Virusbefall- TR/Dropper.Gen [trojan] & Co. |
||
|---|---|---|
| #0
| ||
|
18.06.2009, 14:31
Member
Beiträge: 12 |
||
 
|
|
|
|
18.06.2009, 14:43
Member
Beiträge: 3716 |
#2
Hallo, bitte nur ein aktives av-programm auf einmal. ich würde avg deinstalieren. könntest du dann bitte noch malwarebytes aus der anleitung ausfüren und das log posten. einfach reinkopieren.
ich kopiere deine jetzigen logfiles mal in den thread, ich finds so besser ;-) ComboFix 09-06-17.04 - Mariana ( Comp ) 06/18/2009 14:48.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.20.1033.18.479.230 [GMT 3:00] Running from: c:\documents and settings\Mariana ( Comp )\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . /wow section - STAGE 38 The system cannot find the path specified. The system cannot find the path specified. \Local was unexpected at this time. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4 c:\documents and settings\All Users\Application Data\Starware316 c:\documents and settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\logo.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\logoxp.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png c:\documents and settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316 c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\BrowserSearch\BrowserSearch.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Configurator\Configurator.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Configurator\Configurator.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Music\Free_MusicOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Layouts\ToolbarLayout.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Manager\ManagerOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Manager\ManagerOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Reference\ReferenceOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Reference\ReferenceOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Ringtones\RingtonesOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Screensavers\ScreensaversOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Toolbar\TBProductsOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Weather\AlertArchive.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Weather\WeatherOptions.xml c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Weather\WeatherOptions.xml.backup c:\program files\screensavers.com c:\program files\Starware316 c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\cnvpe.fne c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\dp1.fne c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\krnln.fnr c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\shell.fne c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\spec.fne c:\program files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe c:\program files\screensavers.com\SSSUninst.exe c:\program files\Starware316\icons\star_16.ico c:\program files\Starware316\Starware316Config.xml c:\program files\Starware316\Starware316Uninstall.exe c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 ))))))))))))))))))))))))))))))) . 2009-06-17 12:52 . 2009-06-17 12:52 -------- d-----w- c:\program files\Trend Micro 2009-06-17 11:20 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-17 11:20 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-17 11:20 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-17 11:20 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-17 11:20 . 2009-06-17 11:20 -------- d-----w- c:\program files\Avira 2009-06-17 11:20 . 2009-06-17 11:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-17 07:43 . 2009-06-17 07:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-17 07:43 . 2009-06-17 07:43 -------- d-----w- c:\program files\Java 2009-06-17 07:42 . 2009-06-17 07:42 152576 ----a-w- c:\documents and settings\Mariana ( Comp )\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-17 07:08 . 2009-06-11 07:05 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-06-17 07:08 . 2009-06-11 07:05 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-06-17 07:08 . 2009-06-11 07:05 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll 2009-06-11 07:18 . 2009-06-02 10:38 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-06-11 07:06 . 2009-06-11 07:05 826344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe 2009-06-11 07:05 . 2009-06-11 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-06-11 07:05 . 2009-06-11 07:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR 2009-06-11 07:03 . 2009-06-11 07:03 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-06-10 14:09 . 2009-06-10 14:10 -------- d--h--w- c:\windows\system32\D624C3 2009-06-10 14:09 . 2009-06-10 14:10 -------- d--h--w- c:\windows\system32\95C737 2009-06-10 14:09 . 2009-06-10 14:10 -------- d--h--w- c:\windows\system32\27700D 2009-06-10 14:09 . 2009-06-10 14:10 -------- d--h--w- c:\windows\system32\171350 2009-05-26 08:43 . 2009-05-26 08:43 -------- d-----w- c:\documents and settings\Mariana ( Comp )\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-17 07:07 . 2009-03-10 11:11 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-11 07:05 . 2009-03-10 11:11 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-05-02 11:16 . 2009-05-02 11:16 -------- d-----w- c:\program files\FXDD - MetaTrader 4 2009-05-02 10:45 . 2009-05-02 10:45 -------- d-----w- c:\program files\MetaTrader - Alpari (US) MultiTerminal 2009-04-30 08:08 . 2009-03-10 11:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-04-30 08:08 . 2009-03-10 11:11 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-04-30 08:08 . 2009-03-10 11:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-02 10:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-05-30 542208] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-03-03 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-30 08:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-30 12552] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-06-11 327688] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-30 108552] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-17 108289] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-06-17 906520] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-30 298776] . - - - - ORPHANS REMOVED - - - - HKLM-Run-NWEReboot - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-18 14:51 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-06-18 14:53 ComboFix-quarantined-files.txt 2009-06-18 11:53 Pre-Run: 3,632,988,160 bytes free Post-Run: 3,685,277,696 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 216 --- E O F --- 2008-07-09 07:31 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:29:43 ?, on 18/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE c:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EAF2E3.lnk = C:\WINDOWS\system32\27700D\EAF2E3.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MARIAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 8788 bytes |
|
|
|
|
|
|
18.06.2009, 14:56
Member
Themenstarter Beiträge: 12 |
#3
Hallo,
danke fuer die schnelle Hilfe. AVG ist jetzt deinstallliert. Bezueglich Malwasrebytes: Kann dieses Programm nicht installieren. Nach dem Download kommt folgende Meldung: The setup files are corrupted. obtain a new copy of the program Habe es mit verschiedenen Downloads von unterschiedlichen Sieten versucht, kam jedoch zum gleichen Ergebnis. Alternativen oder Loesungsvorschlaege? |
|
|
|
|
|
|
18.06.2009, 14:58
Member
Beiträge: 3716 |
#4
benutzt du bereits avira version neun?
|
|
|
|
|
|
|
18.06.2009, 15:01
Member
Themenstarter Beiträge: 12 |
#5
Ja,
nutze Product version 9.0.0.403 03/06/2009 Search engine 8.02.00.191 16/06/2009 Virus definition file 7.01.04.111 18/06/2009 Control Center 9.00.00.18 17/06/2009 Config Center 9.00.00.21 20/02/2009 Luke Filewalker 9.00.03.06 17/06/2009 AntiVir Guard 9.00.01.30 17/06/2009 Filter 9.00.03.12 24/03/2009 Scheduler 9.00.00.09 17/06/2009 Updater 9.00.00.49 17/06/2009 Heute herruntergeladen, da ich AVIRA ggue. AVG bevorzuge, auf diesem Rechner bisher jedoch nur AVG installiert war. |
|
|
|
|
|
|
18.06.2009, 15:10
Member
Beiträge: 3716 |
#6
Sehr gründlich mit den versionsangaben :-)
Ok, öffne antivir, klicke konfiguration, hake den experten-modus an. gehe nun auf scanner und öffne die Liste. Bei Dateisuchmodus alle auswählen, sonst alles anhaken außer offlinedateien auslassen und symbolischen verknüpfungen folgen. bei archive wähle alle aus, recoursionstiefe einschrenken abwählen. bei heuristik haken erin, stufe hoch. nun gehe auf allgemein, gefahrenkategorieen und wähle dort alle aus. übernehmen ok. nun bitte antivir updaten. öffne das programm wieder, dann lokaler schutz und lokale laufwerke, wähle scannen. funde in quarantäne, log posten. |
|
|
|
|
|
|
18.06.2009, 15:50
Member
Themenstarter Beiträge: 12 |
#7
Ok, Update durchgefuehrt.
Scans ebenfalls durchlaufen. Hier die Logfiles: Local Drives: Avira AntiVir Personal Report file date: 18 يونيو, 2009 16:19 Scanning for 1475114 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : Mariana ( Comp ) Computer name : MARIANA Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/17/2009 11:47:42 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 08:58:26 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 09:35:50 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 08:58:54 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 10:30:38 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 18:33:28 ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 6/12/2009 11:47:42 ANTIVIR3.VDF : 7.1.4.111 167936 Bytes 6/18/2009 11:26:42 Engineversion : 8.2.0.191 AEVDF.DLL : 8.1.1.1 106868 Bytes 6/17/2009 11:47:42 AESCRIPT.DLL : 8.1.2.9 409978 Bytes 6/18/2009 10:35:48 AESCN.DLL : 8.1.2.3 127347 Bytes 6/17/2009 11:47:42 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 16:24:42 AEPACK.DLL : 8.1.3.18 401783 Bytes 6/17/2009 11:47:42 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 10:35:16 AEHEUR.DLL : 8.1.0.133 1798520 Bytes 6/18/2009 10:34:26 AEHELP.DLL : 8.1.3.6 205174 Bytes 6/17/2009 11:47:42 AEGEN.DLL : 8.1.1.45 348532 Bytes 6/17/2009 11:47:42 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 12:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 6/17/2009 11:47:42 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 12:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:48:00 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 08:32:16 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 12:34:30 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 08:32:10 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 13:05:42 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 08:37:10 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 13:03:50 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 06:21:34 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 08:32:12 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/17/2009 11:47:42 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 08:19:50 Configuration settings for the scan: Jobname.............................: Local Drives Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, A:, F:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Optimised scan......................: on Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: off Smart extensions....................: on Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic.....................: on File heuristic......................: high Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: 18 يونيو, 2009 16:19 Starting search for hidden objects. '23293' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'POWERPNT.EXE' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'msimn.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'JQS.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 37 processes with 37 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'A:\' [INFO] In the drive 'A:\' no data medium is inserted! Starting to scan executable files (registry). The registry was scanned ( '63' files ). Starting the file scan: Begin scan in 'C:\' C:\PAGEFILE.SYS [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Program Files\RingEurope\mrtunnel.dll [DETECTION] Contains HEUR/Malware suspicious code Begin scan in 'D:\' Begin scan in 'E:\' Begin scan in 'A:\' Search path A:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'F:\' Search path F:\ could not be opened! System error [21]: The device is not ready. Beginning disinfection: C:\Program Files\RingEurope\mrtunnel.dll [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4aae4224.qua'! End of the scan: 18 يونيو, 2009 16:31 Used time: 10:54 Minute(s) The scan has been done completely. 3759 Scanned directories 149391 Files were scanned 0 Viruses and/or unwanted programs were found 1 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 149388 Files not concerned 907 Archives were scanned 2 Warnings 3 Notes 23293 Objects were scanned with rootkit scan 0 Hidden objects were found Spezififkation der gefunden verdaechtigen Datei: HEUR/Malware - Heuristic See also Summary Full description Statistics How would you rate this information? Worthless Excellent Virus: HEUR/Malware Type: AHeAD Heuristic special detection In the wild: No Reported Infections: Low Distribution Potential: Low Damage Potential: Low Static file: No Special detection Description: HEUR/Malware HEUR/Malware is a heuristic detection routine designed to detect common malware characteristics. Avira AntiVir recognizes unknown malware proactively using its AHeAD technology. To achieve this, Avira performs innovative structural analyzing. On the basis of the composition of a file, the sequence of significant code sequences or based on particular behavior patterns, the heuristics can determine with a high probability whether it is dealing with a harmful or virulent file. HEUR/Malware in particular is reported when a program seems to contain suspicious functionality. In the unlikely occurrence of a false positives we would kindly ask for your help and send the file to our virus lab using the quarantine functionality of AntiVir. A heuristic detection might be a false identification if one or more of the following are true: - The program has been used for a very long time and is known to the user - The program was installed by the user himself - The program is from a trustworthy source Please note that even old programs can get infected or replaced by malware without your knowledge. Besides that trustworthy sources might have become compromised themselves. In order to enhance detection and reduce the rate of false positives we recommend you to send the file to our virus lab for further analysis. Send a sample via the quarantine manager within the windows product: http://www.avira.com/en/support/av7_quarantine_manager.html Upload a sample via the form on our website: http://www.avira.com/en/support/submit_suspicious_files.html Local Hard Disks: Avira AntiVir Personal Report file date: 18 يونيو, 2009 16:30 Scanning for 1475114 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : Mariana ( Comp ) Computer name : MARIANA Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/17/2009 11:47:42 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 08:58:26 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 09:35:50 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 08:58:54 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 10:30:38 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 18:33:28 ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 6/12/2009 11:47:42 ANTIVIR3.VDF : 7.1.4.111 167936 Bytes 6/18/2009 11:26:42 Engineversion : 8.2.0.191 AEVDF.DLL : 8.1.1.1 106868 Bytes 6/17/2009 11:47:42 AESCRIPT.DLL : 8.1.2.9 409978 Bytes 6/18/2009 10:35:48 AESCN.DLL : 8.1.2.3 127347 Bytes 6/17/2009 11:47:42 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 16:24:42 AEPACK.DLL : 8.1.3.18 401783 Bytes 6/17/2009 11:47:42 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 10:35:16 AEHEUR.DLL : 8.1.0.133 1798520 Bytes 6/18/2009 10:34:26 AEHELP.DLL : 8.1.3.6 205174 Bytes 6/17/2009 11:47:42 AEGEN.DLL : 8.1.1.45 348532 Bytes 6/17/2009 11:47:42 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 12:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 6/17/2009 11:47:42 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 12:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:48:00 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 08:32:16 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 12:34:30 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 08:32:10 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 13:05:42 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 08:37:10 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 13:03:50 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 06:21:34 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 08:32:12 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/17/2009 11:47:42 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 08:19:50 Configuration settings for the scan: Jobname.............................: Local Hard Disks Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Optimised scan......................: on Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: off Smart extensions....................: on Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic.....................: on File heuristic......................: high Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: 18 يونيو, 2009 16:30 Starting search for hidden objects. '23357' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'POWERPNT.EXE' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'msimn.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'JQS.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '63' files ). Starting the file scan: Begin scan in 'C:\' C:\PAGEFILE.SYS [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\System Volume Information\_restore{2905640E-5317-4FD3-958A-1B14B7679693}\RP355\A0068374.dll [DETECTION] Contains HEUR/Malware suspicious code Begin scan in 'D:\' Begin scan in 'E:\' Beginning disinfection: C:\System Volume Information\_restore{2905640E-5317-4FD3-958A-1B14B7679693}\RP355\A0068374.dll [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4a6a45f7.qua'! End of the scan: 18 يونيو, 2009 16:48 Used time: 17:41 Minute(s) The scan has been done completely. 3760 Scanned directories 149453 Files were scanned 0 Viruses and/or unwanted programs were found 1 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 149450 Files not concerned 907 Archives were scanned 2 Warnings 3 Notes 23357 Objects were scanned with rootkit scan 0 Hidden objects were found Ich habe ausserdem die Wechseldatnetrager gescannt, da mein Windows Explorer darauf nichts mehr findet. Der Scanner jedoch die Dateien, die darauf sind durchsuchen kann. WIe kann ich wieder auf die Dateien zugreifen? Hier das Logfile der Wechseldatentraeger: Avira AntiVir Personal Report file date: 18 يونيو, 2009 16:45 Scanning for 1475114 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : Mariana ( Comp ) Computer name : MARIANA Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/17/2009 11:47:42 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 08:58:26 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 09:35:50 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 08:58:54 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 10:30:38 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 18:33:28 ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 6/12/2009 11:47:42 ANTIVIR3.VDF : 7.1.4.111 167936 Bytes 6/18/2009 11:26:42 Engineversion : 8.2.0.191 AEVDF.DLL : 8.1.1.1 106868 Bytes 6/17/2009 11:47:42 AESCRIPT.DLL : 8.1.2.9 409978 Bytes 6/18/2009 10:35:48 AESCN.DLL : 8.1.2.3 127347 Bytes 6/17/2009 11:47:42 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 16:24:42 AEPACK.DLL : 8.1.3.18 401783 Bytes 6/17/2009 11:47:42 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 10:35:16 AEHEUR.DLL : 8.1.0.133 1798520 Bytes 6/18/2009 10:34:26 AEHELP.DLL : 8.1.3.6 205174 Bytes 6/17/2009 11:47:42 AEGEN.DLL : 8.1.1.45 348532 Bytes 6/17/2009 11:47:42 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 12:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 6/17/2009 11:47:42 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 12:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:48:00 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 08:32:16 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 12:34:30 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 08:32:10 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 13:05:42 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 08:37:10 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 13:03:50 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 06:21:34 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 08:32:12 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/17/2009 11:47:42 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 08:19:50 Configuration settings for the scan: Jobname.............................: Removable Drives Configuration file..................: c:\program files\avira\antivir desktop\rmdiscs.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: A:, G:, F:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Optimised scan......................: on Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: off Smart extensions....................: on Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic.....................: on File heuristic......................: high Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: 18 يونيو, 2009 16:45 Starting search for hidden objects. An ARK library instance is already running. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'POWERPNT.EXE' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'msimn.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'JQS.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'A:\' [INFO] In the drive 'A:\' no data medium is inserted! Boot sector 'G:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '63' files ). Starting the file scan: Begin scan in 'A:\' Search path A:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'G:\' <INTENSO> Begin scan in 'F:\' Search path F:\ could not be opened! System error [21]: The device is not ready. End of the scan: 18 يونيو, 2009 16:46 Used time: 00:39 Minute(s) The scan has been done completely. 21 Scanned directories 567 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 567 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes |
|
|
|
|
|
|
18.06.2009, 16:03
Member
Beiträge: 3716 |
#8
darum kümmern wir uns noch ;-)
erst einmal: erstelle einen neuen ordner, den du leicht wiederfindest, danach rechtsklick auf das avira-schirmchen und guard deaktivieren wählen. nun öffne avira und suche in der quarantäne folgenden eintrag: C:\Program Files\RingEurope\mrtunnel.dll [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4aae4224.qua'! wähle wiederherstellen in und stelle die datei in den neuen ordner wieder her. nun besuche www.virustotal.com dann durchsuchen, navigiere zu dem neuen ordner, zu der datei und klicke absenden. wenn die datei bereits geprüft wurde, klicke erneut prüfen. poste das ergebniss + link. danach besuche: http://analysis.avira.com/samples/index.php und lad die datei zur überprüfung hoch, poste die antwort. öffne danach wieder avira, quarantäne, wähle hinzufügen, und die datei zurück in die quarantäne. guard anschalten, melde dich bitte wieder hier. |
|
|
|
|
|
|
18.06.2009, 16:16
Member
Themenstarter Beiträge: 12 |
#9
Ok, hier nun die Ergebnisse, File wieder in Quarantaene:
Virustotal.com: Link: http://www.virustotal.com/analisis/d4da1937715df20a3f0504ad534659fbdcf1f9c39754d81ea2ccfa181d6a3327-12453344087-1245334408 File mrtunnel.dll received on 2009.06.18 14:13:28 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 2/41 (4.88%) Loading server information... Your file is queued in position: 1. Estimated start time is between 38 and 55 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.18 2009.06.18 - AhnLab-V3 5.0.0.2 2009.06.18 - AntiVir 7.9.0.191 2009.06.18 HEUR/Malware Antiy-AVL 2.0.3.1 2009.06.18 - Authentium 5.1.2.4 2009.06.18 - Avast 4.8.1335.0 2009.06.17 - AVG 8.5.0.339 2009.06.18 - BitDefender 7.2 2009.06.18 - CAT-QuickHeal 10.00 2009.06.18 - ClamAV 0.94.1 2009.06.18 - Comodo 1363 2009.06.18 - DrWeb 5.0.0.12182 2009.06.18 - eSafe 7.0.17.0 2009.06.18 - eTrust-Vet 31.6.6567 2009.06.18 - F-Prot 4.4.4.56 2009.06.17 - F-Secure 8.0.14470.0 2009.06.18 - Fortinet 3.117.0.0 2009.06.18 - GData 19 2009.06.18 - Ikarus T3.1.1.59.0 2009.06.18 - Jiangmin 11.0.706 2009.06.18 - K7AntiVirus 7.10.766 2009.06.17 - Kaspersky 7.0.0.125 2009.06.18 - McAfee 5649 2009.06.17 - McAfee+Artemis 5649 2009.06.17 - McAfee-GW-Edition 6.7.6 2009.06.18 Heuristic.Malware Microsoft 1.4701 2009.06.18 - NOD32 4167 2009.06.18 - Norman 6.01.09 2009.06.18 - nProtect 2009.1.8.0 2009.06.18 - Panda 10.0.0.14 2009.06.17 - PCTools 4.4.2.0 2009.06.17 - Prevx 3.0 2009.06.18 - Rising 21.34.34.00 2009.06.18 - Sophos 4.42.0 2009.06.18 - Sunbelt 3.2.1858.2 2009.06.18 - Symantec 1.4.4.12 2009.06.18 - TheHacker 6.3.4.3.348 2009.06.17 - TrendMicro 8.950.0.1094 2009.06.18 - VBA32 3.12.10.7 2009.06.18 - ViRobot 2009.6.18.1794 2009.06.18 - VirusBuster 4.6.5.0 2009.06.18 - Additional information File size: 102400 bytes MD5...: 135950687d67ae4d1a2d5f4d019fe8cd SHA1..: 648e55e60d4df3cd88037271c75b6afe2048f6ed SHA256: d4da1937715df20a3f0504ad534659fbdcf1f9c39754d81ea2ccfa181d6a3327 ssdeep: 1536:iBhd0lr31qGIA//wE1ZdHHTLt3GOWvzvo+32Mu:kd0lrlqtEbdt3vMzvo+3 2V PEiD..: Armadillo v1.xx - v2.xx TrID..: File type identification DirectShow filter (52.6%) Windows OCX File (32.2%) Win32 Executable MS Visual C++ (generic) (9.8%) Win32 Executable Generic (2.2%) Win32 Dynamic Link Library (generic) (1.9%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x8442 timedatestamp.....: 0x41808fb0 (Thu Oct 28 06:20:32 2004) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xc776 0xd000 6.48 f0290848e371f9212b2cab242da90b5d .rdata 0xe000 0x1945 0x2000 4.70 d635c1b0ce18226c612fde3edc85009f .data 0x10000 0x159f8 0x5000 2.34 148b485f7cfa4104a08f0be31cdd4cad .rsrc 0x26000 0x1160 0x2000 2.72 4d9ac3958289cdd1605d3e231906967c .reloc 0x28000 0x1480 0x2000 3.62 e34fc91c0caedef8f99ef03cd14adc08 ( 6 imports ) > KERNEL32.dll: TerminateThread, DisableThreadLibraryCalls, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, InterlockedIncrement, EnterCriticalSection, InterlockedDecrement, HeapDestroy, FreeLibrary, GetProcAddress, LoadLibraryA, lstrcpyA, MultiByteToWideChar, lstrlenA, lstrcatA, GetModuleFileNameA, GetShortPathNameA, GetModuleHandleA, CreateEventA, LoadResource, FindResourceA, LoadLibraryExA, lstrcmpiA, lstrcpynA, IsDBCSLeadByte, GetLocalTime, WriteFile, GetSystemTime, CreateFileA, OutputDebugStringA, GetSystemDirectoryA, SetEnvironmentVariableA, CompareStringW, CompareStringA, SetThreadPriority, WaitForSingleObject, CloseHandle, SetEvent, lstrlenW, WideCharToMultiByte, GetTickCount, GetLastError, SizeofResource, Sleep, LCMapStringW, LCMapStringA, SetStdHandle, GetOEMCP, GetACP, GetCPInfo, FlushFileBuffers, GetStringTypeW, GetStringTypeA, SetFilePointer, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, TlsGetValue, SetLastError, TlsFree, TlsAlloc, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, VirtualAlloc, VirtualFree, HeapCreate, GetVersionExA, GetEnvironmentVariableA, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, HeapFree, HeapReAlloc, CreateThread, GetCurrentThreadId, TlsSetValue, ExitThread, RtlUnwind, GetTimeZoneInformation, GetCommandLineA, GetVersion > USER32.dll: PeekMessageA, MsgWaitForMultipleObjects, DispatchMessageA, wsprintfA, wvsprintfA, CharNextA > ADVAPI32.dll: RegQueryInfoKeyA, RegSetValueExA, RegEnumKeyExA, RegOpenKeyExA, RegCloseKey, RegDeleteValueA, RegCreateKeyExA, RegDeleteKeyA, RegEnumValueA > ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, CoCreateInstance, CoCreateGuid > OLEAUT32.dll: -, -, -, -, -, -, - > WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - ( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer PDFiD.: - RDS...: NSRL Reference Data Set - Analyse Avira: Link: http://analysis.avira.com/samples/finish.php Suspicious Files and Miscellaneous Uploads Thank you for your submission. Below you can see the current status of the uploaded files. A listing of files alongside their results can be found below: File ID Filename Size (Byte) Result 25377584 mrtunnel.dll 100 KB UNDER ANALYSIS Please find a detailed report concerning each individual sample below: Filename Result mrtunnel.dll UNDER ANALYSIS The file 'mrtunnel.dll' has been determined to be 'UNDER ANALYSIS'. Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready. |
|
|
|
|
|
|
18.06.2009, 16:19
Member
Beiträge: 3716 |
#10
ok du wirst noch mal eine mail von avira bekommen, bitte bescheid geben, kannst du noch mal malwarebytes versuchen bitte?
downloade es, diesmal benenne es gleich beim downloaden um. die hauptsache ist, das .exe bleibt stehen. |
|
|
|
|
|
|
18.06.2009, 16:57
Member
Themenstarter Beiträge: 12 |
#11
Ok, Avira hat mir eine Email geschickt und die Analyse ist noch nicht abgeschlossen.
Malwarebytes Installation hat funktioniert und habe Updates durchgefuehrt.. Hier der/ die / das Logfile? ;-) Gefundene Malware loeschen? Malwarebytes' Anti-Malware 1.38 Database version: 2304 Windows 5.1.2600 Service Pack 2 18/06/2009 05:55:30 ? mbam-logfile-2009-06-18 (17-55-17) Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|) Objects scanned: 113043 Time elapsed: 21 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
|
|
18.06.2009, 17:04
Member
Beiträge: 3716 |
#12
löschen und neues hjt-log posten.
|
|
|
|
|
|
|
18.06.2009, 17:09
Member
Themenstarter Beiträge: 12 |
#13
In der Zwischenzeit hat AVIRA etwas Neues entdeckt:
Tr/Dropper.Gen Trojan Upload ergab Folgendes> AVIRA: Suspicious Files and Miscellaneous Uploads Thank you for your submission. Below you can see the current status of the uploaded files. A listing of files alongside their results can be found below: File ID Filename Size (Byte) Result 2254383 A0068111.exe 14.92 KB FALSE POSITIVE Please find a detailed report concerning each individual sample below: Filename Result A0068111.exe FALSE POSITIVE The file 'A0068111.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file does not belong to a regular piece of software. This software can be used for an evasion of security protections in several computer programs. If we will find some malicious code inside the suspicious file anyway, we will integrate the pattern recognition in one of our next updates. In case AntiVir can detect this file we will not change or remove our detection. Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready. VIRUSTOTAL.COM: File A0068111.exe received on 2009.06.18 15:08:20 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 31/41 (75.61%) Loading server information... Your file is queued in position: 1. Estimated start time is between 38 and 55 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.18 2009.06.18 Riskware.Hacktool.Keygen.nav2005!IK AhnLab-V3 5.0.0.2 2009.06.18 Win-Trojan/Fsg.15280 AntiVir 7.9.0.191 2009.06.18 TR/Dropper.Gen Antiy-AVL 2.0.3.1 2009.06.18 Backdoor/Win32.Rbot Authentium 5.1.2.4 2009.06.18 W32/Heuristic-210!Eldorado Avast 4.8.1335.0 2009.06.17 - AVG 8.5.0.339 2009.06.18 Suspicion: unknown virus BitDefender 7.2 2009.06.18 Packer.FSG.A CAT-QuickHeal 10.00 2009.06.18 Trojan.Zlob.a ClamAV 0.94.1 2009.06.18 - Comodo 1363 2009.06.18 Unclassified Malware DrWeb 5.0.0.12182 2009.06.18 - eSafe 7.0.17.0 2009.06.18 Win32.zlob eTrust-Vet 31.6.6567 2009.06.18 - F-Prot 4.4.4.56 2009.06.17 W32/Heuristic-210!Eldorado F-Secure 8.0.14470.0 2009.06.18 W32/Packed_FSG.A Fortinet 3.117.0.0 2009.06.18 PossibleThreat GData 19 2009.06.18 Packer.FSG.A Ikarus T3.1.1.59.0 2009.06.18 not-a-Virus.Hacktool.Keygen.nav2005 Jiangmin 11.0.706 2009.06.18 - K7AntiVirus 7.10.766 2009.06.17 Trojan.Win32.DLoader Kaspersky 7.0.0.125 2009.06.18 - McAfee 5649 2009.06.17 Generic.dx McAfee+Artemis 5649 2009.06.17 Generic.dx McAfee-GW-Edition 6.7.6 2009.06.18 Trojan.Dropper.Gen Microsoft 1.4701 2009.06.18 - NOD32 4167 2009.06.18 probably a variant of Win32/Agent Norman 6.01.09 2009.06.18 W32/Packed_FSG.A nProtect 2009.1.8.0 2009.06.18 Trojan/W32.Small.15280 Panda 10.0.0.14 2009.06.18 - PCTools 4.4.2.0 2009.06.17 Trojan.Zlob!sd6 Prevx 3.0 2009.06.18 Medium Risk Malware Rising 21.34.34.00 2009.06.18 - Sophos 4.42.0 2009.06.18 Mal/Packer Sunbelt 3.2.1858.2 2009.06.18 Packer.FSG.A Symantec 1.4.4.12 2009.06.18 Trojan.Zlob TheHacker 6.3.4.3.348 2009.06.17 W32/Netsky(2).gen@MM TrendMicro 8.950.0.1094 2009.06.18 PAK_Generic.005 VBA32 3.12.10.7 2009.06.18 Trojan-Downloader.Win32.Small.cyn ViRobot 2009.6.18.1794 2009.06.18 - VirusBuster 4.6.5.0 2009.06.18 Packed/FSG Additional information File size: 15280 bytes MD5...: 3ebf80dd899644447cc3f30fee1e58d2 SHA1..: 670dd0da46c8c223e1b8b9e21f090fe09bf8aa3e SHA256: 371266ccdc7b7a82f92d8a19b4da107b30a073452d6d66b5d086c8ce2f5eb649 ssdeep: 192:joJM6sPn9V1bzDTjzDU4h/OskzOSuvNFtXQazcAU1cgqIpSHPrZfVcNSWvVo XKyw:joJM/f4OSuvNAaIAAcQpErWvVoXlV4 PEiD..: FSG v1.00 (Eng) -> dulek/xt TrID..: File type identification Generic Win/DOS Executable (49.5%) DOS Executable Generic (49.5%) VXD Driver (0.7%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xf000 timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 0x1000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e 0xb000 0x4000 0x37ae 7.45 777cf3f2eaae6bbef189b2700888dd91 ta 0xf000 0x1000 0x200 4.55 574416a5f1f7540507b19bac1b66f09a ( 1 imports ) > KERNEL32.dll: LoadLibraryA, GetProcAddress ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=3ebf80dd899644447cc3f30fee1e58d2' target='_blank'>http://www.threatexpert.com/report.aspx?md5=3ebf80dd899644447cc3f30fee1e58d2</a> packers (Kaspersky): FSG packers (F-Prot): FSG Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C624655EB0A8AD1A3BA600D67BBD9E0005BD4D5D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=C624655EB0A8AD1A3BA600D67BBD9E0005BD4D5D</a> packers (Authentium): FSG CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3ebf80dd899644447cc3f30fee1e58d2' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3ebf80dd899644447cc3f30fee1e58d2</a> |
|
|
|
|
|
|
18.06.2009, 17:11
Member
Themenstarter Beiträge: 12 |
#14
Neues HJT-Logfile:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:10:59 ?, on 18/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EAF2E3.lnk = C:\WINDOWS\system32\27700D\EAF2E3.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MARIAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 7967 bytes |
|
|
|
|
|
|
18.06.2009, 17:37
Member
Themenstarter Beiträge: 12 |
#15
Hallo,
ich verabschiede mich dann erstmal ins WE und habe vermutlich erst am Sonntag wieder Zugang zu diesem Rechner, da es nicht meiner ist. Ich weiss noch nicht, ob ich uebers WE Onlinezugnag habe. Ich melde mich dementsprechend also wohl erst wieder am Sonntag. Vielen Dank fuer Deine Hilfe, ein schoenes Wocheende und bis dann Viele Gruesse aus Kairo bei gut 35 Grad |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich schlage mich seit einiger Zeit mit einem bzw. Viren herum und konnte dieses Problem mangels Fachkenntnissen bisher nicht beheben und befuerchte, dass dieses sich inzwischen massiv verschlimmert hat.
Bin fuer fachkundige und auch fuer Ignoranten, wie mich, ausreichend erklaerte Hilfe sehr dankbar.
Ich vermute, dass ich mir diese Geschichte ueber den USB Stick eines Bekannten eingefangen habe und meine Virenscanner AVG und Avira Antivir teilten mir dies folgendermassen mit:
Antivir:
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'E:\System Volume Information\_restore{2905640E-5317-4FD3-958A-1B14B7679693}\RP354\A0068111.exe.
Action performed: Deny access
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'E:\System Volume Information\_restore{2905640E-5317-4FD3-958A-1B14B7679693}\RP354\A0068141.EXE.
Action performed: Move file to quarantine
AVG:
"C:\WINDOWS\system32\D624C3\internet.fne";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\WINDOWS\system32\D624C3\HtmlView.fne";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\WINDOWS\System32\27700D\EAF2E3.EXE (2496)";"Virus found Win32/Heur";"Reboot is required to finish the action"
"C:\DOCUME~1\MARIAN~1\LOCALS~1\Temp\E_N4\internet.fne";"Virus found Win32/Heur";"Infected"
"C:\WINDOWS\system32\D624C3\eAPI.fne";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\Mariana ( Comp )\Local Settings\Temp\E_N4\internet.fne";"Virus found Win32/Heur";"Infected"
"C:\Documents and Settings\Mariana ( Comp )\Local Settings\Temp\E_N4\HtmlView.fne";"Virus found Win32/Heur";"Infected"
"C:\Documents and Settings\Mariana ( Comp )\Local Settings\Temp\E_N4\eAPI.fne";"Virus found Win32/Heur";"Infected"
"C:\DOCUME~1\MARIAN~1\LOCALS~1\Temp\E_N4\HtmlView.fne";"Virus found Win32/Heur";"Infected"
"C:\DOCUME~1\MARIAN~1\LOCALS~1\Temp\E_N4\eAPI.fne";"Virus found Win32/Heur";"Infected"
Ich habe mich versucht an die folgenden Anweisungen zu erhalten:
1. Disk cleanup -> erledigt
2. Scan mit malwarebytes -> nicht moeglich, folgende Meldung:
The setup files are corrupted. obtain a new copy
Habe es mit mehreren Downloadseiten versucht, das Ergebnis war jedoch dasselbe.
Habe versucht durch Download von einem anderen Rechner und via Stick mlawarebytes auf dem befallenen Rechner zu installieren. Jedoch mit dem Ergebnis, dass es ebenfalls nicht funktionerte und nun der verwendete Stick nicht mehr erkannt wird. Was kann ich zur Rettung des Sticks tun?
3. Scan mit Combofix -> ist durchgefuehrt, Report ist beigefuegt
4. Hijackthis-Logfile -> ebenfalls durchgefuehrt und beigefuegt
Heute kamen nun noch eine weitere Meldung von AVG und Antivir hinzu:
Virus or unwanted program 'DR/FakeAlert.SE [dropper]'
detected in file 'C:\Documents and Settings\Mariana ( Comp )\Desktop\doktor_v05.exe.
Action performed: Deny access
Im Voraus vielen Dank fuer jegliche Hilfe!