| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: CMD Fenster öffnet sich nach pc start ganz kurz. Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.03.2012, 23:46
| #16 |
 |  CMD Fenster öffnet sich nach pc start ganz kurz. Virus? So hier das Log  Code:
ATTFilter ComboFix 12-03-04.02 - Kevin 05.03.2012 20:09:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.2093 [GMT 1:00]
ausgeführt von:: c:\users\Kevin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-05 bis 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-03-05 19:18 . 2012-03-05 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 09:13 . 2012-03-04 09:13 -------- d-----w- c:\users\Kevin\.vpkCache2
2012-03-03 11:15 . 2012-03-03 11:15 -------- d-----w- C:\_OTL
2012-03-03 06:28 . 2012-03-03 06:28 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-03-02 22:31 . 2012-03-02 22:32 -------- d-----w- c:\users\Kevin\dxc
2012-03-02 11:21 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F53E7A0D-DF93-4666-B981-5BFA89B2C1E3}\mpengine.dll
2012-02-28 16:22 . 2012-02-28 16:22 -------- d-----w- c:\program files (x86)\ESET
2012-02-28 16:18 . 2012-02-28 16:18 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes
2012-02-28 16:18 . 2012-02-28 16:18 -------- d-----w- c:\programdata\Malwarebytes
2012-02-28 16:18 . 2012-02-28 16:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-28 16:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-25 16:37 . 2012-02-25 16:37 -------- d-----w- c:\programdata\Ubisoft
2012-02-21 17:50 . 2012-02-21 17:50 -------- d-----w- c:\users\Kevin\AppData\Roaming\RotMG.Production
2012-02-19 16:13 . 2012-02-19 16:13 -------- d-----w- c:\users\Kevin\AppData\Local\Activision
2012-02-19 13:55 . 2012-02-19 13:56 -------- d-----w- c:\users\Kevin\NearRealityCachev12.2
2012-02-15 10:46 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 10:46 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-10 06:08 . 2012-02-10 06:08 -------- d-----w- c:\programdata\ATI
2012-02-10 06:02 . 2012-02-10 06:02 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-10 05:57 . 2012-02-10 05:57 -------- d-----w- C:\AMD
2012-02-10 05:42 . 2012-02-10 05:50 -------- d-----w- c:\program files (x86)\Driver Cleaner Pro
2012-02-08 19:18 . 2012-02-08 19:18 -------- d-----w- c:\users\Kevin\AppData\Roaming\Microsoft Corporation
2012-02-08 18:03 . 2009-07-21 00:42 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-08 18:03 . 2009-07-21 00:42 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-08 18:03 . 2009-07-21 00:42 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-08 18:03 . 2009-07-21 00:42 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-08 18:02 . 2012-02-08 18:02 -------- d-----w- c:\windows\system32\RsFx
2012-02-08 18:00 . 2012-02-08 18:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-02-08 18:00 . 2012-02-08 18:00 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-02-08 18:00 . 2012-02-08 18:00 -------- d-----w- c:\windows\SysWow64\1033
2012-02-08 18:00 . 2012-02-08 18:00 -------- d-----w- c:\windows\SysWow64\1031
2012-02-08 18:00 . 2012-02-08 18:00 -------- d-----w- c:\windows\system32\1033
2012-02-08 18:00 . 2012-02-08 18:00 -------- d-----w- c:\windows\system32\1031
2012-02-08 18:00 . 2012-02-08 18:00 -------- d-----w- c:\program files\Microsoft.NET
2012-02-08 17:56 . 2012-02-08 18:02 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-08 17:54 . 2012-02-08 18:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-02-08 17:54 . 2012-02-08 17:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-08 17:54 . 2012-02-08 17:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-08 17:54 . 2012-02-08 17:54 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-08 17:54 . 2012-02-08 17:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-08 17:53 . 2012-02-08 18:06 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2012-02-08 17:52 . 2012-02-08 18:05 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-02-08 17:50 . 2012-02-08 17:50 -------- d-----w- c:\windows\symbols
2012-02-08 17:50 . 2012-02-08 17:50 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-02-08 17:50 . 2012-02-08 17:50 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-08 17:50 . 2012-02-08 17:50 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-02-08 17:48 . 2012-02-08 17:48 -------- d-----w- c:\windows\PCHEALTH
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 06:30 . 2011-09-23 18:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 15:33 . 2011-09-27 08:29 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-14 15:33 . 2011-09-27 08:29 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-14 15:32 . 2011-09-27 08:29 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-29 04:10 . 2011-09-23 18:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 12:50 . 2012-01-29 18:38 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2012-01-24 12:50 . 2012-01-29 18:38 147472 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-01-24 12:50 . 2012-01-29 18:38 25528 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2012-01-21 17:01 . 2011-09-27 08:29 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-14 11:57 . 2012-01-14 11:57 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-14 11:57 . 2012-01-14 11:57 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-13 04:43 . 2011-12-13 04:43 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-11 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-01-04 1564368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-01-04 1564368]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\405s9y58.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|hxxp://9gag.com/|hxxp://memebase.com/|hxxp://www.elitepvpers.com/|hxxp://www.computerbild.de/release-dates/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1759596832-637370572-211249009-1000\Software\SecuROM\License information*]
"datasecu"=hex:33,34,82,50,1c,0c,e7,47,47,46,a0,4f,05,fc,49,42,2b,f0,80,0c,07,
13,5a,ef,99,d6,aa,ab,40,51,66,11,ae,cd,b9,c7,4e,36,29,09,03,79,ca,91,49,73,\
"rkeysecu"=hex:68,cd,9e,19,10,66,62,6b,85,01,df,3f,65,97,c5,da
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-05 23:41:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-05 22:41
.
Vor Suchlauf: 12 Verzeichnis(se), 353.624.383.488 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 352.536.465.408 Bytes frei
.
- - End Of File - - 8CCBB2947166327AAA8FB82B05CE9E1D
|
|
06.03.2012, 13:01
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ |
|
06.03.2012, 17:33
| #18 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Hier das log:
__________________Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-06 17:20:24
-----------------------------
17:20:24.110 OS Version: Windows x64 6.1.7601 Service Pack 1
17:20:24.110 Number of processors: 4 586 0x202
17:20:24.112 ComputerName: KEVIN-PC UserName: Kevin
17:20:25.000 Initialize success
17:20:25.388 AVAST engine defs: 12030600
17:20:42.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
17:20:42.815 Disk 0 Vendor: SAMSUNG_ CR10 Size: 476940MB BusType: 3
17:20:42.892 Disk 0 MBR read successfully
17:20:42.899 Disk 0 MBR scan
17:20:42.911 Disk 0 Windows 7 default MBR code
17:20:42.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466542 MB offset 63
17:20:42.953 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10395 MB offset 955478160
17:20:42.967 Disk 0 scanning C:\Windows\system32\drivers
17:20:49.620 Service scanning
17:21:09.124 Modules scanning
17:21:09.144 Disk 0 trace - called modules:
17:21:09.207 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
17:21:09.220 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003725060]
17:21:09.237 3 CLASSPNP.SYS[fffff8800196f43f] -> nt!IofCallDriver -> [0xfffffa8002fdae40]
17:21:09.247 5 ACPI.sys[fffff88000f0e7a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa80025d99c0]
17:21:10.118 AVAST engine scan C:\Windows
17:21:12.175 AVAST engine scan C:\Windows\system32
17:23:58.681 AVAST engine scan C:\Windows\system32\drivers
17:24:09.412 AVAST engine scan C:\Users\Kevin
17:31:19.626 AVAST engine scan C:\ProgramData
17:32:55.983 Scan finished successfully
17:33:32.116 Disk 0 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
17:33:32.131 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"
|
|
06.03.2012, 20:06
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu CMD Fenster öffnet sich nach pc start ganz kurz. Virus? |
| angst, cmd, cmd-fenster, einiger, erkenne, erkennen, fenster, gestartet, nicht erkennen, start, systemstart, trojaner, virus, virus?, öffnet |
Linear-Darstellung
