| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Generic29.AGEZ+Cryptic.EGJWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.08.2012, 20:22
| #1 |
 |  Trojaner Generic29.AGEZ+Cryptic.EGJ Guten Tag liebes Forum, ich hoffe ihr könnt mir helfen. Ich wollte mir gerade etwas runterladen und es haben sich auf der Downloadseite 5 neue Tabs geöffnet, mehrmals, bis ich dann von der Seite runterging. Dann kam von AVG diese Meldung, dass irgendetwas geblockt wurde. Danach habe ich sofort ein Scan mit AVG gemacht und es wurde nix gefunden, poste aber mal zur Sicherheit hier etwas rein. Habe auf Ok geklickt. Dann nach ca 10 Minuten kam auf einmal die Meldung, dass ich mir ein 2 Trojaner gefangen habe: Code:
ATTFilter "Infektion";"Trojaner: Generic29.AGEZ";"c:\Users\Sascha\AppData\Local\Temp\rncxewsoam.exe";"Nicht verfügbar";"29.08.2012, 20:38:46"
Code:
ATTFilter "Infektion";"Trojaner: Cryptic.EGJ";"c:\Users\Sascha\AppData\Local\Temp\owsacxenrm.exe";"Nicht verfügbar";"29.08.2012, 20:38:48"
OTL und so habe ich alles drauf, hier das Log: Code:
ATTFilter OTL logfile created on: 29.08.2012 20:53:18 - Run 4 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Sascha\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,56% Memory free 6,00 Gb Paging File | 4,56 Gb Available in Paging File | 76,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 150,16 Gb Total Space | 119,67 Gb Free Space | 79,69% Space Free | Partition Type: NTFS Drive D: | 488,28 Gb Total Space | 388,91 Gb Free Space | 79,65% Space Free | Partition Type: NTFS Drive E: | 292,87 Gb Total Space | 292,77 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.24 18:42:26 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe PRC - [2012.08.09 14:07:35 | 003,414,680 | ---- | M] (Electronic Arts) -- C:\Programme\Origin\Origin.exe PRC - [2012.08.04 13:11:41 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Spiele\Steam\Steam.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.17 15:49:04 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.06.28 14:05:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\java.exe PRC - [2012.06.24 10:52:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe PRC - [2012.06.13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.05.04 19:29:40 | 000,035,216 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2launcher.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe PRC - [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe ========== Modules (No Company Name) ========== MOD - [2012.08.29 20:37:48 | 000,161,792 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\cdpbj.dll MOD - [2012.08.24 18:42:24 | 020,317,008 | ---- | M] () -- D:\Spiele\Steam\bin\libcef.dll MOD - [2012.08.24 18:42:22 | 000,902,480 | ---- | M] () -- D:\Spiele\Steam\bin\chromehtml.dll MOD - [2012.08.24 18:42:20 | 000,123,232 | ---- | M] () -- D:\Spiele\Steam\bin\avutil-51.dll MOD - [2012.08.24 18:42:18 | 000,190,816 | ---- | M] () -- D:\Spiele\Steam\bin\avformat-53.dll MOD - [2012.08.24 18:42:16 | 001,099,616 | ---- | M] () -- D:\Spiele\Steam\bin\avcodec-53.dll MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.04 19:29:38 | 000,015,760 | ---- | M] () -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll MOD - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe MOD - [2009.03.04 09:52:36 | 000,372,736 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WlanDll.dll MOD - [2008.12.29 17:13:24 | 000,204,800 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\KJLog.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.24 18:42:26 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.16 13:37:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.20 15:47:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.17 15:49:04 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sascha\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.02.23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011.11.10 18:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.18 18:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 DF 45 05 B3 4F CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 15:58:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.17 15:58:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 15:47:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.21 15:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions [2012.06.23 16:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\xfzlfqxq.default\extensions [2012.06.23 16:35:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\xfzlfqxq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.21 15:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.17 15:58:44 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.07.20 15:47:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.20 15:47:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.20 15:47:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.20 15:47:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.20 15:47:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.20 15:47:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.20 15:47:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.22 15:08:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [cdpbj] C:\Users\Sascha\AppData\Roaming\cdpbj.dll () O4 - HKCU..\Run: [Steam] D:\Spiele\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E3C5A3-A58D-4F7D-A977-4AAE6ABE8C34}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B96EAFA4-4CCD-420D-AB87-0DAEA1108052}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.26 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{5DB5A4D1-6D65-4462-A97E-C88BD3C707AE} [2012.08.22 17:13:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.08.19 14:32:38 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\PunkBuster [2012.08.19 14:32:27 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Ubisoft [2012.08.16 17:32:05 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Ubisoft Game Launcher [2012.08.16 17:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012.08.16 17:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft [2012.08.16 12:48:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.11 14:46:25 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{47B878E3-C472-476C-A982-8E9E9C7BDA19} [2012.08.11 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{1557D964-65CE-44A1-9A6B-E48FA59458CD} [2012.08.10 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{CD0319AB-3811-45C7-9F23-5531B747F0CF} [2012.08.10 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{AC2414BD-6529-4ADF-89AC-23519A537CBB} [2012.08.10 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{42A91397-8D1F-4938-BD8F-A1076746488C} [2012.08.10 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2012.08.10 13:20:21 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\vlc [2012.08.10 13:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.08.09 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [2012.08.09 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [2012.08.08 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Skype [2012.08.08 21:33:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.08.08 21:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.08 21:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.08.08 21:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.08.06 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3 [2012.08.06 15:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2012.08.06 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\GTA San Andreas User Files [2012.08.06 15:26:51 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.08.03 15:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE [2012.08.02 14:48:22 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.08.02 14:47:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.08.02 14:41:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.08.02 14:41:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.08.02 14:41:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.08.02 14:41:44 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.08.02 14:41:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.02 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.30 23:12:10 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.07.30 23:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan ========== Files - Modified Within 30 Days ========== [2012.08.29 20:37:48 | 000,161,792 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\cdpbj.dll [2012.08.29 20:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.29 18:13:53 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.29 18:13:53 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.29 18:13:53 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.29 18:13:53 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.29 18:12:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 18:12:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 18:07:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 18:07:47 | 247,595,494 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.29 18:07:47 | 2415,312,896 | -HS- | M] () -- C:\hiberfil.sys [2012.08.29 17:20:53 | 105,217,374 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.08.19 18:10:57 | 000,168,995 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.08.19 14:33:05 | 000,138,536 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.08.19 14:32:41 | 000,270,408 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.08.16 16:16:55 | 000,000,208 | ---- | M] () -- C:\Users\Sascha\Desktop\Assassin's Creed Brotherhood.url [2012.08.16 13:37:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.16 13:37:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.10 13:20:17 | 000,000,615 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.09 17:43:49 | 000,000,693 | ---- | M] () -- C:\Users\Sascha\Desktop\SAMP.lnk [2012.08.08 21:33:23 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.06 15:34:55 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2012.08.06 15:26:38 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\GTA San Andreas.lnk [2012.08.03 15:26:43 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.39.lnk [2012.08.02 15:30:47 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012.07.30 23:12:10 | 000,000,667 | ---- | M] () -- C:\Users\Sascha\Desktop\SpeedFan.lnk [2012.07.30 23:12:10 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo ========== Files Created - No Company Name ========== [2012.08.29 20:37:49 | 000,161,792 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\cdpbj.dll [2012.08.22 17:13:05 | 247,595,494 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.08.19 14:33:05 | 000,138,536 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.08.19 14:32:41 | 000,270,408 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2012.08.16 17:31:14 | 000,270,408 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.08.16 17:31:13 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.08.16 16:16:55 | 000,000,208 | ---- | C] () -- C:\Users\Sascha\Desktop\Assassin's Creed Brotherhood.url [2012.08.10 13:20:17 | 000,000,615 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.09 17:43:51 | 000,000,693 | ---- | C] () -- C:\Users\Sascha\Desktop\SAMP.lnk [2012.08.08 21:33:23 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.06 15:34:55 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2012.08.06 15:17:38 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\GTA San Andreas.lnk [2012.08.03 15:26:43 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.39.lnk [2012.08.02 14:41:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.08.02 14:41:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.08.02 14:41:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.08.02 14:41:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.08.02 14:41:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.30 23:12:10 | 000,000,667 | ---- | C] () -- C:\Users\Sascha\Desktop\SpeedFan.lnk [2012.07.30 23:12:09 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2012.07.20 17:11:01 | 000,027,520 | ---- | C] () -- C:\Users\Sascha\AppData\Local\dt.dat [2012.06.24 10:51:45 | 000,000,000 | ---- | C] () -- C:\Users\Sascha\defogger_reenable [2012.06.21 15:25:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.21 15:18:02 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012.06.11 18:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.06.11 18:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-24 11:10:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000066 ST310005 rev.CC44
Running: vjqxwf28.exe; Driver: C:\Users\Sascha\AppData\Local\Temp\fwliqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x95B6E004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x95B6E0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x95B6DD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x95B6DE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x95B6DEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x95B6DF56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A55579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A79F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4A0 82A819A0 8 Bytes [04, E0, B6, 95, D4, E0, B6, ...] {ADD AL, 0xe0; MOV DH, 0x95; AAM 0xe0; MOV DH, 0x95}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82A819E8 4 Bytes [76, DD, B6, 95] {JBE 0xffffffffffffffdf; MOV DH, 0x95}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82A81CB8 8 Bytes [1E, DE, B6, 95, BA, DE, B6, ...] {PUSH DS; FIDIV WORD [ESI-0x4921456b]; XCHG EBP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82A81D2C 4 Bytes [56, DF, B6, 95]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9122B000, 0x341E0C, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
MfG play4fun28 Geändert von play4fun28 (29.08.2012 um 20:38 Uhr) |
|
29.08.2012, 22:48
| #2 |
| /// Helfer-Team  | Trojaner Generic29.AGEZ+Cryptic.EGJ Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - [2012.08.29 20:37:48 | 000,161,792 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\cdpbj.dll
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKCU..\Run: [cdpbj] C:\Users\Sascha\AppData\Roaming\cdpbj.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
[2012.08.29 20:37:48 | 000,161,792 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\cdpbj.dll
:Files
C:\Users\Sascha\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Sascha\AppData\Local\Temp\*.exe
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
30.08.2012, 15:47
| #3 |
| | Trojaner Generic29.AGEZ+Cryptic.EGJ Hi,
__________________erstmal danke für deine Hilfe. Der Fix hat nur zum Teil funktioniert. Es kam eine Meldung: Code:
ATTFilter Cannot create C:/Users/Sascha/Desktop/cmd.bat.
1. Es war im Task-Manager 2 mal iexplorer.exe geöffnet. 2. In /Appdata/Local/temp waren 8 Dateien, welche von dem Prozess genutzt worden sind, die auch genau zum Zeitpunkt des Donloads erstellt wurden (20:38). Diese sind jetzt auch weg. Ein Log wurde nicht erstellt, lediglich ein Ordner mit dem Zeitpunk, an dem ich angefangen habe. In dem Ordner ist aber nichts drin. MfG play4fun28 Achso, außerdem stoppt OTL mit der Zeile: Code:
ATTFilter type c:\Combofix.txt /c
:Commands
[purity]
[emptytemp]
(Ich konnte es oben nicht mehr rein editieren, deswegen ein neuer Beitrag) MfG play4fun28 |
|
30.08.2012, 20:27
| #4 |
| /// Helfer-Team | Trojaner Generic29.AGEZ+Cryptic.EGJ Wo ist das Fix Log? Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log> |
|
30.08.2012, 20:43
| #5 |
| | Trojaner Generic29.AGEZ+Cryptic.EGJ Hi, es gibt kein Fix Log. Es gibt nur ein Ordner mit dem Zeitpunkt, an dem ich das Log gemacht. Steht doch auch in meinem Beitrag davor  |
|
31.08.2012, 08:56
| #6 |
| /// Helfer-Team | Trojaner Generic29.AGEZ+Cryptic.EGJ Fix angepasst, nochmal versuchen c:\Combofix.txt auch posten!
__________________ --> Trojaner Generic29.AGEZ+Cryptic.EGJ |
|
31.08.2012, 10:08
| #7 |
| | Trojaner Generic29.AGEZ+Cryptic.EGJ Hi, jetzt hast es funktioniert. Hier das OTL Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Google" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdpbj not found.
File C:\Users\Sascha\AppData\Roaming\cdpbj.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\Users\Sascha\AppData\Roaming\cdpbj.dll not found.
========== FILES ==========
File\Folder C:\Users\Sascha\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Sascha\AppData\Local\Temp\*.exe not found.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sascha\Desktop\cmd.bat deleted successfully.
C:\Users\Sascha\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sascha
->Temp folder emptied: 23968788 bytes
->Temporary Internet Files folder emptied: 7528864 bytes
->FireFox cache emptied: 64272573 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 884241 bytes
RecycleBin emptied: 147686 bytes
Total Files Cleaned = 92,00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 08312012_110350
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
MfG play4fun28 |
|
31.08.2012, 19:32
| #8 |
| /// Helfer-Team | Trojaner Generic29.AGEZ+Cryptic.EGJ Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
31.08.2012, 20:36
| #9 |
| | Trojaner Generic29.AGEZ+Cryptic.EGJ Hi, mein Rechner läuft zur Zeit nicht gut, ich hatte heute 2 Blue Screens. Hier die beiden Logs: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 08/31/2012 um 21:34:13 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : Sascha - SASCHA-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Sascha\Desktop\adwcleaner(1).exe
# Option [Suche]
**** [Dienste] ****
Gefunden : vToolbarUpdater11.2.0
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Secure Search
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\xfzlfqxq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [893 octets] - [31/08/2012 21:34:13]
########## EOF - C:\AdwCleaner[R2].txt - [952 octets] ##########
Code:
ATTFilter "Infektion";"Virus gefunden: Win32/Cryptor";"c:\_OTL\MovedFiles\08302012_161328\C_Users\Sascha\AppData\Roaming\cdpbj.dll";"Nicht verfügbar";"31.08.2012, 21:26:09"
|
|
31.08.2012, 22:54
| #10 |
| /// Helfer-Team | Trojaner Generic29.AGEZ+Cryptic.EGJ Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
01.09.2012, 13:59
| #11 |
| | Trojaner Generic29.AGEZ+Cryptic.EGJ Hi, ich hatte gerade wieder 2 Blue Screens. Hier das adwcleaner Log: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/01/2012 um 14:34:51 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : Sascha - SASCHA-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Sascha\Desktop\adwcleaner(1).exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : vToolbarUpdater11.2.0
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\xfzlfqxq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [1020 octets] - [31/08/2012 21:34:13]
AdwCleaner[S2].txt - [1409 octets] - [01/09/2012 14:34:51]
########## EOF - C:\AdwCleaner[S2].txt - [1469 octets] ##########
|
|
02.09.2012, 05:33
| #12 |
| /// Helfer-Team | Trojaner Generic29.AGEZ+Cryptic.EGJ Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten danach: Emsisoft |
|
02.09.2012, 13:31
| #13 |
| | Trojaner Generic29.AGEZ+Cryptic.EGJ Hi, jetzt sagt Emisoft mir, dass ich mir das Service Paket 1 runterladen soll, aber das mach ich nicht, da es bei mir nur Probleme verursacht hat. Vor einer Woche wurde ich schonmal aufgefordert das zu machen. Danach gingen alle meine Spieler nicht mehr, auch nach Neuinstallation nicht mehr, also musste ich Windows neu aufsetzen und darauf habe ich keine Lust mehr |
|
02.09.2012, 20:14
| #14 | |
| /// Helfer-Team | Trojaner Generic29.AGEZ+Cryptic.EGJZitat:
|
|
03.09.2012, 15:44
| #15 |
| | Trojaner Generic29.AGEZ+Cryptic.EGJ Hi, kann man emisoft nicht einfach überspringen? So, jetzt hat es mir gereicht, heute schon wieder 2 Blue Screens bekommen. Jetzt habe ich einfach Windows neu aufgesetzt und den MBR neu geschrieben. Reicht das? |
|
| Themen zu Trojaner Generic29.AGEZ+Cryptic.EGJ |
| adobe, autorun, avg, avg secure search, bho, bonjour, c:\windows\system32\cmd.exe, converter, defender, driver./avg, explorer, firefox, flash player, format, helper, langs, locker, logfile, mozilla, mp3, netgear, neue tabs, nodrives, object, origin, plug-in, registry, scan, secure search, sicherheit, software, temp, trojaner, virus, vtoolbarupdater, windows |
Linear-Darstellung
