| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.04.2011, 19:02
| #16 |
 |  Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen hi arne, du das wird nichts. immer wenn cofi.exe die dateien löschen will stürzt das system ab. |
|
03.04.2011, 19:23
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Wie ist es mit neu runterladen, alte cofi überschreiben? Stürzt Windows da auch ab?
__________________
__________________ |
|
03.04.2011, 22:26
| #18 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen tach arne,
__________________ja habs jetzt 2 mal probiert, neu runtergeladen und durchlaufen lassen. immer wenn cofi.exe dateien löschen will kommt der blau bildschirm und sagt. schwerwiegende fehler. window wurde herunter gefahren um schäden zu vermeiden. |
|
04.04.2011, 11:24
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Dann erstmal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.04.2011, 17:42
| #20 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen hallo arne, hab jetzt das von kaspersky gemacht. hier die logs: 2011/04/04 18:37:34.0515 3956 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/04 18:37:34.0843 3956 ================================================================================ 2011/04/04 18:37:34.0843 3956 SystemInfo: 2011/04/04 18:37:34.0843 3956 2011/04/04 18:37:34.0859 3956 OS Version: 5.1.2600 ServicePack: 2.0 2011/04/04 18:37:34.0859 3956 Product type: Workstation 2011/04/04 18:37:34.0859 3956 ComputerName: RON 2011/04/04 18:37:34.0859 3956 UserName: Administrator 2011/04/04 18:37:34.0859 3956 Windows directory: C:\WINDOWS 2011/04/04 18:37:34.0859 3956 System windows directory: C:\WINDOWS 2011/04/04 18:37:34.0859 3956 Processor architecture: Intel x86 2011/04/04 18:37:34.0859 3956 Number of processors: 2 2011/04/04 18:37:34.0859 3956 Page size: 0x1000 2011/04/04 18:37:34.0859 3956 Boot type: Normal boot 2011/04/04 18:37:34.0859 3956 ================================================================================ 2011/04/04 18:37:35.0296 3956 Initialize success 2011/04/04 18:37:37.0984 1692 ================================================================================ 2011/04/04 18:37:37.0984 1692 Scan started 2011/04/04 18:37:37.0984 1692 Mode: Manual; 2011/04/04 18:37:37.0984 1692 ================================================================================ 2011/04/04 18:37:38.0750 1692 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/04/04 18:37:38.0843 1692 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys 2011/04/04 18:37:38.0890 1692 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/04 18:37:38.0937 1692 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/04 18:37:39.0000 1692 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2011/04/04 18:37:39.0062 1692 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/04/04 18:37:39.0109 1692 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 2011/04/04 18:37:39.0250 1692 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys 2011/04/04 18:37:39.0265 1692 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/04/04 18:37:39.0375 1692 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/04/04 18:37:39.0406 1692 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/04/04 18:37:39.0421 1692 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/04/04 18:37:39.0453 1692 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys 2011/04/04 18:37:39.0484 1692 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys 2011/04/04 18:37:39.0515 1692 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/04/04 18:37:39.0531 1692 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/04 18:37:39.0578 1692 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/04 18:37:39.0625 1692 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/04/04 18:37:39.0640 1692 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/04 18:37:39.0671 1692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/04 18:37:39.0718 1692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/04 18:37:39.0765 1692 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/04/04 18:37:39.0765 1692 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/04/04 18:37:39.0875 1692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/04 18:37:40.0171 1692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/04 18:37:40.0234 1692 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/04 18:37:40.0296 1692 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/04 18:37:40.0437 1692 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/04 18:37:40.0484 1692 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/04 18:37:40.0500 1692 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/04 18:37:40.0515 1692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/04 18:37:40.0578 1692 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/04 18:37:40.0609 1692 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/04 18:37:40.0640 1692 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 2011/04/04 18:37:40.0750 1692 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/04 18:37:40.0765 1692 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/04 18:37:40.0781 1692 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/04 18:37:40.0796 1692 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/04 18:37:40.0843 1692 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/04 18:37:40.0890 1692 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS 2011/04/04 18:37:40.0937 1692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/04 18:37:40.0968 1692 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/04 18:37:41.0031 1692 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/04 18:37:41.0078 1692 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/04 18:37:41.0140 1692 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/04 18:37:41.0187 1692 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/04 18:37:41.0265 1692 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/04 18:37:41.0296 1692 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/04 18:37:41.0437 1692 IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/04 18:37:41.0578 1692 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/04 18:37:41.0609 1692 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/04 18:37:41.0671 1692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/04 18:37:41.0703 1692 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/04 18:37:41.0765 1692 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/04 18:37:41.0812 1692 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/04 18:37:41.0859 1692 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/04 18:37:41.0906 1692 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/04 18:37:41.0953 1692 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/04 18:37:41.0984 1692 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/04 18:37:42.0093 1692 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/04 18:37:42.0140 1692 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/04 18:37:42.0203 1692 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/04/04 18:37:42.0234 1692 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys 2011/04/04 18:37:42.0281 1692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/04 18:37:42.0312 1692 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/04 18:37:42.0343 1692 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/04 18:37:42.0359 1692 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/04 18:37:42.0375 1692 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/04 18:37:42.0421 1692 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/04 18:37:42.0484 1692 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/04 18:37:42.0515 1692 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/04 18:37:42.0546 1692 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/04 18:37:42.0562 1692 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/04 18:37:42.0593 1692 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/04 18:37:42.0625 1692 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/04 18:37:42.0671 1692 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/04 18:37:42.0687 1692 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/04 18:37:42.0703 1692 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/04 18:37:42.0750 1692 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/04 18:37:42.0781 1692 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/04 18:37:42.0796 1692 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/04 18:37:42.0812 1692 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/04 18:37:42.0828 1692 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/04 18:37:42.0890 1692 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/04/04 18:37:42.0921 1692 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/04 18:37:42.0953 1692 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys 2011/04/04 18:37:42.0984 1692 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/04 18:37:43.0062 1692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/04 18:37:43.0218 1692 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/04/04 18:37:43.0406 1692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/04 18:37:43.0421 1692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/04 18:37:43.0453 1692 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/04/04 18:37:43.0500 1692 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/04 18:37:43.0515 1692 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/04 18:37:43.0546 1692 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/04 18:37:43.0578 1692 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/04/04 18:37:43.0609 1692 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/04 18:37:43.0671 1692 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/04 18:37:43.0718 1692 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/04 18:37:43.0953 1692 PnkBstrK (3a6f6d4e8caae0497a511d493e3b6fa9) C:\WINDOWS\system32\drivers\PnkBstrK.sys 2011/04/04 18:37:44.0015 1692 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/04 18:37:44.0031 1692 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/04 18:37:44.0046 1692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/04 18:37:44.0093 1692 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/04/04 18:37:44.0187 1692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/04 18:37:44.0234 1692 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/04 18:37:44.0250 1692 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/04 18:37:44.0265 1692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/04 18:37:44.0296 1692 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/04 18:37:44.0296 1692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/04 18:37:44.0343 1692 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/04 18:37:44.0375 1692 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/04 18:37:44.0406 1692 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/04 18:37:44.0484 1692 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/04 18:37:44.0531 1692 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/04 18:37:44.0578 1692 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys 2011/04/04 18:37:44.0640 1692 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys 2011/04/04 18:37:44.0687 1692 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys 2011/04/04 18:37:44.0703 1692 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/04 18:37:44.0718 1692 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys 2011/04/04 18:37:44.0750 1692 SI3132 (7d494c2000287595d87b9ff6b080d3ff) C:\WINDOWS\system32\DRIVERS\SI3132.sys 2011/04/04 18:37:44.0765 1692 SiFilter (df978385397187ba5e5e1c9c56a80a1a) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/04/04 18:37:44.0812 1692 SiRemFil (aaab072321d75a366269a6d089f3d71e) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys 2011/04/04 18:37:44.0875 1692 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/04 18:37:44.0921 1692 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/04 18:37:44.0921 1692 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/04 18:37:44.0921 1692 sptd - detected Locked file (1) 2011/04/04 18:37:44.0953 1692 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/04 18:37:45.0031 1692 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/04 18:37:45.0062 1692 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 2011/04/04 18:37:45.0093 1692 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2011/04/04 18:37:45.0109 1692 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2011/04/04 18:37:45.0156 1692 SSHDRV61 (90dcc161d96689e770519c76accea8b1) C:\WINDOWS\system32\drivers\SSHDRV61.sys 2011/04/04 18:37:45.0187 1692 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys 2011/04/04 18:37:45.0234 1692 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys 2011/04/04 18:37:45.0250 1692 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys 2011/04/04 18:37:45.0281 1692 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys 2011/04/04 18:37:45.0328 1692 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/04/04 18:37:45.0359 1692 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/04 18:37:45.0390 1692 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/04 18:37:45.0468 1692 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/04 18:37:45.0500 1692 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/04 18:37:45.0546 1692 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/04 18:37:45.0562 1692 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/04 18:37:45.0578 1692 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/04 18:37:45.0687 1692 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/04 18:37:45.0734 1692 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/04 18:37:45.0796 1692 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/04 18:37:45.0843 1692 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/04 18:37:45.0875 1692 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/04 18:37:45.0937 1692 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/04 18:37:45.0984 1692 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/04 18:37:46.0046 1692 Vax347b (cb3400d696bee266c38cae330c2b4337) C:\WINDOWS\system32\DRIVERS\Vax347b.sys 2011/04/04 18:37:46.0062 1692 Vax347s (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\Vax347s.sys 2011/04/04 18:37:46.0109 1692 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/04/04 18:37:46.0156 1692 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/04 18:37:46.0187 1692 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/04 18:37:46.0250 1692 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/04 18:37:46.0328 1692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/04/04 18:37:46.0359 1692 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/04/04 18:37:46.0390 1692 WudfRd (e12d4c486d7eb4e0961c27558dc25af7) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/04/04 18:37:46.0515 1692 ================================================================================ 2011/04/04 18:37:46.0515 1692 Scan finished 2011/04/04 18:37:46.0515 1692 ================================================================================ 2011/04/04 18:37:46.0531 3836 Detected object count: 1 2011/04/04 18:37:52.0062 3836 Locked file(sptd) - User select action: Skip das sah aber bei mir nicht so aus wie auf der seite. |
|
04.04.2011, 19:59
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen |
|
04.04.2011, 20:19
| #22 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen hi arne, gmer hat nicht funktioniert. computer is wieder abgestürtzt. hier die logs von osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:17:19 on 04.04.2011 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 4.0b9 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClick.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys "AEGIS Protocol (IEEE 802.1x) v3.4.5.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "aeyath7c" (aeyath7c) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aeyath7c.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "esgiguard" (esgiguard) - ? - C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kbeepm" (kbeepm) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kbeepm.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\WINDOWS\system32\drivers\npf_devolo.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PLCMPR5 NDIS Protocol Driver" (PLCMPR5) - ? - C:\WINDOWS\system32\PLCMPR5.SYS (File not found) "PnkBstrK" (PnkBstrK) - ? - C:\WINDOWS\system32\drivers\PnkBstrK.sys (File found, but it contains no detailed information) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter" (RTL8192su) - ? - C:\WINDOWS\System32\DRIVERS\RTL8192su.sys (File not found) "Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "SSHDRV61" (SSHDRV61) - ? - C:\WINDOWS\system32\drivers\SSHDRV61.sys (File found, but it contains no detailed information) "SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TfFsMon" (TfFsMon) - ? - C:\WINDOWS\System32\drivers\TfFsMon.sys (File not found) "TfNetMon" (TfNetMon) - ? - C:\WINDOWS\system32\drivers\TfNetMon.sys (File not found) "TfSysMon" (TfSysMon) - ? - C:\WINDOWS\System32\drivers\TfSysMon.sys (File not found) "Vax347b" (Vax347b) - " " - C:\WINDOWS\System32\DRIVERS\Vax347b.sys "Vax347s" (Vax347s) - " " - C:\WINDOWS\System32\Drivers\Vax347s.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - e:\Programme\Alwil Software\Avast5\ashShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {36D94110-787C-4828-9C1B-0DAFEBC36069} "EditPlus 3" - ? - C:\Programme\EditPlus 3\eppshell.dll (File found, but it contains no detailed information) {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? - (File not found | COM-object registry key not found) <binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}" - ? - (File not found | COM-object registry key not found) {EEE6C35D-6118-11DC-9C72-001320C79847} "{EEE6C35D-6118-11DC-9C72-001320C79847}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} "{402EE96E-2CE8-482D-ADA5-CECEEA07E16D}" - ? - (File not found | COM-object registry key not found) / hxxp://www.turntool.com/ViewerInstall.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {855F3B16-6D32-4FE6-8A56-BBB695989046} "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe "PartyPoker.com" - ? - e:\Programme\PartyGaming\PartyPoker\RunApp.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - ? - (File not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Belkin Dienstprogramm für kabellose Netzwerke.lnk" - "Belkin International, Inc." - C:\Programme\Belkin\F5D8053\v6\Belkinwcui.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini "PMB Medien-Prüfung.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe "BitTorrent DNA" - "BitTorrent, Inc." - "C:\Programme\DNA\btdna.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun "Free Download Manager" - "FreeDownloadManager.ORG" - C:\Programme\Free Download Manager\fdm.exe -autorun "Steam" - "Valve Corporation" - "C:\Programme\Steam\Steam.exe" -silent -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avast5" - "AVAST Software" - e:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - e:\Programme\Alwil Software\Avast5\AvastSvc.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe (File found, but it contains no detailed information) "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - ? - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (File not found) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
04.04.2011, 20:31
| #23 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen und hir der MBRCHECK: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x000000fc Kernel Drivers (total 142): 0x804D7000 \WINDOWS\system32\TUKERNEL.EXE 0x80720000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF74E3000 spqb.sys 0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF74CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF74A4000 Vax347b.sys 0xF7475000 ACPI.sys 0xF75F7000 isapnp.sys 0xF7607000 ohci1394.sys 0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7876000 pci.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7627000 MountMgr.sys 0xF7857000 ftdisk.sys 0xF798B000 dmload.sys 0xF7831000 dmio.sys 0xF770F000 PartMgr.sys 0xF7637000 sfsync02.sys 0xF7647000 VolSnap.sys 0xB87E8000 0xF798D000 Vax347s.sys 0xB87D7000 SI3132.sys 0xF7657000 disk.sys 0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB8718000 fltMgr.sys 0xB8706000 sr.sys 0xF789B000 SiWinAcc.sys 0xF7677000 PxHelp20.sys 0xB86EF000 KSecDD.sys 0xB8662000 Ntfs.sys 0xB8635000 NDIS.sys 0xF798F000 SiRemFil.sys 0xF7717000 sfhlp02.sys 0xB8623000 sfdrv01.sys 0xB8608000 Mup.sys 0xF76A7000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF7415000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB7820000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB780C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB77E7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB77CD000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys 0xF778F000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB77AA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7797000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF779F000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF7405000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF77A7000 \SystemRoot\System32\Drivers\AnyDVD.sys 0xF7887000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xB87C7000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB7787000 \SystemRoot\system32\DRIVERS\ks.sys 0xB774E000 \SystemRoot\System32\Drivers\aeyath7c.SYS 0xF7A72000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB773C000 \SystemRoot\system32\DRIVERS\bridge.sys 0xF780F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB87B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB85B0000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB7725000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xB87A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xB8797000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xB7714000 \SystemRoot\system32\DRIVERS\psched.sys 0xB8787000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7817000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB7693000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xB8777000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7727000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF775F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF799B000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB765F000 \SystemRoot\system32\DRIVERS\update.sys 0xB85A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB8767000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB5067000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xB5045000 \SystemRoot\system32\drivers\portcls.sys 0xF76B7000 \SystemRoot\system32\drivers\drmk.sys 0xB8156000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79B9000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xB8146000 \??\C:\WINDOWS\system32\drivers\SSHDRV61.sys 0xB4F2F000 \??\C:\WINDOWS\system32\drivers\SSHDRV86.sys 0xF79D1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7A80000 \SystemRoot\System32\Drivers\Null.SYS 0xF79D3000 \SystemRoot\System32\Drivers\Beep.SYS 0xF77BF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF77C7000 \SystemRoot\System32\drivers\vga.sys 0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF77CF000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF77D7000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB7647000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB4EFC000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB4EA4000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB8126000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xB4E79000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB8116000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xB8106000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xB4E51000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF77EF000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xB4E07000 \SystemRoot\System32\drivers\afd.sys 0xB80F6000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB4DDC000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB4D6D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB80E6000 \SystemRoot\System32\Drivers\Fips.SYS 0xB4D25000 \SystemRoot\System32\Drivers\aswSP.SYS 0xB7627000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB80D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xB4CC7000 \SystemRoot\System32\Drivers\aswSnx.SYS 0xB7617000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB7704000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xB76EC000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xB4E45000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF76E7000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB4C37000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7A05000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB4E2D000 \SystemRoot\System32\drivers\Dxapi.sys 0xB76E4000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xF7AAC000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB4CA3000 \??\C:\WINDOWS\system32\drivers\mbam.sys 0xA2643000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xB4C97000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xA2527000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA23B0000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xA2143000 \SystemRoot\system32\drivers\wdmaud.sys 0xA22D8000 \SystemRoot\system32\drivers\sysaudio.sys 0xA20A1000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA1FAD000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys 0xA1F6A000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xF79FB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xB770C000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA1E28000 \SystemRoot\system32\DRIVERS\srv.sys 0xA1D58000 \SystemRoot\system32\drivers\npf_devolo.sys 0xA1A18000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xA1937000 \SystemRoot\System32\Drivers\HTTP.sys 0xA1B90000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS 0xA1605000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Programme\DAEMON Tools Lite\Engine.dll Processes (total 44): 0 System Idle Process 4 SYSTEM 1036 C:\WINDOWS\system32\smss.exe 1180 csrss.exe 1208 C:\WINDOWS\system32\winlogon.exe 1252 C:\WINDOWS\system32\services.exe 1288 C:\WINDOWS\system32\lsass.exe 1448 C:\WINDOWS\system32\nvsvc32.exe 1476 C:\WINDOWS\system32\svchost.exe 1580 svchost.exe 1748 C:\WINDOWS\system32\svchost.exe 1840 svchost.exe 2008 svchost.exe 388 E:\Programme\Alwil Software\Avast5\AvastSvc.exe 952 C:\WINDOWS\system32\spoolsv.exe 1716 C:\WINDOWS\explorer.exe 1960 C:\WINDOWS\system32\FsUsbExService.Exe 284 C:\Programme\ICQ6Toolbar\ICQ Service.exe 916 C:\Programme\Java\jre6\bin\jqs.exe 972 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 1700 C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe 1708 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe 1620 E:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe 2344 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe 2356 C:\Programme\SweetIM\Messenger\SweetIM.exe 2368 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 2396 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe 2468 C:\WINDOWS\system32\oodag.exe 2476 C:\Programme\Free Download Manager\fdm.exe 2508 C:\Programme\DNA\btdna.exe 2548 C:\Programme\DAEMON Tools Lite\DTLite.exe 2592 C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe 2744 C:\WINDOWS\system32\IoctlSvc.exe 3256 C:\WINDOWS\system32\PnkBstrA.exe 3608 C:\WINDOWS\system32\PnkBstrB.exe 4012 C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 2260 C:\Programme\Belkin\F5D8053\v6\Belkinwcui.exe 2628 C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe 1732 C:\WINDOWS\system32\wscntfy.exe 3092 C:\WINDOWS\system32\wbem\wmiapsrv.exe 3172 alg.exe 3540 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe 1324 C:\Programme\Mozilla Firefox\firefox.exe 2160 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS) PhysicalDrive0 Model Number: ST3250410AS, Rev: 3.AAC Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
|
04.04.2011, 20:32
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2011, 20:39
| #25 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen und wie mach ich das? |
|
04.04.2011, 21:25
| #27 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen hier die files: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:24:39 on 04.04.2011 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 4.0b9 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClick.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys "AEGIS Protocol (IEEE 802.1x) v3.4.5.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "am471whh" (am471whh) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\am471whh.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "esgiguard" (esgiguard) - ? - C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\WINDOWS\system32\drivers\npf_devolo.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PLCMPR5 NDIS Protocol Driver" (PLCMPR5) - ? - C:\WINDOWS\system32\PLCMPR5.SYS (File not found) "PnkBstrK" (PnkBstrK) - ? - C:\WINDOWS\system32\drivers\PnkBstrK.sys (File found, but it contains no detailed information) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter" (RTL8192su) - ? - C:\WINDOWS\System32\DRIVERS\RTL8192su.sys (File not found) "Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TfFsMon" (TfFsMon) - ? - C:\WINDOWS\System32\drivers\TfFsMon.sys (File not found) "TfNetMon" (TfNetMon) - ? - C:\WINDOWS\system32\drivers\TfNetMon.sys (File not found) "TfSysMon" (TfSysMon) - ? - C:\WINDOWS\System32\drivers\TfSysMon.sys (File not found) "Vax347b" (Vax347b) - " " - C:\WINDOWS\System32\DRIVERS\Vax347b.sys "Vax347s" (Vax347s) - " " - C:\WINDOWS\System32\Drivers\Vax347s.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - e:\Programme\Alwil Software\Avast5\ashShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {36D94110-787C-4828-9C1B-0DAFEBC36069} "EditPlus 3" - ? - C:\Programme\EditPlus 3\eppshell.dll (File found, but it contains no detailed information) {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? - (File not found | COM-object registry key not found) <binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}" - ? - (File not found | COM-object registry key not found) {EEE6C35D-6118-11DC-9C72-001320C79847} "{EEE6C35D-6118-11DC-9C72-001320C79847}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} "{402EE96E-2CE8-482D-ADA5-CECEEA07E16D}" - ? - (File not found | COM-object registry key not found) / hxxp://www.turntool.com/ViewerInstall.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {855F3B16-6D32-4FE6-8A56-BBB695989046} "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe "PartyPoker.com" - ? - e:\Programme\PartyGaming\PartyPoker\RunApp.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - ? - (File not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Belkin Dienstprogramm für kabellose Netzwerke.lnk" - "Belkin International, Inc." - C:\Programme\Belkin\F5D8053\v6\Belkinwcui.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini "PMB Medien-Prüfung.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe "BitTorrent DNA" - "BitTorrent, Inc." - "C:\Programme\DNA\btdna.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun "Free Download Manager" - "FreeDownloadManager.ORG" - C:\Programme\Free Download Manager\fdm.exe -autorun "Steam" - "Valve Corporation" - "C:\Programme\Steam\Steam.exe" -silent -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avast5" - "AVAST Software" - e:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - e:\Programme\Alwil Software\Avast5\AvastSvc.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe (File found, but it contains no detailed information) "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - ? - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (File not found) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
04.04.2011, 21:41
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 19:28
| #29 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen hallo arne, hab jetzt SUPERAntiSpyware durchlaufen lassen. hier die logs: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/05/2011 at 08:20 PM Application Version : 4.50.1002 Core Rules Database Version : 6756 Trace Rules Database Version: 4568 Scan type : Complete Scan Total Scan Time : 00:59:43 Memory items scanned : 557 Memory threats detected : 0 Registry items scanned : 8533 Registry threats detected : 13 File items scanned : 113312 File threats detected : 80 Adware.Tracking Cookie C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@atdmt[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@apmebf[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tradedoubler[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@hornywhores[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ads.creative-serving[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@earlyexp[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@yadro[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@at.atwola[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@microsoftwindows.112.2o7[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@bs.serving-sys[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@cgi-bin[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@content.yieldmanager[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@atwola[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@eyewonder[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@serving-sys[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@advertising[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@mediaplex[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ak[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ad.yieldmanager[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tacoda[2].txt adserver.freenet.de [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] banners.securedataimages.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] cdn.insights.gravity.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] cdn1.image.freeporn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] cdn1.pics.mofosex.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] cdn1.static.pornhub.phncdn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] cdn1.static1.pornrabbit.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] cloud.video.unrulymedia.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] counter.cam-content.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] files.youporn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] ia.media-imdb.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] imagesrv.adition.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] imgs.adverticum.net [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] media.kyte.tv [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] media.vagosex.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] media1.break.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] media1.shufuni.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] momsextube.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] s0.2mdn.net [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] secure-us.imrworldwide.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] static.eporner.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] static.sexsearchcom.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] static.sunporno.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] static.youporn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] track.webgains.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] tube.watchgfporn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] vidii.hardsextube.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.3d-sexgames.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.99counters.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.adservercentral.info [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.alphaporno.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.channel-sex.tv [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.deinsexdate.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.homesexdaily.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.mofosex.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.naiadsystems(2).com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.naiadsystems.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.nakedonthestreets.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornbase.org [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornerbros.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornhost.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornhub.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornme.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornrabbit.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornstarnetwork.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.porntube.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornyeah.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.pornyo.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.realgfporn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.sex.ch [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.sexkiste.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.studentsexparties.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.sunporno.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.teenist.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.thrixxx.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.userporn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] www.webpornsex.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] wwwstatic.megaporn.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\34KN6EWQ ] Rogue.SmartProtector C:\WINDOWS\system32\srcr.dat Trojan.Agent/Gen-Alureon HKU\.DEFAULT\Software\h8srt HKU\S-1-5-18\Software\h8srt Trojan.Agent/Gen-SSHNAS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc lasse jetzt Malewarebytes durchlaufen. |
|
05.04.2011, 20:07
| #30 |
| | Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen so und hier die logs von Malewarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6280 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 05.04.2011 21:06:31 mbam-log-2011-04-05 (21-06-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 254977 Laufzeit: 35 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Not selected for removal. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
| Themen zu Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen |
| 0x00000001, alternate, assembly, avast!, bho, black, browser, call of duty, desktop, device driver, einstellung, einstellungen, enigma, error, euro, flash player, fontcache, format, free download, google, google earth, iexplore.exe, internet browser, location, logfile, maleware, malewarebytes löscht dateien nicht, mbamservice.exe, mozilla, ntdll.dll, oldtimer, otl.exe, realtek, registry, rundll, saver, scan, searchplugins, security, server, shell32.dll, shortcut, softonic, softonic deutsch toolbar, sptd.sys, staropen, studio, sweetim, taskleiste, tcp, udp, usb, zugriff verweigert |
Linear-Darstellung
