| |
| |||||||
Log-Analyse und Auswertung: Metropolitan VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.06.2011, 18:16
| #1 |
| |  Metropolitan Virus Hallo allerseits, hatte auch das problem mit dem virus, wo nachher nur noch ein weißer bildschirm und ich 75 pfund zahlen sollte. hab jetzt euren scan gemacht mit otlpe...könnt ihr mal bitte drüber schauen? Danke!OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/21/2011 8:05:19 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 118.55 Gb Total Space | 72.04 Gb Free Space | 60.76% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 11.44 Gb Free Space | 43.04% Space Free | Partition Type: FAT32
Drive E: | 78.12 Gb Total Space | 64.09 Gb Free Space | 82.03% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/01 08:05:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/23 12:40:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/05 12:32:28 | 000,203,624 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/11/05 10:53:56 | 000,303,104 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/10/21 04:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 04:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 04:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 06:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 04:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 13:28:26 | 000,446,464 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/08 03:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 03:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 03:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/05 05:56:58 | 000,411,488 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/06/11 17:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/11 17:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/19 19:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/19 19:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/19 19:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 13:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/23 12:40:03 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/26 12:38:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/28 14:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/06 21:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/02 20:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/22 10:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/21 20:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/27 20:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/06 20:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/24 08:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 22:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/17 14:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jana_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\Jana_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Jana_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Jana_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKU\Jana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/12 13:52:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/12 13:52:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 04:42:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 16:12:27 | 000,000,000 | ---D | M]
[2010/06/09 05:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\Mozilla\Extensions
[2011/06/18 16:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\i3xaqhhd.default\extensions
[2010/07/06 04:52:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\i3xaqhhd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/06 04:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/06 04:50:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/12 13:52:55 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/12 13:52:56 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/07/06 04:50:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/26 10:37:09 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/07/26 10:37:09 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/07/26 10:37:09 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/07/26 10:37:09 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/07/26 10:37:09 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Brdefprn] C:\Program Files\Brother\BRHL2140\Brdefprn.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Jana_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Jana_ON_C Winlogon: Shell - (C:\Users\Jana\AppData\Local\Temp\0.28085678065146236.exe) - C:\Users\Jana\AppData\Local\Temp\0.28085678065146236.exe (BitDefender)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/18 16:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/18 16:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/18 16:11:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/17 07:28:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/17 07:28:03 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/17 07:28:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/17 07:28:02 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/17 07:28:02 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/17 07:28:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/17 07:28:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/17 07:28:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/17 07:28:02 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/17 07:28:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/17 07:28:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/17 07:28:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/17 07:28:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/17 07:28:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/17 07:28:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/17 07:28:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/17 07:28:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
========== Files - Modified Within 30 Days ==========
[2011/06/19 17:21:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/19 17:20:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 17:20:59 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/06/19 17:20:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 17:20:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 17:20:30 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/19 16:33:43 | 000,000,448 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/06/19 16:08:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 16:12:27 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/18 16:12:27 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/16 21:05:24 | 251,254,633 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/16 16:31:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/15 11:09:33 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/28 02:05:27 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/05/28 02:04:56 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/28 02:04:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/28 02:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/28 02:04:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/28 02:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/28 02:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/28 02:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/28 02:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/28 02:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/28 02:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/28 02:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/28 01:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/28 00:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/28 00:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/28 00:31:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
========== Files Created - No Company Name ==========
[2011/06/19 17:12:20 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/18 16:12:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/18 16:12:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/11/04 07:23:10 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/04 07:23:10 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2010/11/04 07:05:12 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/11/04 07:05:12 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/11/04 07:04:57 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/11/04 07:04:56 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2010/11/04 07:02:24 | 000,000,448 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/09/18 07:00:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/18 03:35:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/18 03:35:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/09 05:44:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/09 05:33:18 | 000,008,704 | ---- | C] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/09 01:15:04 | 000,002,032 | ---- | C] () -- C:\Users\Jana\AppData\Local\d3d9caps.dat
[2010/06/08 20:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/10/23 14:50:56 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/10/23 14:50:56 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/10/23 14:50:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/10/23 14:50:56 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/10/23 14:49:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/23 14:48:25 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/23 14:48:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/23 14:48:17 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/23 14:48:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/10/23 05:34:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,141,434 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/21 03:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,417,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,582,484 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,096,748 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/04/06 11:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2005/04/06 11:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010/06/09 05:13:04 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\GlarySoft
[2010/08/24 07:35:49 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\InterVideo
[2010/11/10 12:09:16 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org
[2010/06/09 01:11:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/06/09 01:11:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/06/09 01:11:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/06/09 01:11:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/06/08 20:35:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/06/09 01:11:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/09/12 17:51:23 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/19 17:20:59 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/06/19 17:21:29 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
22.06.2011, 15:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Metropolitan Virus Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O20 - HKU\Jana_ON_C Winlogon: Shell - (C:\Users\Jana\AppData\Local\Temp\0.28085678065146236.exe) - C:\Users\Jana\AppData\Local\Temp\0.28085678065146236.exe (BitDefender)
:Files
C:\Users\Jana\AppData\Local\Temp\0.28085678065146236.exe
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
23.06.2011, 14:06
| #3 |
| | Metropolitan Virus hey,
__________________korrekt!hat alles soweit funktioniert! anbei die zip-version des ordners! Geändert von cosinus (23.06.2011 um 14:55 Uhr) Grund: Anhang entfernt |
|
23.06.2011, 14:54
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Metropolitan Virus Den Ordner mit Malware doch hier nicht öffentlich hochladen, bist du wahnsinnig!   Bitte mal richtig lesen!! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Metropolitan Virus |
| adobe, antivir, avira, bho, bildschirm, bonjour, defender, desktop, explorer, firefox, format, home, logfile, microsoft, mozilla, plug-in, problem, realtek, reatogo, registry, scan, sched.exe, searchplugins, security, security scan, software, start menu, temp, virus, vista, winlogon |
Linear-Darstellung
