| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt."Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2012, 14:59
| #31 |
 |  Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Hallo Arne. Hier das neue Log. [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-08.01 - Chiara 09.07.2012 15:32:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2525.1430 [GMT 2:00]
ausgeführt von:: c:\users\Chiara\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chiara\4.0
c:\users\Chiara\antivir_workstation_winu_de_h337.exe
c:\users\Chiara\AppData\Roaming\.#
c:\users\Chiara\discountsurfer-5.0.4.exe
c:\users\Chiara\googleupdatesetup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-09 bis 2012-07-09 ))))))))))))))))))))))))))))))
.
.
2012-07-09 13:46 . 2012-07-09 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 13:08 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD1FF212-A108-4667-AB06-A83FD54411AD}\mpengine.dll
2012-07-05 13:20 . 2012-07-05 13:20 -------- d-----w- C:\_OTL
2012-07-03 17:24 . 2012-07-03 17:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-03 17:24 . 2012-07-03 17:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-29 14:18 . 2012-06-29 14:18 -------- d-----w- c:\program files\ESET
2012-06-24 14:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 14:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 14:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 14:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 14:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 14:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 14:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 14:27 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 14:27 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 13:23 . 2012-06-21 13:23 -------- d-----w- c:\programdata\Fighters
2012-06-19 21:33 . 2012-06-19 21:33 -------- d-----w- c:\programdata\WindowsSearch
2012-06-12 18:45 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 18:45 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 18:45 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 18:45 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 18:44 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 20:49 . 2012-05-29 20:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-29 20:49 . 2012-05-29 20:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-12 11:54 . 2012-04-18 17:16 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-12 11:54 . 2012-04-18 17:16 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-03 17:24 . 2012-03-17 14:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-03 102400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Skytel"="Skytel.exe" [2008-08-19 1833504]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-10 24064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-08-20 105616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-12 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.n-tv.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6530g
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chiara\AppData\Roaming\Mozilla\Firefox\Profiles\leirc17p.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-09 15:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-07-09 15:51:22
ComboFix-quarantined-files.txt 2012-07-09 13:51
.
Vor Suchlauf: 12 Verzeichnis(se), 81.996.021.760 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 82.019.340.288 Bytes frei
.
- - End Of File - - 2EA5798F549AE4570B52650A67E82DE9
Ich hoffe wir sind dann durch und wenn es so ist hab ich noch eine Frage. Wie kann ich solche Trojaner am besten meiden und trotzdem noch ins Internet gehen? Gibt es gute Schutzprogramme? Grüße Katja |
|
09.07.2012, 15:16
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Combofix - Scripten
__________________1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
"DisableCAD"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
09.07.2012, 16:05
| #33 |
| | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Hallo Arne.
__________________Hier das nächste Log. Computer wollte nicht neu starten? [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-08.01 - Chiara 09.07.2012 16:34:34.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2525.1191 [GMT 2:00]
ausgeführt von:: c:\users\Chiara\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Chiara\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-09 bis 2012-07-09 ))))))))))))))))))))))))))))))
.
.
2012-07-09 14:47 . 2012-07-09 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 13:08 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD1FF212-A108-4667-AB06-A83FD54411AD}\mpengine.dll
2012-07-05 13:20 . 2012-07-05 13:20 -------- d-----w- C:\_OTL
2012-07-03 17:24 . 2012-07-03 17:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-03 17:24 . 2012-07-03 17:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-29 14:18 . 2012-06-29 14:18 -------- d-----w- c:\program files\ESET
2012-06-24 14:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 14:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 14:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 14:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 14:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 14:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 14:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 14:27 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 14:27 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 13:23 . 2012-06-21 13:23 -------- d-----w- c:\programdata\Fighters
2012-06-19 21:33 . 2012-06-19 21:33 -------- d-----w- c:\programdata\WindowsSearch
2012-06-12 18:45 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 18:45 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 18:45 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 18:45 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 18:44 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 20:49 . 2012-05-29 20:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-29 20:49 . 2012-05-29 20:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-12 11:54 . 2012-04-18 17:16 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-12 11:54 . 2012-04-18 17:16 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-03 17:24 . 2012-03-17 14:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-03 102400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Skytel"="Skytel.exe" [2008-08-19 1833504]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-10 24064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-08-20 105616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-12 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.n-tv.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6530g
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chiara\AppData\Roaming\Mozilla\Firefox\Profiles\leirc17p.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-09 16:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4560)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2012-07-09 16:51:00
ComboFix-quarantined-files.txt 2012-07-09 14:50
ComboFix2.txt 2012-07-09 13:51
.
Vor Suchlauf: 15 Verzeichnis(se), 82.042.036.224 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 82.008.072.192 Bytes frei
.
- - End Of File - - D9C12ECB9911BD72614C25AA62D7BBEA
Katja |
|
09.07.2012, 18:33
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.07.2012, 14:04
| #35 |
| | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Hallo Arne. So der 1. GMER. [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-10 14:53:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\000000a7 Hitachi_ rev.FB4O
Running: ik4vppkw.exe; Driver: C:\Users\Chiara\AppData\Local\Temp\kxtdapob.sys
---- System - GMER 1.0.15 ----
SSDT 8A7BD91E ZwCreateSection
SSDT 8A7BD928 ZwRequestWaitReplyPort
SSDT 8A7BD923 ZwSetContextThread
SSDT 8A7BD92D ZwSetSecurityObject
SSDT 8A7BD932 ZwSystemDebugControl
SSDT 8A7BD8BF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82CB18D8 4 Bytes [1E, D9, 7B, 8A] {PUSH DS; FNSTCW [EBX-0x76]}
.text ntkrnlpa.exe!KeSetEvent + 539 82CB1BFC 4 Bytes [28, D9, 7B, 8A] {SUB CL, BL; JNP 0xffffffffffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 56D 82CB1C30 4 Bytes [23, D9, 7B, 8A] {AND EBX, ECX; JNP 0xffffffffffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 5D1 82CB1C94 4 Bytes [2D, D9, 7B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 619 82CB1CDC 4 Bytes [32, D9, 7B, 8A] {XOR BL, CL; JNP 0xffffffffffffff8e}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DE06000, 0x210596, 0xE8000020]
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0xA171E000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0xA1741050]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[728] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7651B37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74827817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7486B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7482BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7481F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7481E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7482DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7481FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7481FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7484C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7481D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74816853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7481687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74822AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Katja So hier OSAM. Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-10 19:49:50
-----------------------------
19:49:50.593 OS Version: Windows 6.0.6002 Service Pack 2
19:49:50.593 Number of processors: 2 586 0x301
19:49:50.593 ComputerName: PRIVAT UserName: Chiara
19:49:52.746 Initialize success
19:50:15.881 AVAST engine defs: 12071000
19:50:28.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a8
19:50:28.657 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 8
19:50:28.673 Disk 0 MBR read successfully
19:50:28.673 Disk 0 MBR scan
19:50:28.751 Disk 0 unknown MBR code
19:50:28.782 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
19:50:28.813 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568
19:50:28.844 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323055616
19:50:28.891 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472
19:50:28.907 Disk 0 scanning sectors +625139712
19:50:28.969 Disk 0 scanning C:\Windows\system32\drivers
19:50:53.212 Service scanning
19:51:42.086 Modules scanning
19:51:56.641 Disk 0 trace - called modules:
19:51:56.688 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix86s.sys
19:51:56.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e9f618]
19:51:56.719 3 CLASSPNP.SYS[89da08b3] -> nt!IofCallDriver -> \Device\000000a8[0x86187c90]
19:51:58.045 AVAST engine scan C:\Windows
19:52:07.733 AVAST engine scan C:\Windows\system32
20:00:39.928 AVAST engine scan C:\Windows\system32\drivers
20:01:16.432 AVAST engine scan C:\Users\Chiara
20:16:10.686 AVAST engine scan C:\ProgramData
20:21:45.478 Scan finished successfully
20:25:13.332 Disk 0 MBR has been saved successfully to "C:\Users\Chiara\Documents\MBR.dat"
20:25:13.348 The log file has been saved successfully to "C:\Users\Chiara\Documents\aswMBR.txt"
|
|
10.07.2012, 20:20
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ --> Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." |
|
12.07.2012, 13:48
| #37 |
| | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." So hier das nächste Log. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-10 19:49:50
-----------------------------
19:49:50.593 OS Version: Windows 6.0.6002 Service Pack 2
19:49:50.593 Number of processors: 2 586 0x301
19:49:50.593 ComputerName: PRIVAT UserName: Chiara
19:49:52.746 Initialize success
19:50:15.881 AVAST engine defs: 12071000
19:50:28.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a8
19:50:28.657 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 8
19:50:28.673 Disk 0 MBR read successfully
19:50:28.673 Disk 0 MBR scan
19:50:28.751 Disk 0 unknown MBR code
19:50:28.782 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
19:50:28.813 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568
19:50:28.844 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323055616
19:50:28.891 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472
19:50:28.907 Disk 0 scanning sectors +625139712
19:50:28.969 Disk 0 scanning C:\Windows\system32\drivers
19:50:53.212 Service scanning
19:51:42.086 Modules scanning
19:51:56.641 Disk 0 trace - called modules:
19:51:56.688 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix86s.sys
19:51:56.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e9f618]
19:51:56.719 3 CLASSPNP.SYS[89da08b3] -> nt!IofCallDriver -> \Device\000000a8[0x86187c90]
19:51:58.045 AVAST engine scan C:\Windows
19:52:07.733 AVAST engine scan C:\Windows\system32
20:00:39.928 AVAST engine scan C:\Windows\system32\drivers
20:01:16.432 AVAST engine scan C:\Users\Chiara
20:16:10.686 AVAST engine scan C:\ProgramData
20:21:45.478 Scan finished successfully
20:25:13.332 Disk 0 MBR has been saved successfully to "C:\Users\Chiara\Documents\MBR.dat"
20:25:13.348 The log file has been saved successfully to "C:\Users\Chiara\Documents\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 11:50:13
-----------------------------
11:50:13.447 OS Version: Windows 6.0.6002 Service Pack 2
11:50:13.447 Number of processors: 2 586 0x301
11:50:13.447 ComputerName: PRIVAT UserName: Chiara
11:50:14.695 Initialize success
11:50:31.995 AVAST engine defs: 12071200
11:50:39.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a8
11:50:39.608 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 8
11:50:39.639 Disk 0 MBR read successfully
11:50:39.655 Disk 0 MBR scan
11:50:39.655 Disk 0 Windows VISTA default MBR code
11:50:39.686 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
11:50:39.702 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568
11:50:39.733 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323055616
11:50:39.780 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472
11:50:39.811 Disk 0 scanning sectors +625139712
11:50:39.967 Disk 0 scanning C:\Windows\system32\drivers
11:50:57.330 Service scanning
11:51:37.515 Modules scanning
11:51:48.435 Disk 0 trace - called modules:
11:51:48.467 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix86s.sys
11:51:48.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e3e810]
11:51:48.498 3 CLASSPNP.SYS[89da78b3] -> nt!IofCallDriver -> \Device\000000a8[0x863b6928]
11:51:49.793 AVAST engine scan C:\Windows
11:51:56.594 AVAST engine scan C:\Windows\system32
11:57:41.354 AVAST engine scan C:\Windows\system32\drivers
11:57:59.481 AVAST engine scan C:\Users\Chiara
12:10:50.621 AVAST engine scan C:\ProgramData
12:14:40.112 Scan finished successfully
12:17:03.773 Disk 0 MBR has been saved successfully to "C:\Users\Chiara\Documents\MBR.dat"
12:17:03.804 The log file has been saved successfully to "C:\Users\Chiara\Documents\aswMBR.txt"
|
|
12.07.2012, 14:58
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2012, 20:00
| #39 |
| | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Hallo Arne. Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/12/2012 at 20:58:01
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Chiara - PRIVAT
# Running from : C:\Users\Chiara\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Chiara\AppData\Roaming\Mozilla\Firefox\Profiles\leirc17p.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [992 octets] - [12/07/2012 20:58:01]
########## EOF - C:\AdwCleaner[R1].txt - [1119 octets] ##########
|
|
12.07.2012, 21:03
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 08:31
| #41 |
| | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Hallo Arne. Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/13/2012 at 08:58:01
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Chiara - PRIVAT
# Running from : C:\Users\Chiara\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Chiara\AppData\Roaming\Mozilla\Firefox\Profiles\leirc17p.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1120 octets] - [12/07/2012 20:58:01]
AdwCleaner[S1].txt - [1060 octets] - [13/07/2012 08:58:01]
########## EOF - C:\AdwCleaner[S1].txt - [1188 octets] ##########
|
|
13.07.2012, 19:31
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 20:01
| #43 |
| | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." Maleware Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.13.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Chiara :: PRIVAT [Administrator] 13.07.2012 20:51:33 mbam-log-2012-07-13 (20-51-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211666 Laufzeit: 9 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.07.2012, 21:59
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." das war aber kein Vollscan
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2012, 08:05
| #45 |
| | Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt."Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/14/2012 at 00:35 AM
Application Version : 5.5.1006
Core Rules Database Version : 8897
Trace Rules Database Version: 6709
Scan type : Complete Scan
Total Scan Time : 03:04:55
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 976
Memory threats detected : 0
Registry items scanned : 35088
Registry threats detected : 0
File items scanned : 161111
File threats detected : 109
Adware.Tracking Cookie
C:\Users\Chiara\AppData\Roaming\Microsoft\Windows\Cookies\UH2L9QWZ.txt [ /apmebf.com ]
C:\Users\Chiara\AppData\Roaming\Microsoft\Windows\Cookies\9XUD0QO8.txt [ /mediaplex.com ]
C:\Users\Chiara\AppData\Roaming\Microsoft\Windows\Cookies\G7LFAIZA.txt [ /atdmt.com ]
C:\USERS\CHIARA\Cookies\9XUD0QO8.txt [ Cookie:chiara@mediaplex.com/ ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@DELIVERY.ADS.COUPLING-MEDIA[2].TXT [ /DELIVERY.ADS.COUPLING-MEDIA ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@DOUBLECLICK[4].TXT [ /DOUBLECLICK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@DOUBLECLICK[6].TXT [ /DOUBLECLICK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@DOUBLECLICK[5].TXT [ /DOUBLECLICK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ZANOX[4].TXT [ /ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ZANOX[3].TXT [ /ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ZANOX[1].TXT [ /ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ZANOX[2].TXT [ /ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WW251.SMARTADSERVER[3].TXT [ /WW251.SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@2O7[3].TXT [ /2O7 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@2O7[2].TXT [ /2O7 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.ADNET[2].TXT [ /AD.ADNET ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WWW.GOOGLEADSERVICES[10].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADSRV1.ADMEDIATE[1].TXT [ /ADSRV1.ADMEDIATE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD2.DOUBLEPIMP[1].TXT [ /AD2.DOUBLEPIMP ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.ADNET[1].TXT [ /AD.ADNET ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WW251.SMARTADSERVER[5].TXT [ /WW251.SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WW251.SMARTADSERVER[4].TXT [ /WW251.SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@REVSCI[1].TXT [ /REVSCI ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACKING.MLSAT02[3].TXT [ /TRACKING.MLSAT02 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.YIELDMANAGER[3].TXT [ /AD.YIELDMANAGER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACKING.MLSAT02[2].TXT [ /TRACKING.MLSAT02 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACKING.MINDSHARE[2].TXT [ /TRACKING.MINDSHARE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@VERLORENES-HANDY-FINDEN[2].TXT [ /VERLORENES-HANDY-FINDEN ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADFARM1.ADITION[6].TXT [ /ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADFARM1.ADITION[4].TXT [ /ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADFARM1.ADITION[3].TXT [ /ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@MEDIAPLEX[4].TXT [ /MEDIAPLEX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@EAS.APM.EMEDIATE[3].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ATDMT[1].TXT [ /ATDMT ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@EAS.APM.EMEDIATE[4].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SMARTADSERVER[5].TXT [ /SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SMARTADSERVER[3].TXT [ /SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SMARTADSERVER[4].TXT [ /SMARTADSERVER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.ZANOX[1].TXT [ /AD.ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@APMEBF[1].TXT [ /APMEBF ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADTECH[2].TXT [ /ADTECH ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.ZANOX[2].TXT [ /AD.ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@APMEBF[2].TXT [ /APMEBF ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADTECH[3].TXT [ /ADTECH ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADS.KISSNOFROG[2].TXT [ /ADS.KISSNOFROG ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.ZANOX[3].TXT [ /AD.ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@APMEBF[3].TXT [ /APMEBF ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@XITI[1].TXT [ /XITI ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@AD.ZANOX[4].TXT [ /AD.ZANOX ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@APMEBF[4].TXT [ /APMEBF ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SERVING-SYS[4].TXT [ /SERVING-SYS ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SERVING-SYS[3].TXT [ /SERVING-SYS ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SERVING-SYS[1].TXT [ /SERVING-SYS ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@SKYDEUTSCHLAND.122.2O7[1].TXT [ /SKYDEUTSCHLAND.122.2O7 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WEBMASTERPLAN[3].TXT [ /WEBMASTERPLAN ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@GUJ.122.2O7[2].TXT [ /GUJ.122.2O7 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@GUJ.122.2O7[1].TXT [ /GUJ.122.2O7 ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WEBMASTERPLAN[5].TXT [ /WEBMASTERPLAN ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@WEBMASTERPLAN[4].TXT [ /WEBMASTERPLAN ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACKING.KLICKTEL[3].TXT [ /TRACKING.KLICKTEL ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRACKING.KLICKTEL[1].TXT [ /TRACKING.KLICKTEL ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@ADS.QUARTERMEDIA[1].TXT [ /ADS.QUARTERMEDIA ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@IM.BANNER.T-ONLINE[3].TXT [ /IM.BANNER.T-ONLINE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRADEDOUBLER[4].TXT [ /TRADEDOUBLER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRAFFICTRACK[3].TXT [ /TRAFFICTRACK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRADEDOUBLER[6].TXT [ /TRADEDOUBLER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRADEDOUBLER[3].TXT [ /TRADEDOUBLER ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\CHIARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHIARA@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]
.doubleclick.net [ C:\USERS\CHIARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LEIRC17P.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CHIARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LEIRC17P.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHIARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LEIRC17P.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Yoddos
C:\USERS\CHIARA\DOWNLOADS\WINRAR\DEFAULT.SFX
|
|
| Themen zu Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt." |
| avira, bildschirm, festplatte, frage, fragen, funktioniert, internet, langsam, laptop, malware, meldung, neu, problem, programm, schädling, system, tr/trash.gen, treiber, trojaner, verbindung, verbindung wird hergestellt, verschwunden, vista, weisser bildschirm, windows, windows vista |
Linear-Darstellung
