| |
| |||||||
Log-Analyse und Auswertung: Musik kommt automatisch unter "Name nicht Verfügbar" im Audiomixer (Windows 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.09.2012, 13:53
| #21 |
 |  Musik kommt automatisch unter "Name nicht Verfügbar" im Audiomixer (Windows 7) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 14:52:20
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD160JJ rev.WU100-33
Running: fllqq74h.exe; Driver: C:\Users\aYpStyle\AppData\Local\Temp\fxlyqkoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 828923C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828CBD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E006000, 0x2D5378, 0xE8000020]
.text autochk.exe 004011D1 42 Bytes [C4, 08, 5D, C3, CC, CC, CC, ...]
.text autochk.exe 004011FC 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401202 41 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text autochk.exe 0040122C 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401232 47 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\firefox.exe[3016] ntdll.dll!LdrLoadDll 77AE223E 5 Bytes JMP 6D2DFA35 C:\Program Files\xul.dll (Mozilla Foundation)
.text C:\Program Files\firefox.exe[3016] kernel32.dll!MapViewOfFile 762A93DB 5 Bytes JMP 6D58079E C:\Program Files\xul.dll (Mozilla Foundation)
.text C:\Program Files\firefox.exe[3016] kernel32.dll!VirtualAlloc 762AC43A 5 Bytes JMP 6D5807C5 C:\Program Files\xul.dll (Mozilla Foundation)
.text C:\Program Files\firefox.exe[3016] GDI32.dll!CreateDIBSection 771C8850 5 Bytes JMP 6D580728 C:\Program Files\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:37:56 on 12.09.2012 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\aYpStyle\AppData\Local\Temp\catchme.sys (File not found) "fxlyqkoc" (fxlyqkoc) - ? - C:\Users\aYpStyle\AppData\Local\Temp\fxlyqkoc.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\aYpStyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Spotify" - "Spotify Ltd" - "C:\Users\aYpStyle\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart "Spotify Web Helper" - ? - "C:\Users\aYpStyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" (File found, but it contains no detailed information) "Steam" - "Valve Corporation" - "D:\Steam\Steam.exe" -silent -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 14:54:45
-----------------------------
14:54:45.174 OS Version: Windows 6.1.7601 Service Pack 1
14:54:45.174 Number of processors: 2 586 0x6B02
14:54:45.174 ComputerName: AYPSTYLE-PC UserName: aYpStyle
14:54:45.907 Initialize success
14:59:26.748 AVAST engine defs: 12091200
15:00:15.366 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:00:15.366 Disk 0 Vendor: SAMSUNG_HD160JJ WU100-33 Size: 152627MB BusType: 3
15:00:15.366 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
15:00:15.366 Disk 1 Vendor: SAMSUNG_HD250HJ FH100-05 Size: 238474MB BusType: 3
15:00:15.444 Disk 0 MBR read successfully
15:00:15.444 Disk 0 MBR scan
15:00:15.444 Disk 0 unknown MBR code
15:00:15.506 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 80000 MB offset 2048
15:00:15.522 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 72625 MB offset 163842048
15:00:15.568 Disk 0 scanning sectors +312578048
15:00:16.036 Disk 0 scanning C:\Windows\system32\drivers
15:01:39.403 Service scanning
15:01:57.733 Modules scanning
15:02:14.690 Disk 0 trace - called modules:
15:02:14.721 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
15:02:14.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8563b170]
15:02:14.721 3 CLASSPNP.SYS[88b9659e] -> nt!IofCallDriver -> [0x855618a8]
15:02:14.737 5 ACPI.sys[82fb73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8518a030]
15:02:15.486 AVAST engine scan C:\Windows
15:02:21.679 AVAST engine scan C:\Windows\system32
15:11:06.315 AVAST engine scan C:\Windows\system32\drivers
15:11:18.625 AVAST engine scan C:\Users\aYpStyle
15:12:16.772 AVAST engine scan C:\ProgramData
15:12:27.587 Scan finished successfully
15:12:39.368 Disk 0 MBR has been saved successfully to "C:\Users\aYpStyle\Desktop\MBR.dat"
15:12:39.376 The log file has been saved successfully to "C:\Users\aYpStyle\Desktop\aswMBR.txt"
Geändert von aypstyle (12.09.2012 um 14:13 Uhr) |
| Themen zu Musik kommt automatisch unter "Name nicht Verfügbar" im Audiomixer (Windows 7) |
| aufsetzen, automatisch, bestimmte, bundestrojaner, google, java/exploit.agent.nav, java/exploit.cve-2012-1723.c, malware, neu aufgesetzt, neu aufsetzen, problem, rootkit.0access, spyware.onlinegames, systemstart, trojan.dropper.pe4, trojan.phex.thagen1, trojan.small, trojan.zaccess, win32/agent.teo, win32/sirefef.fa, win32/sirefef.fc, win32/toolbar.widgi, windows, windows 7, windows xp, wochen |
Baum-Darstellung