| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner entdeckt: Sperrmeldung erhaltenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.06.2012, 13:29
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner entdeckt: Sperrmeldung erhalten Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.06.2012, 14:35
| #17 |
 | Trojaner entdeckt: Sperrmeldung erhalten [code]
__________________Combofix Logfile: Code:
ATTFilter ComboFix 12-06-28.01 - *** *** 28.06.2012 15:12:12.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1031.18.6135.4347 [GMT 2:00]
ausgeführt von:: c:\users\*** ***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*** ***\AppData\Local\assembly\tmp
c:\users\*** ***\AppData\Roaming\nw.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-28 13:17 . 2012-06-28 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 12:05 . 2012-06-27 12:05 -------- d-----w- C:\_OTL
2012-06-26 03:51 . 2012-06-26 03:51 -------- d-----w- c:\program files (x86)\ESET
2012-06-22 12:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 12:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 12:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 12:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 12:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 12:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 12:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 12:41 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 12:41 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 06:53 . 2012-06-21 06:53 -------- d-----w- c:\users\*** ***\AppData\Roaming\Malwarebytes
2012-06-21 06:52 . 2012-06-21 06:52 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 15:16 . 2012-06-18 15:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-18 15:13 . 2012-06-18 15:13 -------- d-----w- c:\users\*** ***\AppData\Local\javasharedresources
2012-06-18 15:07 . 2012-06-18 15:07 -------- d--h--w- c:\program files (x86)\Zero G Registry
2012-06-18 15:07 . 2012-06-18 15:07 -------- d--h--w- c:\users\*** ***\InstallAnywhere
2012-06-18 15:06 . 2012-06-18 15:06 -------- d-----w- c:\program files (x86)\Common Files\IBM
2012-06-18 14:59 . 2012-06-18 14:59 -------- d-----w- C:\Application Data
2012-06-18 14:52 . 2012-06-18 14:52 -------- d-----w- c:\program files\Common Files\IBM
2012-06-18 14:52 . 2012-06-18 14:52 -------- d-----w- c:\program files\IBM
2012-06-14 04:00 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 04:00 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 04:00 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 04:00 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 04:00 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 03:59 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 03:59 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 03:59 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 03:59 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 03:59 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 03:59 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 03:59 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 03:59 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 03:59 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 03:59 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 03:59 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 03:59 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-06 07:39 . 2012-06-19 10:55 -------- d-----w- c:\users\*** ***\AppData\Roaming\MyPhoneExplorer
2012-06-06 07:39 . 2012-06-06 07:39 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2012-06-05 14:38 . 2012-06-05 14:38 -------- d-----w- C:\Temp
2012-06-05 14:34 . 2012-06-06 10:11 -------- d-----w- c:\users\*** ***\AppData\Local\Samsung
2012-06-05 14:34 . 2012-06-05 14:34 -------- d-----w- c:\users\*** ***\AppData\Roaming\Samsung
2012-06-05 14:31 . 2012-05-21 02:09 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-05 14:31 . 2012-05-21 02:09 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-05 14:29 . 2012-05-23 16:50 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-06-05 14:29 . 2012-06-05 14:29 -------- d-----w- c:\program files (x86)\MarkAny
2012-06-05 14:29 . 2012-06-06 10:11 -------- d-----w- c:\programdata\Samsung
2012-06-05 14:29 . 2012-06-05 14:30 -------- d-----w- c:\program files (x86)\Samsung
2012-06-05 14:10 . 2012-06-05 14:10 -------- d-----w- c:\users\*** ***\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 15:16 . 2011-07-28 06:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-05-02 13:24 . 2012-05-11 05:31 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-27 08:20 . 2012-05-11 05:31 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-05-11 05:31 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-13 08:46 . 2012-05-09 04:48 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA20CF32-5484-47EE-AA7C-A24C7A20A506}\mpengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\*** ***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\*** ***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\*** ***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-09-28 1590840]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-05-03 321328]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-07-01 842816]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*** ***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 257224]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2009-05-22 311424]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-17 35104]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-24 1436424]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-07-23 5435904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-25 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/19 01:09];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-23 19:45 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-26 83488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 15:16]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 16:03]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 16:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\*** ***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\*** ***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\*** ***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-07-23 99384]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-28 15:24:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-28 13:24
.
Vor Suchlauf: 17 Verzeichnis(se), 350'679'433'216 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 350'169'890'816 Bytes frei
.
- - End Of File - - 37AB116BA93D417E225D7CCCB2B29C9B
Gruss Rymer |
|
29.06.2012, 10:44
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner entdeckt: Sperrmeldung erhalten Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
|
29.06.2012, 13:56
| #19 |
| | Trojaner entdeckt: Sperrmeldung erhalten GMER Log [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-29 14:24:54
Windows 6.1.7601 Service Pack 1
Running: kxdjsqbq.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027134363ee
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1E 0x0B 0x44 0xDF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD8 0xAA 0xB9 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x02 0xEA 0x52 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027134363ee (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1E 0x0B 0x44 0xDF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD8 0xAA 0xB9 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x02 0xEA 0x52 0xC1 ...
---- EOF - GMER 1.0.15 ----
OSAM Log Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-29 14:48:59
-----------------------------
14:48:59.161 OS Version: Windows x64 6.1.7601 Service Pack 1
14:48:59.161 Number of processors: 8 586 0x1E05
14:48:59.161 ComputerName: RAYMONDSTUDER UserName:
14:49:06.992 Initialize success
14:49:11.001 AVAST engine defs: 12062901
14:49:27.990 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:49:28.005 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
14:49:28.021 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:49:28.021 Disk 1 Vendor: ST950042 0006 Size: 476940MB BusType: 3
14:49:28.052 Disk 0 MBR read successfully
14:49:28.052 Disk 0 MBR scan
14:49:28.068 Disk 0 unknown MBR code
14:49:28.083 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:49:28.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459677 MB offset 409600
14:49:28.130 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16959 MB offset 941828096
14:49:28.161 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:49:28.208 Disk 0 scanning C:\Windows\system32\drivers
14:49:40.516 Service scanning
14:50:04.229 Modules scanning
14:50:04.244 Disk 0 trace - called modules:
14:50:04.275 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:50:04.291 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007120790]
14:50:04.291 3 CLASSPNP.SYS[fffff8800107043f] -> nt!IofCallDriver -> [0xfffffa800702db10]
14:50:04.307 5 hpdskflt.sys[fffff880023d4189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006322050]
14:50:04.322 Scan finished successfully
14:50:31.357 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
14:50:31.513 The log file has been saved successfully to "J:\aswMBR.txt"
Rymer |
|
29.06.2012, 14:31
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner entdeckt: Sperrmeldung erhalten Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 14:51
| #21 |
| | Trojaner entdeckt: Sperrmeldung erhalten Das ging ziemlich schnell... ok? Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-29 14:48:59
-----------------------------
14:48:59.161 OS Version: Windows x64 6.1.7601 Service Pack 1
14:48:59.161 Number of processors: 8 586 0x1E05
14:48:59.161 ComputerName: *** UserName:
14:49:06.992 Initialize success
14:49:11.001 AVAST engine defs: 12062901
14:49:27.990 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:49:28.005 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
14:49:28.021 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:49:28.021 Disk 1 Vendor: ST950042 0006 Size: 476940MB BusType: 3
14:49:28.052 Disk 0 MBR read successfully
14:49:28.052 Disk 0 MBR scan
14:49:28.068 Disk 0 unknown MBR code
14:49:28.083 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:49:28.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459677 MB offset 409600
14:49:28.130 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16959 MB offset 941828096
14:49:28.161 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:49:28.208 Disk 0 scanning C:\Windows\system32\drivers
14:49:40.516 Service scanning
14:50:04.229 Modules scanning
14:50:04.244 Disk 0 trace - called modules:
14:50:04.275 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:50:04.291 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007120790]
14:50:04.291 3 CLASSPNP.SYS[fffff8800107043f] -> nt!IofCallDriver -> [0xfffffa800702db10]
14:50:04.307 5 hpdskflt.sys[fffff880023d4189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006322050]
14:50:04.322 Scan finished successfully
14:50:31.357 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
14:50:31.513 The log file has been saved successfully to "J:\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-29 15:36:52
-----------------------------
15:36:52.780 OS Version: Windows x64 6.1.7601 Service Pack 1
15:36:52.780 Number of processors: 8 586 0x1E05
15:36:52.780 ComputerName: *** UserName:
15:37:00.752 Initialize success
15:37:08.567 AVAST engine defs: 12062901
15:37:25.329 Verifying
15:37:35.375 Disk 0 Windows 601 MBR fixed successfully
15:38:41.426 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
15:38:41.551 The log file has been saved successfully to "J:\aswMBR.txt"
Rymer |
|
29.06.2012, 14:52
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner entdeckt: Sperrmeldung erhalten Du solltest auch einen nuen Scan mit aswMBR machen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 15:03
| #23 |
| | Trojaner entdeckt: Sperrmeldung erhalten Sorry... hier der neue Scan aswMBR (musste wieder mit "AV Scan: (none)") Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-29 15:59:23
-----------------------------
15:59:23.354 OS Version: Windows x64 6.1.7601 Service Pack 1
15:59:23.354 Number of processors: 8 586 0x1E05
15:59:23.354 ComputerName: *** UserName:
15:59:28.299 Initialize success
15:59:32.324 AVAST engine defs: 12062901
15:59:54.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:59:54.195 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
15:59:54.195 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:59:54.195 Disk 1 Vendor: ST950042 0006 Size: 476940MB BusType: 3
15:59:54.226 Disk 0 MBR read successfully
15:59:54.226 Disk 0 MBR scan
15:59:54.242 Disk 0 Windows 7 default MBR code
15:59:54.273 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:59:54.320 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459677 MB offset 409600
15:59:54.382 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16959 MB offset 941828096
15:59:54.445 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
15:59:54.538 Disk 0 scanning C:\Windows\system32\drivers
16:00:13.617 Service scanning
16:00:36.300 Modules scanning
16:00:36.331 Disk 0 trace - called modules:
16:00:36.362 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
16:00:36.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065cd790]
16:00:36.393 3 CLASSPNP.SYS[fffff8800105743f] -> nt!IofCallDriver -> [0xfffffa80064dba50]
16:00:36.409 5 hpdskflt.sys[fffff88002327189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006360050]
16:00:36.424 Scan finished successfully
16:00:57.438 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
16:00:57.594 The log file has been saved successfully to "J:\aswMBR6.txt"
Rymer |
|
29.06.2012, 22:33
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner entdeckt: Sperrmeldung erhalten Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner entdeckt: Sperrmeldung erhalten |
| administrator, anti-malware, autostart, bericht, code, dateien, dll, explorer, folge, gelöscht, malware, malwarebytes, microsoft, quarantäne, rundll, scan, software, speicher, sperrung des internets aufgrund von spam, system, tan, test, trojan.vundo, trojaner, virus, wlan |
Linear-Darstellung
