| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.07.2011, 13:30
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Kannst du lassen, sptd ist ok. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.07.2011, 16:46
| #17 |
 | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, hier der ComboFix-Log:
__________________Code:
ATTFilter ComboFix 11-07-27.01 - *user* 27.07.2011 17:22:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3003.1631 [GMT 2:00]
ausgeführt von:: c:\users\*user*\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msconfig.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\twain.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-27 bis 2011-07-27 ))))))))))))))))))))))))))))))
.
.
2011-07-27 15:30 . 2011-07-27 15:30 -------- d-----w- c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30 -------- d-----w- c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30 -------- d-----w- c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30 -------- d-----w- c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 15:19 . 2011-07-27 15:20 -------- d-----w- C:\32788R22FWJFW
2011-07-27 11:28 . 2011-07-27 11:28 -------- d-----w- C:\_OTL
2011-07-26 18:43 . 2011-07-26 18:43 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\MpKsl7c0c5e35.sys
2011-07-26 18:43 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\mpengine.dll
2011-07-25 17:54 . 2011-07-25 17:54 -------- d-----w- c:\program files\ESET
2011-07-25 16:20 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 16:20 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 18:52 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-22 18:52 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-22 18:52 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-22 18:52 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-22 18:51 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-22 18:49 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-22 18:45 . 2011-07-22 18:45 -------- d-----w- c:\users\*user*\AppData\Roaming\PC Suite
2011-07-21 15:38 . 2011-07-21 15:38 -------- d-----w- c:\users\*user*\AppData\Roaming\Boolat Games
2011-07-20 15:14 . 2002-03-25 16:44 722192 ----a-w- c:\windows\system32\VB40032.DLL
2011-07-20 15:14 . 2002-03-25 16:44 60416 ----a-w- c:\windows\ST4UNST.EXE
2011-07-20 15:14 . 2002-03-25 16:44 171520 ----a-w- c:\windows\setup132.exe
2011-07-05 18:47 . 2011-07-05 18:47 -------- d-----w- c:\program files\Basement Softworks
2011-07-05 17:55 . 2011-07-05 17:55 -------- d-----w- c:\users\*user*\dwhelper
2011-07-04 13:22 . 2011-07-04 13:22 -------- d-----w- c:\users\*user*\AppData\Local\Oleg_Zhuk
2011-07-04 12:29 . 2010-04-27 02:25 98432 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2011-07-04 12:29 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-07-04 12:29 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-07-04 12:29 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2011-07-04 12:29 . 2010-04-27 02:25 123648 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-07-04 12:29 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-07-04 12:29 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2011-07-04 12:27 . 2011-07-04 12:28 -------- d-----w- c:\users\*user*\{65149495-887c-4e76-9c8d-9ecbdc826756}
2011-07-04 12:24 . 2011-07-04 12:24 -------- d-----w- c:\users\*user*\{7b373682-0225-406a-8128-c221bf3aba21}
2011-07-04 12:15 . 2011-07-18 19:48 -------- d-----w- c:\users\*user*\AppData\Roaming\Samsung
2011-07-04 11:48 . 2011-07-04 11:48 -------- d-----w- c:\programdata\PC Suite
2011-07-04 11:48 . 2011-07-04 11:48 -------- d-----w- c:\users\*user*\AppData\Roaming\PC Suite
2011-07-04 11:36 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-07-04 11:36 . 2011-07-04 12:34 -------- d-----w- c:\program files\Samsung
2011-07-04 11:36 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-07-04 11:35 . 2011-07-18 17:40 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2011-07-04 11:34 . 2010-07-29 07:50 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2011-07-04 11:34 . 2010-06-14 00:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-07-04 11:34 . 2009-03-31 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-07-04 11:33 . 2011-07-04 11:35 -------- d-----w- c:\program files\PC Connectivity Solution
2011-07-04 11:05 . 2011-07-25 16:05 -------- d-----w- c:\users\*user*\AppData\Local\Samsung
2011-07-04 11:01 . 2011-06-07 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-07-04 11:01 . 2011-07-04 11:01 -------- d-----w- c:\program files\MarkAny
2011-07-04 11:00 . 2011-07-18 17:42 -------- d-----w- c:\users\*user*\AppData\Roaming\Samsung
2011-07-04 11:00 . 2011-07-25 16:05 -------- d-----w- c:\programdata\Samsung
2011-07-03 17:06 . 2011-07-03 17:06 -------- d-----w- c:\programdata\TomTom
2011-07-03 17:06 . 2011-07-03 17:06 -------- d-----w- c:\users\*user*\AppData\Roaming\TomTom
2011-07-03 17:06 . 2011-07-03 17:06 -------- d-----w- c:\users\*user*\AppData\Local\TomTom
2011-07-03 17:06 . 2011-07-03 17:06 -------- d-----w- c:\program files\TomTom International B.V
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 20:11 . 2011-05-17 20:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-06-10 19:47 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-07 09:13 . 2011-06-07 09:13 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-06-07 09:13 . 2011-06-07 09:13 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-06-07 09:13 . 2011-06-07 09:13 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-06-07 09:13 . 2011-06-07 09:13 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-06-07 09:13 . 2011-06-07 09:13 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-06-07 09:13 . 2011-06-07 09:13 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-06-07 09:13 . 2011-06-07 09:13 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-06-07 09:13 . 2011-06-07 09:13 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-06-07 09:13 . 2011-06-07 09:13 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-06-07 09:13 . 2011-06-07 09:13 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-06-07 09:13 . 2011-06-07 09:13 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-06-07 09:13 . 2011-06-07 09:13 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-06-07 09:13 . 2011-06-07 09:13 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-06-07 09:13 . 2011-06-07 09:13 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-06-07 09:13 . 2011-06-07 09:13 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-06-07 09:13 . 2011-06-07 09:13 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-06-07 09:13 . 2011-06-07 09:13 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-06-07 09:13 . 2011-06-07 09:13 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-06-07 09:13 . 2011-06-07 09:13 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-06-07 09:13 . 2011-06-07 09:13 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-06-07 09:13 . 2011-06-07 09:13 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-06-07 09:13 . 2011-06-07 09:13 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-05-20 14:53 . 2011-01-01 15:27 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-09 20:46 . 2011-06-09 14:58 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F43801EB-C9D0-4695-A163-5AF7793BDF79}\mpengine.dll
2011-05-04 02:52 . 2010-05-09 12:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16 . 2011-06-14 19:43 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 19:43 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 19:43 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 19:42 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 19:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 19:42 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 11:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="d:\progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"AutoStartNPSAgent"="d:\progz\Samsung PC Studio\NPSAgent.exe" [2010-07-29 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-18 1430824]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-02-20 3553280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-23 204800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-12 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-12 153624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-24 13797920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Extensions for Windows.lnk - d:\progz\Extensions\ExtensionsServer.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
Lotus Organizer EasyClip.lnk - d:\progz\Lotus\org6\organize\EASYCLIP6.EXE [2009-9-24 229433]
SetPointII.lnk - d:\progz\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^*user*^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-03-11 13:19 156968 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-11 17:31 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-03-11 13:19 202024 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\progz\Deamon\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 11:05 346672 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- d:\progz\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-03-05 12:29 173288 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R1 MpKsl7bb49d39;MpKsl7bb49d39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA789E0-8613-492F-B724-D376A8580856}\MpKsl7bb49d39.sys [x]
R1 MpKsla4d62049;MpKsla4d62049;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFBCA51B-1FA9-44D2-A35B-A10634187884}\MpKsla4d62049.sys [x]
R1 MpKslca0eafd4;MpKslca0eafd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D4DB624-3B39-41B8-93F2-84B231F06D25}\MpKslca0eafd4.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-07-04 280448]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-02 79360]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-28 721904]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-03-06 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2009-04-18 26928]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-02-20 3440640]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 TomTomHOMEService;TomTomHOMEService;d:\progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-11-03 223232]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2005-12-18 57856]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-02-25 112992]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-30 3715072]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 90433341
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MPKSL7C0C5E35
*NewlyCreated* - MPKSLE1D20C56
*Deregistered* - 90433341
*Deregistered* - MpKsle1d20c56
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:16]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - d:\progz\Lotus\org6\organize\bandobjs.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8079C50A-AF5F-4DA2-93C8-1A0A68874DBE}: NameServer = 213.191.74.19 62.109.123.197
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\*user*\AppData\Roaming\Mozilla\Firefox\Profiles\yerqz0l7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{662f5b27-1a14-48d4-b9b6-69b111d6cfde} - (no file)
WebBrowser-{662F5B27-1A14-48D4-B9B6-69B111D6CFDE} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - d:\progz\Samsung PC Studio\USB Treiber\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\progz\Samsung PC Studio\USB Treiber\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\progz\Samsung PC Studio\USB Treiber\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\progz\Samsung PC Studio\USB Treiber\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\progz\Samsung PC Studio\USB Treiber\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\progz\Samsung PC Studio\USB Treiber\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\progz\Samsung PC Studio\USB Treiber\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\progz\Samsung PC Studio\USB Treiber\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\progz\Samsung PC Studio\USB Treiber\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\progz\Samsung PC Studio\USB Treiber\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - d:\progz\Samsung PC Studio\USB Treiber\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - d:\progz\Samsung PC Studio\USB Treiber\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - d:\progz\Samsung PC Studio\USB Treiber\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\progz\Samsung PC Studio\USB Treiber\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\progz\Samsung PC Studio\USB Treiber\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\progz\Samsung PC Studio\USB Treiber\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\progz\Samsung PC Studio\USB Treiber\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\progz\Samsung PC Studio\USB Treiber\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\progz\Samsung PC Studio\USB Treiber\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\progz\Samsung Kies\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\progz\Samsung Kies\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-27 17:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-59915249-1296444255-759154618-1000\Software\SecuROM\License information*]
"datasecu"=hex:f9,ad,25,23,a0,c3,c7,1c,3f,69,13,f0,f1,8c,6d,e0,65,2e,b9,24,f8,
5c,9c,74,81,82,74,b2,7c,fb,04,ed,d4,b5,d2,03,25,d4,8b,45,37,4c,55,01,a5,60,\
"rkeysecu"=hex:31,65,33,ba,bb,a6,0b,9e,13,d7,17,df,5c,16,49,bc
.
[HKEY_USERS\S-1-5-21-59915249-1296444255-759154618-1002\Software\SecuROM\License information*]
"datasecu"=hex:f5,7f,ae,9b,85,ec,52,bc,96,41,1b,18,15,2f,0a,76,ef,2d,5d,2b,08,
8e,1d,99,6f,1f,0b,86,e7,9f,32,72,82,aa,20,e2,cd,55,78,e8,be,fe,be,e7,f6,53,\
"rkeysecu"=hex:ca,20,22,7c,fa,ce,9a,c9,35,fd,ad,ef,e6,b9,49,f3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-27 17:32:34
ComboFix-quarantined-files.txt 2011-07-27 15:32
ComboFix2.txt 2010-07-24 07:54
.
Vor Suchlauf: 20 Verzeichnis(se), 53.538.922.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 53.535.100.928 Bytes frei
.
- - End Of File - - 7413378278DA3161862A5192893C38D6
|
|
28.07.2011, 09:47
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ |
|
28.07.2011, 12:56
| #19 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, anbei GMER und OSAM. aswMBR muss ich noch machen, aber ich muss jetzt wieder ins Büro und reiche den Log dann später nach. GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-28 13:23:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: g8ds557p.exe; Driver: C:\Users\*user*\AppData\Local\Temp\uwloqpod.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 86923BF8
INT 0x72 ? 86923BF8
INT 0x82 ? 84F25BF8
INT 0x82 ? 84F25BF8
INT 0x82 ? 84F25BF8
INT 0x82 ? 84F25BF8
INT 0x82 ? 86923BF8
INT 0x82 ? 84F25BF8
INT 0x92 ? 86923BF8
INT 0xB2 ? 84F24BF8
INT 0xB2 ? 84F24BF8
INT 0xB2 ? 84F24BF8
INT 0xB2 ? 84F24BF8
INT 0xB3 ? 86923BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spau.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8EF9241B 5 Bytes JMP 869231D8
.text avu3wjs1.SYS 8A5C3000 22 Bytes [82, E3, 41, 82, 6C, E2, 41, ...]
.text avu3wjs1.SYS 8A5C3017 137 Bytes [00, 32, A7, 79, 80, 3D, A5, ...]
.text avu3wjs1.SYS 8A5C30A1 43 Bytes [30, 4F, 82, 74, 26, 49, 82, ...]
.text avu3wjs1.SYS 8A5C30CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text avu3wjs1.SYS 8A5C30DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xAE850300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xAE8A4300, 0x1BEE, 0xE8000020]
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0xAE9BC000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0xAE9DF050]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\*user*\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1436] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75C4B37C 4 Bytes [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL}
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D6] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690042] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690800] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900C0] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013E] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069FE9C] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortUchar] 838A5E8F
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8A5E60
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72F77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72FCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72F7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72F6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72F775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72F6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [72FA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [72F7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72F6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72F6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72F671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [72FFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [72F9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72F6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72F66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72F6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72F72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [100027D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2572] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00B41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 858C71F8
Device \Driver\volmgr \Device\VolMgrControl 858C31F8
Device \Driver\usbuhci \Device\USBPDO-0 869FA500
Device \Driver\usbuhci \Device\USBPDO-1 869FA500
Device \Driver\usbehci \Device\USBPDO-2 869B21F8
Device \Driver\usbuhci \Device\USBPDO-3 869FA500
Device \Driver\usbuhci \Device\USBPDO-4 869FA500
Device \Driver\usbuhci \Device\USBPDO-5 869FA500
Device \Driver\usbuhci \Device\USBPDO-6 869FA500
Device \Driver\volmgr \Device\HarddiskVolume1 858C31F8
Device \Driver\usbehci \Device\USBPDO-7 869B21F8
Device \Driver\sptd \Device\1268831978 spau.sys
Device \Driver\volmgr \Device\HarddiskVolume2 858C31F8
Device \Driver\cdrom \Device\CdRom0 869AE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 858C51F8
Device \Driver\atapi \Device\Ide\IdePort0 858C51F8
Device \Driver\atapi \Device\Ide\IdePort1 858C51F8
Device \Driver\atapi \Device\Ide\IdePort2 858C51F8
Device \Driver\atapi \Device\Ide\IdePort3 858C51F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 858C51F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 858C61F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 858C61F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 858C61F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 858C61F8
Device \Driver\volmgr \Device\HarddiskVolume3 858C31F8
Device \Driver\cdrom \Device\CdRom1 869AE1F8
Device \Driver\volmgr \Device\HarddiskVolume4 858C31F8
Device \Driver\netbt \Device\NetBt_Wins_Export 88BE61F8
Device \Driver\PCI_PNP1773 \Device\00000078 spau.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{D934D041-87F7-4D29-8E54-3F06F391E598} 88BE61F8
Device \Driver\netbt \Device\NetBT_Tcpip_{59070B74-A9BA-4839-B4A8-49B99D46C801} 88BE61F8
Device \Driver\Smb \Device\NetbiosSmb 88BBB1F8
Device \Driver\iScsiPrt \Device\RaidPort0 86F49500
Device \Driver\usbuhci \Device\USBFDO-0 869FA500
Device \Driver\usbuhci \Device\USBFDO-1 869FA500
Device \Driver\usbehci \Device\USBFDO-2 869B21F8
Device \Driver\usbuhci \Device\USBFDO-3 869FA500
Device \Driver\usbuhci \Device\USBFDO-4 869FA500
Device \Driver\usbuhci \Device\USBFDO-5 869FA500
Device \Driver\usbuhci \Device\USBFDO-6 869FA500
Device \Driver\usbehci \Device\USBFDO-7 869B21F8
Device \Driver\JMCR \Device\Scsi\JMCR1 869C81F8
Device \Driver\JMCR \Device\Scsi\JMCR2 869C81F8
Device \Driver\JMCR \Device\Scsi\JMCR3 869C81F8
Device \Driver\avu3wjs1 \Device\Scsi\avu3wjs11Port9Path0Target0Lun0 869CB1F8
Device \Driver\JMCR \Device\Scsi\JMCR4 869C81F8
Device \Driver\avu3wjs1 \Device\Scsi\avu3wjs11 869CB1F8
Device \FileSystem\cdfs \Cdfs 869811F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@0017d5950b35 0x6E 0x79 0xBC 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@e0a6709e7039 0x25 0x68 0x79 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@2013e033abd7 0x43 0x9A 0xC6 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Progz\Deamon\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0xD2 0xF4 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x32 0x20 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0x9F 0x5F 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@0017d5950b35 0x6E 0x79 0xBC 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@e0a6709e7039 0x25 0x68 0x79 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@2013e033abd7 0x43 0x9A 0xC6 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Progz\Deamon\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0xD2 0xF4 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x32 0x20 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0x9F 0x5F 0x81 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OSAM Logfile: |
|
28.07.2011, 15:26
| #20 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" So, hier aswMBR: Code:
ATTFilter aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-28 13:36:55
-----------------------------
13:36:55.001 OS Version: Windows 6.0.6002 Service Pack 2
13:36:55.001 Number of processors: 2 586 0x170A
13:36:55.001 ComputerName: *PcName* UserName: *user*
13:36:56.598 Initialize success
13:38:14.063 AVAST engine defs: 11072800
13:38:35.877 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:38:35.882 Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 3
13:38:36.642 Disk 0 MBR read successfully
13:38:36.642 Disk 0 MBR scan
13:38:36.647 Disk 0 unknown MBR code
13:38:37.352 Disk 0 scanning sectors +976771072
13:38:37.754 Disk 0 scanning C:\Windows\system32\drivers
13:39:55.087 Service scanning
13:39:55.811 Service MpKsl932da868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EC26FFF-04EF-4510-823E-7E257CF82CE0}\MpKsl932da868.sys **LOCKED** 32
13:39:55.816 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:39:55.876 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:39:56.426 Modules scanning
13:41:33.125 Disk 0 trace - called modules:
13:41:33.230 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x858c51f8]<<
13:41:33.245 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b54730]
13:41:33.260 3 CLASSPNP.SYS[8a7a58b3] -> nt!IofCallDriver -> [0x859d3390]
13:41:33.275 5 acpi.sys[805c16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8598eb98]
13:41:33.290 \Driver\atapi[0x85976b50] -> IRP_MJ_CREATE -> 0x858c51f8
13:41:34.105 AVAST engine scan C:\Windows
13:42:51.101 AVAST engine scan C:\Windows\system32
13:57:06.635 AVAST engine scan C:\Windows\system32\drivers
13:59:18.456 AVAST engine scan C:\Users\*user*
14:16:26.840 AVAST engine scan C:\ProgramData
14:30:23.140 Scan finished successfully
16:25:06.994 Disk 0 MBR has been saved successfully to "C:\Users\*user*\Desktop\MBR.dat"
16:25:06.994 The log file has been saved successfully to "C:\Users\*user*\Desktop\aswMBR.txt"
|
|
28.07.2011, 15:40
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt"Zitat:
Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten) Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ --> Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" |
|
28.07.2011, 17:49
| #22 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, mein Vista ist das einzige Betriebssystem und war bei Kauf des Laptops vorinstalliert, ich habe also keine Recovery-CD oder DVD, ich glaube aber von Acer ist irgendwas hilfreiches in der Art vorinstalliert zur Recovery, und wenn nicht das, dann zumindest zur Datensicherung. Das werde ich aber erst am Wochenende machen können, morgen ist der letzte Tag vorm Urlaub, Schreibtisch platzt  Sobald geschehen, melde ich mich! |
|
02.08.2011, 08:55
| #23 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo, ich hab soweit alle Daten gesichert und muss jetzt die ISO brennen, dafür brauch ich Rohlinge, muss ich noch besorgen hab grad keine da. Ich fahre heute Nacht für eine Woche in den Urlaub und melde mich dann danach. Wollte Bescheid sagen, nicht, dass du denkst, ich kümmere mich nicht weiter. Bis dahin eine schöne Woche! |
|
| Themen zu Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" |
| anzahl, aufrufe, aus sicherheitsgründen, befall, einloggen, folge, forum, fund, gestoppt, hack, hijack, hijackthis, lag, log, log in, malwarebytes, mbam, microsoft, microsoft security, microsoft security essential, microsoft security essentials, nicht sicher, opera, problem, prozess, prozesse, scan, security, sicherheitsgründe, sicherheitsgründen, total, trojaner, update, warnung, windows vista home, öffnen |
Linear-Darstellung
