Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Rechner mit XP-Antivirus 2011 infiziert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 29.03.2011, 08:50   #1
Santelmo
 
Rechner mit XP-Antivirus 2011 infiziert - Standard

Rechner mit XP-Antivirus 2011 infiziert



Hallo zusammen,

wir haben bei einem unserer PC's die Malware XP-Antivirus 2011 gehabt, ich vermute, dass es durch einen Download eines zip Ordners mit Namen UPS-tracking-number.zip das System infiziert hat.

Nun habe ich dieser Anleitung http://www.trojaner-board.de/94519-a...entfernen.html gefolgt und erst mit rkill.com die Prozesse gekillt und dann das Programm Malwarebytes ausgeführt.
Anschliessend habe ich dann zur Sicherheit noch einmal OTH Helper ausgeführt und ernet Malwarebytes und meinen Virenscanner von Antivir durchlaufen lassen.

Die Malware XP-Antivirus 2011 ist nun anscheinend nicht mehr auf dem Rechner, zumindest habe ich kein Icon mehr in der Taskbar. Allerdings kann ich die automatischen Updates von Windows nicht mehr starten, noch kann ich die Microsoft Update Seite öffnen, weshalb ich vermute, dass mein System immer noch nicht komplett gereinigt ist.

Ich habe OTL laufen lassen und hier ist das Logfile:

**************************************************OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29/03/2011 8:24:21 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\NicoleJ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 215,21 Gb Free Space | 92,41% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2011/03/28 15:46:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NicoleJ\Desktop\OTL.exe
PRC - [2011/03/28 13:56:11 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 13:56:09 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/03/28 13:56:09 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/03/28 13:56:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 13:56:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/24 09:58:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/19 11:02:30 | 000,753,921 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
PRC - [2010/03/24 10:57:08 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/03/22 11:26:20 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2010/03/22 10:26:22 | 000,295,664 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF637\CardDetector.exe
PRC - [2009/04/17 15:55:42 | 000,558,176 | ---- | M] ( ) -- C:\Program Files\Miranda IM\miranda32.exe
PRC - [2008/04/14 13:00:00 | 001,200,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntbackup.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsmsink.exe
PRC - [2006/12/21 07:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2006/08/22 01:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/03/28 15:46:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NicoleJ\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (srvF90)
SRV - [2011/03/28 13:56:11 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 13:56:09 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/03/28 13:56:09 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/03/28 13:56:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/19 11:02:30 | 000,753,921 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe -- (AntiVir Security Management Center Agent)
SRV - [2010/03/22 11:26:20 | 000,090,112 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2007/02/09 09:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006/12/21 07:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2006/08/22 01:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/03/28 13:56:11 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/28 13:56:11 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/08 11:27:30 | 000,015,360 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEWMSD_637.sys -- (ZTEWMSD_637)
DRV - [2009/10/09 09:54:16 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/09 09:54:16 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV - [2009/09/22 15:49:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/08/04 12:04:26 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2009/08/04 12:04:26 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2009/02/16 03:25:52 | 001,057,024 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/07 12:14:00 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2006/12/21 07:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/21 07:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 16:16:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:58:47 | 000,000,000 | ---D | M]
 
[2011/03/28 16:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/28 16:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkx6oqcy.default\extensions
[2011/03/29 08:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/25 09:00:09 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/25 09:00:09 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/25 09:00:09 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/25 09:00:09 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2009/09/22 16:00:32 | 000,331,186 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 192.168.0.10	todaki
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 11345 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BEWINTERNET-SPSessionManager] C:\Program Files\Orange\Internet Everywhere Pro\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorZTEMF637] C:\Program Files\CardDetector\ZTEMF637\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} hxxp://uchoshi/connectcomputer/nshelp.dll (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253274215057 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CE306811-265E-4AC4-8DD4-712F2AF5A98E} hxxp://www-origin.a3software.com/a3ftp/a3ftp.CAB (A3SOFT.A3FTP)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DDT.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O29 - HKLM SecurityProviders - (mfvwajrk.dll) -  File not found
O29 - HKLM SecurityProviders - (mpevsjed.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/18 19:13:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/03/29 08:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/03/29 08:15:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/29 05:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/28 16:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/03/28 16:19:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup.exe
[2011/03/28 16:17:34 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/03/28 16:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/03/28 16:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/03/28 16:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/03/28 16:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/03/28 15:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/28 15:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/28 15:41:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/28 15:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/28 15:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/28 15:41:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/28 15:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/28 15:34:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/03/28 13:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/28 13:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/14 09:38:46 | 000,368,496 | ---- | C] (Auerswald  GmbH & Co.KG) -- C:\WINDOWS\aufaxremove.exe
[2011/03/14 09:38:25 | 000,099,328 | ---- | C] (Auerswald GmbH & Co.KG) -- C:\WINDOWS\auFaxMon.dll
[2011/03/14 09:38:25 | 000,076,288 | ---- | C] (Auerswald GmbH & Co.KG) -- C:\WINDOWS\auFaxUI.dll
[2011/03/14 09:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Auerswald
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/03/29 08:27:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4413E000-4A1E-4071-B14A-D99FE0E1B25C}.job
[2011/03/29 08:14:37 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\Backup Outlook.job
[2011/03/29 08:11:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8E2395CB-26DC-4C61-A6A7-04F7A7339FD2}.job
[2011/03/29 08:06:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/28 16:21:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/28 16:19:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup.exe
[2011/03/28 16:17:25 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/03/28 15:41:11 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 15:33:30 | 000,013,184 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5nfu81broaes3q06d
[2011/03/28 13:57:02 | 1637,368,831 | ---- | M] () -- C:\archive.pst
[2011/03/28 13:56:11 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/28 13:56:11 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2011/03/28 13:56:11 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/28 09:01:22 | 000,316,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 09:01:22 | 000,041,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/24 18:31:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/03/29 08:14:26 | 000,000,912 | ---- | C] () -- C:\WINDOWS\tasks\Backup Outlook.job
[2011/03/28 15:41:11 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 13:40:50 | 000,013,184 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5nfu81broaes3q06d
[2010/12/13 13:52:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/10/12 08:58:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PTQL5F.DLL
[2009/10/12 08:58:19 | 000,001,235 | ---- | C] () -- C:\WINDOWS\System32\PTQL5L.INI
[2009/10/05 10:33:58 | 000,821,248 | ---- | C] () -- C:\WINDOWS\CONEXCEL.DLL
[2009/10/05 10:33:58 | 000,820,224 | ---- | C] () -- C:\WINDOWS\COWEXCEL.DLL
[2009/10/03 13:24:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\ECOMNIM.DAT
[2009/10/03 13:13:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\A3CON.INI
[2009/10/03 13:12:53 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CON32POS.DAT
[2009/10/03 13:10:24 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\a3monnt.dll
[2009/10/03 13:09:59 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\REDMONNT.DLL
[2009/10/03 13:09:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\REDMON95.DLL
[2009/10/03 13:09:49 | 000,000,664 | ---- | C] () -- C:\Program Files\ECOMSALV.CFG
[2009/10/01 12:01:55 | 000,000,152 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2009/09/22 15:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/22 15:11:31 | 000,000,245 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009/09/22 15:11:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/22 15:11:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/22 15:11:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/18 20:04:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/18 20:03:47 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/18 19:24:45 | 000,024,991 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/09/18 19:24:19 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/09/18 19:24:08 | 000,017,243 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/18 19:24:08 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/09/18 19:15:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/18 19:10:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,316,180 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,041,712 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/11 00:37:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
 
========== LOP Check ==========
 
[2011/03/29 08:14:37 | 000,000,912 | ---- | M] () -- C:\WINDOWS\Tasks\Backup Outlook.job
[2011/03/29 08:27:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4413E000-4A1E-4071-B14A-D99FE0E1B25C}.job
[2011/03/29 08:11:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E2395CB-26DC-4C61-A6A7-04F7A7339FD2}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
***********************************************

Ich hoffe, ihr könnt mir da weiterhelfen, bin für jede Hilfe sehr dankbar!

Schönen Gruss

 

Themen zu Rechner mit XP-Antivirus 2011 infiziert
avgntflt.sys, avira, bho, error, explorer, firefox, format, gereinigt, helper, location, logfile, malware, mozilla, object, oldtimer, plug-in, programm, prozesse, realtek, registry, safer networking, scan, searchplugins, security, server, sicherheit, software, start menu, starten, system, updates, windows




Ähnliche Themen: Rechner mit XP-Antivirus 2011 infiziert


  1. Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner
    Log-Analyse und Auswertung - 17.05.2012 (20)
  2. Komische Meldung durch Norton Antivirus 2011
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (1)
  3. Antivirus 2011 Edition limitée entfernen
    Anleitungen, FAQs & Links - 15.08.2011 (2)
  4. Antivirus AntiSpyware 2011 ist es wirklich weg?
    Log-Analyse und Auswertung - 26.05.2011 (21)
  5. Infizierung mit XP Antivirus 2011
    Log-Analyse und Auswertung - 15.05.2011 (3)
  6. Fake-Antivirenprogramm ''AVG Antivirus 2011."
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (7)
  7. Win7 Antivirus 2011 Problem
    Log-Analyse und Auswertung - 27.04.2011 (1)
  8. Antivirus Antispyware 2011 wie werde ich den los?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (13)
  9. Antivirus Antispyware 2011 Problem
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (15)
  10. Antivirus Clean 2011 entfernen
    Anleitungen, FAQs & Links - 13.04.2011 (2)
  11. Kurze Frage zur Bekämpfung von AntiVirus AntiSpyware 2011
    Plagegeister aller Art und deren Bekämpfung - 27.03.2011 (3)
  12. Kurze Frage zu AntiVirus AntiSpyware 2011
    Alles rund um Windows - 27.03.2011 (2)
  13. E-Set Antivirus 2011 entfernen
    Anleitungen, FAQs & Links - 18.03.2011 (2)
  14. Antivirus AntiSpyware 2011 entfernen
    Anleitungen, FAQs & Links - 03.03.2011 (2)
  15. XP Anti-Spyware 2011, Vista Security 2011, Win 7 Internet Security 2011 entfernen
    Anleitungen, FAQs & Links - 18.02.2011 (2)
  16. AVG Antivirus 2011 entfernen
    Anleitungen, FAQs & Links - 28.01.2011 (2)
  17. AntiVirus System 2011 entfernen
    Anleitungen, FAQs & Links - 06.01.2011 (2)

Zum Thema Rechner mit XP-Antivirus 2011 infiziert - Hallo zusammen, wir haben bei einem unserer PC's die Malware XP-Antivirus 2011 gehabt, ich vermute, dass es durch einen Download eines zip Ordners mit Namen UPS-tracking-number.zip das System infiziert hat. - Rechner mit XP-Antivirus 2011 infiziert...

Alle Zeitangaben in WEZ +1. Es ist jetzt 03:42 Uhr.


Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Rechner mit XP-Antivirus 2011 infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.