| |
| |||||||
Log-Analyse und Auswertung: Win 7pro: WM/Bartallex.gbf + DR/Delphi.Gen + Diverse andere MeldungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.04.2015, 08:54
| #28 |
 |  Win 7pro: WM/Bartallex.gbf + DR/Delphi.Gen + Diverse andere Meldungen Hallo Schrauber, zurück nach Kurzurlaub hier nun der erneute Versuch, das Problem in den Griff zu bekommen. hier die letzte FRST log aus der Reparaturoption: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by SYSTEM on MININT-88JIHN1 on 10-04-2015 09:45:12 Running from H:\ Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet003 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [362032 2009-11-12] (Acronis) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.) HKLM-x32\...\Run: [SfWinStartInfo] => C:\Program Files (x86)\SFirm32\sfWinStartupInfo.exe [128392 2010-12-20] (SFirm Hannover) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5140960 2009-11-12] (Acronis) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.) HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-04-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKU\Michael Berger\...\Run: [TBPanel] => C:\Program Files (x86)\Vtune\TBPanel.exe [2158592 2009-05-12] () HKU\Michael Berger\...\Run: [S60 PC Suite Tray] => C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe [699392 2008-12-06] () HKU\Michael Berger\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated) Startup: C:\Users\Michael Berger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG) S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG) S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-10] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () S3 nmwcdsacjx64; C:\Windows\System32\drivers\nmwcdsacjx64.sys [17408 2007-05-02] (Nokia) S3 nmwcdsacx64; C:\Windows\System32\drivers\nmwcdsacx64.sys [12288 2007-05-02] (Nokia) S3 nmwcdsax64; C:\Windows\System32\drivers\nmwcdsax64.sys [171008 2007-05-02] (Nokia) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2012-02-17] (Duplex Secure Ltd.) S2 TBPanel; No ImagePath S0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-02-16] (Acronis) S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation) S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-01 19:18 - 2015-04-10 08:15 - 00000224 _____ () C:\Windows\setupact.log 2015-04-01 19:18 - 2015-04-01 19:18 - 00007174 _____ () C:\Windows\PFRO.log 2015-04-01 19:18 - 2015-04-01 19:18 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-01 10:18 - 2015-04-10 08:18 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2015-04-01 10:18 - 2015-04-01 10:18 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-01 10:18 - 2015-04-01 10:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-01 10:18 - 2015-03-17 05:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2015-04-01 10:18 - 2015-03-17 05:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2015-04-01 10:18 - 2015-03-17 05:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2015-04-01 10:09 - 2015-04-01 10:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-01 10:09 - 2015-04-01 10:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-01 09:50 - 2015-04-01 09:50 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute 2015-03-30 14:51 - 2015-03-30 14:51 - 00000000 ____D () C:\ProgramData\FLEXnet 2015-03-30 14:28 - 2015-03-30 14:28 - 00000000 ____D () C:\Windows\Sun 2015-03-30 09:45 - 2015-03-30 09:45 - 00000693 _____ () C:\Users\Michael Berger\Desktop\JRT.txt 2015-03-29 19:51 - 2015-03-29 19:51 - 00000000 ____D () C:\Users\Michael Berger\300dpi 2015-03-29 18:59 - 2015-03-29 18:59 - 01530720 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-03-29 18:52 - 2015-03-29 18:52 - 00022266 _____ () C:\ComboFix.txt 2015-03-29 18:34 - 2015-03-29 18:52 - 00000000 ____D () C:\Qoobox 2015-03-29 18:34 - 2015-03-29 18:50 - 00000000 ____D () C:\Windows\erdnt 2015-03-29 18:34 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-29 18:34 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-29 18:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-29 18:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-29 18:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-29 18:34 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-29 18:34 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-29 18:34 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-27 10:15 - 2015-04-10 09:45 - 00000000 ____D () C:\FRST 2015-03-25 12:31 - 2015-03-25 12:31 - 00000020 _____ () C:\Users\Michael Berger\defogger_reenable 2015-03-25 09:07 - 2015-03-29 18:55 - 00000000 ____D () C:\MalwareBytes 2015-03-24 17:38 - 2015-03-30 09:36 - 00000000 ____D () C:\AdwCleaner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 08:41 - 2010-03-16 16:31 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A4615E0D-38EC-44B6-BA17-62D20A8D9AE7} 2015-04-10 08:41 - 2010-02-07 21:56 - 01894465 _____ () C:\Windows\WindowsUpdate.log 2015-04-10 08:38 - 2010-04-09 16:33 - 00000000 ____D () C:\Users\Michael Berger\Documents\Outlook-Dateien 2015-04-10 08:28 - 2012-06-27 09:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-10 08:23 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-10 08:23 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-10 08:19 - 2009-07-14 18:58 - 00659592 _____ () C:\Windows\System32\perfh007.dat 2015-04-10 08:19 - 2009-07-14 18:58 - 00131724 _____ () C:\Windows\System32\perfc007.dat 2015-04-10 08:19 - 2009-07-14 06:13 - 01507502 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-04-10 08:18 - 2013-12-21 11:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-10 08:18 - 2013-04-09 10:30 - 00000000 ___RD () C:\Users\Michael Berger\Dropbox 2015-04-10 08:17 - 2013-12-21 11:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-10 08:17 - 2013-04-09 10:25 - 00000000 ____D () C:\Users\Michael Berger\AppData\Roaming\Dropbox 2015-04-10 08:17 - 2010-02-08 01:17 - 00000000 ____D () C:\ProgramData\SFirm32 2015-04-10 08:17 - 2010-02-08 01:17 - 00000000 ____D () C:\Program Files (x86)\SFirm32 2015-04-10 08:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-01 10:42 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\System32\FxsTmp 2015-04-01 10:03 - 2010-04-09 23:49 - 00000000 ____D () C:\Users\Michael Berger\AppData\Roaming\vimeo.Duplo.3E2F2984357E7A95AE95C69EF2C5C14640284048.1 2015-04-01 10:02 - 2011-11-08 22:47 - 00000000 ____D () C:\ProgramData\Skype 2015-04-01 10:01 - 2011-11-08 22:47 - 00000000 ____D () C:\Users\Michael Berger\AppData\Roaming\Skype 2015-04-01 09:58 - 2010-11-30 12:22 - 00000000 ____D () C:\Program Files (x86)\Deutsche Post AG 2015-04-01 09:56 - 2010-02-07 22:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-04-01 09:39 - 2010-02-07 23:12 - 00000000 ____D () C:\Users\Michael Berger\AppData\Local\Google 2015-04-01 09:39 - 2010-02-07 23:12 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-01 09:37 - 2012-02-28 20:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-31 17:47 - 2010-10-28 13:30 - 00000000 ____D () C:\ProgramData\TEMP 2015-03-29 19:51 - 2010-02-07 22:05 - 00000000 ____D () C:\users\Michael Berger 2015-03-29 18:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-19 13:42 - 2014-08-28 09:28 - 00000000 ____D () C:\Users\Michael Berger\AppData\Local\Adobe 2015-03-19 12:19 - 2010-04-03 07:51 - 00000000 ____D () C:\Users\Michael Berger\AppData\Roaming\vlc 2015-03-19 11:52 - 2012-12-17 08:44 - 00002030 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-03-18 15:31 - 2010-02-24 08:40 - 00000000 ____D () C:\ProgramData\SFirm32_Datensicherungen Some content of TEMP: ==================== C:\Users\Michael Berger\AppData\Local\Temp\avgnt.exe C:\Users\Michael Berger\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8nkyka.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe [2011-04-27 08:27] - [2011-02-26 06:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4095.24 MB Available physical RAM: 3438.06 MB Total Pagefile: 4093.39 MB Available Pagefile: 3430.07 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:8.56 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: () (Fixed) (Total:100.1 GB) (Free:66.18 GB) NTFS Drive f: () (Fixed) (Total:265.56 GB) (Free:4.15 GB) NTFS Drive h: () (Removable) (Total:3.73 GB) (Free:3.61 GB) FAT32 Drive i: (Elements) (Fixed) (Total:298.08 GB) (Free:68.99 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: BAE3EF02) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=265.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 298.1 GB) (Disk ID: 41FFC810) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) LastRegBack: 2015-03-25 12:19 ==================== End Of Log ============================ Ich hoffe Dir fällt doch noch ein Weg ein, das Problem zu knacken... |
| Themen zu Win 7pro: WM/Bartallex.gbf + DR/Delphi.Gen + Diverse andere Meldungen |
| adware/browsefox.gen4, auftrag, dr/delphi.gen, exp/cve-2010-0188.lsk, exp/pidief.cvn, heur/macro.downloader, install.exe, launch, pua/downloadsponsor.gen, pua/installcore.gen, pua/installcore.gen7, pua/outbrowse.gen, pup.optional.goforfiles.a, pup.optional.remarkit.a, pup.optional.softwareupdater.a, pup.optional.spigot.a, pup.optional.wajam.a, required, tr/changeling.a.3597, tr/crypt.zpack.97308, tr/drop.agent.130560, w97m/dldr.docdi.a, wm/agent.peag, wm/bartallex.gbf, wm/dldr.agent.24576, wm/dotty.a.1, wm/downloader.kjhn, wm/poiag.olse, wm/potty.uaja, wm/veby.142848 |
Baum-Darstellung