Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   SATA Festplatte nicht verfügbar Malware/Virus (https://www.trojaner-board.de/99293-sata-festplatte-verfuegbar-malware-virus.html)

warbringerx 19.05.2011 16:08
SATA Festplatte nicht verfügbar Malware/Virus
 
Hallo,
Ich habe ziemlich genau das selbe Problem wie einige andere hier auch. Heute kam einmal die Warnung "SATA festplatte kann nciht verwendet werden [..]" nachdem Avira einen Trojaner gefunden hat. Malewarebytes hat 10 infizierte Datein gefunden.
Meine Datein sind durch unhide.exe wieder sichtbar.
OTL Report gibts unten.
Ha, gerade als ich das schreibe findet Avira noch "JAVA/Exdoer.BV" und "TR/Ransom.Chameleon.ly" ich weiß jedoch nicht ob die was mit dem Fesplatten problem zu tun hat.

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 5/19/2011 4:40:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Quirin\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 562.60 Gb Total Space | 236.64 Gb Free Space | 42.06% Space Free | Partition Type: NTFS
Drive D: | 354.27 Gb Total Space | 313.05 Gb Free Space | 88.37% Space Free | Partition Type: NTFS
 
Computer Name: QUIRIN-PC | User Name: Quirin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-571902242-4071237047-3597003287-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"CCleaner" = CCleaner
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4523 Banner Remover 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7FA856CB-5544-449D-84C5-07A18CD51467}" = Loong
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Champions Online" = Champions Online
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"FL Studio 9" = FL Studio 9
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Gmask 1.70 English" = Gmask 1.70 English
"Hardcore" = Hardcore
"hon" = Heroes of Newerth
"IL Download Manager" = IL Download Manager
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PoiZone" = PoiZone
"Precision" = EVGA Precision 2.0.2
"PunkBusterSvc" = PunkBuster Services
"Sawer" = Sawer
"StarCraft II" = StarCraft II
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 97100" = Section 8: Prejudice
"Toxic Biohazard" = Toxic Biohazard
"TrueCrypt" = TrueCrypt
"Two Worlds II" = Two Worlds II
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.4
"Webcam Video Capture_is1" = Webcam Video Capture 4.8.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"Worms Reloaded_is1" = Worms Reloaded
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-571902242-4071237047-3597003287-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/19/2011 4:49:10 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/19/2011 4:49:10 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7035
 
Error - 5/19/2011 4:49:10 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7035
 
Error - 5/19/2011 4:49:11 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/19/2011 4:49:11 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8034
 
Error - 5/19/2011 4:49:11 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8034
 
Error - 5/19/2011 4:49:12 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/19/2011 4:49:12 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9048
 
Error - 5/19/2011 4:49:12 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9048
 
Error - 5/19/2011 10:05:20 AM | Computer Name = Quirin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe_Flash_Player.exe, Version:
1.7.8800.0, Zeitstempel: 0x4d776bb8 Name des fehlerhaften Moduls: Adobe_Flash_Player.exe,
Version: 1.7.8800.0, Zeitstempel: 0x4d776bb8 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00001149 ID des fehlerhaften Prozesses: 0x1344 Startzeit der fehlerhaften Anwendung:
0x01cc162dc4ec1c07 Pfad der fehlerhaften Anwendung: C:\Users\Quirin\AppData\Local\Temp\Adobe_Flash_Player.exe
Pfad
des fehlerhaften Moduls: C:\Users\Quirin\AppData\Local\Temp\Adobe_Flash_Player.exe
Berichtskennung:
07765bfd-8221-11e0-a3a2-0025114539ea
 
[ System Events ]
Error - 5/19/2011 10:16:43 AM | Computer Name = Quirin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?05.?2011 um 16:13:59 unerwartet heruntergefahren.
 
Error - 5/19/2011 10:17:08 AM | Computer Name = Quirin-PC | Source = PNRPSvc | ID = 102
Description =
 
Error - 5/19/2011 10:17:08 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Networking Grouping" ist vom Dienst "Peer Name Resolution
Protocol" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535
 
Error - 5/19/2011 10:17:08 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution Protocol" wurde mit folgendem Fehler
beendet: %%-2140993535
 
Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = PNRPSvc | ID = 102
Description =
 
Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = PNRPSvc | ID = 102
Description =
 
Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Networking Grouping" ist vom Dienst "Peer Name Resolution
Protocol" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535
 
Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution Protocol" wurde mit folgendem Fehler
beendet: %%-2140993535
 
Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Networking Grouping" ist vom Dienst "Peer Name Resolution
Protocol" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535
 
Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution Protocol" wurde mit folgendem Fehler
beendet: %%-2140993535
 
 
< End of report >
--- --- ---


So...
Avira hat nichts mehr gefunden und malewarbytes auch nicht.
Wenn ich auf den Windowsbutton links unten klicke sehe ich aber die Shotcutsymbole nicht.
Problem behoben?

cosinus 19.05.2011 19:20
Zitat:
Malewarebytes hat 10 infizierte Datein gefunden.
Und wo ist das Log dazu?

warbringerx 26.05.2011 17:02
Hier zur Vollständigkeit.
Ich hatte aber keine Probleme mehr; steht ja auch da alles gelöscht usw.
-----------------------------------------------------
www.malwarebytes.org

Datenbank Version: 6609

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.05.2011 16:11:51
mbam-log-2011-05-19 (16-11-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172680
Laufzeit: 1 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
c:\programdata\lnaptpqehmuno.exe (Rogue.Installer.Gen) -> 3288 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnAPTpQehMuNO (Rogue.Installer.Gen) -> Value: lnAPTpQehMuNO -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\lnaptpqehmuno.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Quirin\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Quirin\AppData\Local\Temp\jar_cache4061105179442696498.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Quirin\AppData\Local\Temp\tmp855B.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Quirin\AppData\Local\Temp\tmp9EF3.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

cosinus 26.05.2011 19:40
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131