|
Log-Analyse und Auswertung: Hallo bitte ansehen prbleme nach virusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.01.2013, 11:48 | #1 |
| Hallo bitte ansehen prbleme nach virus hi leute kann mir da mal einer nachsehen bitte ? also hatte vor kurzem den ukash virus , hab den eigentlich weggebracht was aber kommisch ist wenn ich jetzt meine webcam anmache und dan wieder ausmache kommt normales geräusch wenn mann den usb stecker rauszieht - allerdings kommt 2 min später das gleiche nochmal - wieso auch immer ??? bitte schaut mal nach ob da was verdächtiges ist - danke ! OTL logfile created on: 30.01.2013 11:22:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: **** | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,64% Memory free 4,23 Gb Paging File | 2,60 Gb Available in Paging File | 61,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,85 Gb Total Space | 3,37 Gb Free Space | 11,28% Space Free | Partition Type: NTFS Drive D: | 430,02 Gb Total Space | 106,63 Gb Free Space | 24,80% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Bitdefender\60-Second Virus Scanner\pdscan.exe (Bitdefender) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (pdserv) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe (Bitdefender) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NeroMediaHomeService.4) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (ApfiltrService) -- system32\DRIVERS\Apfiltr.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (pmserenum) -- C:\Windows\System32\drivers\pmserenum.sys (PenMount Touch Solutions) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (ssudcdf) -- C:\Windows\System32\drivers\ssudcdf.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.krone.at/ IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-997643687-2848840096-718249500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-997643687-2848840096-718249500-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) O1 HOSTS File: ([2012.05.12 13:38:11 | 000,442,787 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15216 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-997643687-2848840096-718249500-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-997643687-2848840096-718249500-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-997643687-2848840096-718249500-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{673F0CBD-0D5F-4BA9-B2ED-345AFEC53814}: DhcpNameServer = 195.34.133.21 212.186.211.21 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 11:13:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.29 13:17:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Nero [2013.01.29 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Nero [2013.01.29 13:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.01.29 13:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2013.01.29 13:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.01.29 13:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2013.01.25 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\dsds [2013.01.25 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\VirtualDJ [2013.01.25 08:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner [2013.01.25 08:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.01.17 06:03:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2013.01.17 06:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.01.17 06:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2013.01.13 13:32:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\GoforFiles [2013.01.13 13:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\GoforFiles [2013.01.13 13:20:07 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\SelfMV [2013.01.13 13:17:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\uzi [2013.01.13 13:17:17 | 000,000,000 | ---D | C] -- C:\Temp [2013.01.13 13:14:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Samsung [2013.01.13 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Samsung [2013.01.13 13:04:27 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys [2013.01.13 13:04:27 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys [2013.01.13 13:04:27 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys [2013.01.13 13:04:27 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys [2013.01.13 13:04:27 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys [2013.01.13 13:04:27 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys [2013.01.13 13:04:27 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys [2013.01.13 13:03:13 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2013.01.13 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2013.01.13 13:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.01.13 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2013.01.13 13:00:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations [2013.01.13 12:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation [2013.01.09 17:20:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.09 17:20:10 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.05 18:09:57 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2013.01.05 18:09:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.30 11:13:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.30 10:40:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2013.01.30 10:15:07 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 10:15:07 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 08:21:34 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.30 08:21:34 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.30 08:21:34 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.30 08:21:34 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.30 08:15:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.29 19:53:17 | 000,106,496 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.29 16:12:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.01.29 13:11:50 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2013.01.29 07:16:20 | 095,023,320 | ---- | M] () -- C:\ProgramData\5473763.pad [2013.01.29 07:15:58 | 000,002,705 | ---- | M] () -- C:\ProgramData\5473763.js [2013.01.26 10:16:56 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.26 10:15:15 | 095,023,320 | ---- | M] () -- C:\ProgramData\8757782.pad [2013.01.26 10:13:25 | 000,002,705 | ---- | M] () -- C:\ProgramData\8757782.js [2013.01.25 08:37:40 | 000,045,703 | ---- | M] () -- C:\ProgramData\1359098717.bdinstall.bin [2013.01.17 06:03:44 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.01.12 06:42:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.12 06:42:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.29 13:11:50 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2013.01.29 07:15:58 | 000,002,705 | ---- | C] () -- C:\ProgramData\5473763.js [2013.01.29 07:15:56 | 095,023,320 | ---- | C] () -- C:\ProgramData\5473763.pad [2013.01.26 10:13:25 | 000,002,705 | ---- | C] () -- C:\ProgramData\8757782.js [2013.01.26 10:13:20 | 095,023,320 | ---- | C] () -- C:\ProgramData\8757782.pad [2013.01.25 08:37:40 | 000,045,703 | ---- | C] () -- C:\ProgramData\1359098717.bdinstall.bin [2013.01.17 06:03:44 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.01.17 06:03:44 | 000,001,684 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.12.16 07:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2012.12.13 19:39:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.11.17 16:00:55 | 000,228,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.06 07:41:15 | 000,001,453 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml [2012.07.17 18:25:58 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2012.07.11 13:42:08 | 000,000,051 | ---- | C] () -- C:\ProgramData\ppkdgofdhqurvro [2012.04.16 10:16:03 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2012.04.13 17:28:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.13 17:28:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.04.13 17:08:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.04.13 11:40:00 | 000,106,496 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.30 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ashampoo [2013.01.17 06:03:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.09.04 08:48:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon [2012.12.15 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2013.01.13 13:32:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GoforFiles [2012.04.16 10:16:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2012.12.15 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy [2013.01.13 13:14:45 | 000,000,000 | ---D | M] -- C:\Users`****\AppData\Roaming\Samsung [2012.11.01 09:09:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subtitle Edit ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 556 bytes -> C:\Users\****\Documents\gzfhgf.eml:OECustomProperty < End of report > |
30.01.2013, 12:39 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Hallo bitte ansehen prbleme nach virus Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
30.01.2013, 12:43 | #3 |
| Hallo bitte ansehen prbleme nach virus hallo , ne leider nicht mehr - den Malwarebytes hatte was gefunden und das hatte ich nach quarantäne gelöscht ! sorry
__________________ |
30.01.2013, 12:44 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Hallo bitte ansehen prbleme nach virus Ja die Sachen in der Q aber doch nicht das Log!
__________________ Logfiles bitte immer in CODE-Tags posten |
30.01.2013, 13:00 | #5 |
| Hallo bitte ansehen prbleme nach virus doch den das trat ja schon vor paar tagen auf , doch jetzt merk ich abunzu probleme , wollte eigentlich wissen ob da was verdächtig vorkommt ? |
30.01.2013, 14:07 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Hallo bitte ansehen prbleme nach virus Und wie soll ich jetzt irgendwie Rückschlüsse daraus ziehen, du hast ja jede Information (also die Logs mit Funden) vernichtet Oder weiß du noch in tewa was gefunden wurde?
__________________ --> Hallo bitte ansehen prbleme nach virus |
Themen zu Hallo bitte ansehen prbleme nach virus |
.dll, adobe, antivirus, autorun, avast, bho, defender, desktop, explorer, firefox, format, home, iexplore.exe, logfile, nvidia, nvidia update, pdf, programme, realtek, registry, scan, software, usb, virus, vista, wmp |