Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus als Antivirus "Attentive Antivirus"

Virus als Antivirus "Attentive Antivirus"


Plagegeister aller Art und deren Bekämpfung: Virus als Antivirus "Attentive Antivirus"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.08.2013, 10:04   #1
emrep
 
Virus als Antivirus "Attentive Antivirus" - Standard

Virus als Antivirus "Attentive Antivirus"


Hey, liebe Leute.. Ich habe wie der Nutzer sheep_one auch irgendwie den Virus Attentive Antivirus eingefangen.. (Zum Thread: http://www.trojaner-board.de/138711-...antivirus.html)..

Ich hab versucht die Dateien, die bei ihm geschildert wurden zu löschen, aber habe leider nichts gefunden. Wäre dankbar, wenn ihr mir helfen könntet..

Was braucht ihr für Logs? Ich würde die sofort posten


FRST - Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by rsbtta (administrator) on 01-08-2013 11:01:55
Running from C:\Users\rsbtta\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] - DOWS\SYSTEM32\IGFXTRAY.EXE [x]
HKLM\...\Run: [HotKeysCmds] - DOWS\SYSTEM32\HKCMD.EXE [x]
HKLM\...\Run: [Persistence] - DOWS\SYSTEM32\IGFXPERS.EXE [x]
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18680424 2013-05-08] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\rsbtta\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-20] (Google Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [AA2014] - C:\ProgramData\gV39D333\gV39D333.exe [510976 2013-07-29] ()
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AA2014] - C:\ProgramData\gV39D333\gV39D333.exe [510976 2013-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UAP 2.0.lnk
ShortcutTarget: UAP 2.0.lnk -> C:\Program Files (x86)\BOSYS\CRM\bin\BOSYSInit.exe (.BOSYS Software GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120306230640.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120306230641.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\rsbtta\AppData\Roaming\Mozilla\Firefox\Profiles\tskx313n.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\rsbtta\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\rsbtta\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\rsbtta\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\rsbtta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\rsbtta\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\rsbtta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\rsbtta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\rsbtta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\rsbtta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Gmail) - C:\Users\rsbtta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2012-12-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-12-26] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182312 2012-12-26] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 11:01 - 2013-08-01 11:01 - 01781589 _____ (Farbar) C:\Users\rsbtta\Downloads\FRST64.exe
2013-08-01 11:01 - 2013-08-01 11:01 - 00000000 ____D C:\FRST
2013-07-29 19:12 - 2013-07-29 19:12 - 00000121 _____ C:\Users\rsbtta\Desktop\Аttentive Аntivirus support.url
2013-07-29 19:12 - 2013-07-29 19:12 - 00000000 ____D C:\Users\rsbtta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Аttentive Аntivirus
2013-07-29 19:06 - 2013-07-29 19:13 - 00000000 ____D C:\ProgramData\gV39D333
2013-07-29 10:00 - 2013-07-29 10:00 - 00001126 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-19 11:36 - 2013-07-19 11:36 - 00000000 ___RD C:\Users\rsbtta\AppData\Roaming\Brother
2013-07-16 12:50 - 2013-07-16 12:54 - 00000000 ____D C:\Users\rsbtta\Desktop\savas
2013-07-11 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 16:33 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 16:33 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 16:33 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 16:33 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 16:33 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 16:32 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 16:32 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 11:54 - 2013-07-10 11:55 - 00000000 ____D C:\Users\rsbtta\Desktop\YAKUP RESIMLER
2013-07-10 11:53 - 2013-07-10 11:55 - 00000000 ____D C:\Users\rsbtta\Desktop\KOMIK
2013-07-10 00:10 - 2013-07-10 00:10 - 00000000 __SHD C:\$$PendingFiles
2013-07-09 14:27 - 2013-07-09 14:27 - 00011034 _____ C:\Users\rsbtta\Downloads\hijackthis.log
2013-07-09 14:23 - 2013-07-09 14:23 - 00001116 _____ C:\AdwCleaner[S1].txt
2013-07-09 14:22 - 2013-07-09 14:23 - 00001053 _____ C:\AdwCleaner[R1].txt
2013-07-05 11:44 - 2013-07-05 11:44 - 00398848 _____ C:\Users\rsbtta\l5kd5smdcco0r.exe
2013-07-03 10:36 - 2013-07-03 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 10:11 - 2013-07-03 10:13 - 00000000 ____D C:\Users\rsbtta\Desktop\1
2013-07-02 12:41 - 2013-07-02 12:41 - 00006767 _____ C:\Users\rsbtta\Desktop\ÖNEMLI HATIRLATMALAR.odt

==================== One Month Modified Files and Folders =======

2013-08-01 11:01 - 2013-08-01 11:01 - 01781589 _____ (Farbar) C:\Users\rsbtta\Downloads\FRST64.exe
2013-08-01 11:01 - 2013-08-01 11:01 - 00000000 ____D C:\FRST
2013-08-01 10:59 - 2012-11-16 11:24 - 01575921 _____ C:\Windows\WindowsUpdate.log
2013-08-01 10:49 - 2012-11-16 20:16 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-08-01 10:49 - 2012-11-16 20:16 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-08-01 10:49 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 19:55 - 2013-02-27 14:33 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 19:48 - 2013-02-27 14:33 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 19:43 - 2012-12-20 13:15 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2757774862-3704043671-650037898-1000UA.job
2013-07-30 19:43 - 2012-11-16 11:36 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-30 19:43 - 2012-03-07 08:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 12:40 - 2012-12-20 13:15 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2757774862-3704043671-650037898-1000Core.job
2013-07-30 12:27 - 2013-04-03 12:05 - 00000000 ____D C:\Users\rsbtta\Desktop\yakup
2013-07-30 12:24 - 2013-02-27 14:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-30 09:57 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 09:57 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 09:49 - 2012-12-28 14:34 - 00027643 _____ C:\Windows\setupact.log
2013-07-30 09:49 - 2012-11-16 11:36 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-30 09:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 09:49 - 2009-07-14 06:45 - 00274712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 19:13 - 2013-07-29 19:06 - 00000000 ____D C:\ProgramData\gV39D333
2013-07-29 19:12 - 2013-07-29 19:12 - 00000121 _____ C:\Users\rsbtta\Desktop\Аttentive Аntivirus support.url
2013-07-29 19:12 - 2013-07-29 19:12 - 00000000 ____D C:\Users\rsbtta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Аttentive Аntivirus
2013-07-29 19:02 - 2012-12-20 17:52 - 00000000 ____D C:\Users\rsbtta\AppData\Local\Deployment
2013-07-29 18:48 - 2012-12-18 17:34 - 00000000 ____D C:\Users\rsbtta\AppData\Roaming\Skype
2013-07-29 13:54 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-29 12:55 - 2013-01-07 13:12 - 00000000 ____D C:\MerlinX
2013-07-29 10:02 - 2012-12-18 17:25 - 00059448 _____ C:\Users\rsbtta\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 10:00 - 2013-07-29 10:00 - 00001126 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-29 09:55 - 2013-01-07 20:18 - 00000000 ____D C:\Users\rsbtta\irisplus-resources
2013-07-29 09:54 - 2013-01-07 13:11 - 00007965 _____ C:\Users\rsbtta\sslvpn-client.log
2013-07-29 09:54 - 2013-01-07 13:11 - 00001651 _____ C:\Users\rsbtta\sslvpn-client-out-err.log
2013-07-29 09:54 - 2013-01-07 13:11 - 00000095 _____ C:\Users\rsbtta\sslvpn-config.properties
2013-07-29 09:53 - 2013-01-07 13:02 - 00817280 _____ C:\Users\rsbtta\Documents\SabreRedStarter.exe
2013-07-26 10:14 - 2012-12-20 18:04 - 00000000 ____D C:\Program Files (x86)\BistroPortal
2013-07-19 11:36 - 2013-07-19 11:36 - 00000000 ___RD C:\Users\rsbtta\AppData\Roaming\Brother
2013-07-19 11:36 - 2012-12-28 13:24 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-07-17 12:31 - 2013-05-16 16:12 - 00000076 _____ C:\Users\rsbtta\irisplus-user.properties
2013-07-16 12:54 - 2013-07-16 12:50 - 00000000 ____D C:\Users\rsbtta\Desktop\savas
2013-07-16 12:43 - 2013-02-27 14:33 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 12:43 - 2013-02-27 14:33 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 12:35 - 2012-12-20 13:15 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2757774862-3704043671-650037898-1000UA
2013-07-16 12:35 - 2012-12-20 13:15 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2757774862-3704043671-650037898-1000Core
2013-07-13 10:36 - 2012-12-20 13:15 - 00002335 _____ C:\Users\rsbtta\Desktop\Google Chrome.lnk
2013-07-11 03:24 - 2013-03-13 18:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 03:24 - 2013-03-13 18:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:23 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 11:55 - 2013-07-10 11:54 - 00000000 ____D C:\Users\rsbtta\Desktop\YAKUP RESIMLER
2013-07-10 11:55 - 2013-07-10 11:53 - 00000000 ____D C:\Users\rsbtta\Desktop\KOMIK
2013-07-10 00:10 - 2013-07-10 00:10 - 00000000 __SHD C:\$$PendingFiles
2013-07-09 20:11 - 2012-12-20 18:40 - 00000000 ____D C:\Users\rsbtta\AppData\Roaming\SoftGrid Client
2013-07-09 14:27 - 2013-07-09 14:27 - 00011034 _____ C:\Users\rsbtta\Downloads\hijackthis.log
2013-07-09 14:23 - 2013-07-09 14:23 - 00001116 _____ C:\AdwCleaner[S1].txt
2013-07-09 14:23 - 2013-07-09 14:22 - 00001053 _____ C:\AdwCleaner[R1].txt
2013-07-09 12:28 - 2012-12-28 14:39 - 03226806 _____ C:\Windows\PFRO.log
2013-07-05 11:44 - 2013-07-05 11:44 - 00398848 _____ C:\Users\rsbtta\l5kd5smdcco0r.exe
2013-07-05 11:44 - 2012-12-18 17:25 - 00000000 ____D C:\Users\rsbtta
2013-07-03 19:26 - 2012-12-20 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 10:36 - 2013-07-03 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 10:13 - 2013-07-03 10:11 - 00000000 ____D C:\Users\rsbtta\Desktop\1
2013-07-02 12:41 - 2013-07-02 12:41 - 00006767 _____ C:\Users\rsbtta\Desktop\ÖNEMLI HATIRLATMALAR.odt

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2757774862-3704043671-650037898-1000\$ff831d30b41433e6f6db3d91d3e936a5

Files to move or delete:
====================
C:\Users\rsbtta\3272049.exe
C:\Users\rsbtta\4123316.exe
C:\Users\rsbtta\iqj2b1oqf3yqw.exe
C:\Users\rsbtta\l5kd5smdcco0r.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-03-18 13:31

==================== End Of Log ============================
--- --- ---


Mit freundlichen Grüßen,

EmreP

 

Themen zu Virus als Antivirus "Attentive Antivirus"
antivirus, attentive antivirus, dankbar, dateien, farbar, farbar recovery scan tool, gefunde, liebe, löschen, nichts, nutzer, plug-in, thread, tracker, versuch, versucht, virus


« Gvu Trojaner unter Windows 7 home Premium | Probleme mit Click to save Deal Finder & Click to Continue »


Ähnliche Themen: Virus als Antivirus "Attentive Antivirus"


  1. Windows 7: eBay und eMail "gehackt" - Keine Antivirus Software
    Plagegeister aller Art und deren Bekämpfung - 02.01.2015 (5)
  2. Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools"
    Plagegeister aller Art und deren Bekämpfung - 10.12.2014 (9)
  3. Fenster öffnen sich und Antivirus Meldung "pup.optional.VBates"
    Log-Analyse und Auswertung - 13.06.2014 (15)
  4. Avast Antivirus findet Bedrohung "Win32:NextLive-A" (nengine:dll)
    Log-Analyse und Auswertung - 05.03.2014 (7)
  5. "search.ueep.com" und "Antivirus Security Pro" entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (36)
  6. Virus, der sich als Antivirenprog tarnt, "Attentive Antivirus"
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (13)
  7. Attentive Antivirus entfernen
    Anleitungen, FAQs & Links - 25.07.2013 (2)
  8. "System Care Antivirus" hat meinen Rechner in seiner Gewalt
    Log-Analyse und Auswertung - 16.05.2013 (12)
  9. XP-Rechner nach "System care antivirus" Befall neu aufgesetzt
    Log-Analyse und Auswertung - 29.04.2013 (9)
  10. Gibt es einen Schutz vor "Malware Defense", "Antivirus 2010pro" und Co?
    Antiviren-, Firewall- und andere Schutzprogramme - 30.12.2012 (25)
  11. Virus "Antivirus Scan" legt PC lahm - kein Programm, keine Datei und Internetseite ist zu öffnen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2011 (34)
  12. Virus "Antivirus Scan" Notebook befallen
    Plagegeister aller Art und deren Bekämpfung - 19.01.2011 (3)
  13. Virus vom Typ "Antivirus", hänge fest. hosts Zugriff geblockt.
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (37)
  14. "Auf C:\Programme\Norton AntiVirus kann nicht zugegriffen werden..." Virus?
    Log-Analyse und Auswertung - 03.10.2010 (1)
  15. "Antivirus Plus" Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2009 (7)
  16. "Hijacked Internet access by WebHancer" installiert "Antivirus 2009 XP"
    Log-Analyse und Auswertung - 18.08.2008 (1)
  17. Seid 1&1 Trojaner -kein Zugang auf "Antivirus-Steiten" im Netz
    Plagegeister aller Art und deren Bekämpfung - 10.01.2007 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus als Antivirus "Attentive Antivirus" - Hey, liebe Leute.. Ich habe wie der Nutzer sheep_one auch irgendwie den Virus Attentive Antivirus eingefangen.. (Zum Thread: http://www.trojaner-board.de/138711-...antivirus.html ).. Ich hab versucht die Dateien, die bei ihm geschildert wurden - Virus als Antivirus "Attentive Antivirus"...
Archiv
Du betrachtest: Virus als Antivirus "Attentive Antivirus" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131