| |
| |||||||
Log-Analyse und Auswertung: Metropolitan-Police Trojaner mit Systemwiederherstellung erfolgreich gelöscht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
22.06.2011, 15:27
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Metropolitan-Police Trojaner mit Systemwiederherstellung erfolgreich gelöscht? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.06.2011, 16:30
| #2 |
 | Metropolitan-Police Trojaner mit Systemwiederherstellung erfolgreich gelöscht? ok, das GMER hat leider auch beim zweiten mal nicht funktioniert.
__________________hier das osam-log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:23:11 on 22.06.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "47718831" (47718831) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\47718831.sys "47718832 Boot Guard Driver" (47718832) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\47718832.sys "adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys "awdiapog" (awdiapog) - ? - C:\Users\Yvonne\AppData\Local\Temp\awdiapog.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\Sandra.sys "setup_9.0.0.722_20.06.2011_06-11drv" (setup_9.0.0.722_20.06.2011_06-11drv) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\4771883.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {9F2C5BFD-3CB1-419F-9F5F-90B32ADD5BA8} "AdpShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Shell\AdpWShellExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll {5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "setup_9.0.0.722_20.06.2011_06-11.lnk" - ? - C:\Users\Yvonne\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_20.06.2011_06-11\startup.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_e877e12.dll (File found, but it contains no detailed information) "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe "QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe "Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru hier der Inhalt von MBRCheck txt.document MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Compal BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv7 Notebook PC Logical Drives Mask: 0x0000001c Kernel Drivers (total 197): 0x82C3F000 \SystemRoot\system32\ntkrnlpa.exe 0x82C0C000 \SystemRoot\system32\hal.dll 0x80403000 \SystemRoot\system32\kdcom.dll 0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8047A000 \SystemRoot\system32\PSHED.dll 0x8048B000 \SystemRoot\system32\BOOTVID.dll 0x80493000 \SystemRoot\system32\CLFS.SYS 0x804D4000 \SystemRoot\system32\CI.dll 0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068C000 \SystemRoot\system32\drivers\acpi.sys 0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E3000 \SystemRoot\system32\drivers\pci.sys 0x8070A000 \SystemRoot\system32\drivers\isapnp.sys 0x80719000 \SystemRoot\system32\drivers\mpio.sys 0x80735000 \SystemRoot\System32\drivers\partmgr.sys 0x80744000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80747000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80751000 \SystemRoot\system32\drivers\volmgr.sys 0x80760000 \SystemRoot\System32\drivers\volmgrx.sys 0x807AA000 \SystemRoot\system32\drivers\intelide.sys 0x807B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x807BF000 \SystemRoot\system32\drivers\pciide.sys 0x807C6000 \SystemRoot\system32\drivers\aliide.sys 0x807CD000 \SystemRoot\system32\drivers\amdide.sys 0x807D4000 \SystemRoot\system32\drivers\cmdide.sys 0x807DC000 \SystemRoot\System32\drivers\mountmgr.sys 0x805B4000 \SystemRoot\system32\drivers\msdsm.sys 0x805CE000 \SystemRoot\system32\drivers\nvraid.sys 0x83208000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x83229000 \SystemRoot\system32\drivers\viaide.sys 0x83231000 \SystemRoot\system32\drivers\iastorv.sys 0x832D2000 \SystemRoot\system32\drivers\atapi.sys 0x832DA000 \SystemRoot\system32\drivers\ataport.SYS 0x832F8000 \SystemRoot\system32\drivers\lsi_scsi.sys 0x83312000 \SystemRoot\system32\drivers\storport.sys 0x83353000 \SystemRoot\system32\drivers\nvstor.sys 0x83360000 \SystemRoot\system32\drivers\msahci.sys 0x8336A000 \SystemRoot\system32\drivers\hpcisss.sys 0x83375000 \SystemRoot\system32\drivers\adp94xx.sys 0x8B402000 \SystemRoot\system32\drivers\adpahci.sys 0x8B44E000 \SystemRoot\system32\drivers\adpu160m.sys 0x8B469000 \SystemRoot\system32\drivers\SCSIPORT.SYS 0x8B48F000 \SystemRoot\system32\drivers\adpu320.sys 0x8B4B5000 \SystemRoot\system32\drivers\djsvs.sys 0x8B4C9000 \SystemRoot\system32\drivers\arc.sys 0x8B4DF000 \SystemRoot\system32\drivers\arcsas.sys 0x8B4F5000 \SystemRoot\system32\drivers\elxstor.sys 0x8B589000 \SystemRoot\system32\drivers\i2omp.sys 0x8B593000 \SystemRoot\system32\drivers\iirsp.sys 0x8B5A3000 \SystemRoot\system32\drivers\iteatapi.sys 0x8B5AF000 \SystemRoot\system32\drivers\iteraid.sys 0x8B5BB000 \SystemRoot\system32\drivers\lsi_fc.sys 0x8B5D5000 \SystemRoot\system32\drivers\lsi_sas.sys 0x8B5ED000 \SystemRoot\system32\drivers\megasas.sys 0x8B60A000 \SystemRoot\system32\drivers\megasr.sys 0x8B6C1000 \SystemRoot\system32\drivers\mraid35x.sys 0x8B6CC000 \SystemRoot\system32\drivers\nfrd960.sys 0x8B806000 \SystemRoot\system32\drivers\ql2300.sys 0x8B93E000 \SystemRoot\system32\drivers\ql40xx.sys 0x8B993000 \SystemRoot\system32\drivers\sisraid2.sys 0x8B9A0000 \SystemRoot\system32\drivers\sisraid4.sys 0x8B9B5000 \SystemRoot\system32\drivers\symc8xx.sys 0x8B9C1000 \SystemRoot\system32\drivers\sym_hi.sys 0x8B9CC000 \SystemRoot\system32\drivers\sym_u3.sys 0x8B6DA000 \SystemRoot\system32\drivers\uliahci.sys 0x8B9D7000 \SystemRoot\system32\drivers\ulsata.sys 0x8B716000 \SystemRoot\system32\drivers\ulsata2.sys 0x8B742000 \SystemRoot\system32\drivers\vsmraid.sys 0x8B763000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B795000 \SystemRoot\system32\drivers\fileinfo.sys 0x8BA0D000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BA7E000 \SystemRoot\system32\drivers\ndis.sys 0x8BB89000 \SystemRoot\system32\drivers\msrpc.sys 0x8BBB4000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BC05000 \SystemRoot\System32\drivers\tcpip.sys 0x8BCEF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BE03000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BF13000 \SystemRoot\system32\drivers\wd.sys 0x8BF1B000 \SystemRoot\system32\drivers\volsnap.sys 0x8BF54000 \SystemRoot\System32\Drivers\spldr.sys 0x8BF5C000 \SystemRoot\system32\drivers\sbp2port.sys 0x8BF71000 \SystemRoot\System32\Drivers\mup.sys 0x8BF80000 \SystemRoot\System32\drivers\ecache.sys 0x8BFA7000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x8BFB0000 \SystemRoot\system32\drivers\disk.sys 0x8BFC1000 \SystemRoot\system32\drivers\crcdisk.sys 0x8BFCA000 \SystemRoot\system32\DRIVERS\47718832.sys 0x8BD0A000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8BD15000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8BD1E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8BFF9000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8FE0A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90524000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x905C4000 \SystemRoot\System32\drivers\watchdog.sys 0x905D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8BD2D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x905DB000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8BD6B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8F60D000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x8F994000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8F9B6000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8F9C6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8F9D4000 \SystemRoot\system32\DRIVERS\jmcr.sys 0x8F9EB000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8F600000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x905EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8B7A5000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8F605000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x905F5000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8B7D4000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BBEF000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x833DF000 \SystemRoot\system32\DRIVERS\enecir.sys 0x8FE00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x90606000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x90635000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90640000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90657000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90662000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x90685000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x90694000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x906A8000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x906BD000 \SystemRoot\system32\DRIVERS\termdd.sys 0x906CD000 \SystemRoot\system32\DRIVERS\swenum.sys 0x906CF000 \SystemRoot\system32\DRIVERS\ks.sys 0x906F9000 \SystemRoot\system32\DRIVERS\circlass.sys 0x90707000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x90711000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9071E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x90753000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90764000 \SystemRoot\system32\DRIVERS\stwrt.sys 0x907C6000 \SystemRoot\system32\DRIVERS\portcls.sys 0x91204000 \SystemRoot\system32\DRIVERS\drmk.sys 0x91229000 \SystemRoot\system32\drivers\nvhda32v.sys 0x91237000 \SystemRoot\system32\DRIVERS\hidir.sys 0x91242000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x91252000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x91259000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x91262000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9126A000 \SystemRoot\system32\DRIVERS\4771883.sys 0x912BA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x912C3000 \SystemRoot\System32\Drivers\Null.SYS 0x912CA000 \SystemRoot\System32\Drivers\Beep.SYS 0x912D1000 \SystemRoot\System32\drivers\vga.sys 0x912DD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x912FE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x91306000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9130E000 \SystemRoot\System32\Drivers\Msfs.SYS 0x91319000 \SystemRoot\System32\Drivers\Npfs.SYS 0x91327000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x91330000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91346000 \SystemRoot\system32\DRIVERS\smb.sys 0x9135A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9138C000 \SystemRoot\system32\drivers\afd.sys 0x913D4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x913EA000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8B7EC000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x91608000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x91644000 \SystemRoot\system32\drivers\nsiproxy.sys 0x9164E000 \SystemRoot\System32\Drivers\dfsc.sys 0x91802000 \SystemRoot\system32\DRIVERS\47718831.sys 0x91D22000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x91D39000 \SystemRoot\System32\Drivers\usbvideo.sys 0x91D5A000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91D67000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x91D72000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x9A4F0000 \SystemRoot\System32\win32k.sys 0x91D7C000 \SystemRoot\System32\drivers\Dxapi.sys 0x91D86000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9A710000 \SystemRoot\System32\TSDDD.dll 0x9A730000 \SystemRoot\System32\ATMFD.DLL 0x9A780000 \SystemRoot\System32\cdd.dll 0x91D95000 \SystemRoot\system32\drivers\luafv.sys 0x91665000 \SystemRoot\system32\drivers\spsys.sys 0x91DB0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x91DC0000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x91DEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x91715000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x91728000 \SystemRoot\system32\drivers\HTTP.sys 0x91795000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x917B2000 \SystemRoot\system32\DRIVERS\bowser.sys 0x917CB000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8BFD7000 \SystemRoot\system32\drivers\mrxdav.sys 0x917E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA2A0E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA2A47000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA2A5F000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA2A87000 \SystemRoot\System32\DRIVERS\srv.sys 0xA2AEE000 \SystemRoot\System32\Drivers\adfs.SYS 0xA2AFF000 \SystemRoot\system32\drivers\peauth.sys 0xA2BDD000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA2BE7000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA2AD6000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA2BF3000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xD6A04000 \??\C:\Users\Yvonne\AppData\Local\Temp\awdiapog.sys 0x77A60000 \WINDOWS\System32\ntdll.dll Processes (total 75): 0 System Idle Process 4 System 452 C:\WINDOWS\System32\smss.exe 572 csrss.exe 624 C:\WINDOWS\System32\wininit.exe 636 csrss.exe 668 C:\WINDOWS\System32\services.exe 680 C:\WINDOWS\System32\lsass.exe 688 C:\WINDOWS\System32\lsm.exe 836 C:\WINDOWS\System32\svchost.exe 880 C:\WINDOWS\System32\nvvsvc.exe 908 C:\WINDOWS\System32\svchost.exe 944 C:\WINDOWS\System32\svchost.exe 1012 C:\WINDOWS\System32\svchost.exe 1040 C:\WINDOWS\System32\svchost.exe 1052 C:\WINDOWS\System32\svchost.exe 1112 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe 1152 C:\WINDOWS\System32\winlogon.exe 1196 C:\WINDOWS\System32\audiodg.exe 1416 C:\WINDOWS\System32\svchost.exe 1436 C:\WINDOWS\System32\SLsvc.exe 1460 C:\WINDOWS\System32\svchost.exe 1536 C:\WINDOWS\System32\rundll32.exe 1560 C:\WINDOWS\System32\hpservice.exe 1704 C:\WINDOWS\System32\svchost.exe 1912 C:\WINDOWS\System32\spoolsv.exe 1944 C:\WINDOWS\System32\svchost.exe 552 C:\WINDOWS\System32\dwm.exe 576 C:\WINDOWS\System32\taskeng.exe 440 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe 684 C:\WINDOWS\System32\svchost.exe 952 C:\WINDOWS\System32\svchost.exe 1556 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 444 C:\WINDOWS\explorer.exe 2096 C:\WINDOWS\System32\svchost.exe 2116 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2164 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe 2176 C:\WINDOWS\System32\taskeng.exe 2252 C:\WINDOWS\SMINST\BLService.exe 2296 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2332 C:\WINDOWS\System32\svchost.exe 2408 C:\WINDOWS\System32\svchost.exe 2460 C:\WINDOWS\System32\SearchIndexer.exe 2976 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2992 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3012 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe 3020 C:\Program Files\pdf24\pdf24.exe 3028 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3124 C:\Program Files\DivX\DivX Update\DivXUpdate.exe 3160 C:\Program Files\IDT\WDM\sttray.exe 3264 C:\WINDOWS\System32\rundll32.exe 3304 C:\Program Files\Windows Sidebar\sidebar.exe 3312 C:\Program Files\Windows Media Player\wmpnscfg.exe 3352 C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe 3432 C:\Program Files\OpenOffice.org 3\program\soffice.exe 3452 C:\Program Files\OpenOffice.org 3\program\soffice.bin 3520 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 3560 WmiPrvSE.exe 3704 C:\Program Files\Windows Media Player\wmpnetwk.exe 3780 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 2928 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 3100 C:\WINDOWS\System32\svchost.exe 2596 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2708 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 3660 C:\Program Files\7-Zip\7zFM.exe 532 C:\Users\Yvonne\Desktop\osam.exe 1396 C:\WINDOWS\System32\notepad.exe 1264 C:\Program Files\Mozilla Firefox\firefox.exe 3392 C:\Program Files\Internet Explorer\iexplore.exe 1552 C:\Program Files\Internet Explorer\iexplore.exe 3772 C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe 5672 C:\WINDOWS\System32\SearchFilterHost.exe 5920 C:\WINDOWS\System32\SearchProtocolHost.exe 3328 C:\Users\Yvonne\Desktop\MBRCheck.exe 4636 C:\WINDOWS\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`43f00000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 8909 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
|
| Themen zu Metropolitan-Police Trojaner mit Systemwiederherstellung erfolgreich gelöscht? |
| abend, adware.widgitoolbar, de-cleaner, ellung, erfolgreich, gelöscht, gestern, kaspersky, laufe, laufen, metropolitan police, morgen, pavilion, police, problemlos, recht, schnell, schonmal, stand, systems, systemwiederherstellung, troja, trojaner, win32/adware.toolbar.dealio |
Hybrid-Darstellung
