| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.09.2009, 14:41
| #1 |
 |  Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? Hallo, Ich mache gerade ein Praktikum in Russland und arbeite an den Rechnern meiner Gastfamilie (falls ihr euch wundert, dass einige Ausgaben in kyrillisch sind). Bevor ich jedoch diesen PC ordentlich bedienen konnte (und wollte) musste ich erst einige Dinge fixen: Es waren weder eine aktuelle Windows-Version noch ein aktuelles Antiviren-Programm auf dem Rechner installiert (der Norton-AV war vom 4. April!), sodass ein Schadbefall groesseren Ausmasses vorprogrammiert war. Ich bin nun folgendermassen vorgegangen: 1) Download des aktuellen Avira Antivir und Malwarebytes’ Anti-Malware 2) Internetverbindung getrennt 3) Mbam drueberlaufen lassen (Kurz- und Langfassung) -> 84 Schaedlinge entdeckt und nach Neustart entfernt (Logs poste ich hier jetzt mal nicht, da es sonst zuviel wird, aber ich kann sie auf Anfrage gerne posten) 4) Norton deinstalliert (ueber Systemsteuerung -> nicht restlos entfernt, da noch Eset-Ordner und –Dateien vorhanden, aber der On-Access-Guard ist weg, sodass ich Avira installieren konnte) 5) Avira installiert -> nach Gesamtcheck 278 Schadprogramme gefunden (Trojaner, Viren, Wuermer, Spyware, Adware, die ganze Palette), und diese in Quarantaene verschoben und spaeter entfernt. Log ist leider zu lang zum posten, bei Bedarf teile ich ihn in kleine Haechen auf und poste ihn Danach habe ich das Internet wieder angeschlossen, Mbam und Avira geupdatet und im abgesicherten Modus drueberlaufen lassen, keine Funde mehr J ; Log hier: Code:
ATTFilter
Avira AntiVir Personal
Report file date: 25 августа 2009 г. 07:40
Scanning for 1656284 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Save mode
Username : Администратор
Computer name : ***
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29.07.2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 08:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 05:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 06:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 05:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 07:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 04:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21.08.2009 04:03:22
ANTIVIR3.VDF : 7.1.5.155 72192 Bytes 24.08.2009 16:32:29
Engineversion : 8.2.1.3
AEVDF.DLL : 8.1.1.1 106868 Bytes 28.07.2009 08:31:50
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 24.08.2009 04:03:32
AESCN.DLL : 8.1.2.4 127348 Bytes 23.07.2009 04:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23.07.2009 04:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28.07.2009 08:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 04:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 24.08.2009 04:03:31
AEHELP.DLL : 8.1.6.0 233846 Bytes 24.08.2009 04:03:25
AEGEN.DLL : 8.1.1.57 356725 Bytes 24.08.2009 04:03:24
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 09:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 23.07.2009 04:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 09:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 03:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 05:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 09:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 05:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 10:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 05:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 10:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 03:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 05:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 10:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 05:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,
Start of the scan: 25 августа 2009 г. 07:40
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '43' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <Work>
D:\RealPlayer10-5GOLD_bb.exe
[WARNING] The file could not be opened!
D:\Distrib\Arc\WinAce\wace211.exe
[0] Archive type: ACE SFX (self extracting)
--> winace.cnt
[WARNING] Out of memory! The virus or unwanted program was not deleted!
--> winace_enu.cnt
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\WUTemp\Мои Документы\Ira_photo\Свадьбы\Пашина свадьба\венчание .jpeg
[0] Archive type: MacBinary
--> pasha3.rsrc
[WARNING] The file could not be read!
[WARNING] The file could not be read!
End of the scan: 25 августа 2009 г. 11:26
Used time: 3:46:05 Hour(s)
The scan has been done completely.
6810 Scanned directories
408391 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
408389 Files not concerned
13455 Archives were scanned
7 Warnings
1 Notes
|
|
01.09.2009, 14:45
| #2 |
| | Teil 2 - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? So weit, so gut. Aber dann, 5 Tage spaeter, meldet Avira wieder einige Funde, und nach einem weiteren Suchlauf meldet es wieder 85 Schaedlinge, welche sich alle in den „System Volume Information“ Ordnern der Laufwerke befinden (die gleichenSchaedlinge, die ich 5 Tage vorher schon in Quarantaene geschoben habe). Log hier:
__________________Code:
ATTFilter
Avira AntiVir Personal
Report file date: 30 августа 2009 г. 00:27
Scanning for 1668725 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ***
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29.07.2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 08:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 05:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 06:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 05:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 07:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 04:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21.08.2009 04:03:22
ANTIVIR3.VDF : 7.1.5.179 236544 Bytes 28.08.2009 07:28:17
Engineversion : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 28.07.2009 08:31:50
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 26.08.2009 14:36:20
AESCN.DLL : 8.1.2.4 127348 Bytes 23.07.2009 04:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23.07.2009 04:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28.07.2009 08:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 04:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 24.08.2009 04:03:31
AEHELP.DLL : 8.1.6.0 233846 Bytes 24.08.2009 04:03:25
AEGEN.DLL : 8.1.1.59 356725 Bytes 26.08.2009 14:36:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 09:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 23.07.2009 04:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 09:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 03:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 05:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 09:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 05:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 10:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 05:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 10:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 03:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 05:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 10:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 05:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,
Start of the scan: 30 августа 2009 г. 00:27
Starting search for hidden objects.
'32302' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
Scan process 'CTDevSrv.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SoftAuto.exe' - '1' Module(s) have been scanned
Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '43' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056129.exe
[DETECTION] Is the TR/PSW.Magania.bcum Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056130.exe
[DETECTION] Is the TR/PSW.Magania.bdkg Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056131.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056133.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056134.exe
[DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056135.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056136.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056137.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056139.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056140.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056141.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056142.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056143.exe
[DETECTION] Is the TR/PSW.Magania.bshm Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056144.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056145.exe
[DETECTION] Is the TR/PSW.Magania.bagb Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056146.cmd
[DETECTION] Is the TR/Drop.Agent.ahdz Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056147.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056149.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056150.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056152.bat
[DETECTION] Is the TR/PSW.Magania.bami Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056153.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056154.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056155.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056156.bat
[DETECTION] Is the TR/PSW.Gamania.HWE Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056157.bat
[DETECTION] Is the TR/PSW.Magania.beea Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056158.com
[DETECTION] Is the TR/PSW.Agent.108517 Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056159.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056160.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056161.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056162.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056163.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056165.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056166.exe
[DETECTION] Is the TR/PSW.Magania.bdbx Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056167.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056168.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056169.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'D:\' <Work>
D:\RealPlayer10-5GOLD_bb.exe
[WARNING] The file could not be opened!
D:\Distrib\Arc\WinAce\wace211.exe
[0] Archive type: ACE SFX (self extracting)
--> winace.cnt
[WARNING] Out of memory! The virus or unwanted program was not deleted!
--> winace_enu.cnt
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056170.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056171.exe
[DETECTION] Is the TR/PSW.Magania.bcum Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056172.exe
[DETECTION] Is the TR/PSW.Magania.bdkg Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056173.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056175.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056176.exe
[DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056177.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056178.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056179.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056181.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056182.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056183.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056184.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056185.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056186.exe
[DETECTION] Is the TR/PSW.Magania.bshm Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056187.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056188.exe
[DETECTION] Is the TR/PSW.Magania.bagb Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056189.exe
[DETECTION] Is the TR/PSW.Magania.bamj Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056190.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056191.cmd
[DETECTION] Is the TR/Drop.Agent.ahdz Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056192.exe
[DETECTION] Is the TR/PSW.Magania.amjz Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056193.com
[DETECTION] Is the TR/PSW.Magania.bgho Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056194.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056196.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056197.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056199.bat
[DETECTION] Is the TR/PSW.Magania.bami Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056200.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056201.exe
[DETECTION] Is the TR/PSW.Magania.azuj Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056202.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056203.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056204.cmd
[DETECTION] Is the TR/Drop.Agent.ahdz Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056205.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056206.bat
[DETECTION] Is the TR/PSW.Gamania.HWE Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056207.bat
[DETECTION] Is the TR/PSW.Magania.beea Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056208.cmd
[DETECTION] Is the TR/PSW.Magania.azlm Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056209.com
[DETECTION] Is the TR/PSW.Agent.108517 Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056210.exe
[DETECTION] Is the TR/PSW.Magania.bchv Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056211.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056212.bat
[DETECTION] Is the TR/PSW.Magania.bcop Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056213.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056214.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056215.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056216.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056217.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056219.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056220.exe
[DETECTION] Is the TR/PSW.Magania.bdbx Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056221.exe
[DETECTION] Contains recognition pattern of the DR/Sniffer.Q dropper
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056222.exe
[DETECTION] Is the TR/Gendal.86833 Trojan
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056223.exe
[DETECTION] Contains recognition pattern of the WORM/SdBot.420352 worm
D:\WUTemp\Мои Документы\Ira_photo\Свадьбы\Пашина свадьба\венчание .jpeg
[0] Archive type: MacBinary
--> pasha3.rsrc
[WARNING] The file could not be read!
[WARNING] The file could not be read!
|
|
01.09.2009, 14:48
| #3 |
| | Teil 3 - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? Hier der 2. Teil des Avira Logfiles (die Beschraenkung auf 25000 Zeichen zwingt mich leider zu dieser umstaendlichen Posting-Methode, ich hoffe, das ist ok):
__________________Code:
ATTFilter Beginning disinfection:
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056129.exe
[DETECTION] Is the TR/PSW.Magania.bcum Trojan
[NOTE] The file was moved to '4aca22dd.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056130.exe
[DETECTION] Is the TR/PSW.Magania.bdkg Trojan
[NOTE] The file was moved to '4bad862e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056131.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bbf42d6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056133.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4bb255be.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056134.exe
[DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
[NOTE] The file was moved to '4bb35df6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056135.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4bbc450e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056136.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bbe7a9e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056137.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bb86a6e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056139.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49f16c86.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056140.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49f674fe.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056141.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49f77f36.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056142.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49f4476e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056143.exe
[DETECTION] Is the TR/PSW.Magania.bshm Trojan
[NOTE] The file was moved to '49f54fa6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056144.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '498a579e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056145.exe
[DETECTION] Is the TR/PSW.Magania.bagb Trojan
[NOTE] The file was moved to '498b5fd6.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056146.cmd
[DETECTION] Is the TR/Drop.Agent.ahdz Trojan
[NOTE] The file was moved to '4988a60e.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056147.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4989ae46.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056149.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '498eb6be.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056150.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4aca22de.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056152.bat
[DETECTION] Is the TR/PSW.Magania.bami Trojan
[NOTE] The file was moved to '498c812f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056153.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '498d8967.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056154.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4982915f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056155.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49839997.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056156.bat
[DETECTION] Is the TR/PSW.Gamania.HWE Trojan
[NOTE] The file was moved to '4980e1cf.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056157.bat
[DETECTION] Is the TR/PSW.Magania.beea Trojan
[NOTE] The file was moved to '4981e807.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056158.com
[DETECTION] Is the TR/PSW.Agent.108517 Trojan
[NOTE] The file was moved to '4986f07f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056159.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4987f8b7.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056160.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4984c0ef.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056161.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4985cb27.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056162.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '499ad31f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056163.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '499bdb57.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056165.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4999238f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056166.exe
[DETECTION] Is the TR/PSW.Magania.bdbx Trojan
[NOTE] The file was moved to '499e2bc7.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056167.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '499f323f.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056168.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '499c3a77.qua'!
C:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056169.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '499d02af.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056170.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49947437.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056171.exe
[DETECTION] Is the TR/PSW.Magania.bcum Trojan
[NOTE] The file was moved to '49911d4f.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056172.exe
[DETECTION] Is the TR/PSW.Magania.bdkg Trojan
[NOTE] The file was moved to '49966587.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056173.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '499312df.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056175.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49957c6f.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056176.exe
[DETECTION] Is the TR/PSW.OnlGames.ZBA Trojan
[NOTE] The file was moved to '49920ae7.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056177.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4aca22df.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056178.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49aa4498.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056179.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a84ca8.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056181.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a954f0.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056182.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ae5f38.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056183.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4dfa64a0.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056184.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4dfb6ce8.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056185.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4df87730.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056186.exe
[DETECTION] Is the TR/PSW.Magania.bshm Trojan
[NOTE] The file was moved to '4df97f78.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056187.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4dfe4780.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056188.exe
[DETECTION] Is the TR/PSW.Magania.bagb Trojan
[NOTE] The file was moved to '4dff4fc8.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056189.exe
[DETECTION] Is the TR/PSW.Magania.bamj Trojan
[NOTE] The file was moved to '4dfc5610.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056190.com
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4dfd5e58.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056191.cmd
[DETECTION] Is the TR/Drop.Agent.ahdz Trojan
[NOTE] The file was moved to '4aca22e0.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056192.exe
[DETECTION] Is the TR/PSW.Magania.amjz Trojan
[NOTE] The file was moved to '4df3aea9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056193.com
[DETECTION] Is the TR/PSW.Magania.bgho Trojan
[NOTE] The file was moved to '4df0b6f1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056194.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4df1b939.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056196.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4df68141.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056197.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4df78989.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056199.bat
[DETECTION] Is the TR/PSW.Magania.bami Trojan
[NOTE] The file was moved to '4df491d1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056200.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4df59819.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056201.exe
[DETECTION] Is the TR/PSW.Magania.azuj Trojan
[NOTE] The file was moved to '4d8ae191.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056202.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4d8be9d9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056203.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4d88f1e1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056204.cmd
[DETECTION] Is the TR/Drop.Agent.ahdz Trojan
[NOTE] The file was moved to '4d89f829.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056205.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4d8ec071.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056206.bat
[DETECTION] Is the TR/PSW.Gamania.HWE Trojan
[NOTE] The file was moved to '4d8fc8b9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056207.bat
[DETECTION] Is the TR/PSW.Magania.beea Trojan
[NOTE] The file was moved to '4dec6759.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056208.cmd
[DETECTION] Is the TR/PSW.Magania.azlm Trojan
[NOTE] The file was moved to '492067c1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056209.com
[DETECTION] Is the TR/PSW.Agent.108517 Trojan
[NOTE] The file was moved to '49216e09.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056210.exe
[DETECTION] Is the TR/PSW.Magania.bchv Trojan
[NOTE] The file was moved to '49295ec1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056211.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '492ea109.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056212.bat
[DETECTION] Is the TR/PSW.Magania.bcop Trojan
[NOTE] The file was moved to '49afaca1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056213.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49acb4e9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056214.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49adbf31.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056215.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a28779.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056216.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a38f81.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056217.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a097c9.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056219.cmd
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a19e11.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056220.exe
[DETECTION] Is the TR/PSW.Magania.bdbx Trojan
[NOTE] The file was moved to '49a6e659.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056221.exe
[DETECTION] Contains recognition pattern of the DR/Sniffer.Q dropper
[NOTE] The file was moved to '49a7ee61.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056222.exe
[DETECTION] Is the TR/Gendal.86833 Trojan
[NOTE] The file was moved to '4aca22e1.qua'!
D:\System Volume Information\_restore{604E0E7F-B06F-4102-AEE5-4EE4F8C03AAF}\RP117\A0056223.exe
[DETECTION] Contains recognition pattern of the WORM/SdBot.420352 worm
[NOTE] The file was moved to '49a5fef2.qua'!
End of the scan: 30 августа 2009 г. 12:56
Used time: 59:57 Minute(s)
The scan has been done completely.
6914 Scanned directories
388671 Files were scanned
85 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
85 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
388583 Files not concerned
13437 Archives were scanned
8 Warnings
87 Notes
32302 Objects were scanned with rootkit scan
0 Hidden objects were found
|
|
01.09.2009, 14:50
| #4 |
| | Teil 4 - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? Deshalb habe ich alle Schritte fuer’s posten (Ccleaner, Mbam meldet keine Funde und RSIT) erfuellt und hoffe nun auf eure Hilfe, da ich mit meinem „Rechner-von-Schadrogrammen-befreien“-Latein am Ende bin und mich mit HiJack This - Reporten nicht wirklich gut auskenne (m.E. sind einige merkwuerdige Prozesse im Log- bzw. Infofile, aber sicher bin ich mir nicht). Vielen Dank fuer eure Hilfe im Voraus! Wenn ihr noch irgendetwas braucht, dann meldet euch! Infofile RSIT/HiJack This: Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-09-01 15:14:27
======Uninstall list======
-->"C:\Documents and Settings\All Users\Application Data\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70000000000}
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Back2Life-->C:\Program Files\Total Commander XP\Utils\Back2Life\Back2Life.exe /uninstall
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Centrale-->"C:\Documents and Settings\All Users\Application Data\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Creative Centrale-->C:\Documents and Settings\All Users\Application Data\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe
Creative Software Update-->C:\Documents and Settings\All Users\Application Data\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe
Creative ZEN X-Fi User's Guide-->"C:\Program Files\Creative\Creative ZEN X-Fi\UGRemove.exe" /Product_Name:ZENX-FI
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\HiJack This\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
K-Lite Mega Codec Pack 1.47-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 8 Micro v8.3.2.1-->"C:\Program Files\Nero\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B7757137-0A71-4A9F-8A82-1AE4A1B73420}
Nokia PC Suite-->MsiExec.exe /I{FF059F2A-62A7-4E6A-B305-559591D2769E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Total Commander 6.53 eXtended Pack-->"C:\Program Files\Total Commander XP\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Архиватор WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ДубльГИС Новосибирск-->"C:\Program Files\2gis\Nsk\unins000.exe"
Исправление для Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Исправление для Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Исправление для Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Исправление для проигрывателя Windows Media 11 - (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows XP - (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media - (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 11 - (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 11 - (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 6.4 - (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 9 - (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Обновление для Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Обновление для Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Обновление для Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Обновление для Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Обновление для Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Обновление для Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Обновление для Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Обновление для Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Обновление для Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Обновление для Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Обновление для Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Обновление для Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Обновление для Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Обновление для Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Обновление для Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Обновление для Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Пакет исправлений для Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Пакет исправлений для Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Пакет исправлений для Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Проигрыватель Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Расширенный выпуск Microsoft Office 2000-->MsiExec.exe /I{00000419-78E1-11D2-B60F-006097C998E7}
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.
Record Number: 19141
Source Name: Disk
Time Written: 20090823214139.000000+360
Event Type: ошибка
User:
Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.
Record Number: 19140
Source Name: Disk
Time Written: 20090823214138.000000+360
Event Type: ошибка
User:
Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.
Record Number: 19139
Source Name: Disk
Time Written: 20090823214137.000000+360
Event Type: ошибка
User:
Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.
Record Number: 19138
Source Name: Disk
Time Written: 20090823214135.000000+360
Event Type: ошибка
User:
Computer Name: ***
Event Code: 7
Message: Неверный блок на устройстве \Device\Harddisk0\D.
Record Number: 19137
Source Name: Disk
Time Written: 20090823214134.000000+360
Event Type: ошибка
User:
=====Application event log=====
Computer Name: ***
Event Code: 1517
Message: Реестр пользователя ***\*** был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.
Возможная причина - службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 1281
Source Name: Userenv
Time Written: 20081216025204.000000+360
Event Type: предупреждение
User: NT AUTHORITY\SYSTEM
Computer Name: ***
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.
Record Number: 1280
Source Name: SecurityCenter
Time Written: 20081215211127.000000+360
Event Type: информация
User:
Computer Name: ***
Event Code: 1517
Message: Реестр пользователя ***\*** был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.
Возможная причина - службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 1279
Source Name: Userenv
Time Written: 20081215011737.000000+360
Event Type: предупреждение
User: NT AUTHORITY\SYSTEM
Computer Name: ***
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.
Record Number: 1278
Source Name: SecurityCenter
Time Written: 20081214020451.000000+360
Event Type: информация
User:
Computer Name: ***
Event Code: 1517
Message: Реестр пользователя ***\*** был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.
Возможная причина - службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 1277
Source Name: Userenv
Time Written: 20081213014850.000000+360
Event Type: предупреждение
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
|
|
01.09.2009, 14:51
| #5 |
| | letzter Teil - Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? Logfile RSIT/HiJack This: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-09-01 15:14:21 Microsoft Windows XP Professional Service Pack 2 System drive C: has 3 GB (29%) free of 10 GB Total RAM: 511 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:25, on 01.09.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Creative\Software Update 3\SoftAuto.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\***\Рабочий стол\RSIT.exe C:\Program Files\HiJack This\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - h**p://vkontakte.ru/uploader/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 7359 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-08-03 669168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752] "QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [2007-06-29 286720] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2005-11-30 1306624] "SoftAuto.exe"=C:\Program Files\Creative\Software Update 3\SoftAuto.exe [2008-05-28 401408] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-11 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [2004-08-18 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] D:\itunes\iTunesHelper.exe [2007-09-26 267064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2005-12-13 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2007-06-29 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2005-10-27 33792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2005-03-03 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\StrongDC\StrongDC.exe"="C:\Program Files\StrongDC\StrongDC.exe:*:Enabled:StrongDC++" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\StrongDC\StrongDC.exe"="D:\StrongDC\StrongDC.exe:*:Enabled:StrongDC++" "D:\itunes\iTunes.exe"="D:\itunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33247e06-8af5-11de-a4df-000c6e8b6f7b}] shell\AutoRun\command - F:\lcw.exe shell\open\command - F:\lcw.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33247e07-8af5-11de-a4df-000c6e8b6f7b}] shell\AutoRun\command - G:\6fq.com shell\open\command - G:\6fq.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cd72544-25a9-11de-a472-000c6e8b6f7b}] shell\AutoRun\command - F:\lcw.exe shell\open\command - F:\lcw.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67eef1df-eaf3-11dc-8f91-806d6172696f}] shell\AutoRun\command - g8k.exe shell\open\command - g8k.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8847b55c-de56-11dd-a424-000c6e8b6f7b}] shell\AutoRun\command - F:\uvsqfgwd.cmd shell\open\command - F:\a81lkgv.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89fa744b-872b-11dd-a3d1-000c6e8b6f7b}] shell\AutoRun\command - F:\wm93r0.com shell\explore\command - F:\wm93r0.com shell\open\command - F:\wm93r0.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e6de33-8112-11de-a4cc-000c6e8b6f7b}] shell\AutoRun\command - F:\toe.cmd shell\open\command - F:\toe.cmd ======List of files/folders created in the last 1 months====== 2009-09-01 15:14:21 ----D---- C:\rsit 2009-09-01 15:07:38 ----D---- C:\Program Files\CCleaner 2009-09-01 14:37:40 ----D---- C:\Program Files\HiJack This 2009-08-24 09:58:52 ----D---- C:\Documents and Settings\***\Application Data\Mozilla 2009-08-24 09:37:03 ----D---- C:\Program Files\Avira 2009-08-24 09:37:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-08-23 22:21:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-23 22:20:57 ----D---- C:\Documents and Settings\***\Application Data\Malwarebytes 2009-08-23 22:20:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-23 22:20:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-23 22:19:47 ----D---- C:\Program Files\Mozilla Firefox ======List of files/folders modified in the last 1 months====== 2009-09-01 15:08:54 ----D---- C:\WINDOWS\Temp 2009-09-01 15:08:54 ----D---- C:\WINDOWS\Minidump 2009-09-01 15:08:54 ----D---- C:\WINDOWS\Debug 2009-09-01 15:08:54 ----D---- C:\WINDOWS 2009-09-01 15:08:49 ----D---- C:\WINDOWS\Prefetch 2009-09-01 15:07:38 ----RD---- C:\Program Files 2009-09-01 14:19:40 ----SHD---- C:\System Volume Information 2009-09-01 14:19:40 ----D---- C:\WINDOWS\system32\Restore 2009-09-01 14:19:12 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-01 14:18:08 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-08-28 12:51:57 ----D---- C:\Documents and Settings\***\Application Data\Skype 2009-08-28 08:37:45 ----D---- C:\Documents and Settings\***\Application Data\skypePM 2009-08-25 11:30:54 ----SH---- C:\boot.ini 2009-08-25 11:30:54 ----A---- C:\WINDOWS\win.ini 2009-08-25 11:30:54 ----A---- C:\WINDOWS\system.ini 2009-08-25 07:38:34 ----D---- C:\WINDOWS\system32\drivers 2009-08-24 11:25:26 ----D---- C:\WINDOWS\system32 2009-08-24 09:37:15 ----HD---- C:\WINDOWS\inf 2009-08-24 09:35:51 ----SHD---- C:\WINDOWS\Installer 2009-08-24 09:35:49 ----D---- C:\WINDOWS\WinSxS 2009-08-16 15:06:03 ----D---- C:\Program Files\Winamp 2009-08-14 23:34:25 ----SD---- C:\WINDOWS\Downloaded Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584] R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 12160] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872] R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys [2008-03-05 147328] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976] R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112] R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224] R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624] R3 usbhub;USB2 концентратор; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600] R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480] S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704] S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224] S3 iztwg;iztwg; \??\C:\WINDOWS\system32\03.tmp [] S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-10-13 8704] S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-10-13 12800] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-10-13 124928] S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2005-10-13 12800] S3 ojcbx;ojcbx; \??\C:\WINDOWS\system32\01.tmp [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336] S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592] R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336] S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768] S3 iPod Service;Сервис iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608] S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 914944] -----------------EOF----------------- |
|
01.09.2009, 15:18
| #6 |
  |  Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? Privet, hallo und guten Tag - Ich würde laut der Funde den PC neuaufsetzen, da ist auch noch viel mehr als nur das was Avira fand. Avira fand auch ne Menge an Malware, das System war Monate oder gar Jahre nicht richtig gepatcht. Dort sind einige Passwordstealer, einiges an Bots drauf und auch noch sehr wahrscheinlich ein Rootkit oder mehrere. Also ich würde das System plätten. Wie willst Du es handhaben (bzw. deine Gastfamilie)? Nach dem Neuaufsetzen würde ich sofort alle Pass- und Kennwörter abändern / abändern lassen, da Passwordstealer (Passwortstehler).
__________________ --> Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? |
|
01.09.2009, 15:32
| #7 |
| |  Plattmachen... Oh, danke fuer die schnelle Antwort!! Hm, das Neuaufsetzen waere auch meine erste Wahl, allerdings sind die Leute hier nicht so begeistert davon... Das System war wie gesagt gut 4 Monate lang ohne aktuellen Virenschutz, geschweige denn Windows-Updates unterwegs (und natuerlich mit IE gesurft)  Es ist halt bloed, da ich hier auch meine Dokumente, Praesentationen und Tabellen draufhabe, fuer die Arbeit, die ich hier zu erledigen habe, und mich zur Datensicherung auch in Email einloggen muss bzw. meinen USB-Stick anschliessen muss. Und dieser PC ist der einzige Internetzugang und Arbeitsplatz, den ich im Moment habe.  Was mich ausserdem wundert, ist, dass das System sehr stabil und ressourcenschonend laueft (zumindest laut Taskmanager, der evtl. aber auch kompromittiert ist) und auch keine Fehlermeldungen etc. anzeigt.  Meinst du, dass sich die ganzen Schaedlinge so tief ins System eingenistet haben, dass man auf der normalen Oberflaeche und auch im Safeboot nichts mehr davon mitbekommt? Wie sieht's aus mit speziellen Rootkit-Tools (Blacklight, Avenger, etc.), sollte ich die mal drueberlaufen lassen? Oder ComboFix? Und welche Eintraege findest du besonders auffaellig bzw. besorgniserregend? (vielleicht lerne ich dann irgendwann auch mal, HiJack This Files richtig zu interpretieren). ;-) Ich finde z.B. die beiden Prozesse smlogsvc.exe und mnmsrvc.exe merkwuerdig, da ich den Remote-Service von Windows abgeschaltet habe, und diese Prozesse m.E. hier nichts zu suchen haben. Nochmals vielen Dank fuer deine schnelle Antwort und fuer evtl. weitere Info! Geändert von malwarefight (01.09.2009 um 16:11 Uhr) |
|
01.09.2009, 16:09
| #8 | ||
| | Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?Zitat:
Naja, das ist deren Entscheidung, wenn sie ihr PC nicht Neuaufsetzen wollen, wieso wollen sie ihr PC nicht neuaufsetzen, Gründe? Ich meine begeistert ist keiner von der Nachricht, aber wieso sind sie nicht begeistert? Die können Problemlos ihr Daten sichern wie Bilder, Lieder & Dokumente. Immens besorgniserregend finde ich die beiden Treiber/Dienste: S3 ojcbx;ojcbx; \??\C:\WINDOWS\system32\01.tmp [] S3 iztwg;iztwg; \??\C:\WINDOWS\system32\03.tmp [] google sagt zu beiden nichts. Sind unbekannt somit wohl schädlich. Ich finde zwar die Anzahl der Malware besorgniserregend, aber WAS gefunden wurde ist weitaus besorgniserregender. Zitat:
Zudem ist noch Adobe Reader 7.0 nicht gepatcht, aktuell is 9.1 Und die Google Toolbar for Internet Explorer ist nicht zu übersehen  Also meine Tendenz liegt immer noch beim neuaufsetzen.  Poka
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
|
01.09.2009, 18:00
| #9 |
| |  komplizierte Angelegenheit Jaja, meine Gastgeberin hat ihren Rechner selbst als "Zoo fuer Viren" bezeichnet. Als ich ihr von den ueber 400 Tierchen erzaehlte (84 in Mbam + 278 in Avira + 85 beim 2. Suchlauf in Avira) und meinte, dass sie einen neuen Rekord aufgestellt hat (zumindest fuer alle bisher von mir bearbeiteten Rechner) entgegnete sie, dass es das letzte mal mehr als 720 (!!!) waren  Diese beiden .tmp Dateien, die du genannt hast, sind mir erst gar nicht aufgefallen, aber mit Sicherheit was Boesartiges (wahrscheinlich nur die Spitze des Eisberges). Naja, hier zum Problem mit dem Neuaufsetzen: sie finden nicht alle CDs wieder, um die Programme (z.B. Nokia Handy, Office) und um Windows neu zu installieren  Morgen werde ich erst mal eine externe Platte kaufen, sodass ich zumindest die Dateien sichern kann (die ueblichen Multimedien). Dann wuerde ich gerne versuchen, das Ding noch irgendwie zu retten, und sei es mit den radikalsten und verwegensten Mitteln (der Rettungsversuch an sich ist schon verwegen). Dann natuerlich die von dir genannten Programme fixen (Google Toolbar und Adobe Reader) und Windows updaten (Problem: Windows Genuine Advantage will normalerweise eine Registrierungsnummer, und die ist soweit ich weiss auf der Verpackung der Windows-CD, die nicht mehr auffindbar ist...) Ich weiss, dass ich hier zuwider des gesunden Menschenverstandes handele, aber ich wuerde wirklich gerne alles versuchen, um den PC wieder auf den richtigen Weg zu bringen ohne Neuinstallation (nach dem Motto "Trial and Error"). Wenn das nicht funktionieren sollte, kann ich als letztes Mittel immer noch neu installieren, wenn ich auch noch nicht genau weiss, wie das hier gehen soll. Ja, das ist so der aktuelle Stand. Ich danke dir nochmals fuer deinen guten Ratschlag, das System neu aufzusetzen, auch wenn ich ihn vorerst nicht befolgen werde. Koenntest du mir trotzdem vielleicht ein paar Hinweise liefern, welche Programme (Avenger, Blacklight, Combofix) ich am besten zur Reinigung einsetzen soll? Und was mir auch noch Kopfzerbrechen bereitet ist die gute Performanz und geringe Auslastung des total verseuchten Computers. Hast du da vielleicht eine Erklaerung? Spacibo, Sonja |
|
01.09.2009, 18:14
| #10 | ||
| | Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? Hat der PC keine Recovery Console oder ähnliches? Vllt. hat sie ein Backup/Image? Ich kann dir nur anraten erstmal alle Daten zu sichern und dann versuchen den PC irgendwie platt zu machen. Da ist man froh, wenn man ein Image hat, dass man einfach zurückspielen müsste Avenger und Combofix sind beides sehr mächtige Tools, damit muss man vorsichtig umgehen. Poste dochmal das Malwarebytes Log, mich würde zudem noch interessieren, was MBAM fand. Zitat:
Aber ich denke da Avira + MBAM inner super Team arbeit bisher viel erledigten und fanden dürfte der Größte Mist weg sein. Lass doch nochmal SUPERAntiSpyware laufen und deaktiviere die Systemwiederherstellung. Zitat:
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
|
01.09.2009, 18:39
| #11 |
| |  Mbam-Logs - Teil 1 Privjet, hier sind alle Mbam-Logs (nur die infizierten natuerlich): Code:
ATTFilter Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2
23.08.2009 22:29:30
mbam-log-2009-08-23 (22-29-26).txt
Scan type: Quick Scan
Objects scanned: 22232
Time elapsed: 4 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 37
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\03.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\sqccyf.dll (Worm.Conficker) -> No action taken.
C:\1ogf.exe (Spyware.OnlineGames) -> No action taken.
C:\28b6ry9r.exe (Spyware.OnlineGames) -> No action taken.
C:\2a.exe (Spyware.OnlineGames) -> No action taken.
C:\3.cmd (Spyware.OnlineGames) -> No action taken.
C:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
C:\eyt.exe (Spyware.OnlineGames) -> No action taken.
C:\foikf6np.bat (Spyware.OnlineGames) -> No action taken.
C:\fsaht.cmd (Spyware.OnlineGames) -> No action taken.
C:\gbm6n.exe (Spyware.OnlineGames) -> No action taken.
C:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
C:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
C:\i.cmd (Spyware.OnlineGames) -> No action taken.
C:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
C:\j.cmd (Spyware.OnlineGames) -> No action taken.
C:\lc.exe (Spyware.OnlineGames) -> No action taken.
C:\n68mqcra.exe (Trojan.Agent) -> No action taken.
C:\nu.cmd (Spyware.OnlineGames) -> No action taken.
C:\rwj0.cmd (Spyware.OnlineGames) -> No action taken.
C:\sm.exe (Worm.Autorun) -> No action taken.
C:\6phx.com (Spyware.OnlineGames) -> No action taken.
C:\8.exe (Spyware.OnlineGames) -> No action taken.
C:\8r.cmd (Spyware.OnlineGames) -> No action taken.
C:\9max.cmd (Spyware.OnlineGames) -> No action taken.
C:\boyedt.com (Spyware.OnlineGames) -> No action taken.
C:\cqxj.exe (Spyware.OnlineGames) -> No action taken.
C:\d9c.bat (Trojan.Magania) -> No action taken.
C:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
C:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
C:\upw.bat (Spyware.OnlineGames) -> No action taken.
C:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
C:\yhh.bat (Spyware.OnlineGames) -> No action taken.
C:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
C:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2
24.08.2009 7:15:37
mbam-log-2009-08-24 (07-15-34).txt
Scan type: Quick Scan
Objects scanned: 109308
Time elapsed: 12 minute(s), 1 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 71
Memory Processes Infected:
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pytdfse0.dll (Spyware.OnlineGames) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmmsoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kxswsoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54dfsger (Spyware.OnlineGames) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\03.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\sqccyf.dll (Worm.Conficker) -> No action taken.
C:\1ogf.exe (Spyware.OnlineGames) -> No action taken.
C:\28b6ry9r.exe (Spyware.OnlineGames) -> No action taken.
C:\2a.exe (Spyware.OnlineGames) -> No action taken.
C:\3.cmd (Spyware.OnlineGames) -> No action taken.
C:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
C:\eyt.exe (Spyware.OnlineGames) -> No action taken.
C:\foikf6np.bat (Spyware.OnlineGames) -> No action taken.
C:\fsaht.cmd (Spyware.OnlineGames) -> No action taken.
C:\gbm6n.exe (Spyware.OnlineGames) -> No action taken.
C:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
C:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
C:\i.cmd (Spyware.OnlineGames) -> No action taken.
C:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
C:\j.cmd (Spyware.OnlineGames) -> No action taken.
C:\lc.exe (Spyware.OnlineGames) -> No action taken.
C:\n68mqcra.exe (Trojan.Agent) -> No action taken.
C:\nu.cmd (Spyware.OnlineGames) -> No action taken.
C:\rwj0.cmd (Spyware.OnlineGames) -> No action taken.
C:\sm.exe (Worm.Autorun) -> No action taken.
C:\6phx.com (Spyware.OnlineGames) -> No action taken.
C:\8.exe (Spyware.OnlineGames) -> No action taken.
C:\8r.cmd (Spyware.OnlineGames) -> No action taken.
C:\9max.cmd (Spyware.OnlineGames) -> No action taken.
C:\boyedt.com (Spyware.OnlineGames) -> No action taken.
C:\cqxj.exe (Spyware.OnlineGames) -> No action taken.
C:\d9c.bat (Trojan.Magania) -> No action taken.
C:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
C:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
C:\upw.bat (Spyware.OnlineGames) -> No action taken.
C:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
C:\yhh.bat (Spyware.OnlineGames) -> No action taken.
C:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
C:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
C:\u3uvew6.bat (Trojan.Agent) -> No action taken.
C:\n.exe (Trojan.Agent) -> No action taken.
C:\o.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> No action taken.
C:\rvbi.cmd (Trojan.Agent) -> No action taken.
C:\toe.cmd (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Лиза\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ierdfgh.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pytdfse0.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pytdfse1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
C:\hbs.exe (Spyware.OnlineGames) -> No action taken.
C:\g1ljsm.com (Spyware.OnlineGames) -> No action taken.
C:\a81lkgv.com (Spyware.OnlineGames) -> No action taken.
C:\sfwypsy.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\xvassdf.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\4tddfwq0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\xvassdf.exe (Spyware.OnlineGames) -> No action taken.
C:\ju.com (Spyware.OnlineGames) -> No action taken.
C:\0xuc.com (Trojan.Agent) -> No action taken.
C:\fbak.exe (Trojan.Agent) -> No action taken.
C:\w.com (Trojan.Agent) -> No action taken.
C:\q9.cmd (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\e8main0.dll (Worm.Autorun) -> No action taken.
C:\WINDOWS\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds2.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds3.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
Geändert von malwarefight (01.09.2009 um 18:50 Uhr) |
|
01.09.2009, 18:48
| #12 |
| | Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? Das schockt mich um ehrlich zu sein sehr, wie deine Gastfamilie da noch so "locker & lässig" sein kann, die Funde sind schon ziemlich interessant und krass. Entferne alles gefundene von MBAM, danach geht es hier entlang zu Gmer, lasse GMER durchlaufen, wie in der Anleitung beschrieben. Gmer Anleitung: http://www.trojaner-board.de/74908-a...t-scanner.html
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
|
01.09.2009, 18:48
| #13 |
| | Mbam-Logs - Teil 2Code:
ATTFilter Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2
24.08.2009 8:51:37
mbam-log-2009-08-24 (08-51-32).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 203427
Time elapsed: 1 hour(s), 18 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
D:\1ogf.exe (Spyware.OnlineGames) -> No action taken.
D:\28b6ry9r.exe (Spyware.OnlineGames) -> No action taken.
D:\2a.exe (Spyware.OnlineGames) -> No action taken.
D:\3.cmd (Spyware.OnlineGames) -> No action taken.
D:\6phx.com (Spyware.OnlineGames) -> No action taken.
D:\8.exe (Spyware.OnlineGames) -> No action taken.
D:\8r.cmd (Spyware.OnlineGames) -> No action taken.
D:\9max.cmd (Spyware.OnlineGames) -> No action taken.
D:\ej10fkdo.bat (Spyware.OnlineGames) -> No action taken.
D:\eyt.exe (Spyware.OnlineGames) -> No action taken.
D:\foikf6np.bat (Spyware.OnlineGames) -> No action taken.
D:\fsaht.cmd (Spyware.OnlineGames) -> No action taken.
D:\gbm6n.exe (Spyware.OnlineGames) -> No action taken.
D:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
D:\husyu8n.exe (Spyware.OnlineGames) -> No action taken.
D:\i.cmd (Spyware.OnlineGames) -> No action taken.
D:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
D:\d9c.bat (Trojan.Magania) -> No action taken.
D:\sm.exe (Worm.Autorun) -> No action taken.
D:\boyedt.com (Spyware.OnlineGames) -> No action taken.
D:\lc.exe (Spyware.OnlineGames) -> No action taken.
D:\uhoxajc.cmd (Spyware.OnlineGames) -> No action taken.
D:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
D:\upw.bat (Spyware.OnlineGames) -> No action taken.
D:\vwewav8.com (Spyware.OnlineGames) -> No action taken.
D:\rwj0.cmd (Spyware.OnlineGames) -> No action taken.
D:\n68mqcra.exe (Trojan.Agent) -> No action taken.
D:\nu.cmd (Spyware.OnlineGames) -> No action taken.
D:\yhh.bat (Spyware.OnlineGames) -> No action taken.
D:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
D:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
D:\j.cmd (Spyware.OnlineGames) -> No action taken.
D:\cqxj.exe (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\***\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
Ich habe Mbam und Avira beide im SafeBoot ausgefuehrt, bis keines mehr Schadprogramme gefunden hat (im full scan natuerlich). Deinen Rat mit SuperAntiSyware und GMER werde ich morgen umsetzen, da es hier schon fast 1 Uhr nacht ist und ich doch etwas muede bin (obwohl ich sehr gerne an diesem Rechner weiter rumwerkeln wuerde). Ein Image gibt es (ich bin versucht zu sagen: natuerlich) nicht, und die Systemwiederherstellung kann man vergessen, da diese ja genauso verseucht ist (habe gerade heute den neuen Wiederherstellungspunkt gesetzt, aber war offensichtlich eine relativ sinnlose Aktion). Das waere ja auch zu schoen gewesen. Ja, und diese von dir angesprochene Lockerheit war im Satz "der Rechner ist alt und ein bisschen langsam" enthalten, mit der mir der PC vorgestellt wurde, oder auch in "ach ja, ab und zu gehen ein paar komische Fenster auf".... Mir als Sicherheits-Freak stehen da alle Haare zu Berge!! Ich fuehle mich bei der Benutzung eines "unauffaelligen" Windows-Systems schon unwohl genug... Ich werde mich dann morgen mit neuen Logfiles und einem gesicherten System melden, sodass wir dann weitersehen koennen. Bis dahin erst mal viel Spass mit den Mbam-Logfiles! (wenn du noch mehr willst: ich kann auch gerne das Avira-File mit den 278 Schaedlingen posten ;-) Und wenn dir noch was einfaellt: immer her damit. Spacibo i spokoinoi notsch! Sonja P.S. Linux 4ever!! (for reasons please see above)  Geändert von malwarefight (01.09.2009 um 18:59 Uhr) Grund: aktualisierung |
|
02.09.2009, 04:32
| #14 |
| | SuperSpyware-Log Guten Morgen, hier wie erwuenscht der Log von SuperSpyware (nach Anleitung konfiguriert): Code:
ATTFilter SUPERAntiSpyware Scan Log
h**p://www.superantispyware.com
Generated 09/02/2009 at 09:45 AM
Application Version : 4.27.1002
Core Rules Database Version : 4081
Trace Rules Database Version: 2021
Scan type : Complete Scan
Total Scan Time : 01:52:26
Memory items scanned : 399
Memory threats detected : 0
Registry items scanned : 4165
Registry threats detected : 0
File items scanned : 113523
File threats detected : 71
Adware.Tracking Cookie
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad12.bannerbank[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@234.media.lbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@120.media.lbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@120.rbcmedia[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@150.media.lbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@150.rbcmedia[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@2o7[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@468.media.lbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@468.rbcmedia[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@accounts[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.100.tbn[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad1.bb[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad3.bannerbank[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.text-ent.tbn[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad4.bannerbank[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.600.tbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad6.bannerbank[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad7.bannerbank[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.bannerbank[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.ent.tbn[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.ir[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@adrevolver[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.rich1.adbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ads.adfox[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ads.maxlab[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ads.us.e-planning[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.tbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@adtech[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.text.tbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.top1.adbn[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.vba[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@advertising[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ad.yieldmanager[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@atdmt[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@atwola[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@banner.kiev[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@banner.klerk[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@count.rbc[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@counter.credo[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@counter.plugin[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@data2.perf.overture[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@data4.perf.overture[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@doubleclick[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@engine.adnet[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@hotlog[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@media.academ[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@mediaplex[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@mywebsearch[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@overture[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@ozon.122.2o7[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@perf.overture[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@questionmarket[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner234.utro[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@revsci[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner468.utro[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner.dni[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner.izvestia[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner.rian[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@rotabanner100.utro[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@spylog[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@statcounter[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@tns-counter[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@tribalfusion[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@txt.media.lbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@warlog[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.234.media.lbn[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.234.rbcmedia[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.bannerhouse[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@www.spycounter[2].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@xiti[1].txt
D:\Скопировано с диска C\Файлы с диска С\Новая папка\Documents and Settings\Администратор.ROMASHKI\Cookies\администратор@yadro[2].txt
Inzwischen habe ich auch die Google Toolbar und den Adobe Reader entfernt (ersetzt durch Foxit Reader ohne Toolbars). Was mir noch aufgefallen ist: ich kann im Arbeitsplatz die Festplatte D nicht oeffnen - ich bekomme immer die Meldung, dass es nicht geoeffnet werden kann und ich mir aus der Liste ein Programm aussuchen soll, das ich dann zum oeffnen benutzen kann. Daraus werde ich nicht schlau, da ich das sonst nur von Dateien kenne. Ich kann allerdings auf Dateien von D zugreifen und Ordner ansteuern, halt nur nicht direkt vom Arbeitsplatz aus. Auch im Infolog von RSIT meldet er einen Fehler im Laufwerk D ("Ungültige Block auf dem Gerät" in der Google-Uebersetzung ;-) Irgendwelche Ideen dazu? Ich werde mich dann wieder melden, sobald ich die Daten gesichert und GMER drueberlaufen gelassen habe. Bin mal gespannt, ob der zur Abwechslung mal was findet...  Bis dann! Sonja Geändert von malwarefight (02.09.2009 um 05:17 Uhr) |
|
02.09.2009, 17:48
| #15 | |
| | Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)?Zitat:
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
|
| Themen zu Sauberes XP nach entfernen von ueber 400 Schaedlingen (v.a. Trojaner)? |
| .dll, 0 bytes, abgesicherten modus, adware, antiviren-programm, avira, check, csrss.exe, desktop, entfernen, explorer.exe, file, frage, free, keine funde, logon.exe, lsass.exe, moved, neustart, nicht sicher, nt.dll, prozesse, realplayer, services.exe, spyware, svchost.exe, taskmanager, trojaner, virus, warning, windows system, windows-update, winlogon.exe, zu lang |
Linear-Darstellung
