| |
| |||||||
Log-Analyse und Auswertung: Rootkit / Trojaner auf Schwiegermutter PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.05.2013, 09:56
| #7 |
| |  Rootkit / Trojaner auf Schwiegermutter PC Moin t'john, alle Programme liefen ohne besondere Hinweise durch. Hier die drei neuen Logs. Bin gespannt was jetzt noch kommt ;-), wahrscheinlich Java/Flash/Adobe Updates; die sehen nicht so aktuell aus. Gruß Mathias aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-20 08:59:52
-----------------------------
08:59:52.610 OS Version: Windows 6.1.7601 Service Pack 1
08:59:52.610 Number of processors: 4 586 0x2502
08:59:52.610 ComputerName: EDDA*****-PC UserName: admin
08:59:54.180 Initialize success
09:12:29.368 AVAST engine defs: 13051901
09:13:07.129 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:13:07.129 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
09:13:07.249 Disk 0 MBR read successfully
09:13:07.254 Disk 0 MBR scan
09:13:07.304 Disk 0 Windows 7 default MBR code
09:13:07.309 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:13:07.324 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 932262 MB offset 206848
09:13:07.369 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 1909479424
09:13:07.404 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
09:13:07.444 Disk 0 scanning sectors +1953521664
09:13:07.514 Disk 0 scanning C:\Windows\system32\drivers
09:13:18.824 Service scanning
09:13:38.444 Modules scanning
09:13:45.654 Disk 0 trace - called modules:
09:13:45.674 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
09:13:45.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88a3e460]
09:13:45.684 3 CLASSPNP.SYS[8c5ac59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86ec3028]
09:13:47.344 AVAST engine scan C:\Windows
09:13:50.714 AVAST engine scan C:\Windows\system32
09:17:02.044 AVAST engine scan C:\Windows\system32\drivers
09:17:14.034 AVAST engine scan C:\Users\admin
09:17:28.179 AVAST engine scan C:\ProgramData
09:18:11.519 Scan finished successfully
09:18:49.579 Disk 0 MBR has been saved successfully to "C:\Users\edda *****\Downloads\MBR.dat"
09:18:49.584 The log file has been saved successfully to "C:\Users\edda *****\Downloads\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c56449c20a23742a6da8a98b1f225e5
# engine=13867
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-20 08:35:27
# local_time=2013-05-20 10:35:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 57417 234462217 6956 0
# compatibility_mode=5893 16776573 100 94 43527 120670118 0 0
# scanned=141680
# found=0
# cleaned=0
# scan_time=4156
Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 17 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Thunderbird (17.0.6) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ich habe mal Flash, Java und Reader deinstalliert und von den offiziellen Seiten neu geladen/installiert. Jetzt sieht der Security Check so aus: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Reader 9 Adobe Reader XI Mozilla Thunderbird (17.0.6) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Ist noch etwas zu tun? Viele Grüße Mathias |
| Themen zu Rootkit / Trojaner auf Schwiegermutter PC |
| anleitung, avira, erneute, gesetzt, gmer, guter, hoffe, infection, infektion, kurze, laufen, leitung, löschen, melde, neustart, pfingsten, probleme, rootkit, scan, tr/atraps.gen, troja, trojaner, update, windows, windows update |
Baum-Darstellung