,001,249 | ---- | M] () -- C:\Users\Paddy\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.03 15:47:59 | 000,001,439 | ---- | M] () -- C:\Users\Paddy\Desktop\Client - Verknüpfung.lnk
[2010.06.03 15:47:11 | 000,000,045 | ---- | M] () -- C:\Users\Paddy\Desktop\RuneDev.ini
[2010.05.29 18:23:33 | 000,000,569 | ---- | M] () -- C:\Users\Paddy\Desktop\eDgMt2 - Verknüpfung.lnk
[2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.05.27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.05.27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.05.21 14:04:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.21 07:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.05.21 07:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.05.21 07:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.05.21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[1 C:\Users\Paddy\*.tmp files -> C:\Users\Paddy\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.19 17:30:54 | 000,000,689 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.13 18:07:55 | 000,001,148 | ---- | C] () -- C:\Users\Paddy\Desktop\Nostale - Verknüpfung.lnk
[2010.06.11 19:25:17 | 000,000,647 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010.06.09 20:05:53 | 000,002,322 | ---- | C] () -- C:\Users\Paddy\Desktop\Google Chrome.lnk
[2010.06.09 20:01:10 | 000,001,249 | ---- | C] () -- C:\Users\Paddy\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.09 19:57:12 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4089150985-3875359072-2864405765-1001UA.job
[2010.06.09 19:57:12 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4089150985-3875359072-2864405765-1001Core.job
[2010.06.03 15:47:59 | 000,001,439 | ---- | C] () -- C:\Users\Paddy\Desktop\Client - Verknüpfung.lnk
[2010.06.03 15:47:09 | 000,000,045 | ---- | C] () -- C:\Users\Paddy\Desktop\RuneDev.ini
[2010.05.29 18:23:33 | 000,000,569 | ---- | C] () -- C:\Users\Paddy\Desktop\eDgMt2 - Verknüpfung.lnk
[2010.05.21 14:04:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009.07.30 13:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.09 20:01:15 | 000,000,000 | ---D | M] -- C:\Users\Paddy\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.31 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\Paddy\AppData\Roaming\FOG Downloader
[2010.05.02 16:10:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

So das ist von OTL bitte um hilfe^^
mfg


Alt 19.06.2010, 19:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Halo2] C:\Users\Paddy\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [Windows Firewall Manager] C:\Users\Public\winscdvn.exe File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?

Alt 19.06.2010, 20:00   #7
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Manager deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Paddy
->Temp folder emptied: 4322055784 bytes
->Temporary Internet Files folder emptied: 167520865 bytes
->Google Chrome cache emptied: 308455567 bytes
->Flash cache emptied: 33692 bytes

User: Public

User: Runes of Magic

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6383562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.582,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_205543

Files\Folders moved on Reboot...
C:\Users\Paddy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

so da ist Log^^

Alt 19.06.2010, 20:04   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Ok. Viel mehr können wir auf dem 64-Bit-System nicht mhr machen, da mächtigere Tools damit inkompatibel sind.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.06.2010, 20:12   #9
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Ok läuft beides danke für deine Hilfe
mfg

Alt 19.06.2010, 20:39   #10
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Manager deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Paddy
->Temp folder emptied: 4322055784 bytes
->Temporary Internet Files folder emptied: 167520865 bytes
->Google Chrome cache emptied: 308455567 bytes
->Flash cache emptied: 33692 bytes

User: Public

User: Runes of Magic

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6383562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.582,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_205543

Files\Folders moved on Reboot...
C:\Users\Paddy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

hier ist schon ma Malwarebytes

Alt 19.06.2010, 21:16   #11
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Hier das andere All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Manager deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Paddy
->Temp folder emptied: 4322055784 bytes
->Temporary Internet Files folder emptied: 167520865 bytes
->Google Chrome cache emptied: 308455567 bytes
->Flash cache emptied: 33692 bytes

User: Public

User: Runes of Magic

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6383562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.582,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_205543

Files\Folders moved on Reboot...
C:\Users\Paddy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

hoffe es hilft^^

Alt 20.06.2010, 14:04   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Liest Du eigentlich auch mal meine Beiträge? Wo hab ich geschrieben, dass Du 2x das gleiche posten solltest?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.06.2010, 14:35   #13
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Oh sry das war nicht meine absicht

Alt 20.06.2010, 14:38   #14
mausepau
 
Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Standard

Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?



Dies ist der Log von SUPERAntiSpyware


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 06/19/2010 at 10:11 PM

Application Version : 4.39.1002

Core Rules Database Version : 5092
Trace Rules Database Version: 2904

Scan type : Complete Scan
Total Scan Time : 00:47:52

Memory items scanned : 571
Memory threats detected : 0
Registry items scanned : 12567
Registry threats detected : 0
File items scanned : 94421
File threats detected : 30

Adware.Tracking Cookie
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@zanox[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@adserving.claxon[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@track.effiliation[3].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@smartadserver[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@mediaplex[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@content.yieldmanager[3].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@weborama[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@media6degrees[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@serving-sys[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@clicksor[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@xm.xtendmedia[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@apmebf[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@ad.adition[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@doubleclick[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@ads.medienhaus[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@bs.serving-sys[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@msnportal.112.2o7[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@webmasterplan[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@zanox-affiliate[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@adtech[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@myroitracking[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@ad.yieldmanager[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@track.effiliation[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@ad.zanox[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@247realmedia[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@content.yieldmanager[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@adfarm1.adition[1].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@atdmt[3].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@server.cpmstar[2].txt
C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Cookies\paddy@tradedoubler[2].txt

Antwort

Themen zu Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?
angst, helft, problem, probleme, quarantäne, schmoll, troja, trojan-gen, ua. trojan-gen, users, was tun, was tun?




Ähnliche Themen: Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?


  1. C:\Users\***\AppData\Local\Temp\addlyrics1030.exe (Trojan.StartPage)
    Log-Analyse und Auswertung - 09.04.2013 (9)
  2. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  3. Trojan.Inject.MN in C:Users\ID\Downloads\Isi Fellnase.exe
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (13)
  4. Trojan.Zbot in C:\Users\Name\AppData\Roaming\Ixiha\wiez.exe
    Log-Analyse und Auswertung - 05.01.2013 (3)
  5. Trojan.Ransom (C:\Users\****\LOCALS~1\Temp\msxvoh.cmd)
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (6)
  6. Trojan.chydo in C:\Users\Public
    Log-Analyse und Auswertung - 30.10.2012 (11)
  7. Falsche Abmahnung der E-Mail - Trojaner Win32:MalOb-KU
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (2)
  8. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  9. Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe
    Log-Analyse und Auswertung - 05.09.2012 (23)
  10. Fund TR/Malob.HG.3 und immer wieder Suspicious.MH690
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (13)
  11. TR.Dropper.gen in C:\Users\Christina\AppData\Local\Temp, Trojan/Zaccess, Trojan.Agent, ...
    Log-Analyse und Auswertung - 19.06.2012 (29)
  12. Trojanisches Pferd TR/Malob.HS.5 Brauche Hilfe!
    Log-Analyse und Auswertung - 23.11.2011 (8)
  13. Avira-Fund: Trojaner TR/Malob.HS.5 in MediaPlayer.exe
    Log-Analyse und Auswertung - 21.11.2011 (4)
  14. 'TR/Crypt.FKM.Gen' [trojan] in C:\Users\Elvis\AppData\Roaming\29388\mscjm.exe
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (14)
  15. Trojan.Dropper in C:\Users\*****\AppData\Local\Temp\0.7247057717775541.exe
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (12)
  16. Trojan.Gen in C:\Users\***\AppData\Roaming\default\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (7)
  17. 'TR/Vundo.Gen' [trojan] in 'C:\Users\Nobby\AppData\Local\Temp\spool.exe'
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (2)

Zum Thema Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? - Hi, ich habe ein Problem, mit den oben genannten Viren. Diese kann ich nämlich leider nicht in Quarantäne verschieben. Bisher sind noch keine Probleme am PC aufgetreten doch ich habe - Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?...
Archiv
Du betrachtest: Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.