|
Plagegeister aller Art und deren Bekämpfung: Virus gefuden, wie löschen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.09.2011, 14:43 | #31 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefuden, wie löschen? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.09.2011, 15:31 | #32 |
| Virus gefuden, wie löschen? Hab ComboFix laufen lassen, allerdings ist es wohl beim Löschen von \Appdata\ApplicationHistory hängen geblieben, nach ca. 10 Minuten startete der Laptop neu und nach dem Hochfahren blitze das Combofix-Fenster immer wieder auf und sprang rum bis ichs beendet habe. Scheint aber noch alles zu funktionieren. Ich denke es liegt daran dass Norton sich, obwohl alle Komponenten ausgeschaltet waren, dazu entschieden hat einen Systemscan zu starten. Die Option "Silent-Mode" war nicht aktiv, daran habe ich nicht gedacht bzw. ich dachte bei Deaktivieren aller Komponenten würde Norton sowas nicht machen. Nochmal versuchen?
__________________Das ist vom Log übrig geblieben: Code:
ATTFilter ComboFix 11-09-27.01 - Medion 27.09.2011 19:02:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1631 [GMT 2:00] ausgeführt von:: C:\Users\Nico\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} |
27.09.2011, 15:54 | #33 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefuden, wie löschen? Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
__________________ |
27.09.2011, 16:36 | #34 |
| Virus gefuden, wie löschen? Ist es normal dass der seit 10 Minuten die Logdatei vorbereitet? |
27.09.2011, 16:54 | #35 |
| Virus gefuden, wie löschen? So nach 15 Minuten Log erstellen war er dann doch fertig: Combofix Logfile: Code:
ATTFilter ComboFix 11-09-27.01 - Medion 27.09.2011 20:10:29.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1874 [GMT 2:00] ausgeführt von:: c:\users\Nico\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\users\Medion\AppData\Local\ApplicationHistory c:\users\Medion\AppData\Local\ApplicationHistory\EULA.exe.4fced5c1.ini c:\users\Medion\AppData\Local\ApplicationHistory\EULALauncher.exe.4df5db01.ini c:\users\Medion\AppData\Local\ApplicationHistory\UninstallTB.exe.5048351c.ini c:\users\Medion\AppData\Roaming\Uninstal.exe c:\users\Nico\AppData\Local\ApplicationHistory c:\users\Nico\AppData\Local\ApplicationHistory\EULALauncher.exe.4df5db01.ini.inuse c:\users\Nico\AppData\Local\lame_enc.dll c:\users\Nico\AppData\Local\no23xwrapper.dll c:\users\Nico\AppData\Local\ogg.dll c:\users\Nico\AppData\Local\vorbis.dll c:\users\Nico\AppData\Local\vorbisenc.dll c:\users\Nico\AppData\Local\vorbisfile.dll c:\users\Nico\Favorites\BaseMod.class c:\users\Nico\Favorites\bj.class c:\users\Nico\Favorites\ca.class c:\users\Nico\Favorites\EntityRendererProxy.class c:\users\Nico\Favorites\is.class c:\users\Nico\Favorites\iu.class c:\users\Nico\Favorites\ModLoader.class c:\users\Nico\Favorites\ModTexture.class c:\users\Nico\Favorites\oy.class c:\users\Nico\Favorites\ps.class c:\users\Nico\Favorites\tl.class . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_usnjsvc . . ((((((((((((((((((((((( Dateien erstellt von 2011-08-27 bis 2011-09-27 )))))))))))))))))))))))))))))) . . 2011-09-27 18:25 . 2011-09-27 18:26 -------- d-----w- c:\users\Medion\AppData\Local\temp 2011-09-27 18:25 . 2011-09-27 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-26 01:52 . 2011-09-26 01:52 -------- d--h--w- c:\users\Nico\AppData\Roaming\AppData 2011-09-23 14:27 . 2011-09-23 14:27 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes 2011-09-23 13:59 . 2011-09-23 13:59 -------- d-----w- c:\users\Medion\AppData\Local\Last.fm 2011-09-23 11:59 . 2011-09-27 02:52 -------- d-----w- C:\_OTL 2011-09-22 23:45 . 2011-09-22 23:45 -------- d-----w- c:\program files\ESET 2011-09-22 20:30 . 2011-09-22 20:30 -------- d-----w- c:\users\Medion\AppData\Roaming\Malwarebytes 2011-09-22 20:29 . 2011-09-22 20:29 -------- d-----w- c:\programdata\Malwarebytes 2011-09-22 20:29 . 2011-09-22 20:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-22 20:29 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-19 21:17 . 2011-09-19 21:17 -------- d-----w- c:\program files\FileZilla FTP Client 2011-09-19 21:15 . 2011-09-19 23:19 -------- d-----w- c:\users\Nico\AppData\Roaming\FileZilla 2011-09-19 16:02 . 2011-09-19 16:02 -------- d-----w- C:\Presets 2011-09-14 09:22 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-09 09:28 . 2011-09-09 09:28 -------- d-----w- c:\program files\OpenVPN 2011-09-09 09:20 . 2011-09-09 09:21 -------- d-----w- c:\program files\StudNetVPN 2011-09-03 18:42 . 2011-09-03 18:42 -------- d-----w- c:\users\Nico\AppData\Local\Mumble . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-23 11:04 . 2011-08-12 17:39 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00 . 2011-08-12 17:39 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59 . 2011-08-12 17:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59 . 2011-08-12 17:39 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:59 . 2011-08-12 17:39 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:03 . 2011-08-12 17:39 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27 . 2011-08-12 17:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25 . 2011-08-12 17:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25 . 2011-08-24 15:46 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-08 15:17 . 2011-08-23 00:20 91216 ----a-w- c:\windows\system32\drivers\TotRec8.sys 2011-07-06 15:31 . 2011-08-12 17:39 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-12 06:13 . 2011-08-21 15:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592] "Skytel"="Skytel.exe" [2007-11-20 1826816] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016] "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096] "LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] . c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Medion^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Music Zilla.lnk] path=c:\users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk backup=c:\windows\pss\Free Music Zilla.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2010-12-06 05:55 391240 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-10-15 09:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-09 19:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor] 2010-11-16 03:33 2570688 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-09-12 10:35 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] 2007-03-29 10:05 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2011-02-01 19:53 5583056 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast] 2007-08-07 23:12 797696 ----a-w- c:\program files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-09-13 15:32 222504 ------w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec] 2009-03-30 10:33 132608 ----a-w- c:\program files\T-Mobile Internet Manager 03\UIExec.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voobly] 2011-05-29 20:02 131072 ----a-w- c:\program files\Voobly\voobly.exe . R1 HWiNFO32;HWiNFO32 Kernel Driver;g:\hwinfo32\HWiNFO32.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Internet Manager 03\AssistantServices.exe [2009-03-30 241664] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-04-21 167968] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-10-29 7680] R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-08-04 33736] R4 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-21 3246040] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R4 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408] R4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-04-21 752128] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys [2011-09-09 816760] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-10 218688] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110922.030\IDSvix86.sys [2011-08-22 368248] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384] S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144] S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680] S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-19 36864] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S3 ALSysIO;ALSysIO;c:\users\Medion\AppData\Local\Temp\ALSysIO.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-31 105592] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168] S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-07-08 91216] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784] S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - ALSYSIO *Deregistered* - BMLoad . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2011-09-27 c:\windows\Tasks\User_Feed_Synchronization-{25CA6DC1-5E6A-46B1-AD9E-5E9475A14DD7}.job - c:\windows\system32\msfeedssync.exe [2011-08-12 09:26] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 TCP: DhcpNameServer = 192.168.1.130 192.168.1.10 FF - ProfilePath - c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\c2m6u1c9.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe MSConfigStartUp-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe AddRemove-Minecraft 1.2.0_02 - c:\users\Medion\AppData\Roaming\Uninstal.exe AddRemove-Sauerbraten - c:\program files\Sauerbraten\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-09-27 20:26 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(4512) c:\program files\Softex\OmniPass\SCUREDLL.dll c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\btmmhook.dll . Zeit der Fertigstellung: 2011-09-27 20:49:21 ComboFix-quarantined-files.txt 2011-09-27 18:49 . Vor Suchlauf: 12 Verzeichnis(se), 61.716.975.616 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 61.648.941.056 Bytes frei . - - End Of File - - 7CAFECA0ABB820608203B8FAC46D9953 Mit den Löschungen hat er mir übrigens einige Audiocodecs und ein paar Minecraft .class Dateien rausgehauen, aber ich denke dass das normal ist. |
27.09.2011, 18:57 | #36 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefuden, wie löschen?Zitat:
__________________ --> Virus gefuden, wie löschen? |
27.09.2011, 19:04 | #37 |
| Virus gefuden, wie löschen? Es war noch ne Lizenz übrig deswegen hatte ich das installiert, wenn du davon abrätst werde ich das bei Gelegenheit auch wieder runterhauen, aufm PC hab ich nur AntiVir Sonst noch was was ich tun kann? |
27.09.2011, 19:41 | #38 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefuden, wie löschen? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
28.09.2011, 07:30 | #39 |
| Virus gefuden, wie löschen? Habe den Scan mit GMER gemacht und wollte danach das Log ins Notepad pasten, allerdings sehe ich dass keine .exe mehr funktionieren, ich hab danach auch versucht OSAM zu öffnen, geht auch nicht. "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde." Was jetzt? |
28.09.2011, 10:45 | #40 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefuden, wie löschen? Nach CF sollte Windows neu gestartet werden. Lässt du den Rechner ständig an?
__________________ Logfiles bitte immer in CODE-Tags posten |
28.09.2011, 10:49 | #41 |
| Virus gefuden, wie löschen? "an" nicht aber ich setz den meistens nur in Standby weil das Hochfahren hardwarebedingt so dermaßen lange braucht... naja, dann starte ich mal neu ^^ |
28.09.2011, 12:52 | #42 |
| Virus gefuden, wie löschen? GMER läuft nochmal allerdings seeeeeeeeeeeeeeehr langsam, hängt seit 20 minuten schon in C:\Windows\winsxs rum |
28.09.2011, 14:06 | #44 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefuden, wie löschen? Ja ist ok. GMER will einfach nicht immer
__________________ Logfiles bitte immer in CODE-Tags posten |
28.09.2011, 14:10 | #45 |
| Virus gefuden, wie löschen?Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:08:00 on 28.09.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys "acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "Acronis Try&Decide and Restore Points filter (build 273)" (tdrpman273) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm273.sys "afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys "ALSysIO" (ALSysIO) - ? - C:\Users\Medion\AppData\Local\Temp\ALSysIO.sys (File not found) "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\Users\Medion\AppData\Local\Temp\catchme.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "HWiNFO32 Kernel Driver" (HWiNFO32) - ? - G:\Hwinfo32\HWiNFO32.SYS (File not found) "IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110922.030\IDSvix86.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVEX15.SYS "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1206000.01D\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1206000.01D\SYMEFA.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS "Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS "Total Recorder WDM audio filter driver" (TotRec8) - "High Criteria inc." - C:\Windows\system32\drivers\TotRec8.sys "ugdiypod" (ugdiypod) - ? - C:\Users\Medion\AppData\Local\Temp\ugdiypod.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Click to call with Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - ? - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (File not found) {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe "Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\OpenVPN\bin\openvpnserv.exe (File found, but it contains no detailed information) "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\T-Mobile Internet Manager 03\AssistantServices.exe (File found, but it contains no detailed information) "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Themen zu Virus gefuden, wie löschen? |
anzeige, anzeigen, beenden, datei, dateien, dll, einfach, entdeck, entdeckt, folge, frage, leerzeichen, löschen, löschen?, nicht angezeigt, norton, ordner, problem, programm, rundll, rundll32, startet, task-manager, variante, versteckte, versteckte dateien, virus |