|
Hallo bitte ansehen prbleme nach virus hi leute kann mir da mal einer nachsehen bitte ? also hatte vor kurzem den ukash virus , hab den eigentlich weggebracht was aber kommisch ist wenn ich jetzt meine webcam anmache und dan wieder ausmache kommt normales geräusch wenn mann den usb stecker rauszieht - allerdings kommt 2 min später das gleiche nochmal - wieso auch immer ??? bitte schaut mal nach ob da was verdächtiges ist - danke ! OTL logfile created on: 30.01.2013 11:22:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: **** | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,64% Memory free 4,23 Gb Paging File | 2,60 Gb Available in Paging File | 61,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,85 Gb Total Space | 3,37 Gb Free Space | 11,28% Space Free | Partition Type: NTFS Drive D: | 430,02 Gb Total Space | 106,63 Gb Free Space | 24,80% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Bitdefender\60-Second Virus Scanner\pdscan.exe (Bitdefender) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (pdserv) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe (Bitdefender) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NeroMediaHomeService.4) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (ApfiltrService) -- system32\DRIVERS\Apfiltr.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (pmserenum) -- C:\Windows\System32\drivers\pmserenum.sys (PenMount Touch Solutions) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (ssudcdf) -- C:\Windows\System32\drivers\ssudcdf.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.krone.at/ IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-997643687-2848840096-718249500-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) O1 HOSTS File: ([2012.05.12 13:38:11 | 000,442,787 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15216 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-997643687-2848840096-718249500-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-997643687-2848840096-718249500-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-997643687-2848840096-718249500-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{673F0CBD-0D5F-4BA9-B2ED-345AFEC53814}: DhcpNameServer = 195.34.133.21 212.186.211.21 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 11:13:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.29 13:17:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Nero [2013.01.29 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Nero [2013.01.29 13:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.01.29 13:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2013.01.29 13:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.01.29 13:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2013.01.25 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\dsds [2013.01.25 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\VirtualDJ [2013.01.25 08:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner [2013.01.25 08:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.01.17 06:03:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2013.01.17 06:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.01.17 06:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2013.01.13 13:32:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\GoforFiles [2013.01.13 13:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\GoforFiles [2013.01.13 13:20:07 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\SelfMV [2013.01.13 13:17:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\uzi [2013.01.13 13:17:17 | 000,000,000 | ---D | C] -- C:\Temp [2013.01.13 13:14:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Samsung [2013.01.13 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Samsung [2013.01.13 13:04:27 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys [2013.01.13 13:04:27 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys [2013.01.13 13:04:27 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys [2013.01.13 13:04:27 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys [2013.01.13 13:04:27 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys [2013.01.13 13:04:27 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys [2013.01.13 13:04:27 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys [2013.01.13 13:03:13 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2013.01.13 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2013.01.13 13:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.01.13 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2013.01.13 13:00:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations [2013.01.13 12:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation [2013.01.09 17:20:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.09 17:20:10 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.05 18:09:57 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2013.01.05 18:09:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.30 11:13:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.30 10:40:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2013.01.30 10:15:07 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 10:15:07 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 08:21:34 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.30 08:21:34 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.30 08:21:34 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.30 08:21:34 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.30 08:15:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.29 19:53:17 | 000,106,496 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.29 16:12:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.01.29 13:11:50 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2013.01.29 07:16:20 | 095,023,320 | ---- | M] () -- C:\ProgramData\5473763.pad [2013.01.29 07:15:58 | 000,002,705 | ---- | M] () -- C:\ProgramData\5473763.js [2013.01.26 10:16:56 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.26 10:15:15 | 095,023,320 | ---- | M] () -- C:\ProgramData\8757782.pad [2013.01.26 10:13:25 | 000,002,705 | ---- | M] () -- C:\ProgramData\8757782.js [2013.01.25 08:37:40 | 000,045,703 | ---- | M] () -- C:\ProgramData\1359098717.bdinstall.bin [2013.01.17 06:03:44 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.01.12 06:42:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.12 06:42:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.29 13:11:50 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2013.01.29 07:15:58 | 000,002,705 | ---- | C] () -- C:\ProgramData\5473763.js [2013.01.29 07:15:56 | 095,023,320 | ---- | C] () -- C:\ProgramData\5473763.pad [2013.01.26 10:13:25 | 000,002,705 | ---- | C] () -- C:\ProgramData\8757782.js [2013.01.26 10:13:20 | 095,023,320 | ---- | C] () -- C:\ProgramData\8757782.pad [2013.01.25 08:37:40 | 000,045,703 | ---- | C] () -- C:\ProgramData\1359098717.bdinstall.bin [2013.01.17 06:03:44 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.01.17 06:03:44 | 000,001,684 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.12.16 07:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2012.12.13 19:39:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.11.17 16:00:55 | 000,228,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.06 07:41:15 | 000,001,453 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml [2012.07.17 18:25:58 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2012.07.11 13:42:08 | 000,000,051 | ---- | C] () -- C:\ProgramData\ppkdgofdhqurvro [2012.04.16 10:16:03 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2012.04.13 17:28:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.13 17:28:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.04.13 17:08:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.04.13 11:40:00 | 000,106,496 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.30 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ashampoo [2013.01.17 06:03:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.09.04 08:48:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon [2012.12.15 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2013.01.13 13:32:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GoforFiles [2012.04.16 10:16:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2012.12.15 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy [2013.01.13 13:14:45 | 000,000,000 | ---D | M] -- C:\Users`****\AppData\Roaming\Samsung [2012.11.01 09:09:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subtitle Edit ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 556 bytes -> C:\Users\****\Documents\gzfhgf.eml:OECustomProperty < End of report > |
Hallo und :hallo: Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
hallo , ne leider nicht mehr - den malwarebytes hatte was gefunden und das hatte ich nach quarantäne gelöscht ! sorry |
Ja die Sachen in der Q aber doch nicht das Log! :nono: |
doch den das trat ja schon vor paar tagen auf , doch jetzt merk ich abunzu probleme , wollte eigentlich wissen ob da was verdächtig vorkommt ? |
Und wie soll ich jetzt irgendwie Rückschlüsse daraus ziehen, du hast ja jede Information (also die Logs mit Funden) vernichtet :stirn: Oder weiß du noch in tewa was gefunden wurde? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:25 Uhr. |
Copyright ©2000-2024, Trojaner-Board