|
Plagegeister aller Art und deren Bekämpfung: Malwarebytes Anti-Malware -hat mir geholfen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.12.2010, 23:06 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Anti-Malware -hat mir geholfen! Ähm wie ich eben schon andeutete ist das Enddarmprodukt nicht gerade dünnflüssig Bevor wir unnötig Zeit verschwenden (CF hat ne Menge shice gelöscht, OSAM geht net ) - was hälst du von einer ordentlichen Datensicherung mit anschließendem format c: ?
__________________ Logfiles bitte immer in CODE-Tags posten |
30.12.2010, 23:32 | #17 |
| Malwarebytes Anti-Malware -hat mir geholfen! Tja format c:
__________________Hab ne Menge Programme drauf, für die ich keine Installations CD oder DVD mehr habe. Mir wird schon schlecht wenn ich nur an das B...programm denke-da muss extra einer antreten und wieder aufspieln... ...das hat mich immer davon abgehalten eine neuere, schnellere Kiste anzuschaffen... so lassen wies momentan is können wir nicht? Gute Nacht M. |
31.12.2010, 00:37 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Anti-Malware -hat mir geholfen! Müssen tut man garnichts. Aber wenn wichtige Logs schon nicht erstellt werden können, kann ich deine Kiste niemals für sauber erklären.
__________________
__________________ |
02.01.2011, 16:03 | #19 |
| Malwarebytes Anti-Malware -hat mir geholfen! Hallo arne, also hab noch ein rumprobiert und ich denke ich habs hinbekommen. (Problem war, dass Mc Afee die .exe des osam jedesmal rausgelöscht hat) Hier die logdatei: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:55:47 on 02.01.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.5.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys "AMD Athlon64-Prozessortreiber" (AmdK8) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys "ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys "ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\ASNDIS5.SYS "ASUS 802.11b/g Driver for Windows XP" (W8100PCI) - "Marvell Semiconductor, Inc" - C:\WINDOWS\System32\DRIVERS\mrv8k51.sys "ATI Remote Wonder II" (ATI Remote Wonder II) - "Jungo" - C:\WINDOWS\System32\drivers\ATIRWVD.SYS "ATI Wireless Remote Receiver V2.36" (X10UIF) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10uif.sys "Auerswald CAPI2.0 Device" (aucapi) - "Auerswald GmbH & Co.KG " - C:\WINDOWS\System32\DRIVERS\aucapi.sys "Auerswald ISDN USB Driver" (auusb) - "Auerswald GmbH & Co.KG " - C:\WINDOWS\System32\DRIVERS\auusb.sys "catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys "HSFHWBS2" (HSFHWBS2) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys "HSF_DP" (HSF_DP) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_DP.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Infineon ADM851X USB To Fast Ethernet MII Adapter Driver" (ADM851X) - "Infineon Technologies AG" - C:\WINDOWS\System32\DRIVERS\ADM851X.SYS "Inmax USB IMT-0521 Smartcard Reader" (IMT0521) - "Inmax Technology Corp." - C:\WINDOWS\System32\Drivers\IMT0521.sys "kbeepm" (kbeepm) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\kbeepm.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "McAfee Inc." (mfeavfk01) - ? - C:\WINDOWS\system32\drivers\mfeavfk01.sys (File not found) "NTSIM" (NTSIM) - "VIA Networking Technologies, Inc. " - C:\WINDOWS\System32\ntsim.sys "PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys "SCR33X USB Smart Card Reader" (SCR33X USB Smart Card Reader) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\SCR33X2K.sys "Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS "Service for WDM 3D Audio Driver" (ALCXSENS) - "Sensaura Ltd" - C:\WINDOWS\System32\drivers\ALCXSENS.SYS "StreamDispatcher" (StreamDispatcher) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\strmdisp.sys "U3sHlpDr" (U3sHlpDr) - ? - C:\WINDOWS\System32\Drivers\U3sHlpDr.sys (File found, but it contains no detailed information) "VIA Rhine Family Fast Ethernet Adapter Driver Service" (FETNDISB) - "VIA Technologies, Inc. " - C:\WINDOWS\System32\DRIVERS\fetnd5b.sys "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - ? - C:\Programme\Office\ (File not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\Office\OLKFSTUB.DLL {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? - (File not found | COM-object registry key not found) {ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? - (File not found | COM-object registry key not found) {ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll <binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "McAfee.com Operating System Class" - "McAfee, Inc" - C:\WINDOWS\System32\mcinsctl.dll / hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll <binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} "metaspinner media GmbH" - ? - C:\PROGRA~1\klickTel\EBAYST~1\IEBUTT~2.DLL (File found, but it contains no detailed information) {7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll {74A0AC27-3753-4080-B94E-557CC43E9E8B} "{74A0AC27-3753-4080-B94E-557CC43E9E8B}" - ? - (File not found | COM-object registry key not found) [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll "Canon BJ Language Monitor S400" - "CANON INC." - C:\WINDOWS\system32\CNMLM2P.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe "McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McAfee Personal Firewall-Dienst" (McMPFSvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe "McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Programme\McAfee\VirusScan\mcods.exe "McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe "McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe "McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McShield" (McShield) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Hier die logs von MBR Check: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000001bd Kernel Drivers (total 147): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D1000 \WINDOWS\system32\hal.dll 0xF8A26000 \WINDOWS\system32\KDCOM.DLL 0xF8936000 \WINDOWS\system32\BOOTVID.dll 0xF83F6000 ACPI.sys 0xF8A28000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF83E5000 pci.sys 0xF8526000 isapnp.sys 0xF8536000 ohci1394.sys 0xF8546000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xF8A2A000 viaide.sys 0xF87A6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF8556000 MountMgr.sys 0xF83C6000 ftdisk.sys 0xF87AE000 PartMgr.sys 0xF8566000 VolSnap.sys 0xF83AE000 atapi.sys 0xF8576000 disk.sys 0xF8586000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF838E000 fltmgr.sys 0xF837C000 sr.sys 0xF831F000 mfehidk.sys 0xF87B6000 PxHelp20.sys 0xF8308000 KSecDD.sys 0xF827B000 Ntfs.sys 0xF824E000 NDIS.sys 0xF8596000 sbp2port.sys 0xF8234000 Mup.sys 0xF85A6000 gagp30kx.sys 0xF85D6000 \SystemRoot\System32\DRIVERS\nic1394.sys 0xF7C92000 \SystemRoot\System32\DRIVERS\ati2mtag.sys 0xF7C7E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF7C52000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys 0xF7B43000 \SystemRoot\System32\DRIVERS\HSF_DP.sys 0xF7AAB000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys 0xF889E000 \SystemRoot\System32\Drivers\Modem.SYS 0xF7A6C000 \SystemRoot\System32\DRIVERS\mrv8k51.sys 0xF88A6000 \SystemRoot\system32\drivers\ASAPIW2k.sys 0xF89EE000 \SystemRoot\system32\drivers\pfc.sys 0xF7D99000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF7D89000 \SystemRoot\System32\DRIVERS\redbook.sys 0xF7A49000 \SystemRoot\System32\DRIVERS\ks.sys 0xF88AE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF7D79000 \SystemRoot\System32\DRIVERS\imapi.sys 0xF88B6000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xF7A25000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF88BE000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF7D69000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xF88C6000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF88CE000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF88D6000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF7D59000 \SystemRoot\System32\DRIVERS\serial.sys 0xF89FA000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF79B3000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xF798F000 \SystemRoot\system32\drivers\portcls.sys 0xF85E6000 \SystemRoot\system32\drivers\drmk.sys 0xF792D000 \SystemRoot\system32\drivers\ALCXSENS.SYS 0xF85F6000 \SystemRoot\System32\DRIVERS\fetnd5b.sys 0xF8606000 \SystemRoot\System32\DRIVERS\processr.sys 0xF78FB000 \SystemRoot\System32\DRIVERS\aucapi.sys 0xF8B90000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF78E7000 \SystemRoot\system32\DRIVERS\mfendisk.sys 0xF8616000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF8A02000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xF78D0000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF8626000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF8636000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF88DE000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF7897000 \SystemRoot\System32\DRIVERS\psched.sys 0xF8646000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF7873000 \SystemRoot\system32\drivers\mfeavfk.sys 0xF7828000 \SystemRoot\system32\drivers\mfefirek.sys 0xF88EE000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF88F6000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF8656000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF8A64000 \SystemRoot\System32\DRIVERS\swenum.sys 0xF77A2000 \SystemRoot\System32\DRIVERS\update.sys 0xF8204000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF8696000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF89C6000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF86D6000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF8A68000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF8A6C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8BE3000 \SystemRoot\System32\Drivers\Null.SYS 0xF8A6E000 \SystemRoot\System32\Drivers\Beep.SYS 0xF8906000 \SystemRoot\System32\drivers\vga.sys 0xF8A70000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF8A72000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF890E000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF8916000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF89CE000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB6679000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB6620000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xB660D000 \SystemRoot\system32\drivers\mfetdi2k.sys 0xB65E7000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xB65BF000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB659D000 \SystemRoot\System32\drivers\afd.sys 0xF86F6000 \SystemRoot\System32\DRIVERS\netbios.sys 0xB6572000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xB6502000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF8716000 \SystemRoot\System32\Drivers\Fips.SYS 0xF8726000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF8736000 \SystemRoot\System32\DRIVERS\arp1394.sys 0xF8926000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS 0xF8746000 \SystemRoot\System32\Drivers\IMT0521.sys 0xF78C0000 \SystemRoot\System32\Drivers\SMCLIB.SYS 0xF892E000 \SystemRoot\System32\DRIVERS\usbccgp.sys 0xF78BC000 \SystemRoot\System32\DRIVERS\sfloppy.sys 0xF87CE000 \SystemRoot\System32\DRIVERS\usbprint.sys 0xF78B8000 \SystemRoot\system32\DRIVERS\BrScnUsb.sys 0xF78B4000 \SystemRoot\System32\Drivers\BrUsbSer.sys 0xF8756000 \SystemRoot\System32\Drivers\BrSerIf.sys 0xB6416000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xB63FE000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF8AC6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB64E6000 \SystemRoot\System32\drivers\Dxapi.sys 0xF882E000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF8BBA000 \SystemRoot\System32\drivers\dxgthk.sys 0xB6775000 \SystemRoot\System32\DRIVERS\ATINTTXX.sys 0xB6765000 \SystemRoot\System32\DRIVERS\STREAM.SYS 0xF8836000 \SystemRoot\System32\DRIVERS\atinmdxx.sys 0xB63EB000 \SystemRoot\System32\DRIVERS\atinxsxx.sys 0xB6755000 \SystemRoot\System32\DRIVERS\atinraxx.sys 0xB63CE000 \SystemRoot\System32\DRIVERS\atinrvxx.sys 0xB63B9000 \SystemRoot\System32\DRIVERS\atintuxx.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF048000 \SystemRoot\System32\ati2cqag.dll 0xBF080000 \SystemRoot\System32\ati3duag.dll 0xBF24E000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB62A9000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xB5FCC000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xB5EEF000 \SystemRoot\system32\drivers\wdmaud.sys 0xF8766000 \SystemRoot\system32\drivers\sysaudio.sys 0xB604D000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys 0xB5C29000 \SystemRoot\System32\DRIVERS\srv.sys 0xB5E84000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys 0xF87D6000 \SystemRoot\System32\DRIVERS\strmdisp.sys 0xF8A3E000 \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys 0xB60B1000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB5278000 \SystemRoot\System32\Drivers\HTTP.sys 0xB5864000 \SystemRoot\system32\drivers\cfwids.sys 0xB45F0000 \SystemRoot\system32\drivers\mfeapfk.sys 0xB5A16000 \SystemRoot\system32\drivers\mfebopk.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 39): 0 System Idle Process 4 System 1156 C:\WINDOWS\system32\smss.exe 1296 csrss.exe 1324 C:\WINDOWS\system32\winlogon.exe 1368 C:\WINDOWS\system32\services.exe 1380 C:\WINDOWS\system32\lsass.exe 1536 C:\WINDOWS\system32\svchost.exe 1632 svchost.exe 1668 C:\WINDOWS\system32\svchost.exe 1712 svchost.exe 1916 svchost.exe 588 C:\WINDOWS\explorer.exe 764 C:\WINDOWS\system32\spoolsv.exe 812 scardsvr.exe 872 svchost.exe 916 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 940 C:\Programme\Bonjour\mDNSResponder.exe 992 C:\Programme\FRITZ!DSL\IGDCTRL.EXE 1124 C:\Programme\java\jre6\bin\jqs.exe 1196 C:\Programme\McAfee\SiteAdvisor\McSACore.exe 1224 C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe 1344 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe 1740 C:\WINDOWS\system32\svchost.exe 1884 C:\WINDOWS\system32\svchost.exe 1992 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe 136 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe 2060 C:\Programme\Canon\CAL\CALMAIN.exe 2776 alg.exe 3452 C:\WINDOWS\system32\ctfmon.exe 3508 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3768 C:\Programme\OpenOffice.org 3\program\soffice.exe 3980 C:\Programme\OpenOffice.org 3\program\soffice.bin 2324 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe 2308 C:\WINDOWS\system32\svchost.exe 492 C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\osam\osam.exe 3024 C:\Programme\Mozilla Firefox\firefox.exe 3788 C:\WINDOWS\system32\notepad.exe 3496 C:\Dokumente und Einstellungen\Markus\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`21180c00 (FAT32) PhysicalDrive0 Model Number: Maxtor7Y250P0, Rev: YAR41BW0 Size Device Name MBR Status -------------------------------------------- 233 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! Hoffe Du kannst was damit anfangen Noch ein gutes neues Jahr Markus Geändert von cube (02.01.2011 um 16:09 Uhr) |
02.01.2011, 16:06 | #20 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Anti-Malware -hat mir geholfen!Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2011, 17:26 | #21 |
| Malwarebytes Anti-Malware -hat mir geholfen! Was für eine Aktion! Muss jedesmal den Mc Afee komplett deativieren, sonst haut er sofort die .exe raus. Als vertraute Datei nimmt ers nicht! Die Logdatei vom löschen hab ich leider nicht hinbekommen, aber eine neue allg. log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:16:37 on 02.01.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.5.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys "AMD Athlon64-Prozessortreiber" (AmdK8) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys "ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys "ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\ASNDIS5.SYS "ASUS 802.11b/g Driver for Windows XP" (W8100PCI) - "Marvell Semiconductor, Inc" - C:\WINDOWS\System32\DRIVERS\mrv8k51.sys "ATI Remote Wonder II" (ATI Remote Wonder II) - "Jungo" - C:\WINDOWS\System32\drivers\ATIRWVD.SYS "ATI Wireless Remote Receiver V2.36" (X10UIF) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10uif.sys "Auerswald CAPI2.0 Device" (aucapi) - "Auerswald GmbH & Co.KG " - C:\WINDOWS\System32\DRIVERS\aucapi.sys "Auerswald ISDN USB Driver" (auusb) - "Auerswald GmbH & Co.KG " - C:\WINDOWS\System32\DRIVERS\auusb.sys "catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys "HSFHWBS2" (HSFHWBS2) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys "HSF_DP" (HSF_DP) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_DP.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Infineon ADM851X USB To Fast Ethernet MII Adapter Driver" (ADM851X) - "Infineon Technologies AG" - C:\WINDOWS\System32\DRIVERS\ADM851X.SYS "Inmax USB IMT-0521 Smartcard Reader" (IMT0521) - "Inmax Technology Corp." - C:\WINDOWS\System32\Drivers\IMT0521.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "McAfee Inc." (mfeavfk01) - ? - C:\WINDOWS\system32\drivers\mfeavfk01.sys (File not found) "NTSIM" (NTSIM) - "VIA Networking Technologies, Inc. " - C:\WINDOWS\System32\ntsim.sys "PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys "SCR33X USB Smart Card Reader" (SCR33X USB Smart Card Reader) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\SCR33X2K.sys "Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS "Service for WDM 3D Audio Driver" (ALCXSENS) - "Sensaura Ltd" - C:\WINDOWS\System32\drivers\ALCXSENS.SYS "StreamDispatcher" (StreamDispatcher) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\strmdisp.sys "U3sHlpDr" (U3sHlpDr) - ? - C:\WINDOWS\System32\Drivers\U3sHlpDr.sys (File found, but it contains no detailed information) "VIA Rhine Family Fast Ethernet Adapter Driver Service" (FETNDISB) - "VIA Technologies, Inc. " - C:\WINDOWS\System32\DRIVERS\fetnd5b.sys "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - ? - C:\Programme\Office\ (File not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\Office\OLKFSTUB.DLL {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? - (File not found | COM-object registry key not found) {ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? - (File not found | COM-object registry key not found) {ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll <binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "McAfee.com Operating System Class" - "McAfee, Inc" - C:\WINDOWS\System32\mcinsctl.dll / hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll <binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} "metaspinner media GmbH" - ? - C:\PROGRA~1\klickTel\EBAYST~1\IEBUTT~2.DLL (File found, but it contains no detailed information) {7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll {74A0AC27-3753-4080-B94E-557CC43E9E8B} "{74A0AC27-3753-4080-B94E-557CC43E9E8B}" - ? - (File not found | COM-object registry key not found) [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll "Canon BJ Language Monitor S400" - "CANON INC." - C:\WINDOWS\system32\CNMLM2P.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe "McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McAfee Personal Firewall-Dienst" (McMPFSvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe "McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Programme\McAfee\VirusScan\mcods.exe "McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe "McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe "McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe "McShield" (McShield) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
02.01.2011, 22:28 | #23 |
| Malwarebytes Anti-Malware -hat mir geholfen! Hab GMER ein paar mal laufen lassen. Geht jedesmal bis zu den Files dann ist Schluß. Hier die logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2011-01-02 21:14:31 Windows 5.1.2600 Service Pack 3 Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF83520E0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF83520F4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8352120] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF83520CC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF83520A4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF83520B8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF835210A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF835214C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8352136] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- EOF - GMER 1.0.15 ---- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2011-01-02 21:13:59 Windows 5.1.2600 Service Pack 3 Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6040 5 Bytes JMP F8352150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP F83520A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP F83520BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP F835213A mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 80619D66 7 Bytes JMP F835210E mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateKey 8061A344 5 Bytes JMP F83520E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7E0 7 Bytes JMP F83520F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A9B0 7 Bytes JMP F8352124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwOpenKey 8061B722 5 Bytes JMP F83520D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF73BFA80] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2011-01-02 21:12:44 Windows 5.1.2600 Service Pack 3 Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2011-01-02 21:15:03 Windows 5.1.2600 Service Pack 3 Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit quick scan 2011-01-02 21:45:51 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_7Y250P0 rev.YAR41BW0 Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF83520E0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF83520F4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8352120] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF83520CC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF83520A4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF83520B8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF835210A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF835214C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8352136] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- Danke für die Hilfe Markus |
03.01.2011, 09:16 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Anti-Malware -hat mir geholfen! Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.01.2011, 22:29 | #25 |
| Malwarebytes Anti-Malware -hat mir geholfen! Hallo Arne, sorry hat ein wenig gedauert, letzte Woche war die Hölle los. Hier mal das log von Malware: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5480 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.01.2011 22:16:56 mbam-log-2011-01-09 (22-16-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 435202 Laufzeit: 3 Stunde(n), 17 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Jetzt ist SUPERAntiSpyware dran Gruß |
Themen zu Malwarebytes Anti-Malware -hat mir geholfen! |
0x00000001, ad-aware, alternate, amd athlon, bho, bonjour, canon, cpu-z, desktop, dsl, error, fehler, firefox, firefox 3.5.15, firefox.exe, flash player, format, ftp, google, hdd low, home, igdctrl.exe, intranet, lexware, location, logfile, malwarebytes anti-malware, mozilla, msiinstaller, object, oldtimer, otl.exe, plug-in, problem, realtek, registry, registry cleaner, rkill.com, rogue.fakehdd, rogue.hddlow, rundll, saver, searchplugins, secure search, security, shell32.dll, siteadvisor, skype.exe, software, system restore, udp, windows internet, wlan |