| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mit "My Computer Online Scan" infiziert?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.04.2011, 05:29
| #1 |
 |  Mit "My Computer Online Scan" infiziert? Hallo Trojaner-Board.de-Community! Ich weiß nicht, ob ich infiziert bin mit besagtem Trojaner und hoffe daher auf Eure Hilfe. Bin bei der Suche nach Beseitigung dieses Problems immer wieder auf Eure Seite gestoßen, aber konnte noch keine Lösung finden. Nun mein Fall:  Ich checkte vor ca. einer Woche meine Mails und hatte u.a. eine E-Mail von meiner Schwester erhalten, die mir sonst keine Mails schickt. Ich war neugierig und öffnete diese. Mir fiel gleich auf, dass sie die gleiche Mail an ganz viele andere Adressen geschickt hat. Inhalt der Mail war nur ein Link. Ich war neugierig und klickte drauf.  Da passierte es ... es öffnete sich ein neuer Tab bei FireFox (kein Fenster) und es schien ein Virenscan abzulaufen. Da checkte ich schon was passiert war. Es öffnete sich unten rechts ein neues Fenster und ich versuchte den Scan zu stoppen. Der hielt scheinbar an. Im nachhinein hätt ich wahrscheinlich sofort die Internetverbindung kappen müssen, aber hab das so schnell nicht gecheckt. Da ich das Fenster sobald es sich schließen ließ weggeklickt habe und auch den Tab schnellstmöglich geschlossen habe, wog ich mich in Sicherheit und wollte die Email löschen. Also gab ich bei AOL mein Benutzernamen ein und das Passwort ist bei mir auf dem Rechner gespeichert. Diesmal musste ich aber diesen Text eingeben, um zu bestätigen, dass ich kein Programm oder Computer bin. Hab das gemacht und es kam dabei raus, dass "aol email error code 420 Service not available!" ausgegeben wurde. Da hab ich gemerkt, dass ich das System sofort auf Trojaner checken musste. Habe vorher Avast! gehabt, habe dieses Programm gegen Spyware Doctor ausgetauscht und zusätzlich Malewarebites, Super-Antispyware und Norman Maleware Cleaner draufgemacht und durchgescannt. Auch McAfee Security Scan und Windows Defender habe ich durchlaufen lassen. Alle bis auf McAfee haben nicht bedrohliches entdeckt. McAfee hat folgende Seiten als bedrohlich ausgewiesen: Spyware Doctor:  (Ich krieg das Bild leider nicht größer  )Meine Schwester hat mir diese Mail nie geschrieben und ich hatte am gleichen Tag noch eine Mail bekommen in englisch, dass meine Sendung nicht zugestellt werden kann mit einer Datei im Anhang. Die E-Mail habe ich überflogen und gleich gelöscht. Bin ich noch infiziert oder bin ich nur zu ängstlich? Hier die LOG-Datei von Malwarebytes' Antimalware: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6214 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 06.04.2011 17:44:11 mbam-log-2011-04-06 (17-44-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 295102 Laufzeit: 3 Stunde(n), 31 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hier OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.04.2011 05:34:18 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\christiane\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,12 Gb Total Space | 148,25 Gb Free Space | 66,44% Space Free | Partition Type: NTFS Drive F: | 160,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: XXX | User Name: christiane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\christiane\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\christiane\Downloads\Norman_Malware_Cleaner.exe (Norman ASA) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\christiane\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools) MOD - C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) ========== Win32 Services (SafeList) ========== SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (Symantec Corporation) SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (ODDPwrSvc) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (nsak_7DE63F25) -- File not found DRV - (NDISKIO) -- C:\Users\CHRIST~1\AppData\Local\Temp\00001755.nmc\nse\bin\ndiskio.sys (Norman ASA) DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools) DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools) DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5810t IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5810t IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5810t IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://spiele.aol.de/spiele-durchsuchen/genre/zeitmanagement/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011.04.06 07:09:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.28 06:55:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.28 06:55:33 | 000,000,000 | ---D | M] [2009.12.26 21:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Extensions [2011.04.06 08:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\eqyuisci.default\extensions [2010.05.03 11:57:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\eqyuisci.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.24 10:15:57 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\eqyuisci.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2010.10.19 06:20:34 | 000,000,000 | ---D | M] (Personas) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\eqyuisci.default\extensions\personas@christopher.beard [2010.12.02 07:49:23 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\eqyuisci.default\extensions\smarterwiki@wikiatic.com [2011.03.02 18:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.03.02 18:59:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.07.03 14:12:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.19 16:41:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.01 13:41:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.17 21:29:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.11 08:41:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.11 08:41:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.11 08:41:09 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.11 08:41:09 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.11 08:41:09 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] File not found O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.193 217.0.43.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\christiane\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\christiane\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2a2e2277-831e-11df-bc6b-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{2a2e2277-831e-11df-bc6b-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{3781db2e-88e7-11df-8dae-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{3781db2e-88e7-11df-8dae-00a0c6000000}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{390fbefb-c130-11df-a82b-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{390fbefb-c130-11df-a82b-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{4a341736-ff6c-11de-8600-0022fb6d3502}\Shell - "" = AutoRun O33 - MountPoints2\{4a341736-ff6c-11de-8600-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{4a341756-ff6c-11de-8600-0022fb6d3502}\Shell - "" = AutoRun O33 - MountPoints2\{4a341756-ff6c-11de-8600-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{5952e804-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{5952e804-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{5952e806-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{5952e806-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{5952e81e-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{5952e81e-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{5952e8c0-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{5952e8c0-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{5952e8c2-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{5952e8c2-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\Shell - "" = AutoRun O33 - MountPoints2\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\Shell - "" = AutoRun O33 - MountPoints2\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f19d9a72-a678-11df-809a-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{f19d9a72-a678-11df-809a-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f19d9a74-a678-11df-809a-001f16af9641}\Shell - "" = AutoRun O33 - MountPoints2\{f19d9a74-a678-11df-809a-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.06 07:08:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST [2011.04.06 07:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite [2011.04.06 07:08:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\0102000.006 [2011.04.06 07:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.04.06 07:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.04.06 07:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011.04.05 11:36:18 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2011.04.05 09:38:56 | 000,000,000 | ---D | C] -- C:\Users\christiane\Desktop\Virenscanner [2011.04.05 09:34:43 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\SUPERAntiSpyware.com [2011.04.05 09:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.04.05 09:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.04.05 09:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.03.31 08:56:05 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.03.31 08:56:05 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011.03.31 08:56:04 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.03.31 08:56:04 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.03.31 08:55:59 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.03.31 08:55:59 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.03.31 08:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.03.31 08:55:52 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.03.31 08:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2011.03.31 08:55:35 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\PC Tools [2011.03.31 08:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011.03.31 08:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.03.30 14:14:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.30 14:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.30 14:14:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.30 14:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.03.29 08:16:23 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Malwarebytes [2011.03.29 08:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.23 14:05:24 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 14:05:24 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.03.10 07:21:34 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.10 07:21:33 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.10 07:21:33 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.10 07:21:33 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2009.07.10 08:54:42 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.04.07 05:28:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.06 21:05:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.06 20:38:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.06 20:38:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.06 12:05:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.06 09:49:37 | 000,055,202 | ---- | M] () -- C:\Users\christiane\Desktop\spyware doctor.jpg [2011.04.05 11:40:41 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.05 11:40:41 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.05 11:40:41 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.05 11:40:41 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.05 11:33:53 | 3145,543,680 | -HS- | M] () -- C:\hiberfil.sys [2011.03.31 08:57:02 | 002,280,366 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.03.30 15:56:47 | 000,015,309 | ---- | M] () -- C:\Users\christiane\ESt2010_Matthes_Christiane.elfo [2011.03.11 08:17:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt ========== Files Created - No Company Name ========== [2011.04.06 09:49:36 | 000,055,202 | ---- | C] () -- C:\Users\christiane\Desktop\spyware doctor.jpg [2011.04.06 07:08:56 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\0102000.006\isolate.ini [2011.03.31 08:56:06 | 002,280,366 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.23 15:02:10 | 000,000,845 | ---- | C] () -- C:\Users\christiane\AppData\Roaming\FrameFun.ini [2010.07.04 21:00:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.11 14:55:44 | 000,000,680 | ---- | C] () -- C:\Users\christiane\AppData\Local\d3d9caps.dat [2010.01.08 19:50:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.01.08 19:50:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.28 17:16:57 | 000,047,616 | ---- | C] () -- C:\Users\christiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.10 08:44:58 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.07.10 08:44:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009.07.09 23:29:39 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.07.09 23:09:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.07.09 23:09:25 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2009.07.09 23:09:25 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.09 23:08:21 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.07.09 23:08:21 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.07.09 23:08:21 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.07.09 23:08:21 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.07.09 23:08:21 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.07.09 23:08:21 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.07.09 23:08:20 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.04.09 04:33:45 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.04.09 04:33:45 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.04.09 04:33:45 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.04.09 04:33:45 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.04.08 18:59:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.01 02:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.04.01 02:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.04.01 02:46:05 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.04.01 02:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2007.05.10 02:39:28 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLeNL.DLL [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,409,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1982A23 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:ADE16379 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:814B9485 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:41099CE9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3064D21D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BB24555F @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CE0A077E @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B203B914 < End of report > HXXP://defender-grlt.in/scan1/187 hxxp://defender-gnva.in/scan3/167 wurden mir als verdächtige Websites angezeigt. Bei McAfee waren es geekstogo.com precisesecurity.com Hab ich vergessen... Ich hoffe Ihr könnt mir helfen, hatte auch schon malewarebytes wieder neu aufgespielt und auf Desktop gespeichert und den Namen der .exe-Datei umbenannt und so. |
|
07.04.2011, 12:04
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Mit "My Computer Online Scan" infiziert? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
07.04.2011, 13:53
| #3 |
| | Mit "My Computer Online Scan" infiziert? Malwarebytes' Anti-Malware 1.50.1.1100
__________________www.malwarebytes.org Datenbank Version: 5363 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 29.03.2011 08:34:48 mbam-log-2011-03-29 (08-34-48).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 133934 Laufzeit: 5 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6201 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 29.03.2011 11:27:28 mbam-log-2011-03-29 (11-27-28).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143196 Laufzeit: 11 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6201 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 29.03.2011 11:31:25 mbam-log-2011-03-29 (11-31-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 39970 Laufzeit: 3 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6201 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 29.03.2011 11:42:17 mbam-log-2011-03-29 (11-42-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143284 Laufzeit: 5 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6201 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 30.03.2011 13:35:32 mbam-log-2011-03-30 (13-35-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 293650 Laufzeit: 1 Stunde(n), 30 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6214 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 30.03.2011 21:55:07 mbam-log-2011-03-30 (21-55-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 294052 Laufzeit: 2 Stunde(n), 0 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
07.04.2011, 14:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mit "My Computer Online Scan" infiziert? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B203B914
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a2e2277-831e-11df-bc6b-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{2a2e2277-831e-11df-bc6b-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3781db2e-88e7-11df-8dae-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{3781db2e-88e7-11df-8dae-00a0c6000000}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{390fbefb-c130-11df-a82b-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{390fbefb-c130-11df-a82b-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4a341736-ff6c-11de-8600-0022fb6d3502}\Shell - "" = AutoRun
O33 - MountPoints2\{4a341736-ff6c-11de-8600-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4a341756-ff6c-11de-8600-0022fb6d3502}\Shell - "" = AutoRun
O33 - MountPoints2\{4a341756-ff6c-11de-8600-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5952e804-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{5952e804-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5952e806-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{5952e806-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5952e81e-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{5952e81e-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5952e8c0-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{5952e8c0-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5952e8c2-c61e-11df-a877-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{5952e8c2-c61e-11df-a877-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\Shell - "" = AutoRun
O33 - MountPoints2\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\Shell - "" = AutoRun
O33 - MountPoints2\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f19d9a72-a678-11df-809a-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{f19d9a72-a678-11df-809a-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f19d9a74-a678-11df-809a-001f16af9641}\Shell - "" = AutoRun
O33 - MountPoints2\{f19d9a74-a678-11df-809a-001f16af9641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.04.2011, 11:14
| #5 |
| | Mit "My Computer Online Scan" infiziert? Hier die Datei: Vielen Dank schonmal dafür  All processes killed ========== OTL ========== ADS C:\ProgramData\TEMP  FC5A2B2 deleted successfully.ADS C:\ProgramData\TEMP:E1982A23 deleted successfully. ADS C:\ProgramData\TEMP:ADE16379 deleted successfully. ADS C:\ProgramData\TEMP:814B9485 deleted successfully. ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully. ADS C:\ProgramData\TEMP:41099CE9 deleted successfully. ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully. ADS C:\ProgramData\TEMP:4F636E25 deleted successfully. ADS C:\ProgramData\TEMP:3064D21D deleted successfully. ADS C:\ProgramData\TEMP CAF903C deleted successfully.ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully. ADS C:\ProgramData\TEMP:798A3728 deleted successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully. ADS C:\ProgramData\TEMP:35759C73 deleted successfully. ADS C:\ProgramData\TEMP:BB24555F deleted successfully. ADS C:\ProgramData\TEMP:CE0A077E deleted successfully. ADS C:\ProgramData\TEMP:B203B914 deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2e2277-831e-11df-bc6b-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a2e2277-831e-11df-bc6b-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2e2277-831e-11df-bc6b-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a2e2277-831e-11df-bc6b-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3781db2e-88e7-11df-8dae-00a0c6000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3781db2e-88e7-11df-8dae-00a0c6000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3781db2e-88e7-11df-8dae-00a0c6000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3781db2e-88e7-11df-8dae-00a0c6000000}\ not found. File D:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{390fbefb-c130-11df-a82b-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{390fbefb-c130-11df-a82b-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{390fbefb-c130-11df-a82b-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{390fbefb-c130-11df-a82b-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a341736-ff6c-11de-8600-0022fb6d3502}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a341736-ff6c-11de-8600-0022fb6d3502}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a341736-ff6c-11de-8600-0022fb6d3502}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a341736-ff6c-11de-8600-0022fb6d3502}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a341756-ff6c-11de-8600-0022fb6d3502}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a341756-ff6c-11de-8600-0022fb6d3502}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a341756-ff6c-11de-8600-0022fb6d3502}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a341756-ff6c-11de-8600-0022fb6d3502}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e804-c61e-11df-a877-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e804-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e804-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e804-c61e-11df-a877-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e806-c61e-11df-a877-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e806-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e806-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e806-c61e-11df-a877-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e81e-c61e-11df-a877-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e81e-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e81e-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e81e-c61e-11df-a877-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e8c0-c61e-11df-a877-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e8c0-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e8c0-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e8c0-c61e-11df-a877-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e8c2-c61e-11df-a877-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e8c2-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5952e8c2-c61e-11df-a877-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5952e8c2-c61e-11df-a877-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e105cf36-a3ad-11df-8f72-0022fb6d3502}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e105cf39-a3ad-11df-8f72-0022fb6d3502}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f19d9a72-a678-11df-809a-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f19d9a72-a678-11df-809a-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f19d9a72-a678-11df-809a-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f19d9a72-a678-11df-809a-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f19d9a74-a678-11df-809a-001f16af9641}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f19d9a74-a678-11df-809a-001f16af9641}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f19d9a74-a678-11df-809a-001f16af9641}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f19d9a74-a678-11df-809a-001f16af9641}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found. File D:\AutoRun.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: christiane ->Temp folder emptied: 24289760 bytes ->Temporary Internet Files folder emptied: 55454387 bytes ->Java cache emptied: 2079250 bytes ->FireFox cache emptied: 92665384 bytes ->Flash cache emptied: 20790234 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24496716 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 210,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04082011_120346 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
08.04.2011, 13:48
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mit "My Computer Online Scan" infiziert? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ --> Mit "My Computer Online Scan" infiziert? |
|
08.04.2011, 20:43
| #7 |
| | Mit "My Computer Online Scan" infiziert? 2011/04/08 21:40:15.0222 3188 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/08 21:40:15.0736 3188 ================================================================================ 2011/04/08 21:40:15.0736 3188 SystemInfo: 2011/04/08 21:40:15.0736 3188 2011/04/08 21:40:15.0736 3188 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/08 21:40:15.0736 3188 Product type: Workstation 2011/04/08 21:40:15.0736 3188 ComputerName: CHRISTIANE-PC 2011/04/08 21:40:15.0736 3188 UserName: christiane 2011/04/08 21:40:15.0736 3188 Windows directory: C:\Windows 2011/04/08 21:40:15.0736 3188 System windows directory: C:\Windows 2011/04/08 21:40:15.0736 3188 Processor architecture: Intel x86 2011/04/08 21:40:15.0736 3188 Number of processors: 1 2011/04/08 21:40:15.0736 3188 Page size: 0x1000 2011/04/08 21:40:15.0736 3188 Boot type: Normal boot 2011/04/08 21:40:15.0736 3188 ================================================================================ 2011/04/08 21:40:16.0173 3188 Initialize success 2011/04/08 21:40:22.0242 4944 ================================================================================ 2011/04/08 21:40:22.0242 4944 Scan started 2011/04/08 21:40:22.0242 4944 Mode: Manual; 2011/04/08 21:40:22.0242 4944 ================================================================================ 2011/04/08 21:40:22.0710 4944 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/08 21:40:22.0850 4944 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/04/08 21:40:22.0928 4944 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/04/08 21:40:22.0975 4944 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/04/08 21:40:23.0037 4944 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/04/08 21:40:23.0115 4944 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/08 21:40:23.0224 4944 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/04/08 21:40:23.0287 4944 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/08 21:40:23.0334 4944 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/04/08 21:40:23.0396 4944 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/04/08 21:40:23.0443 4944 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/04/08 21:40:23.0474 4944 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/04/08 21:40:23.0521 4944 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/04/08 21:40:23.0552 4944 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/04/08 21:40:23.0583 4944 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/04/08 21:40:23.0630 4944 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/08 21:40:23.0661 4944 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/04/08 21:40:23.0755 4944 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/08 21:40:23.0817 4944 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/08 21:40:23.0864 4944 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/04/08 21:40:23.0926 4944 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/08 21:40:23.0973 4944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/08 21:40:23.0989 4944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/08 21:40:24.0051 4944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/08 21:40:24.0082 4944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/08 21:40:24.0098 4944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/08 21:40:24.0129 4944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/08 21:40:24.0160 4944 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/08 21:40:24.0192 4944 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/08 21:40:24.0254 4944 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/08 21:40:24.0301 4944 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/04/08 21:40:24.0348 4944 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/08 21:40:24.0441 4944 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/08 21:40:24.0457 4944 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/04/08 21:40:24.0488 4944 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/08 21:40:24.0535 4944 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/04/08 21:40:24.0582 4944 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/04/08 21:40:24.0675 4944 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/08 21:40:24.0800 4944 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/08 21:40:24.0847 4944 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys 2011/04/08 21:40:24.0940 4944 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/08 21:40:25.0018 4944 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/08 21:40:25.0096 4944 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/08 21:40:25.0190 4944 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/08 21:40:25.0284 4944 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/04/08 21:40:25.0377 4944 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/04/08 21:40:25.0502 4944 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/08 21:40:25.0580 4944 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/08 21:40:25.0689 4944 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/08 21:40:25.0798 4944 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/08 21:40:25.0830 4944 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/08 21:40:25.0861 4944 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/08 21:40:25.0923 4944 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/08 21:40:25.0986 4944 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/08 21:40:26.0032 4944 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/08 21:40:26.0157 4944 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/08 21:40:26.0235 4944 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/08 21:40:26.0298 4944 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/08 21:40:26.0329 4944 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/08 21:40:26.0407 4944 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/08 21:40:26.0469 4944 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/04/08 21:40:26.0547 4944 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/08 21:40:26.0672 4944 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/04/08 21:40:26.0781 4944 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/04/08 21:40:26.0828 4944 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/08 21:40:26.0922 4944 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/08 21:40:27.0000 4944 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/04/08 21:40:27.0358 4944 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/08 21:40:27.0811 4944 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/08 21:40:27.0967 4944 IntcAzAudAddService (d4a1767fd9d5c7762e9b8b36527b8af3) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/08 21:40:28.0092 4944 IntcHdmiAddService (362b19109f9b6f68c8e2a35efc9144a0) C:\Windows\system32\drivers\IntcHdmi.sys 2011/04/08 21:40:28.0154 4944 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/08 21:40:28.0201 4944 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/08 21:40:28.0248 4944 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/08 21:40:28.0310 4944 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/08 21:40:28.0341 4944 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/08 21:40:28.0388 4944 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 2011/04/08 21:40:28.0419 4944 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/08 21:40:28.0450 4944 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/04/08 21:40:28.0513 4944 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/08 21:40:28.0528 4944 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/08 21:40:28.0560 4944 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/08 21:40:28.0591 4944 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/08 21:40:28.0638 4944 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/04/08 21:40:28.0700 4944 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/08 21:40:28.0778 4944 L1C (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys 2011/04/08 21:40:28.0840 4944 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/08 21:40:28.0903 4944 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/08 21:40:28.0934 4944 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/08 21:40:28.0965 4944 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/08 21:40:29.0012 4944 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/08 21:40:29.0059 4944 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\DRIVERS\massfilter.sys 2011/04/08 21:40:29.0121 4944 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/04/08 21:40:29.0168 4944 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/04/08 21:40:29.0215 4944 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/08 21:40:29.0262 4944 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/08 21:40:29.0293 4944 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/08 21:40:29.0308 4944 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/08 21:40:29.0340 4944 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/08 21:40:29.0386 4944 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/04/08 21:40:29.0418 4944 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/08 21:40:29.0464 4944 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/08 21:40:29.0511 4944 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/08 21:40:29.0542 4944 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/08 21:40:29.0574 4944 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/08 21:40:29.0620 4944 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/08 21:40:29.0683 4944 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/04/08 21:40:29.0714 4944 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/04/08 21:40:29.0792 4944 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/08 21:40:29.0823 4944 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/08 21:40:29.0886 4944 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/08 21:40:29.0901 4944 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/08 21:40:29.0932 4944 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/08 21:40:30.0010 4944 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/08 21:40:30.0042 4944 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/08 21:40:30.0073 4944 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/08 21:40:30.0104 4944 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/08 21:40:30.0166 4944 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/08 21:40:30.0229 4944 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/08 21:40:30.0291 4944 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/08 21:40:30.0322 4944 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/08 21:40:30.0385 4944 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/08 21:40:30.0400 4944 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/08 21:40:30.0432 4944 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/08 21:40:30.0478 4944 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/08 21:40:30.0650 4944 NETw5v32 (7269039e216bdd863abf1850a0ffdbaf) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/04/08 21:40:30.0744 4944 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/08 21:40:30.0837 4944 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/08 21:40:30.0900 4944 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 2011/04/08 21:40:30.0962 4944 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/08 21:40:31.0071 4944 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/08 21:40:31.0180 4944 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys 2011/04/08 21:40:31.0258 4944 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/08 21:40:31.0290 4944 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/08 21:40:31.0336 4944 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/04/08 21:40:31.0383 4944 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/04/08 21:40:31.0430 4944 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/04/08 21:40:31.0570 4944 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/08 21:40:31.0664 4944 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/08 21:40:31.0726 4944 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/08 21:40:31.0773 4944 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/08 21:40:31.0836 4944 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/08 21:40:31.0882 4944 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/04/08 21:40:31.0945 4944 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/08 21:40:32.0038 4944 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys 2011/04/08 21:40:32.0116 4944 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys 2011/04/08 21:40:32.0179 4944 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys 2011/04/08 21:40:32.0335 4944 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/08 21:40:32.0522 4944 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/08 21:40:32.0584 4944 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/04/08 21:40:32.0740 4944 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/08 21:40:32.0865 4944 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/04/08 21:40:32.0974 4944 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/08 21:40:33.0021 4944 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/08 21:40:33.0068 4944 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/08 21:40:33.0130 4944 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/08 21:40:33.0177 4944 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/08 21:40:33.0224 4944 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/08 21:40:33.0286 4944 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/08 21:40:33.0349 4944 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/08 21:40:33.0411 4944 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/04/08 21:40:33.0458 4944 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/08 21:40:33.0520 4944 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/08 21:40:33.0676 4944 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/08 21:40:33.0739 4944 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS 2011/04/08 21:40:33.0926 4944 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/04/08 21:40:33.0973 4944 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/04/08 21:40:34.0129 4944 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/08 21:40:34.0285 4944 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/08 21:40:34.0332 4944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/08 21:40:34.0394 4944 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/08 21:40:34.0441 4944 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/08 21:40:34.0472 4944 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/08 21:40:34.0550 4944 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/04/08 21:40:34.0581 4944 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/08 21:40:34.0628 4944 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/08 21:40:34.0675 4944 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/08 21:40:34.0753 4944 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/04/08 21:40:34.0784 4944 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/04/08 21:40:34.0831 4944 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/04/08 21:40:34.0909 4944 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/08 21:40:34.0987 4944 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/08 21:40:35.0065 4944 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/04/08 21:40:35.0112 4944 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/08 21:40:35.0158 4944 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/08 21:40:35.0252 4944 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/08 21:40:35.0314 4944 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/08 21:40:35.0346 4944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/08 21:40:35.0377 4944 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/08 21:40:35.0455 4944 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/08 21:40:35.0595 4944 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/08 21:40:35.0689 4944 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/08 21:40:35.0782 4944 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/08 21:40:35.0845 4944 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/08 21:40:35.0876 4944 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/08 21:40:35.0954 4944 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/08 21:40:36.0032 4944 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/08 21:40:36.0188 4944 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/08 21:40:36.0235 4944 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/08 21:40:36.0282 4944 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/08 21:40:36.0344 4944 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/04/08 21:40:36.0406 4944 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys 2011/04/08 21:40:36.0469 4944 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/08 21:40:36.0578 4944 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/08 21:40:36.0625 4944 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/04/08 21:40:36.0672 4944 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/08 21:40:36.0718 4944 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/08 21:40:36.0765 4944 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/08 21:40:36.0874 4944 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/08 21:40:36.0921 4944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/08 21:40:36.0999 4944 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/08 21:40:37.0046 4944 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/08 21:40:37.0108 4944 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/08 21:40:37.0171 4944 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/08 21:40:37.0249 4944 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/08 21:40:37.0327 4944 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/08 21:40:37.0389 4944 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/08 21:40:37.0467 4944 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/08 21:40:37.0561 4944 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/08 21:40:37.0608 4944 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/08 21:40:37.0639 4944 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/04/08 21:40:37.0670 4944 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/04/08 21:40:37.0701 4944 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/04/08 21:40:37.0748 4944 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/08 21:40:37.0795 4944 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/08 21:40:37.0857 4944 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/08 21:40:37.0888 4944 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/04/08 21:40:38.0013 4944 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/08 21:40:38.0044 4944 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/08 21:40:38.0091 4944 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/08 21:40:38.0122 4944 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/04/08 21:40:38.0169 4944 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/08 21:40:38.0341 4944 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/08 21:40:38.0466 4944 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/08 21:40:38.0528 4944 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/08 21:40:38.0606 4944 ZTEusbmdm6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2011/04/08 21:40:38.0668 4944 ZTEusbnet (b7836ca4a95e12135e7e49fec9c29f2a) C:\Windows\system32\DRIVERS\ZTEusbnet.sys 2011/04/08 21:40:38.0715 4944 ZTEusbnmea (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2011/04/08 21:40:38.0762 4944 ZTEusbser6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2011/04/08 21:40:38.0793 4944 ZTEusbvoice (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys 2011/04/08 21:40:39.0121 4944 ================================================================================ 2011/04/08 21:40:39.0121 4944 Scan finished 2011/04/08 21:40:39.0121 4944 ================================================================================ |
|
09.04.2011, 14:01
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mit "My Computer Online Scan" infiziert? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2011, 08:07
| #9 |
| | Mit "My Computer Online Scan" infiziert? Hier die Datei. Kleiner Hinweis: Die Benutzeroberfläche vom CCleaner hat sich ein wenig geändert im Vergleich zur Anleitung. Da wo man die die Orte zum Analysieren auswählen kann, sind zwei Felder dazugekommen. Ich habe das Häkchen dringelassen. Combofix Logfile: Code:
ATTFilter ComboFix 11-04-10.01 - christiane 11.04.2011 8:06.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3001.1705 [GMT 2:00]
ausgeführt von:: c:\users\christiane\Desktop\cofi.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\christiane\AppData\Roaming\.#
c:\users\christiane\AppData\Roaming\.#\MBX@1170@3F2928.###
c:\users\christiane\AppData\Roaming\.#\MBX@1170@3F2958.###
c:\users\christiane\AppData\Roaming\.#\MBX@1170@3F2988.###
c:\users\christiane\AppData\Roaming\.#\MBX@EB0@1C12928.###
c:\users\christiane\AppData\Roaming\.#\MBX@EB0@1C12958.###
c:\users\christiane\AppData\Roaming\.#\MBX@EB0@1C12988.###
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-11 bis 2011-04-11 ))))))))))))))))))))))))))))))
.
.
2011-04-11 06:17 . 2011-04-11 06:18 -------- d-----w- c:\users\christiane\AppData\Local\temp
2011-04-11 06:17 . 2011-04-11 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 05:50 . 2011-04-11 05:50 -------- d-----w- c:\program files\CCleaner
2011-04-10 18:47 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{336645D7-30CF-4018-B21D-80CDADB2398D}\mpengine.dll
2011-04-08 10:03 . 2011-04-08 10:03 -------- d-----w- C:\_OTL
2011-04-06 05:08 . 2011-04-06 05:08 -------- d-----w- c:\windows\system32\drivers\NST
2011-04-06 05:08 . 2011-04-06 05:08 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-04-06 05:08 . 2011-04-06 05:08 -------- d-----w- c:\programdata\Norton
2011-04-06 05:07 . 2011-04-06 05:07 -------- d-----w- c:\program files\NortonInstaller
2011-04-05 07:34 . 2011-04-05 07:34 -------- d-----w- c:\users\christiane\AppData\Roaming\SUPERAntiSpyware.com
2011-04-05 07:34 . 2011-04-05 07:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-05 07:34 . 2011-04-05 07:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-31 06:56 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-31 06:56 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-31 06:56 . 2011-01-17 07:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-31 06:56 . 2010-12-16 06:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-03-31 06:55 . 2010-12-10 14:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-31 06:55 . 2010-12-10 11:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-31 06:55 . 2010-12-16 06:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-31 06:55 . 2011-04-08 09:54 -------- d-----w- c:\program files\PC Tools Security
2011-03-31 06:55 . 2011-03-31 06:57 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-31 06:55 . 2011-03-31 06:55 -------- d-----w- c:\users\christiane\AppData\Roaming\PC Tools
2011-03-31 06:39 . 2011-03-31 06:55 -------- d-----w- c:\programdata\PC Tools
2011-03-30 12:14 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 12:14 . 2011-03-30 12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 12:14 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 06:16 . 2011-03-29 06:16 -------- d-----w- c:\users\christiane\AppData\Roaming\Malwarebytes
2011-03-29 06:16 . 2011-03-29 06:16 -------- d-----w- c:\programdata\Malwarebytes
2011-03-23 12:05 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:05 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:05 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-07-03 12:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-02-27 21:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 11:31 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 11:31 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 11:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 11:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 11:31 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 11:31 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 11:31 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 11:31 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 11:31 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 11:31 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 11:31 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 11:31 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 11:31 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 11:31 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 11:31 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 11:31 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 11:31 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 11:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 11:31 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 11:31 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 11:31 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 11:31 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 11:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 11:31 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 11:31 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-20 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-09 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-9 565248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-08-18 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-08-18 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-08-18 105088]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:39]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://spiele.aol.de/spiele-durchsuchen/genre/zeitmanagement/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5810t
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\eqyuisci.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Safe Web Lite Toolbar: {203FB6B2-2E1E-4474-863B-4C483ECCE78E} - c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-11 08:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-11 08:22:26
ComboFix-quarantined-files.txt 2011-04-11 06:22
.
Vor Suchlauf: 11 Verzeichnis(se), 161.415.073.792 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 161.344.405.504 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,10
- - End Of File - - 92B4437DA1F4A6495D901690FFB272B7
|
|
11.04.2011, 12:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mit "My Computer Online Scan" infiziert? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 09:20
| #11 |
| | Mit "My Computer Online Scan" infiziert? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-12 10:00:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: e7huuesn.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\axlyiaow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8AD26F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8AD27230]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x9066A620]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8AD2752C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 209 82AC398C 8 Bytes [68, 6F, D2, 8A, 30, 72, D2, ...]
.text ntkrnlpa.exe!KeSetEvent + 621 82AC3DA4 4 Bytes [20, A6, 66, 90]
.text ntkrnlpa.exe!KeSetEvent + 6E5 82AC3E68 4 Bytes [2C, 75, D2, 8A]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3072] kernel32.dll!LoadLibraryExW + 248 777D9351 4 Bytes [0A, 00, 5C, 01]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3084] kernel32.dll!LoadLibraryExW + 248 777D9351 4 Bytes [0A, 00, 1B, 02] {OR AL, [EAX]; SBB EAX, [EDX]}
.text C:\Windows\PLFSetI.exe[3108] kernel32.dll!LoadLibraryExW + 248 777D9351 4 Bytes [0A, 00, 3F, 00]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3116] kernel32.dll!LoadLibraryExW + 248 777D9351 4 Bytes [0A, 00, 72, 00] {OR AL, [EAX]; JB 0x4}
.text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3164] kernel32.dll!LoadLibraryExW + 248 777D9351 4 Bytes [0A, 00, AD, 01]
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[328] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00A31210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
12.04.2011, 09:49
| #12 |
| | Mit "My Computer Online Scan" infiziert? OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 10:47:28 on 12.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys "PC Tools Data Store" (pctDS) - "PC Tools" - C:\Windows\System32\drivers\pctDS.sys "PC Tools Extended File Attributes" (pctEFA) - "PC Tools" - C:\Windows\System32\drivers\pctEFA.sys "PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Norton Safe Web Lite" - "Symantec Corporation" - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {472734EA-242A-422b-ADF8-83D1E48CC825} "{472734EA-242A-422b-ADF8-83D1E48CC825}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} "Norton Safe Web Lite" - "Symantec Corporation" - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} "Norton Safe Web Lite BHO" - "Symantec Corporation" - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\christiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "ISTray" - "PC Tools" - "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI "LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "ODDPwr" - "Acer Incorporated" - "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe "Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files\Launch Manager\dsiwmis.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Norton Safe Web Lite" (NSL) - "Symantec Corporation" - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Program Files\PC Tools Security\pctsAuxs.exe "PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Program Files\PC Tools Security\pctsSvc.exe "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe "TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\MARINE~1.SCR (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
12.04.2011, 09:52
| #13 |
| | Mit "My Computer Online Scan" infiziert? MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Acer BIOS Manufacturer: INSYDE System Manufacturer: Acer System Product Name: Aspire 5810T Logical Drives Mask: 0x0000003c Kernel Drivers (total 148): 0x82A13000 \SystemRoot\system32\ntkrnlpa.exe 0x82DCD000 \SystemRoot\system32\hal.dll 0x80402000 \SystemRoot\system32\kdcom.dll 0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80479000 \SystemRoot\system32\PSHED.dll 0x8048A000 \SystemRoot\system32\BOOTVID.dll 0x80492000 \SystemRoot\system32\CLFS.SYS 0x804D3000 \SystemRoot\system32\CI.dll 0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068E000 \SystemRoot\system32\drivers\fltmgr.sys 0x806C0000 \SystemRoot\system32\drivers\acpi.sys 0x80706000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8070F000 \SystemRoot\system32\drivers\msisadrv.sys 0x80717000 \SystemRoot\system32\drivers\pci.sys 0x8073E000 \SystemRoot\System32\drivers\partmgr.sys 0x8074D000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80750000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8075A000 \SystemRoot\system32\drivers\volmgr.sys 0x80769000 \SystemRoot\System32\drivers\volmgrx.sys 0x807B3000 \SystemRoot\System32\drivers\mountmgr.sys 0x8AC01000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8ACDC000 \SystemRoot\system32\drivers\atapi.sys 0x8ACE4000 \SystemRoot\system32\drivers\ataport.SYS 0x8AD02000 \SystemRoot\system32\drivers\fileinfo.sys 0x8AD12000 \SystemRoot\system32\drivers\PCTCore.sys 0x8AD4F000 \SystemRoot\system32\drivers\pctDS.sys 0x8AE03000 \SystemRoot\system32\drivers\pctEFA.sys 0x8AEA8000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B00B000 \SystemRoot\system32\drivers\ndis.sys 0x8B116000 \SystemRoot\system32\drivers\msrpc.sys 0x8B141000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B206000 \SystemRoot\System32\drivers\tcpip.sys 0x8B2F0000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B405000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B515000 \SystemRoot\system32\drivers\volsnap.sys 0x8B54E000 \SystemRoot\System32\Drivers\spldr.sys 0x8B556000 \SystemRoot\System32\Drivers\mup.sys 0x8B565000 \SystemRoot\System32\drivers\ecache.sys 0x8B58C000 \SystemRoot\system32\drivers\disk.sys 0x8B59D000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B5BE000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B5D4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B5DF000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B5E8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8FC00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x9051D000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x905BD000 \SystemRoot\System32\drivers\watchdog.sys 0x905C9000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8B17C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x905D4000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8AF19000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x905E3000 \SystemRoot\system32\DRIVERS\L1C60x86.sys 0x91605000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x9198E000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x919A1000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x919AB000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x919B6000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x919E7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x919E9000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x919F4000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x919F8000 \??\C:\Windows\system32\drivers\UBHelper.sys 0x8B3E6000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x905F3000 \??\C:\Windows\system32\drivers\NTIDrvr.sys 0x8B5F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8B1BA000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8AFA6000 \SystemRoot\system32\DRIVERS\storport.sys 0x8B1E9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8AFE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8B1F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8ADA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8ADC9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8ADD8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x807C3000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8ADEC000 \SystemRoot\system32\DRIVERS\termdd.sys 0x91600000 \SystemRoot\system32\DRIVERS\swenum.sys 0x805B3000 \SystemRoot\system32\DRIVERS\ks.sys 0x8B000000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x807D8000 \SystemRoot\system32\DRIVERS\umbus.sys 0x92A05000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x92A3A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x93C03000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x93E42000 \SystemRoot\system32\drivers\portcls.sys 0x93E6F000 \SystemRoot\system32\drivers\drmk.sys 0x93E94000 \SystemRoot\system32\drivers\IntcHdmi.sys 0x93EB5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x93EBE000 \SystemRoot\System32\Drivers\Null.SYS 0x93EC5000 \SystemRoot\System32\Drivers\Beep.SYS 0x93ECC000 \SystemRoot\System32\drivers\vga.sys 0x93ED8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x93EF9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x93F01000 \SystemRoot\system32\drivers\rdpencdd.sys 0x93F09000 \SystemRoot\System32\Drivers\Msfs.SYS 0x93F14000 \SystemRoot\System32\Drivers\Npfs.SYS 0x93F22000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x93F2B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x93F41000 \SystemRoot\system32\DRIVERS\smb.sys 0x93F55000 \SystemRoot\system32\drivers\afd.sys 0x93F9D000 \SystemRoot\System32\DRIVERS\netbt.sys 0x93FCF000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x93FD8000 \SystemRoot\system32\DRIVERS\pacer.sys 0x93FEE000 \SystemRoot\system32\DRIVERS\netbios.sys 0x92A4B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x92A5E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x92A80000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x92A86000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x92AC2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x92ACC000 \SystemRoot\System32\Drivers\dfsc.sys 0x92AE3000 \SystemRoot\System32\Drivers\fastfat.SYS 0x92B0B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x92B22000 \SystemRoot\System32\Drivers\usbvideo.sys 0x92B43000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x92B59000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8B30B000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x81670000 \SystemRoot\System32\win32k.sys 0x92B66000 \SystemRoot\System32\drivers\Dxapi.sys 0x92B70000 \SystemRoot\system32\DRIVERS\monitor.sys 0x81890000 \SystemRoot\System32\TSDDD.dll 0x818B0000 \SystemRoot\System32\cdd.dll 0x818C0000 \SystemRoot\System32\ATMFD.DLL 0x92B7F000 \SystemRoot\system32\drivers\luafv.sys 0x92B9A000 \SystemRoot\system32\DRIVERS\irda.sys 0x92BB8000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x92BC8000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x92BF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x807E5000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xACA0A000 \SystemRoot\system32\drivers\spsys.sys 0xACABA000 \SystemRoot\system32\drivers\HTTP.sys 0xACB27000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xACB44000 \SystemRoot\system32\DRIVERS\bowser.sys 0xACB5D000 \SystemRoot\System32\drivers\mpsdrv.sys 0xACB72000 \SystemRoot\system32\drivers\mrxdav.sys 0xACB93000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xACBB2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x805DD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xACC02000 \SystemRoot\System32\DRIVERS\srv2.sys 0xACC2A000 \SystemRoot\System32\DRIVERS\srv.sys 0xACC78000 \SystemRoot\system32\drivers\peauth.sys 0xACD56000 \SystemRoot\System32\Drivers\secdrv.SYS 0xACD60000 \SystemRoot\System32\drivers\tcpipreg.sys 0xACD6C000 \??\C:\Program Files\PC Tools Security\PCTSDInj32.sys 0xACD9B000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys 0xACDB4000 \SystemRoot\system32\drivers\modem.sys 0xACDC1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xACDD6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xACDEB000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xACD75000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x77550000 \Windows\System32\ntdll.dll Processes (total 77): 0 System Idle Process 4 System 464 C:\Windows\System32\smss.exe 544 csrss.exe 588 C:\Windows\System32\wininit.exe 596 csrss.exe 644 C:\Windows\System32\winlogon.exe 676 C:\Windows\System32\services.exe 688 C:\Windows\System32\lsass.exe 696 C:\Windows\System32\lsm.exe 860 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\svchost.exe 1136 C:\Windows\System32\svchost.exe 1152 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\audiodg.exe 1252 C:\Windows\System32\svchost.exe 1272 C:\Windows\System32\SLsvc.exe 1292 C:\Windows\System32\svchost.exe 1408 C:\Windows\System32\svchost.exe 1660 C:\Windows\System32\spoolsv.exe 1684 C:\Windows\System32\svchost.exe 1856 C:\Program Files\Launch Manager\dsiwmis.exe 1896 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 2016 C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe 248 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 376 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 484 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe 584 C:\Windows\System32\svchost.exe 756 C:\Program Files\Acer\Acer VCM\RS_Service.exe 988 C:\Windows\System32\svchost.exe 1184 C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe 1760 C:\Windows\System32\svchost.exe 2088 C:\Windows\System32\SearchIndexer.exe 2172 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2428 WmiPrvSE.exe 3348 C:\Windows\System32\dwm.exe 3416 C:\Windows\explorer.exe 3428 C:\Windows\System32\taskeng.exe 3772 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3804 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3864 C:\Windows\PLFSetI.exe 3880 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 4048 C:\Windows\System32\igfxsrvc.exe 1044 C:\Program Files\Launch Manager\LManager.exe 976 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe 1204 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe 352 C:\Windows\System32\igfxtray.exe 2568 C:\Windows\System32\hkcmd.exe 2076 C:\Windows\System32\igfxpers.exe 2140 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 360 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 2612 C:\Program Files\Acer\Acer VCM\AcerVCM.exe 2624 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe 2424 C:\Windows\System32\igfxext.exe 2656 C:\Windows\System32\igfxsrvc.exe 356 C:\Windows\System32\wbem\unsecapp.exe 2080 WmiPrvSE.exe 3952 C:\Windows\System32\svchost.exe 3980 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe 2516 C:\Windows\System32\igfxext.exe 2860 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe 3620 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 3168 C:\Program Files\PC Tools Security\pctsAuxs.exe 3792 C:\Program Files\PC Tools Security\pctsSvc.exe 3584 C:\Program Files\PC Tools Security\pctsGui.exe 2544 C:\Program Files\Windows Defender\MSASCui.exe 3984 C:\Windows\System32\svchost.exe 3160 WUDFHost.exe 4036 C:\Program Files\Mobile Partner\Mobile Partner.exe 4208 C:\Program Files\Mozilla Firefox\firefox.exe 5852 C:\Windows\System32\SearchProtocolHost.exe 4012 C:\Windows\System32\SearchFilterHost.exe 5692 dllhost.exe 5408 dllhost.exe 4508 C:\Users\christiane\Desktop\MBRCheck.exe 4972 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
|
12.04.2011, 11:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mit "My Computer Online Scan" infiziert? Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 08:36
| #15 |
| | Mit "My Computer Online Scan" infiziert? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6344 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 12.04.2011 23:35:40 mbam-log-2011-04-12 (23-35-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 290431 Laufzeit: 2 Stunde(n), 11 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
| Themen zu Mit "My Computer Online Scan" infiziert? |
| alternate, autorun, avast!, beseitigung, bho, computer, desktop, e-mail, email, error, firefox, format, home, infiziert?, launch, location, log-datei, logfile, mozilla, neuer tab, neues fenster, norman, oldtimer, otl.exe, plug-in, programm, realtek, registry, scan, searchplugins, security, security scan, software, spyware, start menu, symantec, system, vista, windows |
Linear-Darstellung
