Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Facebook Trojaner

Facebook Trojaner


Log-Analyse und Auswertung: Facebook Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.10.2011, 10:33   #4
paolo6
 
Facebook Trojaner - Standard

Facebook Trojaner


Hier die gewünschten Texte:

OTL:
Nach dem klicken auf Fix kam eine Fehlermeldung"bitte FloppydiskE einlegen" oder sowas in der Art. Hat dann aber dennoch einen Neustart gemacht.

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ogeserazur not found.
File E:\autorun.inf not found.
File G:\autorun.inf not found.
File H:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
File E:\DM_Setup_3.0.0.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\autorun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Paolo
->Temp folder emptied: 86261 bytes
->Java cache emptied: 1417359 bytes
->FireFox cache emptied: 95944532 bytes
->Flash cache emptied: 4177 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 482617 bytes
RecycleBin emptied: 137778 bytes

Total Files Cleaned = 95,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10262011_103004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-26 11:27:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 SAMSUNG_HD252HJ rev.1AC01118
Running: wfhsddgy.exe; Driver: C:\Users\Paolo\AppData\Local\Temp\fwloapod.sys


---- System - GMER 1.0.15 ----

SSDT            A20A9D4C                                                                                                            ZwCreateThread
SSDT            A20A9D38                                                                                                            ZwOpenProcess
SSDT            A20A9D3D                                                                                                            ZwOpenThread
SSDT            A20A9D47                                                                                                            ZwTerminateProcess

INT 0x52        ?                                                                                                                   8538EBF8
INT 0x62        ?                                                                                                                   8538EBF8
INT 0x63        ?                                                                                                                   8538EBF8
INT 0x84        ?                                                                                                                   86DC7BF8
INT 0xB3        ?                                                                                                                   8538EBF8
INT 0xB4        ?                                                                                                                   86DC7BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                       828AC9A4 4 Bytes  [4C, 9D, 0A, A2]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                       828ACB74 4 Bytes  [38, 9D, 0A, A2]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                       828ACB90 4 Bytes  [3D, 9D, 0A, A2]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                       828ACDA4 4 Bytes  [47, 9D, 0A, A2]
?               System32\Drivers\spnw.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               8AFBF41B 5 Bytes  JMP 86DC71D8 
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q                                                                                  92B06000 80 Bytes  [90, 90, 90, 90, 90, 8B, FF, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 51                                                                             92B06051 176 Bytes  [75, 0A, 39, 50, 58, 0F, 94, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 102                                                                            92B06102 36 Bytes  [74, 13, 56, 68, C0, E4, B3, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 127                                                                            92B06127 76 Bytes  [EC, 8B, 45, 18, 33, D2, 3B, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 174                                                                            92B06174 520 Bytes  [0C, B4, 92, 83, C4, 28, 5E, ...]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + E                                                                92B0637D 3 Bytes  [BC, E0, B3]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 12                                                               92B06381 771 Bytes  [8B, 4D, 08, 8A, 09, 80, F9, ...]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 316                                                              92B06685 10 Bytes  [00, 00, 84, C0, 74, 37, A1, ...]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 321                                                              92B06690 370 Bytes  [3D, 00, 00, B4, 92, 74, 18, ...]
.text           csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 162                                                                    92B06803 24 Bytes  [C0, 74, 13, 8B, 40, 10, 8B, ...]
.text           csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 17B                                                                    92B0681C 347 Bytes  [E0, B3, 92, 8B, 45, E4, 66, ...]
.text           csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 2D7                                                                    92B06978 175 Bytes  [89, 48, 20, 8B, 0D, B0, 0F, ...]
.text           csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 2                                                        92B06A28 122 Bytes  CALL D83870B7 
.text           csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 7D                                                       92B06AA3 626 Bytes  [74, 37, 8B, 7D, D0, 83, 7F, ...]
.text           csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 2F0                                                      92B06D16 204 Bytes  [70, 14, FF, 70, 10, E8, 59, ...]
.text           csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + B4                                               92B06DE3 158 Bytes  [00, 00, C1, E8, 06, A8, 01, ...]
.text           csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + 153                                              92B06E82 361 Bytes  CALL 92B0FA93 \SystemRoot\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation)
.text           csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + 2BD                                              92B06FEC 107 Bytes  [F8, 59, F3, A5, C6, 40, 03, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 16                                                                         92B07058 412 Bytes  [45, F4, 8B, 0B, 8B, 49, 60, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 1B3                                                                        92B071F5 316 Bytes  [90, 90, 8B, FF, 55, 8B, EC, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 2F0                                                                        92B07332 160 Bytes  [18, FF, 75, F8, 68, C0, E4, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 391                                                                        92B073D3 72 Bytes  [0F, 94, C1, FE, C9, 80, E1, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 3DA                                                                        92B0741C 169 Bytes  [A1, 00, 00, B4, 92, 80, 7D, ...]
.text           ...                                                                                                                 
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + 45                                                                             92B091CF 116 Bytes  CALL 92B4D27C \SystemRoot\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation)
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + BA                                                                             92B09244 40 Bytes  [F6, 45, FB, 01, 0F, 84, 93, ...]
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + E3                                                                             92B0926D 128 Bytes  [00, B4, 92, 3D, 00, 00, B4, ...]
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + 164                                                                            92B092EE 166 Bytes  [FF, FF, FF, 50, 53, 57, E8, ...]
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + 20B                                                                            92B09395 54 Bytes  [04, FF, FF, FD, FF, A1, 00, ...]
.text           ...                                                                                                                 
?               C:\Windows\system32\drivers\csc.sys                                                                                 suspicious PE modification
?               C:\Users\Paolo\AppData\Local\Temp\ALSysIO.sys                                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtProtectVirtualMemory                                              77434B84 5 Bytes  JMP 00DD000A 
.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtWriteVirtualMemory                                                774354C4 5 Bytes  JMP 00DE000A 
.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!KiUserExceptionDispatcher                                           77435BF8 5 Bytes  JMP 00DA000A 
.text           C:\Windows\system32\svchost.exe[1220] USER32.dll!WindowFromPoint                                                    761C884F 5 Bytes  JMP 013F000A 
.text           C:\Windows\system32\svchost.exe[1220] USER32.dll!GetForegroundWindow                                                761D32C4 5 Bytes  JMP 0140000A 
.text           C:\Windows\system32\svchost.exe[1220] USER32.dll!GetCursorPos                                                       761E0B88 5 Bytes  JMP 0136000A 
.text           C:\Windows\system32\svchost.exe[1220] ole32.dll!CoCreateInstance                                                    772D9F3E 5 Bytes  JMP 0135000A 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              85D251F8
Device          \FileSystem\fastfat \FatCdrom                                                                                       88C781F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{8B312908-BB77-43FD-9B45-3F2A7F0B5E48}                                            884CB500
Device          \Driver\volmgr \Device\VolMgrControl                                                                                85D221F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    86FBB1F8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    86FBA1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              85D221F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              85D221F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{5E178F13-0F73-4992-91F4-9220851955A4}                                            884CB500
Device          \Driver\cdrom \Device\CdRom0                                                                                        86FDB500
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         85D241F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5                                                                         85D241F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6                                                                         85D241F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4                                                                         85D241F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              85D221F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        86FDB500
Device          \Driver\USBSTOR \Device\00000066                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              85D221F8
Device          \Driver\cdrom \Device\CdRom2                                                                                        86FDB500
Device          \Driver\USBSTOR \Device\00000067                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              85D221F8
Device          \Driver\USBSTOR \Device\00000068                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                              85D221F8
Device          \Driver\USBSTOR \Device\00000069                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume7                                                                              85D221F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                             884CB500
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                              85D221F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                      884BC1F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                  870B2500
Device          \Driver\USBSTOR \Device\0000006a                                                                                    86FBE1F8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    86FBB1F8
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    86FBA1F8
Device          \Driver\USBSTOR \Device\0000006e                                                                                    86FBE1F8
Device          \Driver\USBSTOR \Device\0000006f                                                                                    86FBE1F8
Device          \FileSystem\fastfat \Fat                                                                                            88C781F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                              88C7C1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x61 0xBC 0x4C 0xF9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xC8 0x89 0x28 0xD9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x2B 0x59 0xF8 0xC7 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x61 0xBC 0x4C 0xF9 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xC8 0x89 0x28 0xD9 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x2B 0x59 0xF8 0xC7 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\$NtUninstallKB61418$\1653587957                                                                          0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307                                                                          0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\@                                                                        2048 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\bckfg.tmp                                                                793 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\cfg.ini                                                                  176 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\Desktop.ini                                                              4608 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\keywords                                                                 0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\kwrd.dll                                                                 208896 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\L                                                                        0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\L\vhtmwbun                                                               351744 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U                                                                        0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\00000001.@                                                             1536 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\00000002.@                                                             209920 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\00000004.@                                                             1024 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\80000000.@                                                             1024 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\80000004.@                                                             12800 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\80000032.@                                                             73216 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

Unaufgefordete Werbung kommt leider immer noch,auch schaltet sich manchmal die Windows Firewall aus und wenn ich versuche sie wieder zu aktivieren kommt die Fehlermeldung"Windows konnte Firewall nicht aktivieren".

Grüße Paolo!
Geändert von paolo6 (26.10.2011 um 10:52 Uhr)

 

Themen zu Facebook Trojaner
4d36e972-e325-11ce-bfc1-08002be10318, andere, anderen, anfang, beiträge, board, c:\windows\system32\rundll32.exe, cdburnerxp, dankbar, dauernd, emsisoft, emsisoft anti-malware, facebook trojaner, facebook trojaner link, funktionier, funktioniert, funktioniert nicht, funktioniert nicht mehr, google earth, hoffe, hänge, interne, internet, leute, liebe, lieben, nicht mehr, nvlddmkm.sys, nvstor.sys, richtig, scans, security update, troja, trojane, trojaner, vodafone, weitergeleitet, werbeseite, wirklich, wrapper


« JAVA/Exdoer.GF auf meinem Pc? | Teile meines Laptops sind nur noch als Verknüpfungen da!?! »


Ähnliche Themen: Facebook Trojaner


  1. Facebook-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (8)
  2. Facebook-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (6)
  3. Facebook-Trojaner ?
    Log-Analyse und Auswertung - 16.01.2012 (9)
  4. Facebook Trojaner
    Log-Analyse und Auswertung - 22.11.2011 (3)
  5. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  6. Facebook Trojaner und Co. KG
    Plagegeister aller Art und deren Bekämpfung - 15.11.2011 (30)
  7. Facebook Trojaner
    Log-Analyse und Auswertung - 10.11.2011 (2)
  8. Facebook-Trojaner/Virus
    Log-Analyse und Auswertung - 31.10.2011 (29)
  9. Trojaner von Facebook
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (1)
  10. Facebook-Trojaner eingefangen
    Log-Analyse und Auswertung - 27.10.2011 (16)
  11. allezdax, facebook, trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (3)
  12. Trojaner-Infektion aus Facebook
    Log-Analyse und Auswertung - 04.09.2011 (50)
  13. Facebook Trojaner
    Log-Analyse und Auswertung - 31.08.2011 (17)
  14. Facebook Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.08.2011 (5)
  15. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  16. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  17. Mit Trojaner (Worm.KoobFace) über Facebook infiziert/Trojaner verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Facebook Trojaner - Hier die gewünschten Texte: OTL: Nach dem klicken auf Fix kam eine Fehlermeldung"bitte FloppydiskE einlegen" oder sowas in der Art. Hat dann aber dennoch einen Neustart gemacht. All processes killed - Facebook Trojaner...
Archiv
Du betrachtest: Facebook Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132