Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.09.2009, 14:41   #1
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Icon32

Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Hallo,

Ich mache gerade ein Praktikum in Russland und arbeite an den Rechnern meiner Gastfamilie (falls ihr euch wundert, dass einige Ausgaben in kyrillisch sind). Bevor ich jedoch diesen PC ordentlich bedienen konnte (und wollte) musste ich erst einige Dinge fixen: Es waren weder eine aktuelle Windows-Version noch ein aktuelles Antiviren-Programm auf dem Rechner installiert (der Norton-AV war vom 4. April!), sodass ein Schadbefall groesseren Ausmasses vorprogrammiert war.

Ich bin nun folgendermassen vorgegangen:

1) Download des aktuellen Avira Antivir und Malwarebytes’ Anti-Malware
2) Internetverbindung getrennt
3) Mbam drueberlaufen lassen (Kurz- und Langfassung) -> 84 Schaedlinge entdeckt und nach Neustart entfernt (Logs poste ich hier jetzt mal nicht, da es sonst zuviel wird, aber ich kann sie auf Anfrage gerne posten)
4) Norton deinstalliert (ueber Systemsteuerung -> nicht restlos entfernt, da noch Eset-Ordner und –Dateien vorhanden, aber der On-Access-Guard ist weg, sodass ich Avira installieren konnte)
5) Avira installiert -> nach Gesamtcheck 278 Schadprogramme gefunden (Trojaner, Viren, Wuermer, Spyware, Adware, die ganze Palette), und diese in Quarantaene verschoben und spaeter entfernt. Log ist leider zu lang zum posten, bei Bedarf teile ich ihn in kleine Haechen auf und poste ihn
Danach habe ich das Internet wieder angeschlossen, Mbam und Avira geupdatet und im abgesicherten Modus drueberlaufen lassen, keine Funde mehr J ; Log hier:
Code:
ATTFilter
  

Avira AntiVir Personal
Report file date: 25 августа 2009 г.  07:40

Scanning for 1656284 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 2)  [5.1.2600]
Boot mode       : Save mode
Username        : Администратор
Computer name   : ***

Version information:
BUILD.DAT       : 9.0.0.407     17961 Bytes  29.07.2009 10:34:00
AVSCAN.EXE      : 9.0.3.7      466689 Bytes  21.07.2009 08:36:14
AVSCAN.DLL      : 9.0.3.0       40705 Bytes  27.02.2009 05:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes  20.02.2009 06:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes  27.02.2009 05:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  27.10.2008 07:30:36
ANTIVIR1.VDF    : 7.1.4.132   5707264 Bytes  24.06.2009 04:21:42
ANTIVIR2.VDF    : 7.1.5.146   3087360 Bytes  21.08.2009 04:03:22
ANTIVIR3.VDF    : 7.1.5.155     72192 Bytes  24.08.2009 16:32:29
Engineversion   : 8.2.1.3  
AEVDF.DLL       : 8.1.1.1      106868 Bytes  28.07.2009 08:31:50
AESCRIPT.DLL    : 8.1.2.25     459130 Bytes  24.08.2009 04:03:32
AESCN.DLL       : 8.1.2.4      127348 Bytes  23.07.2009 04:59:39
AERDL.DLL       : 8.1.2.4      430452 Bytes  23.07.2009 04:59:39
AEPACK.DLL      : 8.1.3.18     401783 Bytes  28.07.2009 08:31:50
AEOFFICE.DLL    : 8.1.0.38     196987 Bytes  23.07.2009 04:59:39
AEHEUR.DLL      : 8.1.0.155   1921400 Bytes  24.08.2009 04:03:31
AEHELP.DLL      : 8.1.6.0      233846 Bytes  24.08.2009 04:03:25
AEGEN.DLL       : 8.1.1.57     356725 Bytes  24.08.2009 04:03:24
AEEMU.DLL       : 8.1.0.9      393588 Bytes  09.10.2008 09:32:40
AECORE.DLL      : 8.1.7.6      184694 Bytes  23.07.2009 04:59:39
AEBB.DLL        : 8.1.0.3       53618 Bytes  09.10.2008 09:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12.12.2008 03:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes  05.12.2008 05:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes  20.01.2009 09:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes  05.12.2008 05:32:09
AVARKT.DLL      : 9.0.0.3      292609 Bytes  24.03.2009 10:05:41
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes  30.01.2009 05:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes  28.01.2009 10:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes  02.02.2009 03:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes  05.12.2008 05:32:10
RCIMAGE.DLL     : 9.0.0.25    2438913 Bytes  15.05.2009 10:39:58
RCTEXT.DLL      : 9.0.37.0      86785 Bytes  17.04.2009 05:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: 25 августа 2009 г.  07:40

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '43' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
Begin scan in 'D:\' <Work>
D:\RealPlayer10-5GOLD_bb.exe
    [WARNING]   The file could not be opened!
D:\Distrib\Arc\WinAce\wace211.exe
  [0] Archive type: ACE SFX (self extracting)
    --> winace.cnt
      [WARNING]   Out of memory! The virus or unwanted program was not deleted!
    --> winace_enu.cnt
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
    [WARNING]   No further files can be extracted from this archive. The archive will be closed
D:\WUTemp\Мои Документы\Ira_photo\Свадьбы\Пашина свадьба\венчание .jpeg
  [0] Archive type: MacBinary
    --> pasha3.rsrc
      [WARNING]   The file could not be read!
    [WARNING]   The file could not be read!


End of the scan: 25 августа 2009 г.  11:26
Used time:  3:46:05 Hour(s)

The scan has been done completely.

   6810 Scanned directories
 408391 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      2 Files cannot be scanned
 408389 Files not concerned
  13455 Archives were scanned
      7 Warnings
      1 Notes
         
Soweit war ich ganz zufrieden, der PC war wieder wesentlich schneller und alle verdaechtigen Prozesse sind aus dem Taskmanager verschwunden. Natuerlich konnte ich mir nicht sicher sein, da bei einer so starken Verseuchung eine Neuinstallation eigentlich vonnoeten waere. Auch ein Windows-Update habe ich bis heute noch nicht ausgefuehrt, da meine Gastgeberin das eher ablehnt.

Alt 01.09.2009, 14:45   #2
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Icon32

Teil 2 - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



So weit, so gut. Aber dann, 5 Tage spaeter, meldet Avira wieder einige Funde, und nach einem weiteren Suchlauf meldet es wieder 85 Schaedlinge, welche sich alle in den „System Volume Information“ Ordnern der Laufwerke befinden (die gleichenSchaedlinge, die ich 5 Tage vorher schon in Quarantaene geschoben habe). Log hier:
Code:
ATTFilter
 

Avira AntiVir Personal
Report file date: 30 августа 2009 г.  00:27

Scanning for 1668725 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 2)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : ***

Version information:
BUILD.DAT       : 9.0.0.407     17961 Bytes  29.07.2009 10:34:00
AVSCAN.EXE      : 9.0.3.7      466689 Bytes  21.07.2009 08:36:14
AVSCAN.DLL      : 9.0.3.0       40705 Bytes  27.02.2009 05:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes  20.02.2009 06:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes  27.02.2009 05:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  27.10.2008 07:30:36
ANTIVIR1.VDF    : 7.1.4.132   5707264 Bytes  24.06.2009 04:21:42
ANTIVIR2.VDF    : 7.1.5.146   3087360 Bytes  21.08.2009 04:03:22
ANTIVIR3.VDF    : 7.1.5.179    236544 Bytes  28.08.2009 07:28:17
Engineversion   : 8.2.1.7  
AEVDF.DLL       : 8.1.1.1      106868 Bytes  28.07.2009 08:31:50
AESCRIPT.DLL    : 8.1.2.26     463227 Bytes  26.08.2009 14:36:20
AESCN.DLL       : 8.1.2.4      127348 Bytes  23.07.2009 04:59:39
AERDL.DLL       : 8.1.2.4      430452 Bytes  23.07.2009 04:59:39
AEPACK.DLL      : 8.1.3.18     401783 Bytes  28.07.2009 08:31:50
AEOFFICE.DLL    : 8.1.0.38     196987 Bytes  23.07.2009 04:59:39
AEHEUR.DLL      : 8.1.0.155   1921400 Bytes  24.08.2009 04:03:31
AEHELP.DLL      : 8.1.6.0      233846 Bytes  24.08.2009 04:03:25
AEGEN.DLL       : 8.1.1.59     356725 Bytes  26.08.2009 14:36:18
AEEMU.DLL       : 8.1.0.9      393588 Bytes  09.10.2008 09:32:40
AECORE.DLL      : 8.1.7.6      184694 Bytes  23.07.2009 04:59:39
AEBB.DLL        : 8.1.0.3       53618 Bytes  09.10.2008 09:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12.12.2008 03:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes  05.12.2008 05:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes  20.01.2009 09:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes  05.12.2008 05:32:09
AVARKT.DLL      : 9.0.0.3      292609 Bytes  24.03.2009 10:05:41
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes  30.01.2009 05:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes  28.01.2009 10:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes  02.02.2009 03:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes  05.12.2008 05:32:10
RCIMAGE.DLL     : 9.0.0.25    2438913 Bytes  15.05.2009 10:39:58
RCTEXT.DLL      : 9.0.37.0      86785 Bytes  17.04.2009 05:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: 30 августа 2009 г.  00:27

Starting search for hidden objects.
'32302' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
Scan process 'CTDevSrv.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SoftAuto.exe' - '1' Module(s) have been scanned
Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '43' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056129.exe
    [DETECTION] Is the TR/PSW.Magania.bcum Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056130.exe
    [DETECTION] Is the TR/PSW.Magania.bdkg Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056131.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056133.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056134.exe
    [DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056135.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056136.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056137.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056139.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056140.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056141.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056142.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056143.exe
    [DETECTION] Is the TR/PSW.Magania.bshm Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056144.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056145.exe
    [DETECTION] Is the TR/PSW.Magania.bagb Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056146.cmd
    [DETECTION] Is the TR/Drop.Agent.ahdz Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056147.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056149.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056150.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056152.bat
    [DETECTION] Is the TR/PSW.Magania.bami Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056153.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056154.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056155.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056156.bat
    [DETECTION] Is the TR/PSW.Gamania.HWE Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056157.bat
    [DETECTION] Is the TR/PSW.Magania.beea Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056158.com
    [DETECTION] Is the TR/PSW.Agent.108517 Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056159.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056160.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056161.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056162.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056163.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056165.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056166.exe
    [DETECTION] Is the TR/PSW.Magania.bdbx Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056167.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056168.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056169.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'D:\' <Work>
D:\RealPlayer10-5GOLD_bb.exe
    [WARNING]   The file could not be opened!
D:\Distrib\Arc\WinAce\wace211.exe
  [0] Archive type: ACE SFX (self extracting)
    --> winace.cnt
      [WARNING]   Out of memory! The virus or unwanted program was not deleted!
    --> winace_enu.cnt
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
    [WARNING]   No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056170.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056171.exe
    [DETECTION] Is the TR/PSW.Magania.bcum Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056172.exe
    [DETECTION] Is the TR/PSW.Magania.bdkg Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056173.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056175.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056176.exe
    [DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056177.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056178.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056179.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056181.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056182.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056183.com
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056184.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056185.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056186.exe
    [DETECTION] Is the TR/PSW.Magania.bshm Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056187.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056188.exe
    [DETECTION] Is the TR/PSW.Magania.bagb Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056189.exe
    [DETECTION] Is the TR/PSW.Magania.bamj Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056190.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056191.cmd
    [DETECTION] Is the TR/Drop.Agent.ahdz Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056192.exe
    [DETECTION] Is the TR/PSW.Magania.amjz Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056193.com
    [DETECTION] Is the TR/PSW.Magania.bgho Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056194.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056196.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056197.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056199.bat
    [DETECTION] Is the TR/PSW.Magania.bami Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056200.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056201.exe
    [DETECTION] Is the TR/PSW.Magania.azuj Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056202.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056203.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056204.cmd
    [DETECTION] Is the TR/Drop.Agent.ahdz Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056205.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056206.bat
    [DETECTION] Is the TR/PSW.Gamania.HWE Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056207.bat
    [DETECTION] Is the TR/PSW.Magania.beea Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056208.cmd
    [DETECTION] Is the TR/PSW.Magania.azlm Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056209.com
    [DETECTION] Is the TR/PSW.Agent.108517 Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056210.exe
    [DETECTION] Is the TR/PSW.Magania.bchv Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056211.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056212.bat
    [DETECTION] Is the TR/PSW.Magania.bcop Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056213.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056214.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056215.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056216.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056217.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056219.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056220.exe
    [DETECTION] Is the TR/PSW.Magania.bdbx Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056221.exe
    [DETECTION] Contains recognition pattern of the DR/Sniffer.Q dropper
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056222.exe
    [DETECTION] Is the TR/Gendal.86833 Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056223.exe
    [DETECTION] Contains recognition pattern of the WORM/SdBot.420352 worm
D:\WUTemp\Мои Документы\Ira_photo\Свадьбы\Пашина свадьба\венчание .jpeg
  [0] Archive type: MacBinary
    --> pasha3.rsrc
      [WARNING]   The file could not be read!
    [WARNING]   The file could not be read!
         
__________________


Alt 01.09.2009, 14:48   #3
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Icon32

Teil 3 - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Hier der 2. Teil des Avira Logfiles (die Beschraenkung auf 25000 Zeichen zwingt mich leider zu dieser umstaendlichen Posting-Methode, ich hoffe, das ist ok):

Code:
ATTFilter
Beginning disinfection:
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056129.exe
    [DETECTION] Is the TR/PSW.Magania.bcum Trojan
    [NOTE]      The file was moved to '4aca22dd.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056130.exe
    [DETECTION] Is the TR/PSW.Magania.bdkg Trojan
    [NOTE]      The file was moved to '4bad862e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056131.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4bbf42d6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056133.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4bb255be.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056134.exe
    [DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
    [NOTE]      The file was moved to '4bb35df6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056135.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4bbc450e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056136.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4bbe7a9e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056137.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4bb86a6e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056139.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49f16c86.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056140.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49f674fe.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056141.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49f77f36.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056142.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49f4476e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056143.exe
    [DETECTION] Is the TR/PSW.Magania.bshm Trojan
    [NOTE]      The file was moved to '49f54fa6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056144.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '498a579e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056145.exe
    [DETECTION] Is the TR/PSW.Magania.bagb Trojan
    [NOTE]      The file was moved to '498b5fd6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056146.cmd
    [DETECTION] Is the TR/Drop.Agent.ahdz Trojan
    [NOTE]      The file was moved to '4988a60e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056147.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4989ae46.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056149.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '498eb6be.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056150.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4aca22de.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056152.bat
    [DETECTION] Is the TR/PSW.Magania.bami Trojan
    [NOTE]      The file was moved to '498c812f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056153.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '498d8967.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056154.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4982915f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056155.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49839997.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056156.bat
    [DETECTION] Is the TR/PSW.Gamania.HWE Trojan
    [NOTE]      The file was moved to '4980e1cf.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056157.bat
    [DETECTION] Is the TR/PSW.Magania.beea Trojan
    [NOTE]      The file was moved to '4981e807.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056158.com
    [DETECTION] Is the TR/PSW.Agent.108517 Trojan
    [NOTE]      The file was moved to '4986f07f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056159.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4987f8b7.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056160.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4984c0ef.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056161.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4985cb27.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056162.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '499ad31f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056163.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '499bdb57.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056165.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4999238f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056166.exe
    [DETECTION] Is the TR/PSW.Magania.bdbx Trojan
    [NOTE]      The file was moved to '499e2bc7.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056167.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '499f323f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056168.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '499c3a77.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056169.dll
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '499d02af.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056170.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49947437.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056171.exe
    [DETECTION] Is the TR/PSW.Magania.bcum Trojan
    [NOTE]      The file was moved to '49911d4f.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056172.exe
    [DETECTION] Is the TR/PSW.Magania.bdkg Trojan
    [NOTE]      The file was moved to '49966587.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056173.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '499312df.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056175.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49957c6f.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056176.exe
    [DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
    [NOTE]      The file was moved to '49920ae7.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056177.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4aca22df.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056178.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49aa4498.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056179.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49a84ca8.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056181.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49a954f0.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056182.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49ae5f38.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056183.com
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4dfa64a0.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056184.cmd
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4dfb6ce8.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056185.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4df87730.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056186.exe
    [DETECTION] Is the TR/PSW.Magania.bshm Trojan
    [NOTE]      The file was moved to '4df97f78.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056187.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4dfe4780.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056188.exe
    [DETECTION] Is the TR/PSW.Magania.bagb Trojan
    [NOTE]      The file was moved to '4dff4fc8.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056189.exe
    [DETECTION] Is the TR/PSW.Magania.bamj Trojan
    [NOTE]      The file was moved to '4dfc5610.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056190.com
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4dfd5e58.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056191.cmd
    [DETECTION] Is the TR/Drop.Agent.ahdz Trojan
    [NOTE]      The file was moved to '4aca22e0.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056192.exe
    [DETECTION] Is the TR/PSW.Magania.amjz Trojan
    [NOTE]      The file was moved to '4df3aea9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056193.com
    [DETECTION] Is the TR/PSW.Magania.bgho Trojan
    [NOTE]      The file was moved to '4df0b6f1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056194.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4df1b939.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056196.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4df68141.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056197.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4df78989.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056199.bat
    [DETECTION] Is the TR/PSW.Magania.bami Trojan
    [NOTE]      The file was moved to '4df491d1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056200.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4df59819.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056201.exe
    [DETECTION] Is the TR/PSW.Magania.azuj Trojan
    [NOTE]      The file was moved to '4d8ae191.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056202.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4d8be9d9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056203.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4d88f1e1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056204.cmd
    [DETECTION] Is the TR/Drop.Agent.ahdz Trojan
    [NOTE]      The file was moved to '4d89f829.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056205.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4d8ec071.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056206.bat
    [DETECTION] Is the TR/PSW.Gamania.HWE Trojan
    [NOTE]      The file was moved to '4d8fc8b9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056207.bat
    [DETECTION] Is the TR/PSW.Magania.beea Trojan
    [NOTE]      The file was moved to '4dec6759.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056208.cmd
    [DETECTION] Is the TR/PSW.Magania.azlm Trojan
    [NOTE]      The file was moved to '492067c1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056209.com
    [DETECTION] Is the TR/PSW.Agent.108517 Trojan
    [NOTE]      The file was moved to '49216e09.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056210.exe
    [DETECTION] Is the TR/PSW.Magania.bchv Trojan
    [NOTE]      The file was moved to '49295ec1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056211.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '492ea109.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056212.bat
    [DETECTION] Is the TR/PSW.Magania.bcop Trojan
    [NOTE]      The file was moved to '49afaca1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056213.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49acb4e9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056214.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49adbf31.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056215.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49a28779.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056216.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49a38f81.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056217.bat
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49a097c9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056219.cmd
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '49a19e11.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056220.exe
    [DETECTION] Is the TR/PSW.Magania.bdbx Trojan
    [NOTE]      The file was moved to '49a6e659.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056221.exe
    [DETECTION] Contains recognition pattern of the DR/Sniffer.Q dropper
    [NOTE]      The file was moved to '49a7ee61.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056222.exe
    [DETECTION] Is the TR/Gendal.86833 Trojan
    [NOTE]      The file was moved to '4aca22e1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056223.exe
    [DETECTION] Contains recognition pattern of the WORM/SdBot.420352 worm
    [NOTE]      The file was moved to '49a5fef2.qua'!


End of the scan: 30 августа 2009 г.  12:56
Used time: 59:57 Minute(s)

The scan has been done completely.

   6914 Scanned directories
 388671 Files were scanned
     85 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
     85 Files were moved to quarantine
      0 Files were renamed
      3 Files cannot be scanned
 388583 Files not concerned
  13437 Archives were scanned
      8 Warnings
     87 Notes
  32302 Objects were scanned with rootkit scan
      0 Hidden objects were found
         
Danach habe ich dann fleissig Threads gelesen und habe daraufhin die Systemwiederherstellung deaktiviert, neugestartet und diese wieder aktiviert. Jetzt frage ich mich nur, ob dies das Problem loest, oder ob es doch etwas tiefer im System hakt (Rootkit, Backdoor, etc.), da ich diesen Rechner zumindest fuer die naechsten Wochen benutzen muss (inkl. Mail-Programme etc., und die Passwoerter wuerde ich ungern ausspioniert sehen).
__________________

Alt 01.09.2009, 14:50   #4
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Icon32

Teil 4 - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Deshalb habe ich alle Schritte fuer’s posten (Ccleaner, Mbam meldet keine Funde und RSIT) erfuellt und hoffe nun auf eure Hilfe, da ich mit meinem „Rechner-von-Schadrogrammen-befreien“-Latein am Ende bin und mich mit HiJack This - Reporten nicht wirklich gut auskenne (m.E. sind einige merkwuerdige Prozesse im Log- bzw. Infofile, aber sicher bin ich mir nicht).

Vielen Dank fuer eure Hilfe im Voraus! Wenn ihr noch irgendetwas braucht, dann meldet euch!

Infofile RSIT/HiJack This:
Code:
ATTFilter
 info.txt logfile of random's system information tool 1.06 2009-09-01 15:14:27

======Uninstall list======

-->"C:\Documents and Settings\All Users\Application Data\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70000000000}
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Back2Life-->C:\Program Files\Total Commander XP\Utils\Back2Life\Back2Life.exe /uninstall
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9  /remove
Creative Centrale-->"C:\Documents and Settings\All Users\Application Data\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Creative Centrale-->C:\Documents and Settings\All Users\Application Data\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe
Creative Software Update-->C:\Documents and Settings\All Users\Application Data\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe
Creative ZEN X-Fi User's Guide-->"C:\Program Files\Creative\Creative ZEN X-Fi\UGRemove.exe" /Product_Name:ZENX-FI
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\HiJack This\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
K-Lite Mega Codec Pack 1.47-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 8 Micro v8.3.2.1-->"C:\Program Files\Nero\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B7757137-0A71-4A9F-8A82-1AE4A1B73420}
Nokia PC Suite-->MsiExec.exe /I{FF059F2A-62A7-4E6A-B305-559591D2769E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Total Commander 6.53 eXtended Pack-->"C:\Program Files\Total Commander XP\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Архиватор WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ДубльГИС Новосибирск-->"C:\Program Files\2gis\Nsk\unins000.exe"
Исправление для Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Исправление для Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Исправление для Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Исправление для проигрывателя Windows Media 11 - (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows XP - (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media - (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 11 - (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 11 - (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 6.4 - (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 9 - (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Обновление для Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Обновление для Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Обновление для Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Обновление для Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Обновление для Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Обновление для Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Обновление для Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Обновление для Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Обновление для Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Обновление для Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Обновление для Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Обновление для Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Обновление для Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Обновление для Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Обновление для Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Обновление для Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Пакет исправлений для Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Пакет исправлений для Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Проигрыватель Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Расширенный выпуск Microsoft Office 2000-->MsiExec.exe /I{00000419-78E1-11D2-B60F-006097C998E7}

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.

Record Number: 19141
Source Name: Disk
Time Written: 20090823214139.000000+360
Event Type: ошибка
User: 

Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.

Record Number: 19140
Source Name: Disk
Time Written: 20090823214138.000000+360
Event Type: ошибка
User: 

Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.

Record Number: 19139
Source Name: Disk
Time Written: 20090823214137.000000+360
Event Type: ошибка
User: 

Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.

Record Number: 19138
Source Name: Disk
Time Written: 20090823214135.000000+360
Event Type: ошибка
User: 

Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.

Record Number: 19137
Source Name: Disk
Time Written: 20090823214134.000000+360
Event Type: ошибка
User: 

=====Application event log=====

Computer Name: ***
Event Code: 1517
Message: Реестр пользователя ***\*** был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться. 


Возможная причина - службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

Record Number: 1281
Source Name: Userenv
Time Written: 20081216025204.000000+360
Event Type: предупреждение
User: NT AUTHORITY\SYSTEM

Computer Name: ***
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 1280
Source Name: SecurityCenter
Time Written: 20081215211127.000000+360
Event Type: информация
User: 

Computer Name: ***
Event Code: 1517
Message: Реестр пользователя ***\*** был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться. 


Возможная причина - службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

Record Number: 1279
Source Name: Userenv
Time Written: 20081215011737.000000+360
Event Type: предупреждение
User: NT AUTHORITY\SYSTEM

Computer Name: ***
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 1278
Source Name: SecurityCenter
Time Written: 20081214020451.000000+360
Event Type: информация
User: 

Computer Name: ***
Event Code: 1517
Message: Реестр пользователя ***\*** был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться. 


Возможная причина - службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

Record Number: 1277
Source Name: Userenv
Time Written: 20081213014850.000000+360
Event Type: предупреждение
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
         

Alt 01.09.2009, 14:51   #5
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Icon32

letzter Teil - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Logfile RSIT/HiJack This:
Code:
ATTFilter
 Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2009-09-01 15:14:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (29%) free of 10 GB
Total RAM: 511 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:25, on 01.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\***\Рабочий стол\RSIT.exe
C:\Program Files\HiJack This\***.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - h**p://vkontakte.ru/uploader/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7359 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-08-03 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [2007-06-29 286720]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2005-11-30 1306624]
"SoftAuto.exe"=C:\Program Files\Creative\Software Update 3\SoftAuto.exe [2008-05-28 401408]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-11 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\itunes\iTunesHelper.exe [2007-09-26 267064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2005-12-13 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2005-10-27 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2005-03-03 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\StrongDC\StrongDC.exe"="C:\Program Files\StrongDC\StrongDC.exe:*:Enabled:StrongDC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\StrongDC\StrongDC.exe"="D:\StrongDC\StrongDC.exe:*:Enabled:StrongDC++"
"D:\itunes\iTunes.exe"="D:\itunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33247e06-8af5-11de-a4df-000c6e8b6f7b}]
shell\AutoRun\command - F:\lcw.exe
shell\open\command - F:\lcw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33247e07-8af5-11de-a4df-000c6e8b6f7b}]
shell\AutoRun\command - G:\6fq.com
shell\open\command - G:\6fq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cd72544-25a9-11de-a472-000c6e8b6f7b}]
shell\AutoRun\command - F:\lcw.exe
shell\open\command - F:\lcw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67eef1df-eaf3-11dc-8f91-806d6172696f}]
shell\AutoRun\command - g8k.exe
shell\open\command - g8k.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8847b55c-de56-11dd-a424-000c6e8b6f7b}]
shell\AutoRun\command - F:\uvsqfgwd.cmd
shell\open\command - F:\a81lkgv.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89fa744b-872b-11dd-a3d1-000c6e8b6f7b}]
shell\AutoRun\command - F:\wm93r0.com
shell\explore\command - F:\wm93r0.com
shell\open\command - F:\wm93r0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e6de33-8112-11de-a4cc-000c6e8b6f7b}]
shell\AutoRun\command - F:\toe.cmd
shell\open\command - F:\toe.cmd


======List of files/folders created in the last 1 months======

2009-09-01 15:14:21 ----D---- C:\rsit
2009-09-01 15:07:38 ----D---- C:\Program Files\CCleaner
2009-09-01 14:37:40 ----D---- C:\Program Files\HiJack This
2009-08-24 09:58:52 ----D---- C:\Documents and Settings\***\Application Data\Mozilla
2009-08-24 09:37:03 ----D---- C:\Program Files\Avira
2009-08-24 09:37:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-23 22:21:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 22:20:57 ----D---- C:\Documents and Settings\***\Application Data\Malwarebytes
2009-08-23 22:20:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-23 22:20:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-23 22:19:47 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2009-09-01 15:08:54 ----D---- C:\WINDOWS\Temp
2009-09-01 15:08:54 ----D---- C:\WINDOWS\Minidump
2009-09-01 15:08:54 ----D---- C:\WINDOWS\Debug
2009-09-01 15:08:54 ----D---- C:\WINDOWS
2009-09-01 15:08:49 ----D---- C:\WINDOWS\Prefetch
2009-09-01 15:07:38 ----RD---- C:\Program Files
2009-09-01 14:19:40 ----SHD---- C:\System Volume Information
2009-09-01 14:19:40 ----D---- C:\WINDOWS\system32\Restore
2009-09-01 14:19:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-01 14:18:08 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-08-28 12:51:57 ----D---- C:\Documents and Settings\***\Application Data\Skype
2009-08-28 08:37:45 ----D---- C:\Documents and Settings\***\Application Data\skypePM
2009-08-25 11:30:54 ----SH---- C:\boot.ini
2009-08-25 11:30:54 ----A---- C:\WINDOWS\win.ini
2009-08-25 11:30:54 ----A---- C:\WINDOWS\system.ini
2009-08-25 07:38:34 ----D---- C:\WINDOWS\system32\drivers
2009-08-24 11:25:26 ----D---- C:\WINDOWS\system32
2009-08-24 09:37:15 ----HD---- C:\WINDOWS\inf
2009-08-24 09:35:51 ----SHD---- C:\WINDOWS\Installer
2009-08-24 09:35:49 ----D---- C:\WINDOWS\WinSxS
2009-08-16 15:06:03 ----D---- C:\Program Files\Winamp
2009-08-14 23:34:25 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 12160]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys [2008-03-05 147328]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;USB2 концентратор; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 iztwg;iztwg; \??\C:\WINDOWS\system32\03.tmp []
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-10-13 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-10-13 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-10-13 124928]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2005-10-13 12800]
S3 ojcbx;ojcbx; \??\C:\WINDOWS\system32\01.tmp []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 iPod Service;Сервис iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

-----------------EOF-----------------
         


Alt 01.09.2009, 15:18   #6
Angel21
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Standard

Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Privet,

hallo und guten Tag - Ich würde laut der Funde den PC neuaufsetzen, da ist auch noch viel mehr als nur das was Avira fand.
Avira fand auch ne Menge an Malware, das System war Monate oder gar Jahre nicht richtig gepatcht. Dort sind einige Passwordstealer, einiges an Bots drauf und auch noch sehr wahrscheinlich ein Rootkit oder mehrere.

Also ich würde das System plätten.

Wie willst Du es handhaben (bzw. deine Gastfamilie)?

Nach dem Neuaufsetzen würde ich sofort alle Pass- und Kennwörter abändern / abändern lassen, da Passwordstealer (Passwortstehler).
__________________
--> Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?

Alt 01.09.2009, 15:32   #7
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Ausrufezeichen

Plattmachen...



Oh, danke fuer die schnelle Antwort!!

Hm, das Neuaufsetzen waere auch meine erste Wahl, allerdings sind die Leute hier nicht so begeistert davon...

Das System war wie gesagt gut 4 Monate lang ohne aktuellen Virenschutz, geschweige denn Windows-Updates unterwegs (und natuerlich mit IE gesurft)
Es ist halt bloed, da ich hier auch meine Dokumente, Praesentationen und Tabellen draufhabe, fuer die Arbeit, die ich hier zu erledigen habe, und mich zur Datensicherung auch in Email einloggen muss bzw. meinen USB-Stick anschliessen muss. Und dieser PC ist der einzige Internetzugang und Arbeitsplatz, den ich im Moment habe.

Was mich ausserdem wundert, ist, dass das System sehr stabil und ressourcenschonend laueft (zumindest laut Taskmanager, der evtl. aber auch kompromittiert ist) und auch keine Fehlermeldungen etc. anzeigt.

Meinst du, dass sich die ganzen Schaedlinge so tief ins System eingenistet haben, dass man auf der normalen Oberflaeche und auch im Safeboot nichts mehr davon mitbekommt?
Wie sieht's aus mit speziellen Rootkit-Tools (Blacklight, Avenger, etc.), sollte ich die mal drueberlaufen lassen? Oder ComboFix?
Und welche Eintraege findest du besonders auffaellig bzw. besorgniserregend? (vielleicht lerne ich dann irgendwann auch mal, HiJack This Files richtig zu interpretieren). ;-)
Ich finde z.B. die beiden Prozesse smlogsvc.exe und mnmsrvc.exe merkwuerdig, da ich den Remote-Service von Windows abgeschaltet habe, und diese Prozesse m.E. hier nichts zu suchen haben.

Nochmals vielen Dank fuer deine schnelle Antwort und fuer evtl. weitere Info!

Geändert von malwarefight (01.09.2009 um 16:11 Uhr)

Alt 01.09.2009, 16:09   #8
Angel21
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Standard

Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Zitat:
Zitat von malwarefight Beitrag anzeigen
Oh, danke fuer die schnelle Antwort!!

Hm, das Neuaufsetzen waere auch meine erste Wahl, allerdings sind die Leute hier nicht so begeistert davon...

Das System war wie gesagt gut 4 Monate lang ohne aktuellen Virenschutz, geschweige denn Windows-Updates unterwegs (und natuerlich mit IE gesurft)
Es ist halt bloed, da ich hier auch meine Dokumente, Praesentationen und Tabellen draufhabe, fuer die Arbeit, die ich hier zu erledigen habe, und mich zur Datensicherung auch in Email einloggen muss bzw. meinen USB-Stick anschliessen muss. Und dieser PC ist der einzige Internetzugang und Arbeitsplatz, den ich im Moment habe.

Was mich ausserdem wundert, ist, dass das System sehr stabil und ressourcenschonend laueft (zumindest laut Taskmanager, der evtl. aber auch kompromittiert ist) und auch keine Fehlermeldungen etc. anzeigt.

Meinst du, dass sich die ganzen Schaedlinge so tief ins System eingenistet haben, dass man auf der normalen Oberflaeche und auch im Safeboot nichts mehr davon mitbekommt?
Und welche Eintraege findest du besonders auffaellig bzw. besorgniserregend? (vielleicht lerne ich dann irgendwann auch mal, HiJack This Files richtig zu interpretieren). ;-)

Nochmals vielen Dank fuer deine schnelle Antwort und fuer evtl. weitere Info!
Privetski,

Naja, das ist deren Entscheidung, wenn sie ihr PC nicht Neuaufsetzen wollen, wieso wollen sie ihr PC nicht neuaufsetzen, Gründe?
Ich meine begeistert ist keiner von der Nachricht, aber wieso sind sie nicht begeistert? Die können Problemlos ihr Daten sichern wie Bilder, Lieder & Dokumente.


Immens besorgniserregend finde ich die beiden Treiber/Dienste:
S3 ojcbx;ojcbx; \??\C:\WINDOWS\system32\01.tmp []
S3 iztwg;iztwg; \??\C:\WINDOWS\system32\03.tmp []
google sagt zu beiden nichts. Sind unbekannt somit wohl schädlich.

Ich finde zwar die Anzahl der Malware besorgniserregend, aber WAS gefunden wurde ist weitaus besorgniserregender.

Zitat:
85 Viruses and/or unwanted programs were found
Alleine NUR von Avira o.o

Zudem ist noch Adobe Reader 7.0 nicht gepatcht, aktuell is 9.1
Und die Google Toolbar for Internet Explorer ist nicht zu übersehen

Also meine Tendenz liegt immer noch beim neuaufsetzen.

Poka
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 01.09.2009, 18:00   #9
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Blinzeln

komplizierte Angelegenheit



Jaja, meine Gastgeberin hat ihren Rechner selbst als "Zoo fuer Viren" bezeichnet.
Als ich ihr von den ueber 400 Tierchen erzaehlte (84 in Mbam + 278 in Avira + 85 beim 2. Suchlauf in Avira) und meinte, dass sie einen neuen Rekord aufgestellt hat (zumindest fuer alle bisher von mir bearbeiteten Rechner) entgegnete sie, dass es das letzte mal mehr als 720 (!!!) waren

Diese beiden .tmp Dateien, die du genannt hast, sind mir erst gar nicht aufgefallen, aber mit Sicherheit was Boesartiges (wahrscheinlich nur die Spitze des Eisberges).

Naja, hier zum Problem mit dem Neuaufsetzen: sie finden nicht alle CDs wieder, um die Programme (z.B. Nokia Handy, Office) und um Windows neu zu installieren

Morgen werde ich erst mal eine externe Platte kaufen, sodass ich zumindest die Dateien sichern kann (die ueblichen Multimedien). Dann wuerde ich gerne versuchen, das Ding noch irgendwie zu retten, und sei es mit den radikalsten und verwegensten Mitteln (der Rettungsversuch an sich ist schon verwegen).

Dann natuerlich die von dir genannten Programme fixen (Google Toolbar und Adobe Reader) und Windows updaten (Problem: Windows Genuine Advantage will normalerweise eine Registrierungsnummer, und die ist soweit ich weiss auf der Verpackung der Windows-CD, die nicht mehr auffindbar ist...)

Ich weiss, dass ich hier zuwider des gesunden Menschenverstandes handele, aber ich wuerde wirklich gerne alles versuchen, um den PC wieder auf den richtigen Weg zu bringen ohne Neuinstallation (nach dem Motto "Trial and Error"). Wenn das nicht funktionieren sollte, kann ich als letztes Mittel immer noch neu installieren, wenn ich auch noch nicht genau weiss, wie das hier gehen soll.

Ja, das ist so der aktuelle Stand. Ich danke dir nochmals fuer deinen guten Ratschlag, das System neu aufzusetzen, auch wenn ich ihn vorerst nicht befolgen werde.

Koenntest du mir trotzdem vielleicht ein paar Hinweise liefern, welche Programme (Avenger, Blacklight, Combofix) ich am besten zur Reinigung einsetzen soll?
Und was mir auch noch Kopfzerbrechen bereitet ist die gute Performanz und geringe Auslastung des total verseuchten Computers. Hast du da vielleicht eine Erklaerung?

Spacibo,
Sonja

Alt 01.09.2009, 18:14   #10
Angel21
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Standard

Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Hat der PC keine Recovery Console oder ähnliches? Vllt. hat sie ein Backup/Image?

Ich kann dir nur anraten erstmal alle Daten zu sichern und dann versuchen den PC irgendwie platt zu machen.
Da ist man froh, wenn man ein Image hat, dass man einfach zurückspielen müsste


Avenger und Combofix sind beides sehr mächtige Tools, damit muss man vorsichtig umgehen.

Poste dochmal das Malwarebytes Log, mich würde zudem noch interessieren, was MBAM fand.


Zitat:
Und was mir auch noch Kopfzerbrechen bereitet ist die gute Performanz und geringe Auslastung des total verseuchten Computers. Hast du da vielleicht eine Erklaerung?
Jeder Computer reagiert anders auf Malware, das kann man so nicht pauschalisieren.
Aber ich denke da Avira + MBAM inner super Team arbeit bisher viel erledigten und fanden dürfte der Größte Mist weg sein.

Lass doch nochmal SUPERAntiSpyware laufen und deaktiviere die Systemwiederherstellung.

Zitat:
Spacibo,
Bashalsk
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 01.09.2009, 18:39   #11
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Daumen hoch

Mbam-Logs - Teil 1



Privjet,

hier sind alle Mbam-Logs (nur die infizierten natuerlich):

Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

23.08.2009 22:29:30
mbam-log-2009-08-23 (22-29-26).txt

Scan type: Quick Scan
Objects scanned: 22232
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\03.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\sqccyf.dll (Worm.Conficker) -> No action taken.
C:\1ogf.exe (Spyware.OnlineGames) -> No action taken.
C:\28b6ry9r.exe (Spyware.OnlineGames) -> No action taken.
C:\2a.exe (Spyware.OnlineGames) -> No action taken.
C:\3.cmd (Spyware.OnlineGames) -> No action taken.
C:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
C:\eyt.exe (Spyware.OnlineGames) -> No action taken.
C:\foikf6np.bat (Spyware.OnlineGames) -> No action taken.
C:\fsaht.cmd (Spyware.OnlineGames) -> No action taken.
C:\gbm6n.exe (Spyware.OnlineGames) -> No action taken.
C:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
C:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
C:\i.cmd (Spyware.OnlineGames) -> No action taken.
C:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
C:\j.cmd (Spyware.OnlineGames) -> No action taken.
C:\lc.exe (Spyware.OnlineGames) -> No action taken.
C:\n68mqcra.exe (Trojan.Agent) -> No action taken.
C:\nu.cmd (Spyware.OnlineGames) -> No action taken.
C:\rwj0.cmd (Spyware.OnlineGames) -> No action taken.
C:\sm.exe (Worm.Autorun) -> No action taken.
C:\6phx.com (Spyware.OnlineGames) -> No action taken.
C:\8.exe (Spyware.OnlineGames) -> No action taken.
C:\8r.cmd (Spyware.OnlineGames) -> No action taken.
C:\9max.cmd (Spyware.OnlineGames) -> No action taken.
C:\boyedt.com (Spyware.OnlineGames) -> No action taken.
C:\cqxj.exe (Spyware.OnlineGames) -> No action taken.
C:\d9c.bat (Trojan.Magania) -> No action taken.
C:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
C:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
C:\upw.bat (Spyware.OnlineGames) -> No action taken.
C:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
C:\yhh.bat (Spyware.OnlineGames) -> No action taken.
C:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
C:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

24.08.2009 7:15:37
mbam-log-2009-08-24 (07-15-34).txt

Scan type: Quick Scan
Objects scanned: 109308
Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 71

Memory Processes Infected:
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pytdfse0.dll (Spyware.OnlineGames) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmmsoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kxswsoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54dfsger (Spyware.OnlineGames) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\03.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\sqccyf.dll (Worm.Conficker) -> No action taken.
C:\1ogf.exe (Spyware.OnlineGames) -> No action taken.
C:\28b6ry9r.exe (Spyware.OnlineGames) -> No action taken.
C:\2a.exe (Spyware.OnlineGames) -> No action taken.
C:\3.cmd (Spyware.OnlineGames) -> No action taken.
C:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
C:\eyt.exe (Spyware.OnlineGames) -> No action taken.
C:\foikf6np.bat (Spyware.OnlineGames) -> No action taken.
C:\fsaht.cmd (Spyware.OnlineGames) -> No action taken.
C:\gbm6n.exe (Spyware.OnlineGames) -> No action taken.
C:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
C:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
C:\i.cmd (Spyware.OnlineGames) -> No action taken.
C:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
C:\j.cmd (Spyware.OnlineGames) -> No action taken.
C:\lc.exe (Spyware.OnlineGames) -> No action taken.
C:\n68mqcra.exe (Trojan.Agent) -> No action taken.
C:\nu.cmd (Spyware.OnlineGames) -> No action taken.
C:\rwj0.cmd (Spyware.OnlineGames) -> No action taken.
C:\sm.exe (Worm.Autorun) -> No action taken.
C:\6phx.com (Spyware.OnlineGames) -> No action taken.
C:\8.exe (Spyware.OnlineGames) -> No action taken.
C:\8r.cmd (Spyware.OnlineGames) -> No action taken.
C:\9max.cmd (Spyware.OnlineGames) -> No action taken.
C:\boyedt.com (Spyware.OnlineGames) -> No action taken.
C:\cqxj.exe (Spyware.OnlineGames) -> No action taken.
C:\d9c.bat (Trojan.Magania) -> No action taken.
C:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
C:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
C:\upw.bat (Spyware.OnlineGames) -> No action taken.
C:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
C:\yhh.bat (Spyware.OnlineGames) -> No action taken.
C:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
C:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
C:\u3uvew6.bat (Trojan.Agent) -> No action taken.
C:\n.exe (Trojan.Agent) -> No action taken.
C:\o.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> No action taken.
C:\rvbi.cmd (Trojan.Agent) -> No action taken.
C:\toe.cmd (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Лиза\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ierdfgh.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pytdfse0.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pytdfse1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
C:\hbs.exe (Spyware.OnlineGames) -> No action taken.
C:\g1ljsm.com (Spyware.OnlineGames) -> No action taken.
C:\a81lkgv.com (Spyware.OnlineGames) -> No action taken.
C:\sfwypsy.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\xvassdf.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\4tddfwq0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\xvassdf.exe (Spyware.OnlineGames) -> No action taken.
C:\ju.com (Spyware.OnlineGames) -> No action taken.
C:\0xuc.com (Trojan.Agent) -> No action taken.
C:\fbak.exe (Trojan.Agent) -> No action taken.
C:\w.com (Trojan.Agent) -> No action taken.
C:\q9.cmd (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\e8main0.dll (Worm.Autorun) -> No action taken.
C:\WINDOWS\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds2.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds3.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
         

Geändert von malwarefight (01.09.2009 um 18:50 Uhr)

Alt 01.09.2009, 18:48   #12
Angel21
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Standard

Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Das schockt mich um ehrlich zu sein sehr, wie deine Gastfamilie da noch so "locker & lässig" sein kann, die Funde sind schon ziemlich interessant und krass.

Entferne alles gefundene von MBAM, danach geht es hier entlang zu Gmer, lasse GMER durchlaufen, wie in der Anleitung beschrieben.

Gmer Anleitung: http://www.trojaner-board.de/74908-a...t-scanner.html
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 01.09.2009, 18:48   #13
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Daumen hoch

Mbam-Logs - Teil 2



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

24.08.2009 8:51:37
mbam-log-2009-08-24 (08-51-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 203427
Time elapsed: 1 hour(s), 18 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\1ogf.exe (Spyware.OnlineGames) -> No action taken.
D:\28b6ry9r.exe (Spyware.OnlineGames) -> No action taken.
D:\2a.exe (Spyware.OnlineGames) -> No action taken.
D:\3.cmd (Spyware.OnlineGames) -> No action taken.
D:\6phx.com (Spyware.OnlineGames) -> No action taken.
D:\8.exe (Spyware.OnlineGames) -> No action taken.
D:\8r.cmd (Spyware.OnlineGames) -> No action taken.
D:\9max.cmd (Spyware.OnlineGames) -> No action taken.
D:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
D:\eyt.exe (Spyware.OnlineGames) -> No action taken.
D:\foikf6np.bat (Spyware.OnlineGames) -> No action taken.
D:\fsaht.cmd (Spyware.OnlineGames) -> No action taken.
D:\gbm6n.exe (Spyware.OnlineGames) -> No action taken.
D:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
D:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
D:\i.cmd (Spyware.OnlineGames) -> No action taken.
D:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
D:\d9c.bat (Trojan.Magania) -> No action taken.
D:\sm.exe (Worm.Autorun) -> No action taken.
D:\boyedt.com (Spyware.OnlineGames) -> No action taken.
D:\lc.exe (Spyware.OnlineGames) -> No action taken.
D:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
D:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
D:\upw.bat (Spyware.OnlineGames) -> No action taken.
D:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
D:\rwj0.cmd (Spyware.OnlineGames) -> No action taken.
D:\n68mqcra.exe (Trojan.Agent) -> No action taken.
D:\nu.cmd (Spyware.OnlineGames) -> No action taken.
D:\yhh.bat (Spyware.OnlineGames) -> No action taken.
D:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
D:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
D:\j.cmd (Spyware.OnlineGames) -> No action taken.
D:\cqxj.exe (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
         
Ich habe die Dateien danach natuerlich loeschen lassen (manche erst nach Neustart entfernbar).
Ich habe Mbam und Avira beide im SafeBoot ausgefuehrt, bis keines mehr Schadprogramme gefunden hat (im full scan natuerlich).

Deinen Rat mit SuperAntiSyware und GMER werde ich morgen umsetzen, da es hier schon fast 1 Uhr nacht ist und ich doch etwas muede bin (obwohl ich sehr gerne an diesem Rechner weiter rumwerkeln wuerde).

Ein Image gibt es (ich bin versucht zu sagen: natuerlich) nicht, und die Systemwiederherstellung kann man vergessen, da diese ja genauso verseucht ist (habe gerade heute den neuen Wiederherstellungspunkt gesetzt, aber war offensichtlich eine relativ sinnlose Aktion). Das waere ja auch zu schoen gewesen. Ja, und diese von dir angesprochene Lockerheit war im Satz "der Rechner ist alt und ein bisschen langsam" enthalten, mit der mir der PC vorgestellt wurde, oder auch in "ach ja, ab und zu gehen ein paar komische Fenster auf".... Mir als Sicherheits-Freak stehen da alle Haare zu Berge!! Ich fuehle mich bei der Benutzung eines "unauffaelligen" Windows-Systems schon unwohl genug...

Ich werde mich dann morgen mit neuen Logfiles und einem gesicherten System melden, sodass wir dann weitersehen koennen. Bis dahin erst mal viel Spass mit den Mbam-Logfiles! (wenn du noch mehr willst: ich kann auch gerne das Avira-File mit den 278 Schaedlingen posten ;-) Und wenn dir noch was einfaellt: immer her damit.

Spacibo i spokoinoi notsch!
Sonja

P.S. Linux 4ever!! (for reasons please see above)

Geändert von malwarefight (01.09.2009 um 18:59 Uhr) Grund: aktualisierung

Alt 02.09.2009, 04:32   #14
malwarefight
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Beitrag

SuperSpyware-Log



Guten Morgen,

hier wie erwuenscht der Log von SuperSpyware (nach Anleitung konfiguriert):
Code:
ATTFilter
SUPERAntiSpyware Scan Log
h**p://www.superantispyware.com

Generated 09/02/2009 at 09:45 AM

Application Version : 4.27.1002

Core Rules Database Version : 4081
Trace Rules Database Version: 2021

Scan type       : Complete Scan
Total Scan Time : 01:52:26

Memory items scanned      : 399
Memory threats detected   : 0
Registry items scanned    : 4165
Registry threats detected : 0
File items scanned        : 113523
File threats detected     : 71

Adware.Tracking Cookie
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad12.bannerbank[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@234.media.lbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@120.media.lbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@120.rbcmedia[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@150.media.lbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@150.rbcmedia[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@2o7[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@468.media.lbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@468.rbcmedia[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@accounts[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.100.tbn[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad1.bb[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad3.bannerbank[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.text-ent.tbn[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad4.bannerbank[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.600.tbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad6.bannerbank[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad7.bannerbank[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.bannerbank[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.ent.tbn[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.ir[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@adrevolver[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.rich1.adbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ads.adfox[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ads.maxlab[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ads.us.e-planning[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.tbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@adtech[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.text.tbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.top1.adbn[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.vba[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@advertising[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.yieldmanager[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@atdmt[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@atwola[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@banner.kiev[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@banner.klerk[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@count.rbc[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@counter.credo[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@counter.plugin[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@data2.perf.overture[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@data4.perf.overture[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@doubleclick[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@engine.adnet[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@hotlog[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@media.academ[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@mediaplex[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@mywebsearch[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@overture[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ozon.122.2o7[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@perf.overture[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@questionmarket[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner234.utro[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@revsci[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner468.utro[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner.dni[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner.izvestia[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner.rian[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner100.utro[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@spylog[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@statcounter[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@tns-counter[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@tribalfusion[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@txt.media.lbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@warlog[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.234.media.lbn[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.234.rbcmedia[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.bannerhouse[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.spycounter[2].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@xiti[1].txt
	D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@yadro[2].txt
         
Also laut den herkoemmlichen Mitteln (Avira, Mbam, SuperAntiSyware) ist das System in Ordnung, aber RSIT/HiJackThis erzaehlt uns ja was anderes. Vielleicht koennte ich alle merkwuerdigen Eintraege (v.a. die beiden .tmp's und auch die 4 CMD.EXE-Eintraege, die in einem anderen Thread erfolgreich gefixt wurden) mit HijackThis fixen und dann nochmal das neue Log hier posten? Und vielleicht auch mal ein "aggressiver" Avira-Scan im SafeBoot? Gibt es eigentlich einen Unterschied, ob ich den Safeboot mittels Konsole (msregedit) oder mittels SuperSpyware mache? (nur mal so aus Interesse)

Inzwischen habe ich auch die Google Toolbar und den Adobe Reader entfernt (ersetzt durch Foxit Reader ohne Toolbars).

Was mir noch aufgefallen ist: ich kann im Arbeitsplatz die Festplatte D nicht oeffnen - ich bekomme immer die Meldung, dass es nicht geoeffnet werden kann und ich mir aus der Liste ein Programm aussuchen soll, das ich dann zum oeffnen benutzen kann. Daraus werde ich nicht schlau, da ich das sonst nur von Dateien kenne. Ich kann allerdings auf Dateien von D zugreifen und Ordner ansteuern, halt nur nicht direkt vom Arbeitsplatz aus. Auch im Infolog von RSIT meldet er einen Fehler im Laufwerk D ("Ungültige Block auf dem Gerät" in der Google-Uebersetzung ;-) Irgendwelche Ideen dazu?

Ich werde mich dann wieder melden, sobald ich die Daten gesichert und GMER drueberlaufen gelassen habe. Bin mal gespannt, ob der zur Abwechslung mal was findet...

Bis dann!
Sonja

Geändert von malwarefight (02.09.2009 um 05:17 Uhr)

Alt 02.09.2009, 17:48   #15
Angel21
 
Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Standard

Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?



Zitat:
Ich werde mich dann wieder melden, sobald ich die Daten gesichert und GMER drueberlaufen gelassen habe. Bin mal gespannt, ob der zur Abwechslung mal was findet...
Naja, man wills nicht hoffen, aber ich nehme an, dass er was finden könnte. Aber malen wir mal nicht den Teufel an die Wand und hoffen auf was Gutes xD
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Antwort

Themen zu Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?
.dll, 0 bytes, abgesicherten modus, adware, antiviren-programm, avira, check, csrss.exe, desktop, entfernen, explorer.exe, file, frage, free, keine funde, logon.exe, lsass.exe, moved, neustart, nicht sicher, nt.dll, prozesse, realplayer, services.exe, spyware, svchost.exe, taskmanager, trojaner, virus, warning, windows system, windows-update, winlogon.exe, zu lang




Ähnliche Themen: Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?


  1. Weißer Bildschirm nach trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (11)
  2. GVU -BKA Trojaner nach Systemrückstellung entfernen....
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (30)
  3. gvu trojaner nach systemwiederherstellung entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (2)
  4. GVU Trojaner entfernen (nach Systemwiederherstellung)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (9)
  5. Grafikeinstellungen ueber Nacht veraendert...
    Netzwerk und Hardware - 02.06.2012 (3)
  6. BKA Trojaner, boote ueber CD aber komme nicht weiter
    Log-Analyse und Auswertung - 09.08.2011 (1)
  7. Rundll Fehlermeldung nach Entfernen von Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.08.2009 (2)
  8. Sauberes Log??
    Mülltonne - 15.06.2008 (0)
  9. Was weisst du ueber Google?
    Diskussionsforum - 19.11.2007 (22)
  10. PC langsam, sauberes Logfile?
    Log-Analyse und Auswertung - 11.09.2007 (3)
  11. Gibt es kein sauberes System?
    Log-Analyse und Auswertung - 29.05.2007 (2)
  12. Online und trotzdem keine Verbindung ueber IE o FF moeglich?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2007 (5)
  13. Trojaner/Keylogger nach Hausdurchsuchung entfernen
    Überwachung, Datenschutz und Spam - 08.08.2006 (10)
  14. Handybits hatte ich aufm rechner - ist was ueber?
    Log-Analyse und Auswertung - 10.06.2006 (3)
  15. Ports offen + keine kontrolle ueber startseite von IE6
    Plagegeister aller Art und deren Bekämpfung - 06.08.2003 (8)

Zum Thema Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? - Hallo, Ich mache gerade ein Praktikum in Russland und arbeite an den Rechnern meiner Gastfamilie (falls ihr euch wundert, dass einige Ausgaben in kyrillisch sind). Bevor ich jedoch diesen PC - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?...
Archiv
Du betrachtest: Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.