| |
| |||||||
Log-Analyse und Auswertung: Trojaner legt Windows 7 PC lahmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
09.08.2013, 12:10
| #1 |
| |  Trojaner legt Windows 7 PC lahm Hallo zusammen, ich habe mir auf meinem Windows 7 Rechner leider einen Trojanes eingefangen und werde ihn anscheinend nicht mehr los. Aus Erfahrung weiß ich, dass OTLPE hier weiterhelfen kann und daher habe ich das mal wieder laufen lann und die beigefügte OTL.txt erhalten. Ich hoffe ihr könnt mir hier weiterhelfen und einen Fix zur Verfügung stellen. VG Racer416 |
|
09.08.2013, 12:23
| #2 |
| /// Malware-holic   | Trojaner legt Windows 7 PC lahm Hi, folgenes tun:
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
09.08.2013, 14:16
| #3 |
| | Trojaner legt Windows 7 PC lahm Hallo,
__________________ich habe jetzt das FRST Log erstellt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-08-2013 02
Ran by SYSTEM on 09-08-2013 15:13:36
Running from L:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [XFastUsb] - C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2011-07-14] (FNet Co., Ltd.)
HKLM\...\Run: [CTSyncService] - C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ZyngaGamesAgent] - C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM\...\Run: [STCAgent] - C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [14848 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [1683456 2013-02-27] (Bandoo Media, inc)
HKU\Kisler\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [ 2012-01-20] (Microsoft Corporation)
HKU\Kisler\...\Run: [] - [x]
HKU\Kisler\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-05-16] (Nokia)
HKU\Kisler\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [ 2010-02-11] (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-08] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-07-14] (Creative Labs)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 SCBackService; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-07-14] (Creative Labs)
S2 WCUService_STC_IE; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] ()
==================== Drivers (Whitelisted) ====================
S1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-07-24] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-07-14] (FNet Co., Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 19:04 - 2013-08-09 19:05 - 00069498 _____ C:\OTL.Txt
2013-08-09 15:13 - 2013-08-09 15:13 - 00000000 ____D C:\FRST
2013-08-09 11:34 - 2013-08-09 11:34 - 00003314 _____ C:\Users\Kisler\Desktop\Windows-Kompatibilitätsbericht.htm
2013-08-09 11:31 - 2013-08-09 11:35 - 00002576 _____ C:\Windows\diagwrn.xml
2013-08-09 11:31 - 2013-08-09 11:35 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-09 11:28 - 2013-08-09 11:31 - 00000000 ____D C:\Upgrade
2013-08-09 08:23 - 2013-08-09 08:23 - 00000000 ____D C:\ProgramData\Creative Labs
2013-08-08 06:14 - 2013-08-08 16:06 - 00000000 ____D C:\users\TEMP.Kisler-PC
2013-08-08 06:14 - 2013-08-08 06:14 - 00000020 ___SH C:\Users\TEMP.Kisler-PC\ntuser.ini
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Startmenü
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Netzwerkumgebung
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Druckumgebung
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Documents\Eigene Musik
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Documents\Eigene Bilder
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\AppData\Local\Verlauf
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 ____D C:\Users\TEMP.Kisler-PC\AppData\Local\VirtualStore
2013-08-08 06:14 - 2012-08-15 12:24 - 00000000 ____D C:\Users\TEMP.Kisler-PC\AppData\Local\Microsoft Help
2013-08-08 06:14 - 2012-06-10 21:07 - 00000000 ____D C:\Users\TEMP.Kisler-PC\AppData\Roaming\Macromedia
2013-08-08 06:11 - 2013-08-08 06:11 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2013-08-08 06:11 - 2012-08-15 12:24 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2013-08-08 06:11 - 2012-06-10 21:07 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2013-07-31 15:10 - 2013-07-31 15:10 - 00000004 _____ C:\Users\Kisler\AppData\Roaming\cache.ini
2013-07-27 05:51 - 2013-07-27 05:51 - 00000000 ____D C:\Users\Kisler\AppData\Roaming\Mozilla
2013-07-14 11:42 - 2013-07-14 11:43 - 00000000 ____D C:\Users\Kisler\Documents\Gitti
2013-07-12 15:04 - 2013-07-12 15:04 - 00000000 ____D C:\Users\Kisler\AppData\Roaming\Avira
2013-07-12 15:02 - 2013-07-12 15:02 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-12 15:02 - 2013-07-12 15:02 - 00000000 ____D C:\ProgramData\APN
2013-07-12 15:02 - 2013-07-12 15:02 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-07-12 15:01 - 2013-07-12 15:01 - 00002016 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
==================== One Month Modified Files and Folders =======
2013-08-09 19:05 - 2013-08-09 19:04 - 00069498 _____ C:\OTL.Txt
2013-08-09 19:02 - 2012-12-19 16:37 - 00000000 ____D C:\users\DefaultAppPool
2013-08-09 19:02 - 2011-07-18 16:43 - 00000000 ____D C:\users\Kisler
2013-08-09 15:13 - 2013-08-09 15:13 - 00000000 ____D C:\FRST
2013-08-09 14:10 - 2011-07-14 13:01 - 01994182 _____ C:\Windows\WindowsUpdate.log
2013-08-09 14:09 - 2012-11-20 16:01 - 00002381 _____ C:\Windows\setupact.log
2013-08-09 14:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-09 13:16 - 2013-03-31 18:58 - 00000000 ____D C:\ProgramData\AutoKMS
2013-08-09 13:16 - 2012-11-18 15:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 12:23 - 2009-07-14 05:34 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 12:23 - 2009-07-14 05:34 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 11:35 - 2013-08-09 11:31 - 00002576 _____ C:\Windows\diagwrn.xml
2013-08-09 11:35 - 2013-08-09 11:31 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-09 11:34 - 2013-08-09 11:34 - 00003314 _____ C:\Users\Kisler\Desktop\Windows-Kompatibilitätsbericht.htm
2013-08-09 11:31 - 2013-08-09 11:28 - 00000000 ____D C:\Upgrade
2013-08-09 11:31 - 2012-11-20 16:01 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 11:27 - 2013-03-31 15:13 - 00000000 ____D C:\Users\Kisler\AppData\Local\jZip
2013-08-09 08:23 - 2013-08-09 08:23 - 00000000 ____D C:\ProgramData\Creative Labs
2013-08-09 08:13 - 2013-04-12 06:00 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-09 07:46 - 2010-11-20 22:48 - 00709430 _____ C:\Windows\PFRO.log
2013-08-08 19:14 - 2013-05-07 20:45 - 00073728 _____ (scochran@chattanooga.net) C:\Users\Kisler\Downloads\DBXtract.exe
2013-08-08 16:12 - 2010-11-20 22:01 - 01635972 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-08 16:06 - 2013-08-08 06:14 - 00000000 ____D C:\users\TEMP.Kisler-PC
2013-08-08 15:56 - 2012-03-29 17:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-08 15:56 - 2011-07-24 18:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-08 14:45 - 2013-05-07 11:44 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-08-08 07:03 - 2013-06-14 18:52 - 00000000 ____D C:\Program Files\Video Download Converter
2013-08-08 07:03 - 2013-03-31 15:12 - 00000000 ____D C:\Program Files\jZip
2013-08-08 07:03 - 2012-12-16 19:49 - 00000000 ____D C:\Program Files\Ask.com
2013-08-08 07:03 - 2012-12-16 19:49 - 00000000 ____D C:\Firefox
2013-08-08 07:03 - 2012-11-23 19:59 - 00000000 ____D C:\Users\Kisler\AppData\Local\JDownloader 0.9
2013-08-08 07:03 - 2011-09-10 16:46 - 00000000 ____D C:\Windows\System32\MAGIX
2013-08-08 07:03 - 2011-09-10 16:46 - 00000000 ____D C:\Program Files\MAGIX
2013-08-08 07:03 - 2011-07-30 19:02 - 00000000 ____D C:\brodnt
2013-08-08 07:03 - 2011-07-24 18:58 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-08 07:03 - 2011-07-24 18:57 - 00000000 ____D C:\Program Files\Google
2013-08-08 07:03 - 2011-07-24 08:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-08 07:03 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\ShellNew
2013-08-08 07:03 - 2011-04-12 02:38 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-08 07:03 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-08 07:03 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-08-08 07:03 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
2013-08-08 07:03 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-08 07:03 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-08-08 07:03 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-08 07:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-08-08 06:59 - 2012-08-25 13:34 - 00000000 ____D C:\ProgramData\Avira
2013-08-08 06:59 - 2011-09-10 16:47 - 00000000 ____D C:\ProgramData\MAGIX
2013-08-08 06:59 - 2011-07-24 18:58 - 00000000 ____D C:\Users\Kisler\AppData\Local\Google
2013-08-08 06:58 - 2012-10-18 19:12 - 00000000 ____D C:\Program Files\Avira
2013-08-08 06:58 - 2011-07-24 08:28 - 00000000 __RHD C:\MSOCache
2013-08-08 06:14 - 2013-08-08 06:14 - 00000020 ___SH C:\Users\TEMP.Kisler-PC\ntuser.ini
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Startmenü
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Netzwerkumgebung
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Druckumgebung
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Documents\Eigene Musik
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\Documents\Eigene Bilder
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 _SHDL C:\Users\TEMP.Kisler-PC\AppData\Local\Verlauf
2013-08-08 06:14 - 2013-08-08 06:14 - 00000000 ____D C:\Users\TEMP.Kisler-PC\AppData\Local\VirtualStore
2013-08-08 06:11 - 2013-08-08 06:11 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2013-08-08 06:11 - 2013-08-08 06:11 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2013-07-31 15:10 - 2013-07-31 15:10 - 00000004 _____ C:\Users\Kisler\AppData\Roaming\cache.ini
2013-07-27 05:51 - 2013-07-27 05:51 - 00000000 ____D C:\Users\Kisler\AppData\Roaming\Mozilla
2013-07-14 11:43 - 2013-07-14 11:42 - 00000000 ____D C:\Users\Kisler\Documents\Gitti
2013-07-12 15:04 - 2013-07-12 15:04 - 00000000 ____D C:\Users\Kisler\AppData\Roaming\Avira
2013-07-12 15:02 - 2013-07-12 15:02 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-12 15:02 - 2013-07-12 15:02 - 00000000 ____D C:\ProgramData\APN
2013-07-12 15:02 - 2013-07-12 15:02 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-07-12 15:01 - 2013-07-12 15:01 - 00002016 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
Files to move or delete:
====================
C:\Users\Kisler\AppData\Roaming\cache.dat
C:\Users\Kisler\AppData\Roaming\cache.ini
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-21 15:24:32
Restore point made on: 2013-07-31 15:16:13
Restore point made on: 2013-07-31 15:50:59
Restore point made on: 2013-08-08 05:50:04
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 4095.3 MB
Available physical RAM: 3571.96 MB
Total Pagefile: 4093.59 MB
Available Pagefile: 3566.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.12 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:193.37 GB) NTFS
Drive l: () (Removable) (Total:1.95 GB) (Free:0.66 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2CA52CA4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 2 GB) (Disk ID: 6AC7D2AD)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
LastRegBack: 2013-08-02 10:27
==================== End Of Log ============================
--- --- --- Ich hoffe, dass hilft Euch und mir weiter. |
|
09.08.2013, 14:37
| #4 |
| /// Malware-holic | Trojaner legt Windows 7 PC lahm Hi, Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Kisler\AppData\Roaming\cache.dat
C:\Users\Kisler\AppData\Roaming\cache.ini
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Wenn der Start in den normalen Modus klappt: 2. Navigiere bitte zu: C:\FRST\Quarantine Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen. Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojaner legt Windows 7 PC lahm |
| eingefangen, erfahrung, erhalte, fix, gefangen, gen, hallo zusammen, hoffe, lahm, lan, laufe, laufen, nicht mehr, otl.txt, otlpe, pc lahm, rechner, schei, stelle, troja, trojaner, weiterhelfen, windows, windows 7, zusammen |
Hybrid-Darstellung
