|
Log-Analyse und Auswertung: Rechner mit XP-Antivirus 2011 infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.03.2011, 08:50 | #1 |
| Rechner mit XP-Antivirus 2011 infiziert Hallo zusammen, wir haben bei einem unserer PC's die Malware XP-Antivirus 2011 gehabt, ich vermute, dass es durch einen Download eines zip Ordners mit Namen UPS-tracking-number.zip das System infiziert hat. Nun habe ich dieser Anleitung http://www.trojaner-board.de/94519-a...entfernen.html gefolgt und erst mit rkill.com die Prozesse gekillt und dann das Programm Malwarebytes ausgeführt. Anschliessend habe ich dann zur Sicherheit noch einmal OTH Helper ausgeführt und ernet Malwarebytes und meinen Virenscanner von Antivir durchlaufen lassen. Die Malware XP-Antivirus 2011 ist nun anscheinend nicht mehr auf dem Rechner, zumindest habe ich kein Icon mehr in der Taskbar. Allerdings kann ich die automatischen Updates von Windows nicht mehr starten, noch kann ich die Microsoft Update Seite öffnen, weshalb ich vermute, dass mein System immer noch nicht komplett gereinigt ist. Ich habe OTL laufen lassen und hier ist das Logfile: **************************************************OTL Logfile: Code:
ATTFilter OTL logfile created on: 29/03/2011 8:24:21 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\NicoleJ\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 215,21 Gb Free Space | 92,41% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2011/03/28 15:46:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NicoleJ\Desktop\OTL.exe PRC - [2011/03/28 13:56:11 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/28 13:56:09 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011/03/28 13:56:09 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2011/03/28 13:56:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/03/28 13:56:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/03/24 09:58:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/10/19 11:02:30 | 000,753,921 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe PRC - [2010/03/24 10:57:08 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010/03/22 11:26:20 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2010/03/22 10:26:22 | 000,295,664 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF637\CardDetector.exe PRC - [2009/04/17 15:55:42 | 000,558,176 | ---- | M] ( ) -- C:\Program Files\Miranda IM\miranda32.exe PRC - [2008/04/14 13:00:00 | 001,200,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntbackup.exe PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/14 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsmsink.exe PRC - [2006/12/21 07:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2006/08/22 01:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe ========== Modules (SafeList) ========== MOD - [2011/03/28 15:46:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NicoleJ\Desktop\OTL.exe MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (srvF90) SRV - [2011/03/28 13:56:11 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/28 13:56:09 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011/03/28 13:56:09 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011/03/28 13:56:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/10/19 11:02:30 | 000,753,921 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe -- (AntiVir Security Management Center Agent) SRV - [2010/03/22 11:26:20 | 000,090,112 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2007/02/09 09:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) SRV - [2006/12/21 07:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2006/08/22 01:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) ========== Driver Services (SafeList) ========== DRV - [2011/03/28 13:56:11 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/03/28 13:56:11 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/08 11:27:30 | 000,015,360 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEWMSD_637.sys -- (ZTEWMSD_637) DRV - [2009/10/09 09:54:16 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext) DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB) DRV - [2009/09/22 15:49:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/08/04 12:04:26 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2009/08/04 12:04:26 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2009/02/16 03:25:52 | 001,057,024 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/08/07 12:14:00 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008/02/14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2006/12/21 07:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2006/12/21 07:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 16:16:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:58:47 | 000,000,000 | ---D | M] [2011/03/28 16:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011/03/28 16:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkx6oqcy.default\extensions [2011/03/29 08:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/10/25 09:00:09 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/10/25 09:00:09 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/10/25 09:00:09 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/10/25 09:00:09 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/09/22 16:00:32 | 000,331,186 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.0.10 todaki O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11345 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BEWINTERNET-SPSessionManager] C:\Program Files\Orange\Internet Everywhere Pro\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorZTEMF637] C:\Program Files\CardDetector\ZTEMF637\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} hxxp://uchoshi/connectcomputer/nshelp.dll (NSHelp Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253274215057 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CE306811-265E-4AC4-8DD4-712F2AF5A98E} hxxp://www-origin.a3software.com/a3ftp/a3ftp.CAB (A3SOFT.A3FTP) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DDT.local O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O29 - HKLM SecurityProviders - (mfvwajrk.dll) - File not found O29 - HKLM SecurityProviders - (mpevsjed.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/09/18 19:13:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/29 08:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2011/03/29 08:15:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/03/29 05:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/03/28 16:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2011/03/28 16:19:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup.exe [2011/03/28 16:17:34 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr [2011/03/28 16:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2011/03/28 16:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2011/03/28 16:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2011/03/28 16:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira [2011/03/28 15:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2011/03/28 15:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011/03/28 15:41:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/03/28 15:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/28 15:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/03/28 15:41:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/03/28 15:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/03/28 15:34:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/03/28 13:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/03/28 13:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/03/14 09:38:46 | 000,368,496 | ---- | C] (Auerswald GmbH & Co.KG) -- C:\WINDOWS\aufaxremove.exe [2011/03/14 09:38:25 | 000,099,328 | ---- | C] (Auerswald GmbH & Co.KG) -- C:\WINDOWS\auFaxMon.dll [2011/03/14 09:38:25 | 000,076,288 | ---- | C] (Auerswald GmbH & Co.KG) -- C:\WINDOWS\auFaxUI.dll [2011/03/14 09:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Auerswald [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/29 08:27:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4413E000-4A1E-4071-B14A-D99FE0E1B25C}.job [2011/03/29 08:14:37 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\Backup Outlook.job [2011/03/29 08:11:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8E2395CB-26DC-4C61-A6A7-04F7A7339FD2}.job [2011/03/29 08:06:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/28 16:21:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/28 16:19:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup.exe [2011/03/28 16:17:25 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr [2011/03/28 15:41:11 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/28 15:33:30 | 000,013,184 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5nfu81broaes3q06d [2011/03/28 13:57:02 | 1637,368,831 | ---- | M] () -- C:\archive.pst [2011/03/28 13:56:11 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/03/28 13:56:11 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys [2011/03/28 13:56:11 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/03/28 09:01:22 | 000,316,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/03/28 09:01:22 | 000,041,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/03/24 18:31:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/29 08:14:26 | 000,000,912 | ---- | C] () -- C:\WINDOWS\tasks\Backup Outlook.job [2011/03/28 15:41:11 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/28 13:40:50 | 000,013,184 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5nfu81broaes3q06d [2010/12/13 13:52:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/10/12 08:58:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PTQL5F.DLL [2009/10/12 08:58:19 | 000,001,235 | ---- | C] () -- C:\WINDOWS\System32\PTQL5L.INI [2009/10/05 10:33:58 | 000,821,248 | ---- | C] () -- C:\WINDOWS\CONEXCEL.DLL [2009/10/05 10:33:58 | 000,820,224 | ---- | C] () -- C:\WINDOWS\COWEXCEL.DLL [2009/10/03 13:24:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\ECOMNIM.DAT [2009/10/03 13:13:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\A3CON.INI [2009/10/03 13:12:53 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CON32POS.DAT [2009/10/03 13:10:24 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\a3monnt.dll [2009/10/03 13:09:59 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\REDMONNT.DLL [2009/10/03 13:09:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\REDMON95.DLL [2009/10/03 13:09:49 | 000,000,664 | ---- | C] () -- C:\Program Files\ECOMSALV.CFG [2009/10/01 12:01:55 | 000,000,152 | ---- | C] () -- C:\WINDOWS\MYOBP.INI [2009/09/22 15:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/09/22 15:11:31 | 000,000,245 | ---- | C] () -- C:\WINDOWS\OPHI.INI [2009/09/22 15:11:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/09/22 15:11:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/09/22 15:11:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/09/18 20:04:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/09/18 20:03:47 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/09/18 19:24:45 | 000,024,991 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2009/09/18 19:24:19 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009/09/18 19:24:08 | 000,017,243 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009/09/18 19:24:08 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009/09/18 19:15:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/09/18 19:10:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 13:00:00 | 000,316,180 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 13:00:00 | 000,041,712 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/08/11 00:37:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini ========== LOP Check ========== [2011/03/29 08:14:37 | 000,000,912 | ---- | M] () -- C:\WINDOWS\Tasks\Backup Outlook.job [2011/03/29 08:27:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4413E000-4A1E-4071-B14A-D99FE0E1B25C}.job [2011/03/29 08:11:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E2395CB-26DC-4C61-A6A7-04F7A7339FD2}.job ========== Purity Check ========== < End of report > *********************************************** Ich hoffe, ihr könnt mir da weiterhelfen, bin für jede Hilfe sehr dankbar! Schönen Gruss |
29.03.2011, 19:34 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner mit XP-Antivirus 2011 infiziert Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
30.03.2011, 08:17 | #3 |
| Rechner mit XP-Antivirus 2011 infiziert Hallo,
__________________vielen Dank für die rasche Antwort. Ein Logfile habe ich noch aus Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6195 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28/03/2011 16:08:28 mbam-log-2011-03-28 (16-08-28).txt Scan type: Full scan (C:\|Z:\|) Objects scanned: 320210 Time elapsed: 26 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{7B1F3546-5241-4D16-8673-A0F5943B3C99} (Spyware.Passwords) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0DCD58CE-E108-472F-A286-E4D1616EC547} (Spyware.Passwords) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6007FE4E-1322-4934-91D7-01A9B56BCC05} (Spyware.Passwords) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\A3SysTrayCtl.cSysTray (Spyware.Passwords) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\A3SHARED\A3TRAY.OCX (Spyware.Passwords) -> Value: A3TRAY.OCX -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot. c:\documents and settings\NicoleJ\local settings\application data\bmj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\NicoleJ\local settings\Temp\srv71C.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\NicoleJ\local settings\Temp\srvF90.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\NicoleJ\local settings\Temp\lol2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\NicoleJ\local settings\temporary internet files\Content.IE5\9H1T6SFY\pod[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\NicoleJ\local settings\temporary internet files\Content.IE5\9H1T6SFY\lol2[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\NicoleJ\local settings\temporary internet files\Content.IE5\O1ZMEW38\spm[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{76eb5a16-a568-4efb-8843-c353eb330cda}\RP317\A0027725.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\system volume information\_restore{76eb5a16-a568-4efb-8843-c353eb330cda}\RP331\A0030933.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{76eb5a16-a568-4efb-8843-c353eb330cda}\RP331\A0030934.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\A3Shared\A3TRAY.OCX (Spyware.Passwords) -> Quarantined and deleted successfully. Hoffe das hilft. Danle |
30.03.2011, 13:37 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner mit XP-Antivirus 2011 infiziert Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL [2011/03/28 13:40:50 | 000,013,184 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5nfu81broaes3q06d O29 - HKLM SecurityProviders - (mfvwajrk.dll) - File not found O29 - HKLM SecurityProviders - (mpevsjed.dll) - File not found :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
31.03.2011, 08:39 | #5 |
| Rechner mit XP-Antivirus 2011 infiziert Hallo Arne, ich habe den Fix mit OTL angewandt, anbei das Log File. Allerdings kann ich die automatischen Updates immer noch nicht aktivieren und auch die Windows Update Seite funktioniert noch nicht. Hier das von OTL erstellte Logfile: All processes killed ========== OTL ========== C:\Documents and Settings\All Users\Application Data\5nfu81broaes3q06d moved successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mfvwajrk.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mpevsjed.dll deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator User: Administrator.DDT ->Temp folder emptied: 379637 bytes ->Temporary Internet Files folder emptied: 735830 bytes ->FireFox cache emptied: 18072504 bytes ->Flash cache emptied: 456 bytes User: All Users User: AllysonM ->Temp folder emptied: 870391 bytes ->Temporary Internet Files folder emptied: 52260595 bytes ->Java cache emptied: 25494212 bytes ->FireFox cache emptied: 60094677 bytes ->Flash cache emptied: 1299 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 96688372 bytes ->Flash cache emptied: 649 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 375326277 bytes ->Flash cache emptied: 1179 bytes User: NicoleJ ->Temp folder emptied: 29697057 bytes ->Temporary Internet Files folder emptied: 16744786 bytes ->Java cache emptied: 50987279 bytes ->FireFox cache emptied: 83281866 bytes ->Flash cache emptied: 36402 bytes User: ShahidB ->Temp folder emptied: 19507252 bytes ->Temporary Internet Files folder emptied: 10768179 bytes ->FireFox cache emptied: 66402395 bytes ->Flash cache emptied: 405 bytes User: ShahidB.WS503 ->Temp folder emptied: 673611 bytes ->Temporary Internet Files folder emptied: 14282259 bytes ->FireFox cache emptied: 53351994 bytes ->Flash cache emptied: 592 bytes User: user ->Temp folder emptied: 4341154 bytes ->Temporary Internet Files folder emptied: 4596266 bytes User: __sbs_netsetup__ ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: __sbs_netsetup__.ALLYSON ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: __sbs_netsetup__.TEMP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: __sbs_netsetup__.TESTER ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: __sbs_netsetup__.WS503 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402044 bytes %systemroot%\System32 .tmp files removed: 2007057 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16366167 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 959.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03312011_082934 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z18KGH8B\google_es[3].txt not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z18KGH8B\landing_impCAV0G20T.php moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z18KGH8B\redirect[8].htm moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z18KGH8B\xd_proxy[1].php moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\312319[1].txt not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\answer[1].py moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\fan[1].php not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\iframe3CAFWH05L.htm moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\jump2[1].htm moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\jump2[2].htm moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\landing_impCAYJX30K.php moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\MzswOzUxNjIzOzE5NTA3OzEwNTc5OzQ2NDE1OzA7MTMwMTU1NjU0MDc5OQ[1].htm moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\playCA35D2YL.html moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\playCAOCR4LO.html moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\playCAWJSULO.html moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTTQT9O4\restserver[1].php moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\landing_impCAETSK5W.php moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\playCA2IHHU7.html not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\playCA96C33M.html moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\playCA9OSQRC.html not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\playCACPPM8Y.html moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\recommendation[1].txt not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\search[1].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U36U33KP\stCAU4O306 moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HOHONTDY\background_gradient[1] not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HOHONTDY\MzswOzUxNjIzOzE5NTA3OzEwNTc5OzQ2NDE1OzA7MTMwMTU1NjUxNzQwNw[1].htm moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HOHONTDY\playCAXT7IQZ.html moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HOHONTDY\preferences[2].txt moved successfully. Registry entries deleted on Reboot... Vielen Dank für deine Hilfe! |
31.03.2011, 13:30 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner mit XP-Antivirus 2011 infiziert Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Rechner mit XP-Antivirus 2011 infiziert |
01.04.2011, 08:53 | #7 |
| Rechner mit XP-Antivirus 2011 infiziert Hallo, Combifix habe ich nun laufen lassen und hier ist das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-31.02 - Administrator 04/01/2011 8:40.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1636 [GMT 1:00] Running from: c:\documents and settings\Administrator.DDT\Desktop\confi.exe AV: AntiVir Desktop *Disabled/Outdated* {B02B524A-0C22-45DD-A6D1-70C7010CE58E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 ))))))))))))))))))))))))))))))) . . 2011-04-01 07:18 . 2011-04-01 07:18 -------- d-----w- c:\program files\CCleaner 2011-03-31 07:39 . 2011-03-31 07:39 -------- d-sh--w- c:\documents and settings\Administrator.DDT\PrivacIE 2011-03-31 07:29 . 2011-03-31 07:29 -------- d-----w- C:\_OTL 2011-03-31 07:22 . 2011-03-31 07:22 -------- d-----w- c:\documents and settings\Administrator.DDT\Local Settings\Application Data\Mozilla 2011-03-29 14:26 . 2011-03-29 14:26 -------- d-----w- c:\windows\Sun 2011-03-29 04:54 . 2011-03-29 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-03-28 14:41 . 2011-03-28 14:41 -------- d-----w- c:\documents and settings\NicoleJ\Application Data\Malwarebytes 2011-03-28 14:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-28 14:41 . 2011-03-28 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-28 14:41 . 2011-03-28 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-28 14:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-28 12:44 . 2011-03-28 12:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-03-14 08:38 . 2010-11-23 07:59 368496 ----a-w- c:\windows\aufaxremove.exe 2011-03-14 08:38 . 2010-11-25 19:15 76288 ----a-w- c:\windows\auFaxUI.dll 2011-03-14 08:38 . 2010-11-25 19:13 99328 ----a-w- c:\windows\auFaxMon.dll 2011-03-14 08:38 . 2011-03-14 08:38 -------- d-----w- c:\program files\Auerswald 2011-03-14 08:33 . 2011-03-14 08:33 -------- d-----w- c:\documents and settings\Administrator.DDT\Application Data\Avira 2011-03-14 08:33 . 2011-03-14 08:33 -------- d-----w- c:\documents and settings\Administrator.DDT\Application Data\Search Settings 2011-03-02 09:02 . 2011-03-02 09:02 -------- d-----w- c:\documents and settings\NicoleJ\Application Data\Search Settings . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-28 12:56 . 2010-03-24 09:57 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys 2011-03-28 12:56 . 2009-09-22 14:26 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-28 12:56 . 2009-09-22 14:26 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2009-09-18 18:09 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2009-09-18 18:09 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-17 33595392] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "CardDetectorZTEMF637"="c:\program files\CardDetector\ZTEMF637\CardDetector.exe" [2010-03-22 295664] "BEWINTERNET-SPSessionManager"="c:\program files\Orange\Internet Everywhere Pro\SessionManager\SessionManager.exe" [2010-03-22 140016] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\ShahidB.WS503\Start Menu\Programs\Startup\ Miranda IM.lnk - c:\program files\Miranda IM\miranda32.exe [2009-4-17 558176] . c:\documents and settings\AllysonM\Start Menu\Programs\Startup\ Miranda IM.lnk - c:\program files\Miranda IM\miranda32.exe [2009-4-17 558176] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Outlook\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A] . c:\documents and settings\ShahidB\Start Menu\Programs\Startup\ Miranda IM.lnk - c:\program files\Miranda IM\miranda32.exe [2009-4-17 558176] . c:\documents and settings\NicoleJ\Start Menu\Programs\Startup\ Miranda IM.lnk - c:\program files\Miranda IM\miranda32.exe [2009-4-17 558176] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvF90] @="service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Program Files\\Avira\\Avira Security Management Center Agent\\agent.exe"= "c:\\Program Files\\Microsoft Outlook\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Orange\\Internet Everywhere Pro\\Connectivity\\ConnectivityManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7030:TCP"= 7030:TCP:Avira Security Management Center Agent (Incoming) . R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [9/22/2009 3:26 PM 339624] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/22/2009 3:26 PM 135336] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [9/22/2009 3:26 PM 421032] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [8/22/2006 1:00 AM 316992] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [9/18/2009 7:34 PM 1057024] S2 AntiVir Security Management Center Agent;Avira Security Management Center Agent;c:\program files\Avira\Avira Security Management Center Agent\agent.exe [6/17/2010 3:04 PM 753921] S2 srvF90;srvF90;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 1:00 PM 14336] S3 OKI OPHI DCS Loader;OKI OPHI DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHILDCS.EXE [9/25/2008 4:02 PM 24576] S3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\drivers\ZTEusbnmeaext2.sys [2/4/2011 12:53 PM 105088] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2/4/2011 12:53 PM 114688] S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2/4/2011 12:53 PM 105088] S3 ZTEWMSD_637;ZTE WCDMA 637 Dummy MSD Device;c:\windows\system32\drivers\ZTEWMSD_637.sys [2/4/2011 1:21 PM 15360] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs srvF90 . Contents of the 'Scheduled Tasks' folder . 2011-04-01 c:\windows\Tasks\Backup Outlook.job - c:\windows\system32\ntbackup.exe [2008-04-14 12:00] . 2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{4413E000-4A1E-4071-B14A-D99FE0E1B25C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . 2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{8E2395CB-26DC-4C61-A6A7-04F7A7339FD2}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://companyweb LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: {C278CC5D-E9E3-4095-8A73-447E2C944B58} = 192.168.16.2,80.58.61.250 DPF: {CE306811-265E-4AC4-8DD4-712F2AF5A98E} - hxxp://www-origin.a3software.com/a3ftp/a3ftp.CAB FF - ProfilePath - c:\documents and settings\Administrator.DDT\Application Data\Mozilla\Firefox\Profiles\69arjnqi.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-04-01 08:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvF90] "servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\NicoleJ\LOCALS~1\Temp\srvF90.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(692) c:\program files\Avira\AntiVir Desktop\avsda.dll . - - - - - - - > 'lsass.exe'(748) c:\program files\Avira\AntiVir Desktop\avsda.dll . Completion time: 2011-04-01 08:47:41 ComboFix-quarantined-files.txt 2011-04-01 07:47 . Pre-Run: 230,737,629,184 bytes free Post-Run: 231,051,288,576 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E97A2F934704A29E3E26DB73B3688A8C |
01.04.2011, 14:07 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner mit XP-Antivirus 2011 infiziert Nett, ein Bootkit wurde entfernt. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver:: srvF90 NetSvc:: srvF90 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.04.2011, 11:50 | #9 |
| Rechner mit XP-Antivirus 2011 infiziert Hallo, leider hat das nicht geklappt. Ich habe die Zeilen von dir in ein Notepad Dokument kopiert, es umbenannt und dann auf confi-exe per Drag & Drop gezogen. Es erscheint dann auch ein kleines Fenster von Combifix mit einer Statusleiste, allerdings passiert ansonsten nichts mehr. Der PC fragt mich auch nicht ob er neu starten soll und auch das Logfile kann ich nirgends sehen. |
04.04.2011, 12:53 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner mit XP-Antivirus 2011 infiziert Starte Windows neu und probier es nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2011, 13:43 | #11 |
| Rechner mit XP-Antivirus 2011 infiziert Hallo Arne, ich habe es jetzt mehrmals versucht auch mit zwischenzeitlichen Neustarts, aber es will einfach nicht starten. Es kommt immer nur die kleine Box mit den grünen Status Blöcken, wenn diese Box verschwindet tut sich gar nichts mehr. Würdest du eine komplette Neuinstallation empfehlen? Denn der PC spinnt wirklich total und Programme die wir zum arbeiten benötigen funktionieren seit der Infektion einfach nicht mehr. |
05.04.2011, 14:36 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner mit XP-Antivirus 2011 infiziert Dann erstmal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2011, 15:19 | #13 |
| Rechner mit XP-Antivirus 2011 infiziert So, das tool tdsskiller ist nun auch aufgeführt, allerdings kam hier die Meldung, dass keine Infektion gefunden wurde. Hier das Log-file: 2011/04/05 15:18:00.0001 0808 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/05 15:18:00.0517 0808 ================================================================================ 2011/04/05 15:18:00.0517 0808 SystemInfo: 2011/04/05 15:18:00.0517 0808 2011/04/05 15:18:00.0517 0808 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/05 15:18:00.0517 0808 Product type: Workstation 2011/04/05 15:18:00.0517 0808 ComputerName: WS105 2011/04/05 15:18:00.0517 0808 UserName: Administrator 2011/04/05 15:18:00.0517 0808 Windows directory: C:\WINDOWS 2011/04/05 15:18:00.0517 0808 System windows directory: C:\WINDOWS 2011/04/05 15:18:00.0517 0808 Processor architecture: Intel x86 2011/04/05 15:18:00.0517 0808 Number of processors: 2 2011/04/05 15:18:00.0517 0808 Page size: 0x1000 2011/04/05 15:18:00.0517 0808 Boot type: Normal boot 2011/04/05 15:18:00.0517 0808 ================================================================================ 2011/04/05 15:18:00.0642 0808 Initialize success 2011/04/05 15:18:07.0048 3696 ================================================================================ 2011/04/05 15:18:07.0048 3696 Scan started 2011/04/05 15:18:07.0048 3696 Mode: Manual; 2011/04/05 15:18:07.0048 3696 ================================================================================ 2011/04/05 15:18:07.0392 3696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/05 15:18:07.0439 3696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/05 15:18:07.0517 3696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/05 15:18:07.0548 3696 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/04/05 15:18:07.0782 3696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/05 15:18:07.0814 3696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/05 15:18:07.0876 3696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/05 15:18:07.0923 3696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/05 15:18:08.0032 3696 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/05 15:18:08.0079 3696 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/04/05 15:18:08.0111 3696 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/04/05 15:18:08.0157 3696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/05 15:18:08.0282 3696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/05 15:18:08.0329 3696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/05 15:18:08.0392 3696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/05 15:18:08.0439 3696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/05 15:18:08.0611 3696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/05 15:18:08.0673 3696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/05 15:18:08.0767 3696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/05 15:18:08.0767 3696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/05 15:18:08.0829 3696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/05 15:18:08.0845 3696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/05 15:18:08.0907 3696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/05 15:18:08.0970 3696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/04/05 15:18:08.0986 3696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/05 15:18:09.0001 3696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/04/05 15:18:09.0064 3696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/05 15:18:09.0157 3696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/05 15:18:09.0173 3696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/05 15:18:09.0236 3696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/05 15:18:09.0282 3696 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/05 15:18:09.0345 3696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/05 15:18:09.0407 3696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/05 15:18:09.0470 3696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/05 15:18:09.0626 3696 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/04/05 15:18:09.0798 3696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/05 15:18:09.0845 3696 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/05 15:18:09.0892 3696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/05 15:18:09.0923 3696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/05 15:18:09.0939 3696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/05 15:18:09.0970 3696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/05 15:18:10.0017 3696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/05 15:18:10.0064 3696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/05 15:18:10.0095 3696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/05 15:18:10.0095 3696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/05 15:18:10.0126 3696 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/05 15:18:10.0173 3696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/05 15:18:10.0204 3696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/05 15:18:10.0236 3696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/05 15:18:10.0298 3696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/05 15:18:10.0361 3696 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys 2011/04/05 15:18:10.0470 3696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/05 15:18:10.0517 3696 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/05 15:18:10.0579 3696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/05 15:18:10.0626 3696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/05 15:18:10.0657 3696 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/05 15:18:10.0657 3696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/05 15:18:10.0704 3696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/05 15:18:10.0735 3696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/05 15:18:10.0751 3696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/05 15:18:10.0798 3696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/05 15:18:10.0845 3696 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/04/05 15:18:10.0907 3696 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/05 15:18:10.0923 3696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/05 15:18:10.0954 3696 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/05 15:18:10.0985 3696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/05 15:18:11.0001 3696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/05 15:18:11.0064 3696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/05 15:18:11.0110 3696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/05 15:18:11.0126 3696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/05 15:18:11.0157 3696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/05 15:18:11.0204 3696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/05 15:18:11.0251 3696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/05 15:18:11.0282 3696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/05 15:18:11.0298 3696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/05 15:18:11.0376 3696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/05 15:18:11.0423 3696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/05 15:18:11.0454 3696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/05 15:18:11.0485 3696 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS 2011/04/05 15:18:11.0501 3696 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS 2011/04/05 15:18:11.0532 3696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/05 15:18:11.0548 3696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/05 15:18:11.0595 3696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/05 15:18:11.0704 3696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/05 15:18:11.0720 3696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/05 15:18:11.0767 3696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/05 15:18:11.0845 3696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/05 15:18:11.0907 3696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/05 15:18:11.0923 3696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/05 15:18:11.0939 3696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/05 15:18:12.0001 3696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/05 15:18:12.0048 3696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/05 15:18:12.0095 3696 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/05 15:18:12.0126 3696 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/05 15:18:12.0189 3696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/05 15:18:12.0235 3696 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/05 15:18:12.0282 3696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/05 15:18:12.0329 3696 Sentinel (4b926f60ccce0c410591c66446675496) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 2011/04/05 15:18:12.0376 3696 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/05 15:18:12.0392 3696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/05 15:18:12.0439 3696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/05 15:18:12.0501 3696 SNTNLUSB (1475a9533649935a048ea5e27f8c3b37) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS 2011/04/05 15:18:12.0548 3696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/05 15:18:12.0595 3696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/05 15:18:12.0642 3696 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/05 15:18:12.0704 3696 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/04/05 15:18:12.0751 3696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/05 15:18:12.0814 3696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/05 15:18:12.0860 3696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/05 15:18:12.0923 3696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/05 15:18:12.0985 3696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/05 15:18:13.0001 3696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/05 15:18:13.0032 3696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/05 15:18:13.0079 3696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/05 15:18:13.0142 3696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/05 15:18:13.0189 3696 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/04/05 15:18:13.0251 3696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/05 15:18:13.0298 3696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/05 15:18:13.0329 3696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/05 15:18:13.0376 3696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/05 15:18:13.0392 3696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/05 15:18:13.0439 3696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/05 15:18:13.0517 3696 VIAHdAudAddService (2e16e69de644113f287de4cd7b8a73a6) C:\WINDOWS\system32\drivers\viahduaa.sys 2011/04/05 15:18:13.0579 3696 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/05 15:18:13.0642 3696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/05 15:18:13.0673 3696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/05 15:18:13.0704 3696 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/04/05 15:18:13.0751 3696 ZTEusbMB (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext2.sys 2011/04/05 15:18:13.0767 3696 ZTEusbmdm6k (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys 2011/04/05 15:18:13.0782 3696 ZTEusbnet (affb019346a4498dae672663fbd0b716) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys 2011/04/05 15:18:13.0814 3696 ZTEusbnmea (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys 2011/04/05 15:18:13.0829 3696 ZTEusbnmeaext (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys 2011/04/05 15:18:13.0860 3696 ZTEusbser6k (b31932dc33072ca98a8dbf76f866f22e) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys 2011/04/05 15:18:13.0892 3696 ZTEWMSD_637 (92fdfdcab300856aabeecb5cd130fac2) C:\WINDOWS\system32\Drivers\ZTEWMSD_637.sys 2011/04/05 15:18:14.0017 3696 ================================================================================ 2011/04/05 15:18:14.0017 3696 Scan finished 2011/04/05 15:18:14.0017 3696 ================================================================================ |
05.04.2011, 17:28 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner mit XP-Antivirus 2011 infiziert Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.04.2011, 11:19 | #15 |
| Rechner mit XP-Antivirus 2011 infiziert Hallo Arne, ich glaube ich werde ihn jetzt einfach neu formatieren, beide Programme installiert nicht fertig durchgelaufen, jetzt kann ich nicht mal mehr ins Internet mit dem PC und ich brauche ihn aber wieder. ich bin dir wirklich sehr dankbar für deine Hilfe und finde es grossartig was für eine Unterstützung ich erhalten habe. Aber da ich den Rechner dringend brauche, denke ich eine Neuinstallation ist einfach das schnellste. Was hälst du davon? Schönen Gruss Holger |
Themen zu Rechner mit XP-Antivirus 2011 infiziert |
avgntflt.sys, avira, bho, error, explorer, firefox, format, gereinigt, helper, location, logfile, malware, mozilla, object, oldtimer, plug-in, programm, prozesse, realtek, registry, safer networking, scan, searchplugins, security, server, sicherheit, software, start menu, starten, system, updates, windows |