|
Log-Analyse und Auswertung: Viren entdeckt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.05.2012, 08:13 | #1 |
| Viren entdeckt? Hallo alle zusammen. Ich habe gestern Nacht, meinen Computer von zwei verschiedenen Virenprogrammen scannen lassen (Malware Bytes und Antivir). Dabei habe ich 2 verschiedene Ergebnisse erhalten, was mich ein wenig verwundert hat. Antivir hat unter anderem java/dldr.opens.i und java/dldr.opens.h im app data Ordner gefunden. Bei Malware wurden diese aber nicht angezeigt. Nach einer kurzen Suche hatte ich das aber so verstanden, dass dies Viren sind. Ich hoffe ihr könnt mir da weiterhelfen. Ich hoffe ich hab alles gemacht, dass alle benötigten Informationen zur Verfügung stehen. Mit freundlichen Grüßen, Jan Defogger Disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:54 on 26/05/2012 (jan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCUAEMON Tools Lite -> Removed Checking for services/drivers... -=E.O.F=- DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by jan at 1:57:33 on 2012-05-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2586 [GMT 2:00] . AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\srvany.exe C:\Windows\KMService.exe C:\Windows\system32\conhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe E:\postgres\bin\pg_ctl.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe E:\postgres\bin\postgres.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE E:\postgres\bin\postgres.exe E:\postgres\bin\postgres.exe E:\postgres\bin\postgres.exe E:\postgres\bin\postgres.exe E:\postgres\bin\postgres.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\EXPERTool\TBPANEL.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Windows\system32\conhost.exe G:\Real Player\update\realsched.exe E:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - G:\Programme\skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A uRun: [AdobeBridge] uRun: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SD8F0.tmp" /EF "HKCU" uRun: [Facebook Update] "C:\Users\jan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [TkBellExe] "G:\Real Player\Update\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [ Malwarebytes Anti-Malware ] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\jan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jan\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\jan\Desktop\PartyCasino.lnk IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\jan\Desktop\PartyPoker.lnk IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Programme\skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6CCDC307-A507-48F9-9793-2F39CA04F3A2} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - G:\Programme\skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {9030D464-4C02-4ABF-8ECC-5164760863C6} {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [TkBellExe] "G:\Real Player\Update\realsched.exe" -osboot mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [ Malwarebytes Anti-Malware ] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE-X64: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\jan\Desktop\PartyCasino.lnk IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\jan\Desktop\PartyPoker.lnk SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\lfnsiezk.default\ FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: G:\Real Player\Netscape6\nppl3260.dll FF - plugin: G:\Real Player\Netscape6\nprjplug.dll FF - plugin: G:\Real Player\Netscape6\nprpjplug.dll . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-18 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-18 269480] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-9-20 8192] R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-26 654408] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-20 2214504] R2 pgsql-8.3;PostgreSQL Database Server 8.3;E:\postgres\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "E:\postgres\data\" --> E:\postgres\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-12 369256] R3 hxctlflt;hxctlflt;C:\Windows\system32\DRIVERS\hxctlflt.sys --> C:\Windows\system32\DRIVERS\hxctlflt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-19 136176] S2 SkypeUpdate;Skype Updater;G:\Programme\skype\Updater\Updater.exe [2012-2-29 158856] S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-19 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976] S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] . =============== Created Last 30 ================ . 2012-05-25 23:41:25 -------- d-----w- C:\Users\jan\AppData\Roaming\Malwarebytes 2012-05-25 23:41:14 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-25 23:41:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-25 23:07:51 -------- d-----w- C:\Users\jan\AppData\Roaming\Avira 2012-05-25 20:44:20 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{896457CF-0C07-40C5-AE4C-BF0D792DC4E8}\mpengine.dll 2012-05-25 02:43:32 -------- d-----w- C:\Users\jan\AppData\Local\Apple Computer 2012-05-24 13:21:19 -------- d-----w- C:\Users\jan\AppData\Local\{EF692D6F-5B83-4BD4-8F5E-AC45D0AF181E} 2012-05-24 13:21:05 -------- d-----w- C:\Users\jan\AppData\Local\{48C27B12-81ED-4B28-BBDA-94176E618397} 2012-05-23 21:36:43 -------- d-----w- C:\Users\jan\AppData\Roaming\.minecraft 2012-05-23 07:26:15 -------- d-----w- C:\Users\jan\AppData\Local\{DDBBDC71-B834-4FB7-A128-6689F06932DC} 2012-05-23 07:26:05 -------- d-----w- C:\Users\jan\AppData\Local\{0C8C7F08-CD07-4DE5-8B73-13237AA94E87} 2012-05-22 10:24:28 -------- d-----w- C:\Users\jan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-05-22 09:44:19 -------- d-----w- C:\Users\jan\AppData\Local\Nero_AG 2012-05-22 09:43:46 -------- d-----w- C:\Users\jan\AppData\Local\Nero 2012-05-21 07:30:19 -------- d-----w- C:\Users\jan\AppData\Local\IsolatedStorage 2012-05-21 04:56:17 -------- d-----w- C:\Users\jan\AppData\Local\{A179938B-2DA2-48FD-8C6F-A9C110AF5CA7} 2012-05-21 04:56:08 -------- d-----w- C:\Users\jan\AppData\Local\{C86B0196-E4DE-42D9-9A0A-467C8885266F} 2012-05-20 08:36:56 -------- d-----w- C:\Users\jan\AppData\Local\PokerStrategy 2012-05-20 08:09:52 -------- d-----w- C:\Users\jan\AppData\Local\ICMTrainer 2012-05-19 18:05:20 -------- d-----w- C:\Users\jan\AppData\Local\{E6B18BF9-2B24-48D7-83FA-2EB66D9B40F4} 2012-05-19 14:36:09 -------- d-----w- C:\Users\jan\AppData\Roaming\SiteBuilder.1092AF29A5D2D6F129EC9E969ADB342C4F09EC7B.1 2012-05-19 13:49:08 -------- d-----w- C:\Users\jan\AppData\Roaming\com.showitfast.web.uploader.1092AF29A5D2D6F129EC9E969ADB342C4F09EC7B.1 2012-05-19 13:01:00 -------- d-----w- C:\Users\jan\AppData\Local\Windows Live 2012-05-19 13:00:24 -------- d-----w- C:\Users\jan\AppData\Local\{1F29BABF-CE82-48F4-B710-250270E3C395} 2012-05-19 12:54:44 -------- d-----w- C:\ProgramData\Soulseek 2012-05-19 09:59:07 -------- d-----w- C:\Users\jan\AppData\Local\{4EE797D7-735E-4C98-90BA-61E01C5F759B} 2012-05-18 23:34:58 -------- d-----w- C:\ProgramData\Nero 2012-05-18 09:32:00 -------- d-----w- C:\Users\jan\AppData\Local\Apple 2012-05-18 09:22:59 -------- d-----w- C:\Users\jan\AppData\Local\{10990703-7F9E-46EF-8E16-2ECE45334B0D} 2012-05-17 15:20:12 -------- d-----w- C:\Users\jan\AppData\Local\PokerStars 2012-05-17 15:19:43 -------- d-----w- C:\Users\jan\AppData\Local\{55898F20-79E5-4D4B-B9A9-900AD8606182} 2012-05-17 15:19:16 -------- d-----w- C:\Users\jan\AppData\Roaming\DAEMON Tools Lite 2012-05-17 15:18:55 -------- d-----w- C:\Users\jan\AppData\Local\VirtualStore 2012-05-09 17:05:00 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-09 17:05:00 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-09 17:04:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-09 17:04:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-09 17:04:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-09 17:04:56 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-09 17:04:32 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-09 17:04:30 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-09 17:04:27 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 17:04:27 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-09 17:04:27 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-09 17:04:27 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-09 17:04:27 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-04-27 19:41:08 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-04-27 19:41:04 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-27 19:41:04 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe . ==================== Find3M ==================== . 2012-05-17 11:44:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-03 22:14:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-13 17:07:37 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-03-13 17:07:37 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-27 09:30:25 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys . ============= FINISH: 1:58:04,55 =============== PS: Ich habe auch die beiden Report von den Scans mit angehängt. |
26.05.2012, 18:59 | #2 | |
/// Helfer-Team | Viren entdeckt? - Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren
__________________- Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um: Code:
ATTFilter C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Microsoft Office\Office14\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Keine Aktion durchgeführt. F:\Microsoft Office Professional 2010\Microsoft.Office.Professional.Plus.2010.x86.German.VL.Edition-TIw\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Keine Aktion durchgeführt. F:\relink.us Container\Adobe.Photoshop.CS5.Extended.v12.0.Multilanguage-TIw\keygen.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. G:\Programme\TuneUp Utilities 2011\keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. ** Du solltest in so einem Fall mal dein Konsummuster überdenken Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von... -> Forumregel! Zitat:
__________________ |
Themen zu Viren entdeckt? |
acrobat update, adobe, antivir, antivir guard, avira, bonjour, computer, defender, desktop, document, explorer, firefox, google, hook, malware, malware bytes, mozilla, nvidia, nvidia update, pdf, plug-in, programme, real player, scan, software, suche, svchost.exe, system, temp, viren, windows |