Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Versteckte Viren, aber wo?

Versteckte Viren, aber wo?


Log-Analyse und Auswertung: Versteckte Viren, aber wo?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.06.2010, 17:19   #4
Burak92
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?


OHL-Logfile part 1 !!

Zitat:
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.78 Gb Free Space | 84.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CONAXEDITION
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Belgelerim\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Belgelerim\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SearchAnonymizer) -- C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/19 14:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/19 10:37:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 20:03:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/14 10:10:13 | 000,000,000 | ---D | M]

[2010/05/02 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/22 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/05/24 18:09:17 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/06/16 15:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/22 23:27:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/16 16:01:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\icqplugin-1.xml
[2010/05/12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\icqplugin.xml
[2010/05/24 00:27:08 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\{072499D9-FD14-460A-8712-447BE28C6508}.xml
[2010/05/24 00:27:07 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\{2ADCAF4C-D1FA-416A-A3D0-82A7EA53418A}.xml
[2010/05/24 00:27:07 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\{651D4E95-8BAF-4A76-A383-CB9C9861A54F}.xml
[2010/06/22 09:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 00:27:07 | 000,000,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/05/24 00:27:07 | 000,000,729 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/05/24 00:27:07 | 000,000,716 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/05/24 00:27:07 | 000,000,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/05/24 00:27:07 | 000,000,703 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2001/11/22 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:1 (Geçerli Giriş Sayfam) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/04/30 16:53:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a689cdd9-77ee-11df-a824-0013d3b323b7}\Shell\AutoRun\command - "" = l61yyp.exe
O33 - MountPoints2\{a689cdd9-77ee-11df-a824-0013d3b323b7}\Shell\open\Command - "" = l61yyp.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/23 17:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\dwhelper
[2010/06/22 09:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2010/06/22 09:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\pdfforge
[2010/06/21 23:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/06/21 23:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2010/06/21 23:49:39 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2010/06/21 23:49:39 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2010/06/21 23:49:39 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2010/06/21 23:49:37 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2010/06/21 23:49:37 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2010/06/21 23:49:37 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2010/06/21 23:49:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2010/06/21 23:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010/06/21 22:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/06/21 21:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/21 21:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/06/21 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/21 21:39:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 21:39:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 21:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/21 15:24:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation ) -- C:\WINDOWS\IsUn0407.exe
[2010/06/21 15:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2010/06/19 11:07:56 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/06/19 10:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
[2010/06/19 10:37:50 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/19 10:37:49 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/19 10:37:41 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/19 10:37:40 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/19 10:37:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/19 10:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/19 02:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Belgelerim\Yeni Klasör
[2010/06/18 22:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/18 22:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/18 12:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/06/18 12:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/06/18 12:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/18 12:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/06/18 12:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/18 12:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/18 12:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2010/06/18 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/18 12:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/06/18 02:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\DreamBoxEdit
[2010/06/17 20:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Yükleme
[2010/06/17 16:00:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/16 15:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010/06/16 00:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/06/16 00:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\OpenCandy
[2010/06/16 00:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2010/06/16 00:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/06/15 22:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/15 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/14 22:56:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Mp3
[2010/06/09 18:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Belgelerim\Dokumente
[2010/06/09 17:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/06/09 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/09 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/09 17:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Carambis
[2010/06/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/06/09 17:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/06/09 17:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SendTo
[2010/06/09 17:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\forms
[2010/06/09 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Messaging
[2010/06/09 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/09 16:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2010/06/06 13:35:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/06/06 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/06/06 13:33:24 | 000,000,000 | ---D | C] -- C:\f09bdc3d600355b379
[2010/05/25 21:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010/05/24 18:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\KodakGallery
[2010/05/24 18:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/23 18:09:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/23 17:54:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/23 17:54:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 17:53:58 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 17:27:34 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/23 17:27:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/23 17:23:55 | 061,357,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/23 01:03:24 | 003,236,224 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/06/21 22:43:41 | 000,049,152 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010/06/21 22:43:09 | 000,000,866 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/21 22:43:01 | 000,008,178 | ---- | M] () -- C:\WINDOWS\extend.dat
[2010/06/21 15:21:43 | 000,002,736 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/06/19 12:24:47 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/19 12:24:45 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/19 10:37:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/19 10:37:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/19 10:37:40 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/18 12:23:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/18 12:22:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/18 11:49:41 | 000,000,157 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\.~lock.yeni serverler ay lar.doc#
[2010/06/18 07:35:43 | 000,120,872 | ---- | M] () -- C:\WINDOWS\System32\MSForms.TWD
[2010/06/16 01:11:03 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/06/16 00:15:32 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/06/14 15:33:03 | 000,000,140 | ---- | M] () -- C:\WINDOWS\SwLoader_OCTAGON_German-DE_Ver_1.012.INI
[2010/06/09 17:34:22 | 000,015,348 | ---- | M] () -- C:\WINDOWS\Administrator.acl
[2010/06/09 17:08:57 | 000,593,920 | -H-- | M] () -- C:\ffastun0.ffx
[2010/06/09 17:08:57 | 000,106,496 | -H-- | M] () -- C:\ffastun.ffl
[2010/06/09 17:08:57 | 000,053,248 | -H-- | M] () -- C:\ffastun.ffo
[2010/06/09 17:08:57 | 000,004,917 | -H-- | M] () -- C:\ffastun.ffa
[2010/06/09 17:07:28 | 000,005,691 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/09 17:07:20 | 000,000,022 | ---- | M] () -- C:\WINDOWS\exchng.ini
[2010/06/09 17:07:18 | 000,004,348 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/09 17:07:18 | 000,000,634 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/09 17:07:13 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\system.mdw
[2010/06/06 13:37:10 | 000,024,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/06 13:36:49 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/02 13:45:50 | 000,000,573 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/05/24 19:36:15 | 001,884,160 | R--- | M] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mbb
[2010/05/24 19:36:15 | 001,063,936 | R--- | M] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mb
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/22 23:16:02 | 502,845,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/21 23:49:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/06/21 22:43:01 | 000,008,178 | ---- | C] () -- C:\WINDOWS\extend.dat
[2010/06/21 15:21:43 | 000,002,736 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/06/19 19:19:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/19 10:37:40 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/19 10:37:31 | 061,357,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/18 12:23:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/18 12:22:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/18 11:49:41 | 000,000,157 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\.~lock.yeni serverler ay lar.doc#
[2010/06/18 07:35:43 | 000,120,872 | ---- | C] () -- C:\WINDOWS\System32\MSForms.TWD
[2010/06/16 00:15:32 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/06/16 00:14:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/06/14 15:33:03 | 000,000,140 | ---- | C] () -- C:\WINDOWS\SwLoader_OCTAGON_German-DE_Ver_1.012.INI
[2010/06/10 14:49:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\outlook.pst
[2010/06/09 17:34:22 | 000,015,348 | ---- | C] () -- C:\WINDOWS\Administrator.acl
[2010/06/09 17:08:57 | 000,593,920 | -H-- | C] () -- C:\ffastun0.ffx
[2010/06/09 17:08:57 | 000,053,248 | -H-- | C] () -- C:\ffastun.ffo
[2010/06/09 17:08:57 | 000,004,917 | -H-- | C] () -- C:\ffastun.ffa
[2010/06/09 17:07:41 | 000,106,496 | -H-- | C] () -- C:\ffastun.ffl
[2010/06/09 17:07:20 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2010/06/09 17:07:18 | 000,005,691 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/09 17:07:17 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/09 17:07:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\system.mdw
[2010/06/02 13:45:50 | 000,000,573 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/05/24 18:18:53 | 001,884,160 | R--- | C] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mbb
[2010/05/24 18:18:53 | 001,063,936 | R--- | C] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mb
[2010/05/07 10:17:28 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2010/04/30 19:38:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/04/30 16:54:16 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/30 16:48:44 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2008/05/05 11:48:48 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/03/25 13:05:24 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lang-1055.dll
[1996/12/14 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL
[1996/12/14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/12/14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
ist aber schon viel

 

Themen zu Versteckte Viren, aber wo?
administrator, adobe, avg, avg free, avg security toolbar, bho, brauche hilfe, canon, explorer, firefox, hijack, hkus\s-1-5-18, hängt, icq, internet, internet explorer, micro, microsoft, mozilla, pdfforge toolbar, plug-in, rundll, rundll32, security, software, sp3, spigot, superantispyware, surfen, system, versteckte viren, viren, viren or trojanerverdacht, windows, windows xp


« Mein Pc telefoniert von allein mit dem Internet | HiJackThis Log wegen Werbeseiten-Problem »


Ähnliche Themen: Versteckte Viren, aber wo?


  1. Versteckte Datei und verlorene Viren
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (14)
  2. Versteckte Viren/Trojaner?
    Log-Analyse und Auswertung - 20.01.2013 (11)
  3. Problem mit avira zeigt versteckte befallen objekte an aber kann sie nicht finden!
    Log-Analyse und Auswertung - 22.04.2012 (5)
  4. Merkwürdiges Verhalten aber keine Viren
    Log-Analyse und Auswertung - 28.07.2011 (29)
  5. Antivir 10 40 versteckte Objekte aber kein Virus gefunden...
    Antiviren-, Firewall- und andere Schutzprogramme - 12.04.2010 (1)
  6. Viren bekämpfen....aber wie?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2010 (1)
  7. System Security behoben, aber immernoch Viren x/
    Plagegeister aller Art und deren Bekämpfung - 13.07.2009 (3)
  8. Viren problem aber wodurch?
    Plagegeister aller Art und deren Bekämpfung - 14.10.2008 (12)
  9. 2 löschbare versteckte Dateien gefunden, aber Löschen nicht empfohlen!
    Plagegeister aller Art und deren Bekämpfung - 22.07.2008 (2)
  10. Löschbare versteckte Dateien löschbar, aber nicht empfehlenswert?!
    Mülltonne - 22.07.2008 (0)
  11. 9 viren gefunden...aber man kann sie nicht löschen ?!?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2008 (7)
  12. Versteckte Viren noch möglich?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.03.2008 (6)
  13. Avira findet 466 versteckte Dateien, Viren???
    Plagegeister aller Art und deren Bekämpfung - 08.03.2008 (4)
  14. 4 Viren in Dateien, aber System sauber?
    Log-Analyse und Auswertung - 29.01.2008 (16)
  15. Gefundene Viren: 6 - aber keine da ...
    Log-Analyse und Auswertung - 18.01.2008 (4)
  16. Habe Viren, kann sie aber nicht loswerden
    Plagegeister aller Art und deren Bekämpfung - 18.01.2007 (20)
  17. War eine ganze Weile fei von Viren aber jetzt habe ich Viren Bursters !!!
    Log-Analyse und Auswertung - 17.12.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Versteckte Viren, aber wo? - OHL-Logfile part 1 !! Zitat: %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 62.78 Gb Free Space | - Versteckte Viren, aber wo?...
Archiv
Du betrachtest: Versteckte Viren, aber wo? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131