Windows Gesperrt |
||
---|---|---|
#0
| ||
11.02.2012, 09:14
...neu hier
Beiträge: 4 |
||
|
||
11.02.2012, 16:01
Member
Beiträge: 420 |
#2
Hi
Das ist der "BKA-Trojaner". Mache nun bitte folgendes: 1. Installiere Malwarebytes http://www.malwarebytes.org/ (Download Now) lasse die Aktualisierung zu, führe einen Quick Scan durch, lasse evtl. Funde von Malwarebytes entfernen und poste anschließend das Log. 2. OTL http://oldtimer.geekstogo.com/OTL.exe Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein: Zitat msconfigund klicke auf Scan. Poste die OTL.txt und Extras.txt Falls Du die Schritte nicht durchführen kannst, weil der Windows gesperrt ist, folge zuerst dieser Anleitung: http://board.protecus.de/t41574.htm |
|
|
||
13.02.2012, 19:04
...neu hier
Themenstarter Beiträge: 4 |
#3
Okay.
13.02.2012 18:52:57 mbam-log-2012-02-13 (18-52-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 160365 Laufzeit: 3 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{71B9B54C-4904-C6FB-9CFE-84F4B1D7F71F} (Trojan.FakeMS) -> Daten: C:\Users\Hans\AppData\Roaming\Monu\ohyw.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Zbot.CBCGen) -> Daten: C:\Users\Hans\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) OTL logfile created on: 13.02.2012 18:59:59 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hans\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,56% Memory free 4,00 Gb Paging File | 3,48 Gb Available in Paging File | 87,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 230,47 Gb Total Space | 181,29 Gb Free Space | 78,66% Space Free | Partition Type: NTFS Drive D: | 48,89 Gb Total Space | 48,72 Gb Free Space | 99,65% Space Free | Partition Type: NTFS Drive H: | 1,87 Gb Total Space | 1,75 Gb Free Space | 93,81% Space Free | Partition Type: FAT Computer Name: HANS-PC | User Name: Hans | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.02.13 18:54:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Downloads\OTL.exe PRC - [2012.02.12 10:07:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.02.12 10:07:44 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.08.08 15:43:57 | 005,612,496 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2003.05.19 20:16:04 | 000,120,320 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011.10.24 08:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.05 00:48:34 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.09.05 00:48:27 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.12.11 12:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012.02.13 18:52:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.12.09 08:48:03 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009.07.13 23:02:52 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2009.07.13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [1999.06.30 01:49:10 | 000,023,200 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ppsio2.sys -- (ppsio2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-109566741-2531066373-4014298588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKU\S-1-5-21-109566741-2531066373-4014298588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.12 10:07:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.03 15:13:42 | 000,000,000 | ---D | M] [2010.08.08 15:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions [2012.02.13 18:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\na9jj24o.default\extensions [2012.02.13 18:22:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\na9jj24o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.12 17:02:50 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\na9jj24o.default\extensions\toolbar@ask.com [2010.08.08 15:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.12 10:07:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.05.08 13:35:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.08 13:35:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.08 13:35:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.08 13:35:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.08 13:35:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.08 13:35:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-109566741-2531066373-4014298588-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [OneTouch Monitor] C:\Programme\Visioneer OneTouch\OneTouchMon.exe (Visioneer) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hans\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{487FA453-AF6A-4CAB-93C4-1C06ED575B5C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{756B2F76-93D9-4CAA-93E2-2656EE26F0EF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BBFE606-4116-47E1-A02B-DAB917DCBA89}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E4588F-9871-47CA-A09D-6A48A59E48D0}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.02.13 18:51:48 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.02.13 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Malwarebytes [2012.02.13 18:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.13 18:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.13 18:51:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.13 18:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.13 18:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.02.12 08:56:03 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\DVDVideoSoft [2012.02.12 08:55:54 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.02 19:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab [2012.01.26 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Onqu [2012.01.26 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Monu [2010.08.11 14:08:05 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.02.13 18:56:39 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jcjtufo.sys [2012.02.13 18:52:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.02.13 18:51:35 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.13 18:51:35 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.13 18:51:35 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.13 18:51:35 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.13 18:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.13 18:46:51 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys [2012.02.13 18:45:20 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.02.13 18:15:16 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.13 18:15:16 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.26 20:41:12 | 000,001,076 | ---- | M] () -- C:\Windows\cdplayer.ini [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.02.13 18:56:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jcjtufo.sys [2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.08.11 14:08:10 | 000,090,112 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.08.11 14:08:09 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.08.11 14:08:05 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd3.exe [2010.08.11 14:07:51 | 000,020,480 | ---- | C] () -- C:\Windows\CameraFixer.exe [2010.08.11 13:32:21 | 000,023,200 | ---- | C] () -- C:\Windows\System32\drivers\ppsio2.sys [2010.08.11 13:32:10 | 000,001,038 | ---- | C] () -- C:\Windows\maxlink.ini [2010.08.11 13:32:10 | 000,000,090 | ---- | C] () -- C:\Windows\calera.ini [2010.08.11 13:32:07 | 000,269,312 | ---- | C] () -- C:\Windows\System32\FPXIG.DLL [2010.08.11 13:32:07 | 000,068,096 | ---- | C] () -- C:\Windows\System32\IGFPX32P.DLL [2010.08.11 13:32:07 | 000,065,024 | ---- | C] () -- C:\Windows\System32\JPEGACC.DLL [2010.08.11 13:32:02 | 000,101,376 | ---- | C] () -- C:\Windows\System32\WELSOF32.DLL [2010.08.11 07:55:16 | 000,001,076 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.08.11 07:28:25 | 000,013,668 | ---- | C] () -- C:\Windows\hplj1010.ini [2010.08.08 16:29:27 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2010.08.08 16:29:27 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2010.08.08 16:29:26 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe [2010.08.08 16:29:26 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll [2010.08.08 16:29:26 | 000,000,000 | ---- | C] () -- C:\Windows\Wininit.ini [2010.08.08 16:29:25 | 000,266,240 | ---- | C] () -- C:\Windows\CMIUninstall.exe [2010.08.08 16:29:25 | 000,225,280 | ---- | C] () -- C:\Windows\CmiRmRedundDir.exe [2010.08.08 16:29:25 | 000,028,672 | ---- | C] () -- C:\Windows\CMIRmDriver.dll [2010.08.08 15:16:16 | 000,000,055 | ---- | C] () -- C:\Windows\System32\everest_cpl.ini [2010.08.08 14:53:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.08.08 14:53:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.07.14 09:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,342,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2005.01.18 12:34:36 | 000,069,632 | ---- | C] () -- C:\Windows\System32\akrip32.dll [2004.11.09 10:08:20 | 000,864,256 | ---- | C] () -- C:\Windows\System32\FreeImage.dll [2003.11.18 00:29:04 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2003.08.29 10:24:06 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL [2002.12.03 20:47:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [color=#E56717]========== LOP Check ==========[/color] [2011.05.07 08:27:03 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\cerasus.media [2012.02.13 18:22:30 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\DVDVideoSoft [2012.02.12 08:55:54 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.12 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Gaijin Ent [2011.01.10 21:14:26 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Mies [2012.02.13 18:56:39 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Monu [2012.01.26 20:35:27 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Onqu [2011.09.22 21:58:50 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Samsung [2010.08.08 15:58:00 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\TuneUp Software [2011.01.10 15:09:40 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Urqei [2012.02.13 18:45:20 | 000,000,498 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.11.07 22:46:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > |
|
|
||
13.02.2012, 19:17
...neu hier
Themenstarter Beiträge: 4 |
#4
Ich kann wieder normal ins Internet,Danke.Ich Glaube auch das der Trojaner von bestimmten Seiten kommt eine Freundin hat ihn auch und er kam als sie auf der Seite Dailymotion.com/de war.Aber er kann von fast jeder Seite sein denke ich mal.Vielen Dank
|
|
|
||
13.02.2012, 19:54
Member
Beiträge: 420 |
#5
Zitat Ich kann wieder normal ins Internet,Danke.Das ist gut. Trotzdem sollten wir das System richtig durchchecken, sonst könnte es sein, dass die Probleme nach kurzer Zeit von Vorne beginnen. Da Du Vista hast: starte bitte alle Tools ab jetzt mit Rechtsklick "Als Administrator" (wichtig). 1.Starte OTL, kopiere unten in das Skript-Feld rein: Zitat
und klicke auf Fix. Poste bitte das Fix-Log. 2. Lade bitte diese Datei Zitat C:\Windows\System32\drivers\jcjtufo.sysbei VirusTotal https://www.virustotal.com/ hoch, und poste den Link (einfach aus der Adresszeile des Browsers herauskopieren) zum Ergebnis der Untersuchung. 3. Lade aswmbr von avast! herunter http://public.avast.com/~gmerek/aswMBR.exe Starte das Programm wähle "Ja" bei der Frage nach avast-Engine. Klicke auf Scan Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (nichts "Fixen") |
|
|
||
13.02.2012, 20:34
...neu hier
Themenstarter Beiträge: 4 |
#6
Ok
All processes killed ========== OTL ========== C:\Users\Hans\AppData\Roaming\Mies folder moved successfully. C:\Users\Hans\AppData\Roaming\Monu folder moved successfully. C:\Users\Hans\AppData\Roaming\Onqu folder moved successfully. C:\Users\Hans\AppData\Roaming\Urqei folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hans ->Temp folder emptied: 5274170 bytes ->Temporary Internet Files folder emptied: 32989918 bytes ->FireFox cache emptied: 80495931 bytes ->Flash cache emptied: 53341 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 282896 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5411 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 114,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Hans ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02132012_200113 Files\Folders moved on Reboot... Registry entries deleted on Reboot... aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software Run date: 2012-02-13 20:16:08 ----------------------------- 20:16:08.421 OS Version: Windows 6.1.7600 20:16:08.422 Number of processors: 1 586 0xA00 20:16:08.436 ComputerName: HANS-PC UserName: Hans 20:16:09.233 Initialize success 20:18:16.023 AVAST engine defs: 12021301 20:18:41.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:18:41.439 Disk 0 Vendor: WDC_WD3000JB-00KFA0 08.05J08 Size: 286168MB BusType: 3 20:18:41.461 Disk 0 MBR read successfully 20:18:41.466 Disk 0 MBR scan 20:18:41.496 Disk 0 Windows 7 default MBR code 20:18:41.518 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 20:18:41.541 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 50067 MB offset 206848 20:18:41.564 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 235999 MB offset 102744064 20:18:41.582 Disk 0 scanning sectors +586070016 20:18:41.687 Disk 0 scanning C:\Windows\system32\drivers 20:19:01.975 Service scanning 20:19:03.711 Modules scanning 20:19:11.564 Disk 0 trace - called modules: 20:19:12.003 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 20:19:12.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a0a220] 20:19:12.029 3 CLASSPNP.SYS[896ad59e] -> nt!IofCallDriver -> [0x85586788] 20:19:12.042 5 ACPI.sys[895993b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ccc610] 20:19:13.037 AVAST engine scan C:\Windows 20:19:16.375 AVAST engine scan C:\Windows\system32 20:25:33.277 AVAST engine scan C:\Windows\system32\drivers 20:25:59.462 AVAST engine scan C:\Users\Hans 20:34:20.932 Disk 0 MBR has been saved successfully to "C:\Users\Hans\Downloads\MBR.dat" 20:34:20.952 The log file has been saved successfully to "C:\Users\Hans\Downloads\aswMBR.txt" |
|
|
||
13.02.2012, 20:59
Member
Beiträge: 420 |
#7
Das sieht gut aus. Wie siehts aus mit dem Virustotal-Ergebnis aus Schritt 2? Davon hängts ab, wie es weiter geht.
|
|
|
||
Aber was komisch ist,wenn Windows gesperrt ist müsste das Pop-Up Fenster doch auch kommen wenn das Modem aus ist.Aber wenn das Modem aus ist sehe ich ganz normal den Desktop.Verunsichert haben mich auch die Logos von verschieden Antivirenprogramme(Avira,McAfee und so)Jezt weiß ich nicht was ich machen soll.Danke im voraus