|
Log-Analyse und Auswertung: winsvc.exe - Laptop befallen - Auf USB- Stick nur noch VerknüpfungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.11.2011, 14:12 | #16 |
| winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Das Tool hat nichts gefunden Da ich kein Fehlen von bestimmten Ordnern entdeckt habe, müsste unhide erstmal zu vernachlässigen sein. Hier die logfile von TDSSKiller: Code:
ATTFilter 14:07:54.0481 4568 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49 14:07:56.0483 4568 ============================================================ 14:07:56.0483 4568 Current date / time: 2011/11/07 14:07:56.0483 14:07:56.0483 4568 SystemInfo: 14:07:56.0483 4568 14:07:56.0483 4568 OS Version: 6.1.7601 ServicePack: 1.0 14:07:56.0483 4568 Product type: Workstation 14:07:56.0483 4568 ComputerName: CHRISTIANLAPTOP 14:07:56.0483 4568 UserName: Christian 14:07:56.0483 4568 Windows directory: C:\Windows 14:07:56.0483 4568 System windows directory: C:\Windows 14:07:56.0483 4568 Running under WOW64 14:07:56.0483 4568 Processor architecture: Intel x64 14:07:56.0484 4568 Number of processors: 8 14:07:56.0484 4568 Page size: 0x1000 14:07:56.0484 4568 Boot type: Normal boot 14:07:56.0484 4568 ============================================================ 14:07:57.0563 4568 Initialize success 14:08:36.0891 2200 ============================================================ 14:08:36.0891 2200 Scan started 14:08:36.0891 2200 Mode: Manual; SigCheck; TDLFS; 14:08:36.0891 2200 ============================================================ 14:08:36.0999 2200 1394ohci - ok 14:08:37.0007 2200 ACPI - ok 14:08:37.0014 2200 AcpiPmi - ok 14:08:37.0023 2200 adp94xx - ok 14:08:37.0029 2200 adpahci - ok 14:08:37.0039 2200 adpu320 - ok 14:08:37.0053 2200 AF9035BDA - ok 14:08:37.0067 2200 AFD - ok 14:08:37.0070 2200 agp440 - ok 14:08:37.0074 2200 aliide - ok 14:08:37.0077 2200 amdide - ok 14:08:37.0080 2200 AmdK8 - ok 14:08:37.0083 2200 AmdPPM - ok 14:08:37.0086 2200 amdsata - ok 14:08:37.0089 2200 amdsbs - ok 14:08:37.0093 2200 amdxata - ok 14:08:37.0135 2200 AppID - ok 14:08:37.0151 2200 arc - ok 14:08:37.0153 2200 arcsas - ok 14:08:37.0164 2200 AsyncMac - ok 14:08:37.0167 2200 atapi - ok 14:08:37.0183 2200 AVerPola - ok 14:08:37.0199 2200 avgntflt - ok 14:08:37.0211 2200 avipbb - ok 14:08:37.0215 2200 avkmgr - ok 14:08:37.0218 2200 AVPolCIR - ok 14:08:37.0224 2200 b06bdrv - ok 14:08:37.0235 2200 b57nd60a - ok 14:08:37.0246 2200 Beep - ok 14:08:37.0253 2200 blbdrive - ok 14:08:37.0280 2200 bowser - ok 14:08:37.0289 2200 BrFiltLo - ok 14:08:37.0291 2200 BrFiltUp - ok 14:08:37.0296 2200 Brserid - ok 14:08:37.0298 2200 BrSerIf - ok 14:08:37.0302 2200 BrSerWdm - ok 14:08:37.0304 2200 BrUsbMdm - ok 14:08:37.0306 2200 BrUsbSer - ok 14:08:37.0308 2200 BthEnum - ok 14:08:37.0311 2200 BTHMODEM - ok 14:08:37.0314 2200 BthPan - ok 14:08:37.0316 2200 BTHPORT - ok 14:08:37.0321 2200 BTHUSB - ok 14:08:37.0323 2200 btmaux - ok 14:08:37.0325 2200 btmhsf - ok 14:08:37.0328 2200 cdfs - ok 14:08:37.0331 2200 cdrom - ok 14:08:37.0336 2200 circlass - ok 14:08:37.0338 2200 CLFS - ok 14:08:37.0366 2200 clwvd - ok 14:08:37.0368 2200 CmBatt - ok 14:08:37.0370 2200 cmdide - ok 14:08:37.0373 2200 CNG - ok 14:08:37.0376 2200 Compbatt - ok 14:08:37.0379 2200 CompositeBus - ok 14:08:37.0382 2200 crcdisk - ok 14:08:37.0391 2200 DfsC - ok 14:08:37.0394 2200 discache - ok 14:08:37.0399 2200 Disk - ok 14:08:37.0413 2200 drmkaud - ok 14:08:37.0415 2200 DXGKrnl - ok 14:08:37.0419 2200 ebdrv - ok 14:08:37.0424 2200 elxstor - ok 14:08:37.0426 2200 ErrDev - ok 14:08:37.0435 2200 exfat - ok 14:08:37.0437 2200 fastfat - ok 14:08:37.0441 2200 fdc - ok 14:08:37.0445 2200 FileInfo - ok 14:08:37.0448 2200 Filetrace - ok 14:08:37.0450 2200 flpydisk - ok 14:08:37.0453 2200 FltMgr - ok 14:08:37.0457 2200 FsDepends - ok 14:08:37.0460 2200 Fs_Rec - ok 14:08:37.0463 2200 fvevol - ok 14:08:37.0465 2200 gagp30kx - ok 14:08:37.0469 2200 hcw85cir - ok 14:08:37.0471 2200 HdAudAddService - ok 14:08:37.0474 2200 HDAudBus - ok 14:08:37.0476 2200 HidBatt - ok 14:08:37.0479 2200 HidBth - ok 14:08:37.0482 2200 HidIr - ok 14:08:37.0486 2200 HidUsb - ok 14:08:37.0497 2200 hotcore3 - ok 14:08:37.0499 2200 HpSAMD - ok 14:08:37.0512 2200 HTTP - ok 14:08:37.0514 2200 hwpolicy - ok 14:08:37.0519 2200 i8042prt - ok 14:08:37.0524 2200 iaStorV - ok 14:08:37.0526 2200 iBtFltCoex - ok 14:08:37.0537 2200 igfx - ok 14:08:37.0540 2200 iirsp - ok 14:08:37.0545 2200 IntcAzAudAddService - ok 14:08:37.0553 2200 IntcDAud - ok 14:08:37.0556 2200 intelide - ok 14:08:37.0558 2200 intelppm - ok 14:08:37.0566 2200 IpFilterDriver - ok 14:08:37.0585 2200 IPMIDRV - ok 14:08:37.0599 2200 IPNAT - ok 14:08:37.0603 2200 IRENUM - ok 14:08:37.0609 2200 isapnp - ok 14:08:37.0612 2200 iScsiPrt - ok 14:08:37.0615 2200 kbdclass - ok 14:08:37.0618 2200 kbdhid - ok 14:08:37.0622 2200 KSecDD - ok 14:08:37.0624 2200 KSecPkg - ok 14:08:37.0626 2200 ksthunk - ok 14:08:37.0638 2200 LEqdUsb - ok 14:08:37.0640 2200 LHidEqd - ok 14:08:37.0643 2200 LHidFilt - ok 14:08:37.0646 2200 lltdio - ok 14:08:37.0651 2200 LMouFilt - ok 14:08:37.0659 2200 LSI_FC - ok 14:08:37.0662 2200 LSI_SAS - ok 14:08:37.0664 2200 LSI_SAS2 - ok 14:08:37.0666 2200 LSI_SCSI - ok 14:08:37.0669 2200 luafv - ok 14:08:37.0672 2200 megasas - ok 14:08:37.0675 2200 MegaSR - ok 14:08:37.0678 2200 MEIx64 - ok 14:08:37.0682 2200 Modem - ok 14:08:37.0684 2200 monitor - ok 14:08:37.0687 2200 mouclass - ok 14:08:37.0690 2200 mouhid - ok 14:08:37.0692 2200 mountmgr - ok 14:08:37.0695 2200 mpio - ok 14:08:37.0697 2200 mpsdrv - ok 14:08:37.0700 2200 MRxDAV - ok 14:08:37.0702 2200 mrxsmb - ok 14:08:37.0705 2200 mrxsmb10 - ok 14:08:37.0707 2200 mrxsmb20 - ok 14:08:37.0709 2200 msahci - ok 14:08:37.0712 2200 msdsm - ok 14:08:37.0717 2200 Msfs - ok 14:08:37.0720 2200 mshidkmdf - ok 14:08:37.0722 2200 msisadrv - ok 14:08:37.0727 2200 MSKSSRV - ok 14:08:37.0730 2200 MSPCLOCK - ok 14:08:37.0732 2200 MSPQM - ok 14:08:37.0735 2200 MsRPC - ok 14:08:37.0738 2200 mssmbios - ok 14:08:37.0764 2200 MSTEE - ok 14:08:37.0771 2200 MTConfig - ok 14:08:37.0773 2200 Mup - ok 14:08:37.0793 2200 NativeWifiP - ok 14:08:37.0804 2200 NDIS - ok 14:08:37.0807 2200 NdisCap - ok 14:08:37.0810 2200 NdisTapi - ok 14:08:37.0813 2200 Ndisuio - ok 14:08:37.0815 2200 NdisWan - ok 14:08:37.0828 2200 NDProxy - ok 14:08:37.0834 2200 NetBIOS - ok 14:08:37.0836 2200 NetBT - ok 14:08:37.0854 2200 NETwNs64 - ok 14:08:37.0857 2200 nfrd960 - ok 14:08:37.0879 2200 nmwcd - ok 14:08:37.0883 2200 nmwcdc - ok 14:08:37.0885 2200 Npfs - ok 14:08:37.0889 2200 nsiproxy - ok 14:08:37.0892 2200 Ntfs - ok 14:08:37.0894 2200 Null - ok 14:08:37.0897 2200 nusb3hub - ok 14:08:37.0899 2200 nusb3xhc - ok 14:08:37.0904 2200 nvlddmkm - ok 14:08:37.0907 2200 nvpciflt - ok 14:08:37.0911 2200 nvraid - ok 14:08:37.0914 2200 nvstor - ok 14:08:37.0919 2200 nv_agp - ok 14:08:37.0922 2200 ohci1394 - ok 14:08:37.0928 2200 Parport - ok 14:08:37.0931 2200 partmgr - ok 14:08:37.0935 2200 pccsmcfd - ok 14:08:37.0938 2200 pci - ok 14:08:37.0941 2200 pciide - ok 14:08:37.0943 2200 pcmcia - ok 14:08:37.0945 2200 pcw - ok 14:08:37.0948 2200 PEAUTH - ok 14:08:37.0969 2200 PptpMiniport - ok 14:08:37.0971 2200 Processor - ok 14:08:37.0977 2200 Psched - ok 14:08:37.0980 2200 qicflt - ok 14:08:37.0982 2200 ql2300 - ok 14:08:37.0985 2200 ql40xx - ok 14:08:37.0988 2200 QWAVEdrv - ok 14:08:37.0991 2200 RasAcd - ok 14:08:37.0994 2200 RasAgileVpn - ok 14:08:37.0998 2200 Rasl2tp - ok 14:08:38.0002 2200 RasPppoe - ok 14:08:38.0004 2200 RasSstp - ok 14:08:38.0007 2200 rdbss - ok 14:08:38.0009 2200 rdpbus - ok 14:08:38.0012 2200 RDPCDD - ok 14:08:38.0016 2200 RDPENCDD - ok 14:08:38.0020 2200 RDPREFMP - ok 14:08:38.0022 2200 RDPWD - ok 14:08:38.0025 2200 rdyboost - ok 14:08:38.0032 2200 RFCOMM - ok 14:08:38.0038 2200 rspndr - ok 14:08:38.0040 2200 RTL8167 - ok 14:08:38.0044 2200 sbp2port - ok 14:08:38.0048 2200 scfilter - ok 14:08:38.0053 2200 secdrv - ok 14:08:38.0060 2200 Serenum - ok 14:08:38.0064 2200 Serial - ok 14:08:38.0067 2200 sermouse - ok 14:08:38.0074 2200 sffdisk - ok 14:08:38.0077 2200 sffp_mmc - ok 14:08:38.0079 2200 sffp_sd - ok 14:08:38.0081 2200 sfloppy - ok 14:08:38.0087 2200 SiSRaid2 - ok 14:08:38.0089 2200 SiSRaid4 - ok 14:08:38.0092 2200 Smb - ok 14:08:38.0116 2200 spldr - ok 14:08:38.0125 2200 srv - ok 14:08:38.0127 2200 srv2 - ok 14:08:38.0130 2200 srvnet - ok 14:08:38.0136 2200 stexstor - ok 14:08:38.0141 2200 swenum - ok 14:08:38.0145 2200 SynTP - ok 14:08:38.0152 2200 Tcpip - ok 14:08:38.0155 2200 TCPIP6 - ok 14:08:38.0158 2200 tcpipreg - ok 14:08:38.0162 2200 TDPIPE - ok 14:08:38.0164 2200 TDTCP - ok 14:08:38.0166 2200 tdx - ok 14:08:38.0169 2200 TermDD - ok 14:08:38.0178 2200 truecrypt - ok 14:08:38.0183 2200 tssecsrv - ok 14:08:38.0185 2200 TsUsbFlt - ok 14:08:38.0188 2200 TsUsbGD - ok 14:08:38.0202 2200 tunnel - ok 14:08:38.0204 2200 uagp35 - ok 14:08:38.0207 2200 udfs - ok 14:08:38.0212 2200 UimBus - ok 14:08:38.0217 2200 Uim_IM - ok 14:08:38.0220 2200 uliagpkx - ok 14:08:38.0223 2200 umbus - ok 14:08:38.0226 2200 UmPass - ok 14:08:38.0231 2200 upperdev - ok 14:08:38.0234 2200 usbccgp - ok 14:08:38.0237 2200 usbcir - ok 14:08:38.0239 2200 usbehci - ok 14:08:38.0242 2200 usbhub - ok 14:08:38.0245 2200 usbohci - ok 14:08:38.0250 2200 usbprint - ok 14:08:38.0254 2200 usbscan - ok 14:08:38.0259 2200 usbser - ok 14:08:38.0262 2200 UsbserFilt - ok 14:08:38.0264 2200 USBSTOR - ok 14:08:38.0267 2200 usbuhci - ok 14:08:38.0269 2200 usbvideo - ok 14:08:38.0274 2200 vdrvroot - ok 14:08:38.0278 2200 vga - ok 14:08:38.0280 2200 VgaSave - ok 14:08:38.0283 2200 vhdmp - ok 14:08:38.0285 2200 viaide - ok 14:08:38.0288 2200 volmgr - ok 14:08:38.0290 2200 volmgrx - ok 14:08:38.0293 2200 volsnap - ok 14:08:38.0296 2200 vsmraid - ok 14:08:38.0299 2200 vwifibus - ok 14:08:38.0301 2200 vwififlt - ok 14:08:38.0304 2200 vwifimp - ok 14:08:38.0308 2200 WacomPen - ok 14:08:38.0312 2200 WANARP - ok 14:08:38.0315 2200 Wanarpv6 - ok 14:08:38.0322 2200 Wd - ok 14:08:38.0324 2200 Wdf01000 - ok 14:08:38.0334 2200 WfpLwf - ok 14:08:38.0337 2200 WIMMount - ok 14:08:38.0356 2200 WinUsb - ok 14:08:38.0360 2200 WmiAcpi - ok 14:08:38.0369 2200 ws2ifsl - ok 14:08:38.0374 2200 WSDPrintDevice - ok 14:08:38.0380 2200 WudfPf - ok 14:08:38.0383 2200 WUDFRd - ok 14:08:38.0396 2200 xusb21 - ok 14:08:38.0414 2200 MBR (0x1B8) (7e234f3bea2eb69d133032ef8612e857) \Device\Harddisk0\DR0 14:08:38.0765 2200 \Device\Harddisk0\DR0 - ok 14:08:38.0771 2200 Boot (0x1200) (58434028cba4c73a633239ec0b0ad9b7) \Device\Harddisk0\DR0\Partition0 14:08:38.0771 2200 \Device\Harddisk0\DR0\Partition0 - ok 14:08:38.0808 2200 Boot (0x1200) (1e95a4495de2858b6d4f06a181ce181e) \Device\Harddisk0\DR0\Partition1 14:08:38.0809 2200 \Device\Harddisk0\DR0\Partition1 - ok 14:08:38.0810 2200 ============================================================ 14:08:38.0810 2200 Scan finished 14:08:38.0810 2200 ============================================================ 14:08:38.0831 6436 Detected object count: 0 14:08:38.0831 6436 Actual detected object count: 0 |
07.11.2011, 14:37 | #17 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
07.11.2011, 16:07 | #18 |
| winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen So, hier die log von ComboFix.
__________________Das Programm hat mir "Lock.exe" gelöscht. Das war eine verschlüsselte Textfile von mir. Kann ich die wiederherstellen? Code:
ATTFilter ComboFix 11-11-07.02 - Christian 07.11.2011 15:53:41.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2385 [GMT 1:00] ausgeführt von:: c:\users\Christian\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Christian\AppData\Roaming\Desktopicon c:\users\Christian\Lock.exe . . ((((((((((((((((((((((( Dateien erstellt von 2011-10-07 bis 2011-11-07 )))))))))))))))))))))))))))))) . . 2011-11-07 14:58 . 2011-11-07 14:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-07 14:58 . 2011-11-07 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-04 13:55 . 2011-11-06 10:45 -------- d-----w- C:\_OTL 2011-11-02 13:06 . 2011-11-02 13:06 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes 2011-11-02 13:06 . 2011-11-02 13:06 -------- d-----w- c:\programdata\Malwarebytes 2011-11-02 13:06 . 2011-11-02 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-02 13:06 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-01 18:34 . 2011-11-01 18:34 -------- d-----w- c:\users\Christian\AppData\Roaming\GlarySoft 2011-11-01 18:13 . 2011-11-01 18:13 -------- d-----w- c:\program files (x86)\ESET 2011-11-01 18:04 . 2011-11-01 21:09 -------- d-----w- c:\users\Christian\AppData\Roaming\QuickScan 2011-10-31 17:23 . 2011-10-31 17:23 -------- d-----w- c:\users\Christian\AppData\Local\Sony 2011-10-31 17:23 . 2011-10-31 17:23 -------- d-----w- c:\users\Christian\Podcasts 2011-10-31 17:23 . 2011-10-31 17:23 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared 2011-10-31 17:22 . 2011-10-31 17:22 -------- d-----w- c:\users\Christian\AppData\Local\Downloaded Installations 2011-10-31 17:22 . 2011-10-31 17:23 -------- d-----w- c:\program files (x86)\Sony 2011-10-31 17:22 . 2011-10-31 17:22 -------- d-----w- c:\programdata\Sony Corporation 2011-10-31 17:17 . 2011-10-31 17:23 -------- d-----w- c:\users\Christian\AppData\Roaming\Sony 2011-10-31 17:17 . 2011-10-31 17:17 -------- d-----w- c:\program files (x86)\Sony Media Go Install 2011-10-31 17:11 . 2011-10-31 17:11 -------- d-----w- c:\users\Christian\AppData\Roaming\Nokia Ovi Suite 2011-10-31 17:11 . 2011-10-31 17:11 -------- d-----w- c:\users\Christian\AppData\Roaming\Nokia 2011-10-31 17:11 . 2011-10-31 17:11 -------- d-----w- c:\users\Christian\AppData\Local\NokiaAccount 2011-10-31 15:11 . 2011-10-31 15:11 -------- d-----w- c:\programdata\Sony Ericsson 2011-10-31 15:11 . 2011-10-31 15:11 -------- d-----w- c:\program files (x86)\Sony Ericsson 2011-10-20 10:36 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-20 10:35 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-20 10:35 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-20 10:35 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-20 10:35 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-20 10:35 . 2011-10-20 10:35 -------- d-----w- c:\users\Christian\AppData\Roaming\Avira 2011-10-20 10:34 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-20 10:34 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-20 10:34 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-20 10:34 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-20 10:34 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-20 10:34 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-10-20 10:34 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-10-20 10:34 . 2011-10-20 10:34 -------- d-----w- c:\programdata\Avira 2011-10-20 10:34 . 2011-10-20 10:34 -------- d-----w- c:\program files (x86)\Avira . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 11:37 . 2011-08-15 15:30 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-10-25 11:36 . 2011-08-15 15:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-07 09:52 . 2011-08-15 15:29 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-09-27 20:18 . 2011-08-28 20:38 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-09-27 20:18 . 2011-08-28 20:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-09-27 20:18 . 2011-08-28 20:37 1166144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-08-29 14:23 . 2011-08-29 14:23 53248 ----a-r- c:\users\Christian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF15BDA.sys [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-12-09 4476096] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088] S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x] S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 99229976 *Deregistered* - 99229976 . Inhalt des "geplante Tasks" Ordners . 2011-11-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-30 09:14] . 2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422517653-3478934543-1574387570-1000Core.job - c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 13:29] . 2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422517653-3478934543-1574387570-1000UA.job - c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 13:29] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-08 6560360] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-13 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-13 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-13 417304] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 326760] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.dell.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe LSP: c:\program files (x86)\FRITZ!DSL\\sarah.dll TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{16F1093F-4602-48E9-925A-28A7DAC20CB2}: NameServer = 172.21.0.2,172.21.0.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-11-07 15:59:54 ComboFix-quarantined-files.txt 2011-11-07 14:59 . Vor Suchlauf: 16 Verzeichnis(se), 186.670.067.712 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 187.174.289.408 Bytes frei . - - End Of File - - 535F4211471B68552EEAA905502A7246 |
07.11.2011, 18:44 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2011, 16:15 | #20 |
| winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Hier die log von avast Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-08 14:24:39 ----------------------------- 14:24:39.434 OS Version: Windows x64 6.1.7601 Service Pack 1 14:24:39.434 Number of processors: 8 586 0x2A07 14:24:39.435 ComputerName: CHRISTIANLAPTOP UserName: Christian 14:24:41.547 Initialize success 14:26:23.597 AVAST engine defs: 11110801 14:34:00.251 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:34:00.260 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11 14:34:02.296 Disk 0 MBR read successfully 14:34:02.302 Disk 0 MBR scan 14:34:02.331 Disk 0 unknown MBR code 14:34:02.339 Service scanning 14:34:06.987 Modules scanning 14:34:06.993 Disk 0 trace - called modules: 14:34:07.048 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 14:34:07.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d39790] 14:34:07.066 3 CLASSPNP.SYS[fffff880019bc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049691f0] 14:34:14.505 AVAST engine scan C:\Windows 14:34:14.523 AVAST engine scan C:\Windows\system32 14:34:14.867 AVAST engine scan C:\Windows\system32\drivers 14:34:14.881 AVAST engine scan C:\Users\Christian 14:34:14.895 AVAST engine scan C:\ProgramData 14:34:14.905 Scan finished successfully 16:11:49.449 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Downloads\MBR.dat" 16:11:49.453 The log file has been saved successfully to "C:\Users\Christian\Downloads\aswMBR.txt" |
08.11.2011, 16:16 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ --> winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen |
08.11.2011, 18:34 | #22 |
| winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Habe grade keine Festplatte da... die hab ich frühestens wieder am Wochenende... Wie gefährlich ist denn das Teil und ist es wirklich notwendig? Die letzten Scans verliefen doch positiv... |
08.11.2011, 20:04 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Der MBR ist aber unbekannt und deswegen sollte er gefixt werden
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2011, 21:31 | #24 |
| winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen mmh... ok... wie oft "zerschießt" man sich denn sein System damit? Will nur nicht mein komplettes System kaputt machen... Freundliche Grüße Christian |
09.11.2011, 09:45 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Ich schrieb ja: in den meisten Fällen geht alles glatt. Aber eine Datensicherung sollte man immer haben, egal ob man am MBR was macht oder nicht. Aber gerade vor solchen Eingriffen kann ein Backups nicht schaden bzw. ist sinnvoll.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.11.2011, 17:30 | #26 |
| winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen So, hab gefixt. Hier die log Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-08 14:24:39 ----------------------------- 14:24:39.434 OS Version: Windows x64 6.1.7601 Service Pack 1 14:24:39.434 Number of processors: 8 586 0x2A07 14:24:39.435 ComputerName: CHRISTIANLAPTOP UserName: Christian 14:24:41.547 Initialize success 14:26:23.597 AVAST engine defs: 11110801 14:34:00.251 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:34:00.260 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11 14:34:02.296 Disk 0 MBR read successfully 14:34:02.302 Disk 0 MBR scan 14:34:02.331 Disk 0 unknown MBR code 14:34:02.339 Service scanning 14:34:06.987 Modules scanning 14:34:06.993 Disk 0 trace - called modules: 14:34:07.048 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 14:34:07.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d39790] 14:34:07.066 3 CLASSPNP.SYS[fffff880019bc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049691f0] 14:34:14.505 AVAST engine scan C:\Windows 14:34:14.523 AVAST engine scan C:\Windows\system32 14:34:14.867 AVAST engine scan C:\Windows\system32\drivers 14:34:14.881 AVAST engine scan C:\Users\Christian 14:34:14.895 AVAST engine scan C:\ProgramData 14:34:14.905 Scan finished successfully 16:11:49.449 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Downloads\MBR.dat" 16:11:49.453 The log file has been saved successfully to "C:\Users\Christian\Downloads\aswMBR.txt" aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-09 17:27:51 ----------------------------- 17:27:51.033 OS Version: Windows x64 6.1.7601 Service Pack 1 17:27:51.033 Number of processors: 8 586 0x2A07 17:27:51.034 ComputerName: CHRISTIANLAPTOP UserName: Christian 17:27:57.067 Initialize success 17:27:58.370 AVAST engine defs: 11110900 17:28:05.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:28:05.935 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11 17:28:08.007 Disk 0 MBR read successfully 17:28:08.014 Disk 0 MBR scan 17:28:08.021 Disk 0 unknown MBR code 17:28:08.027 Service scanning 17:28:13.253 Modules scanning 17:28:13.258 Disk 0 trace - called modules: 17:28:13.270 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 17:28:13.276 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d39790] 17:28:13.281 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800496a060] 17:28:17.049 AVAST engine scan C:\Windows 17:28:17.066 AVAST engine scan C:\Windows\system32 17:28:17.398 AVAST engine scan C:\Windows\system32\drivers 17:28:17.415 AVAST engine scan C:\Users\Christian 17:28:17.430 AVAST engine scan C:\ProgramData 17:28:17.440 Scan finished successfully 17:28:40.090 Verifying 17:28:50.108 Disk 0 Windows 601 MBR fixed successfully 17:29:07.900 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Downloads\MBR.dat" 17:29:07.926 The log file has been saved successfully to "C:\Users\Christian\Downloads\aswMBR.txt" aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-09 17:27:51 ----------------------------- 17:27:51.033 OS Version: Windows x64 6.1.7601 Service Pack 1 17:27:51.033 Number of processors: 8 586 0x2A07 17:27:51.034 ComputerName: CHRISTIANLAPTOP UserName: Christian 17:27:57.067 Initialize success 17:27:58.370 AVAST engine defs: 11110900 17:28:05.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:28:05.935 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11 17:28:08.007 Disk 0 MBR read successfully 17:28:08.014 Disk 0 MBR scan 17:28:08.021 Disk 0 unknown MBR code 17:28:08.027 Service scanning 17:28:13.253 Modules scanning 17:28:13.258 Disk 0 trace - called modules: 17:28:13.270 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 17:28:13.276 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d39790] 17:28:13.281 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800496a060] 17:28:17.049 AVAST engine scan C:\Windows 17:28:17.066 AVAST engine scan C:\Windows\system32 17:28:17.398 AVAST engine scan C:\Windows\system32\drivers 17:28:17.415 AVAST engine scan C:\Users\Christian 17:28:17.430 AVAST engine scan C:\ProgramData 17:28:17.440 Scan finished successfully 17:28:40.090 Verifying 17:28:50.108 Disk 0 Windows 601 MBR fixed successfully 17:29:07.900 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Downloads\MBR.dat" 17:29:07.926 The log file has been saved successfully to "C:\Users\Christian\Downloads\aswMBR.txt" 17:29:11.928 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Downloads\MBR.dat" 17:29:11.932 The log file has been saved successfully to "C:\Users\Christian\Downloads\aswMBR.txt" |
10.11.2011, 10:23 | #27 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | winsvc.exe - Laptop befallen - Auf USB- Stick nur noch VerknüpfungenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.11.2011, 21:12 | #28 |
| winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Das Problem war, dass ich mit True Crypt meine Festplatte verschlüsselt habe. Durch den Fix hab ich mir jetzt meinen Rechner geschrottet. Heißt: ich konnte nicht mehr starten, da der Bootloader zerschossen wurde. Zum Glück zwingt True Crypt einen dazu eine Rescue- Disc zu erstellen, so konnte ich ihn retten. Das mit dem Fixen war keine so gute Idee Aber trotzdem DANKE für die ganze Hilfe hier! |
15.11.2011, 08:51 | #29 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen Naja, ein Hinweis von dir, du hast deine gesamte Platte mit TC verschlüsselt wäre ebenfalls schön gewesen. Zum Glück hast du die Rescuedisc erstellt. Zitat:
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu winsvc.exe - Laptop befallen - Auf USB- Stick nur noch Verknüpfungen |
32-bit, antivir, antivirus, avg, avira, defender, desktop, downloader, dsl, error, frage, google, google chrome, infizierte datei, internet, internet explorer, karte, laptop befallen, logfile, microsd, monitor, nicht öffnen, nur verknüpfungen, plug-in, problem, prozess, realtek, rundll, server, software, stick, tracker, usb 3.0, usb- stick, virus, visual studio, windows |