|
Plagegeister aller Art und deren Bekämpfung: prägnanter trojaner: freeze, taskmngr gesperrt, AV deaktiviertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.04.2011, 02:36 | #1 | |
| prägnanter trojaner: freeze, taskmngr gesperrt, AV deaktiviert Hallo habe seit heute einen sehr prägnanten Trojaner eingefangen. Aufgefallen ist er mir als plötzlich die Meldung kam, Kaspersky Antivirus wurde abgeschalten (trotz password protection ) -> ich hab noch nie so am Gehäuse auf Restart gedrückt ^^ Naja Pc fährt hoch alles 15Sekunden ganz normal, dann geht nichts mehr. Zugriff auf den Taskmanager ist gesperrt, Taskleiste lässt sich nicht anklicken und Programme lassen sich nicht öffnen. Ich kann einzig und allein mit der Maus am Desktop Vierecke ziehen Nach einem weiteren Restart viel mir auf, dass die USB-Ports beim "abgesichertenmodus auswahlbildschirm" deaktiviert sind. Ins Bios komme ich noch ohne Probleme. Also schnell meine andere Festplatte zusätzlich angesteckt und jetzt lasse ich von dort einen kompletten Systemscan (Kaspersky IS 2011) über Nacht lauffen. Hijackthis postet mir in der Onlineauswertung keine kritischen Dateien. Habe von solchen Symptomen noch nie etwas mitbekommen steckt da etwas bekannteres dahinter und kann sich der Trojander weiter ausgebreitet haben (habe normal 2 interne und eine externe Platte am lauffen) Ich kann ja morgen nochmal das HijackThis file posten und andere Dinge, das ganze hat mcih jetzt schon lange genug wachgehalten ich hau mich aufs Ohr^^ Gruß Christian So der Kasperskyscan hat nichts ergeben. und hier die Logfiles (OTL spuckt doch normalerweise 2 aus? Bei mir wars nur einer.) Ich weiß halt nicht ob diese scans so "sinnvoll" sind, wenn ich sie von einer anderen Festplatte aus starte... HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:12:35, on 27.04.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Logitech\SetPointG\SetPointII.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Logitech\SetPointG\LU\LULnchr.exe C:\Program Files\Logitech\SetPointG\LU\LogitechUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe F:\Spiele\Steam\Steam.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Users\dohmi\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6655 bytes Zitat:
Code:
ATTFilter OTL logfile created on: 27.04.2011 10:27:22 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\benutzername\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 53,16 Gb Total Space | 1,68 Gb Free Space | 3,17% Space Free | Partition Type: NTFS Drive D: | 95,94 Gb Total Space | 13,84 Gb Free Space | 14,43% Space Free | Partition Type: NTFS Drive E: | 465,75 Gb Total Space | 359,01 Gb Free Space | 77,08% Space Free | Partition Type: NTFS Drive F: | 148,99 Gb Total Space | 3,33 Gb Free Space | 2,23% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 71,65 Mb Free Space | 71,65% Space Free | Partition Type: NTFS Drive H: | 146,39 Gb Total Space | 120,26 Gb Free Space | 82,15% Space Free | Partition Type: NTFS Drive J: | 552,15 Gb Total Space | 109,39 Gb Free Space | 19,81% Space Free | Partition Type: NTFS Drive K: | 232,88 Gb Total Space | 146,43 Gb Free Space | 62,88% Space Free | Partition Type: NTFS Computer Name: benutzername-PC | User Name: benutzername | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\benutzername\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\benutzername\Downloads\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Program Files\Logitech\SetPointG\SetPointII.exe (Logitech, Inc.) PRC - C:\Program Files\Logitech\SetPointG\LU\LogitechUpdate.exe (Logitech, Inc.) PRC - C:\Program Files\Logitech\SetPointG\LU\LULnchr.exe (Logitech, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\benutzername\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ha20x22k) -- C:\Windows\System32\drivers\ha20x22k.sys (Creative Technology Ltd) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation) DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation) DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation) DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation) DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation) DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation) DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation) DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology Inc.) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 18 24 80 BF B8 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "h**p://google.de" FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.03 16:35:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.03 16:35:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.03 16:35:24 | 000,000,000 | ---D | M] [2010.02.28 23:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benutzername\AppData\Roaming\Mozilla\Extensions [2011.04.27 07:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benutzername\AppData\Roaming\Mozilla\Firefox\Profiles\65und3jy.default\extensions [2011.04.27 07:50:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\benutzername\AppData\Roaming\Mozilla\Firefox\Profiles\65und3jy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.27 07:50:27 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\benutzername\AppData\Roaming\Mozilla\Firefox\Profiles\65und3jy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.04.27 07:50:27 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\benutzername\AppData\Roaming\Mozilla\Firefox\Profiles\65und3jy.default\extensions\DeviceDetection@logitech.com [2010.07.11 15:37:41 | 000,002,059 | ---- | M] () -- C:\Users\benutzername\AppData\Roaming\Mozilla\Firefox\Profiles\65und3jy.default\searchplugins\daemon-search.xml [2011.04.27 02:26:35 | 000,000,947 | ---- | M] () -- C:\Users\benutzername\AppData\Roaming\Mozilla\Firefox\Profiles\65und3jy.default\searchplugins\icqplugin.xml [2011.04.27 02:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.04.27 02:32:08 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.04.27 02:32:07 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.11.03 16:35:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010.10.17 13:47:34 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.17 13:47:34 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.17 13:47:34 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.17 13:47:34 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.17 13:47:34 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2d302163-4037-11df-a5fb-001d7d9b15d4}\Shell - "" = AutoRun O33 - MountPoints2\{2d302163-4037-11df-a5fb-001d7d9b15d4}\Shell\AutoRun\command - "" = I:\Setup.EXE O33 - MountPoints2\{b0865277-8cf1-11df-b707-001d7d9b15d4}\Shell - "" = AutoRun O33 - MountPoints2\{b0865277-8cf1-11df-b707-001d7d9b15d4}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.27 10:17:54 | 000,000,000 | ---D | C] -- C:\Users\benutzername\AppData\Roaming\Malwarebytes [2011.04.27 10:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.27 10:17:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.27 10:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.27 10:17:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.27 10:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.27 03:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.04.27 03:04:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.27 02:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011 [2011.04.27 02:30:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.27 02:29:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2011.04.27 02:29:45 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.27 02:29:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.27 02:29:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.04.27 02:29:00 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2011.04.27 02:28:59 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2011.04.27 02:28:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2011.04.27 02:28:37 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.04.27 02:28:36 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.04.27 02:28:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.04.27 02:28:36 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011.04.27 02:28:30 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.04.27 02:28:01 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.27 02:27:59 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.27 02:27:56 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.27 02:27:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.27 02:27:48 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011.04.27 02:27:47 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.04.27 02:27:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.04.27 02:27:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.04.27 02:27:42 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.27 02:27:40 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2011.04.27 02:27:33 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.04.27 02:27:33 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.27 02:27:29 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.04.27 02:27:29 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.04.27 02:27:29 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.04.27 02:27:29 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.04.27 02:27:28 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2011.04.27 02:27:28 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.04.27 02:27:28 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.04.27 02:27:27 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011.04.27 02:27:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.04.27 02:27:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.04.27 02:27:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2011.04.27 02:27:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.27 02:27:21 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011.04.27 02:27:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011.04.27 02:27:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.27 02:27:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011.04.27 02:27:19 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.04.27 02:27:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.27 02:27:16 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.27 02:27:10 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011.04.27 02:27:10 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.04.27 02:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.04.27 02:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2010.07.07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [2010.07.07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.27 10:17:49 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 10:01:18 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.27 10:01:18 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.27 03:28:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 03:28:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 03:22:27 | 002,231,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.27 03:22:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.27 03:21:47 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2011.04.27 03:19:58 | 000,055,092 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.04.27 03:19:58 | 000,055,092 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.04.27 03:19:58 | 000,000,820 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.04.27 02:51:59 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.04.27 02:51:59 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.04.27 02:44:14 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 10:17:49 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 02:26:56 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.04.27 02:26:56 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.08.11 15:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.07.07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2010.07.07 14:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2010.07.07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2010.07.07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat [2010.07.07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat [2010.07.07 13:14:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe [2010.07.07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe [2010.06.16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.06.08 22:55:45 | 000,024,576 | ---- | C] () -- C:\Windows\System32\EALTEST.EXE [2010.05.21 21:00:37 | 000,217,088 | ---- | C] () -- C:\Windows\System32\libmySQL.dll [2010.05.21 21:00:37 | 000,102,400 | ---- | C] () -- C:\Windows\System32\TrackerNET.dll [2010.05.21 20:19:03 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini [2010.04.18 21:35:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.23 18:15:55 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2010.03.20 18:12:18 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.03.20 18:12:10 | 000,139,152 | ---- | C] () -- C:\Users\benutzername\AppData\Roaming\PnkBstrK.sys [2010.03.20 18:11:39 | 000,215,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.03.20 18:11:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.03.20 18:11:38 | 002,373,712 | ---- | C] () -- C:\Windows\System32\Pbsvc.exe [2010.03.05 02:11:22 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.03.01 00:04:21 | 000,164,864 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.03.01 00:04:21 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.03.01 00:03:57 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2010.02.28 23:29:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 002,231,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2002.03.13 14:15:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report > |
06.05.2011, 11:47 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | prägnanter trojaner: freeze, taskmngr gesperrt, AV deaktiviert Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ |
Themen zu prägnanter trojaner: freeze, taskmngr gesperrt, AV deaktiviert |
adblock, antivirus, bios, deaktiviert, desktop, dinge, externe platte, festplatte, file, freeze, gesperrt, kaspersky, klicke, klicken, langs, location, maus, meldung, modus, nichts, oldtimer, platte, plug-in, plötzlich, programme, schnell, searchplugins, sekunden, sptd.sys, start menu, taskleiste, taskmanager, tracker, trojaner, trotz, webcheck |