|
Plagegeister aller Art und deren Bekämpfung: TROJ_AUTORUN.JBK auf USB-StickWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.07.2009, 09:35 | #1 |
| TROJ_AUTORUN.JBK auf USB-Stick Moin, nun hat es auch mich erwischt: TROJ_AUTORUN.JBK ist meine Heimsuchung. Was er genau auf meinem Rechner fieses macht, weiß ich noch nicht. Auf jeden Fall infiziert er alle USB-Sticks, indem er eine autorun.inf ins USB-Stick-Wurzelverzeichnis schreibt. Zusätzlich wird ein verstecktes Verzeichnis RECYCLE angelegt, in welchem die passende recycled.exe hinterlegt wird. In der autorun.inf wird natürlich auf diese exe verwiesen. Nun, wenn man das weiß, kann man natürlich sowohl Verzeichnis als auch die autorun.inf löschen. Doch der Virus ist damit ja nicht entfernt, sondern lediglich ein Teil seines Machwerks. Personal AntiVir (free) mit alter (Juni) Signatur findet keinen Virus; ein Update schlägt fehl mit dem Hinweis auf eine ungültige Lizenzdatei. OfficeScan von TrendMicro findet "nur" einen IRC-Trojaner, den er gleich in die Quarantäne schiebt. Dennoch bleibt das USB-Stick-Verhalten. D.h. seit OfficeScan einen ungültigen Zugriff des Systems auf <USB-Stick-LW>\autorun.inf feststellt und blockiert, wird nur noch das RECYCLE-Verzeichnis angelegt. Aber weg ist der Virus damit offenbar noch nicht. Hat hier jemand eine Idee, wie ich den weg bekomme? Anbei das traditionelle HJT-Log, in dem - für mich erstaunlich - es keinen Registry-Eintrag mit recycled.exe gibt. Obwohl ich ihn selbst in einem Kauderwelsch-Schlüssel unter HKEY_CURRENT_USER\Software\Microsoft Windows\CurrentVersion\explorer\mountpoints2\... gefunden habe. Weiterhin - dass mein Firefox portable in den PortableApps (USB-Stick) beim Klick auf Google-Suchergebnisse über Umwege auf irgendwas mit 12find landet, finde ich nicht normal - Virus oder "einfache Umleitung"? Ich meine, dieser USB-Stick wurde auch von dem o.a. autorun-Eumel infiziert. Inzwischen habe ich das RECYCLE-Verzeichnis von dort entfernt, ebenso die autorun.inf. Trotzdem bleibt diese redirect-"Funktion" beim FF. Ah, cool - stelle gerade fest, dass ich mit diesem infizierten FF-portable auch keine Dateien mehr hochladen kann bei abload oder imageshack - bei Klick auf die Buttons passiert nix... Hier das HJT-Log des infizierten Laptops: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:22:26, on 28.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe D:\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe D:\Avira\AntiVir PersonalEdition Classic\avguard.exe d:\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Dell Network Assistant\hnm_svc.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe D:\MySQL Server 5.0\bin\mysqld-nt.exe C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe D:\Trend Micro\OfficeScan Client\ntrtscan.exe D:\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe D:\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe D:\Sandboxie\SbieSvc.exe D:\Trend Micro\OfficeScan Client\tmlisten.exe D:\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Trend Micro\OfficeScan\PCCSRV\WSS\iCRCService.exe D:\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe D:\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Dell\QuickSet\quickset.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe C:\Programme\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\system32\dla\tfswctrl.exe D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Photoshop Elements 6.0\apdproxy.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Programme\Java\jre6\bin\jusched.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe D:\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Dell Support\DSAgnt.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Programme\Dell Network Assistant\ezi_hnm2.exe C:\Programme\Digital Line Detect\DLG.exe D:\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\ApacheMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\system32\taskmgr.exe D:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de/hws/sb/dell-row/de/side.html?channel=de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de/hws/sb/dell-row/de/side.html?channel=de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.de/hws/sb/dell-row/de/side.html?channel=de R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdates.asp?p={1A15507A-8551-4626-915D-3D5FA095CC1B}&r=10.0&v=ISUA%204.50&u={C3357C5B-2B29-49AC-AAC5-C3B0BA784826}&l=1031&K=ZCE9CB0A8BEBCF7FFBEAC87386E8B978FC9BC978F59FCF0EFCEAC90BFE9CBD09889DC708FDEAC R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: MSN helper - {61DC85A0-4A32-4c38-92CF-24652B3F416C} - locsock32.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Free Download Manager\iefdmcks.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Programme\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "D:\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Programme\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://D:\Free Download Manager\dllink.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2 - Apache Software Foundation - d:\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programme\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: MySQL - Unknown owner - D:\MySQL.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - D:\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - D:\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe O23 - Service: OfficeScan Control Manager Agent (OfficeScanCMAgent) - Trend Micro Inc. - D:\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe O23 - Service: OfficeScan Active Directory Integration Service (OSCEIntegrationService) - Unknown owner - D:\Trend Micro\OfficeScan\PCCSRV\web\service\osceintegrationservice.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - D:\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - D:\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Sandboxie\SbieSvc.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOKUME~1\HARALD~1\LOKALE~1\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - D:\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe O23 - Service: Trend Micro Smart Scan Server (TMiCRCScanService) - Trend Micro Inc. - D:\Trend Micro\OfficeScan\PCCSRV\WSS\iCRCService.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - D:\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - D:\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 14061 bytes |
28.07.2009, 18:06 | #2 | |
/// Helfer-Team | TROJ_AUTORUN.JBK auf USB-Stick Hallo und Herzlich Willkommen!
__________________Zitat:
- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe: 1. ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen:: → Klicke unter Start auf Arbeitsplatz. → Klicke im Menü Extras auf Ordneroptionen. → Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen → Geschützte und Systemdateien ausblenden → Haken entfernen → Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen. → Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein. 2. Für XP und Win2000 (ansonsten auslassen) → lade Dir das filelist.zip auf deinen Desktop herunter → entpacke die Zip-Datei auf deinen Desktop → starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen → kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread ** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen! 3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! 5. Lade und installiere das Tool RootRepeal herunter - setze einen Hacken bei: "Drivers", "Stealth Objects" und "Hidden Services" dann klick auf "OK" - nach der Scan, klick auf "Save Report" - speichere das Logfile als RootRepeal.txt auf dem Desktop und Kopiere den Inhalt hier in den Thread Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post: → vor dein log schreibst du:[code] hier kommt dein logfile rein → dahinter:[/code] gruß Coverflow |
29.07.2009, 13:38 | #3 | |
| TROJ_AUTORUN.JBK auf USB-Stick >Hallo und Herzlich Willkommen!
__________________Danke. >Falls du doch für die Systemreinigung entscheidest: Mache ich - ich will wissen, wer oder was mich da so ärgert, sprich wie ich mir den Vogel eingefangen habe, damit ich das zukünftig vermeiden kann. >2. Biddeschön die Ausgabe aus Filelist: Zitat:
|
29.07.2009, 13:39 | #4 | ||
| TROJ_AUTORUN.JBK auf USB-Stick >3. Die von CCleaner aufgelisteten installierten Programme: Zitat:
>4. Biddeschön die gmer-Ausgabe (dauerte ordentlich lange, ein paar Stunden...^^): Zitat:
|
29.07.2009, 13:43 | #5 |
| TROJ_AUTORUN.JBK auf USB-Stick >5. Biddeschön die Ausgabe von RootRepeal. Bei HiddenServices hat er nichts gefunden. [code] ROOTREPEAL (c) AD, 2007-2009 Program Version: Version 1.3.3.0 Windows Version: Windows XP Media Center Edition SP3 Drivers ------------------- Name: Image Path: Address: 0xB9EE2000 Size: 98304 File Visible: No Signed: - Status: - Name: Image Path: Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: 1394BUS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS Address: 0xBA118000 Size: 57344 File Visible: - Signed: - Status: - Name: a347bus.sys Image Path: a347bus.sys Address: 0xB9F7F000 Size: 160640 File Visible: - Signed: - Status: - Name: a347scsi.sys Image Path: a347scsi.sys Address: 0xBA5AC000 Size: 5248 File Visible: - Signed: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xB9F50000 Size: 188800 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: AegisP.sys Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys Address: 0xBA470000 Size: 19232 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xB0A85000 Size: 138496 File Visible: - Signed: - Status: - Name: AnyDVD.sys Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys Address: 0xBA448000 Size: 20096 File Visible: - Signed: - Status: - Name: APPDRV.SYS Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS Address: 0xB0C62000 Size: 16128 File Visible: - Signed: - Status: - Name: arp1394.sys Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys Address: 0xBA258000 Size: 60800 File Visible: - Signed: - Status: - Name: ati2cqag.dll Image Path: C:\WINDOWS\System32\ati2cqag.dll Address: 0xBF055000 Size: 282624 File Visible: - Signed: - Status: - Name: ati2dvag.dll Image Path: C:\WINDOWS\System32\ati2dvag.dll Address: 0xBF012000 Size: 274432 File Visible: - Signed: - Status: - Name: ati2mtag.sys Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Address: 0xB946E000 Size: 1638400 File Visible: - Signed: - Status: - Name: ati3duag.dll Image Path: C:\WINDOWS\System32\ati3duag.dll Address: 0xBF0DC000 Size: 2756608 File Visible: - Signed: - Status: - Name: atikvmag.dll Image Path: C:\WINDOWS\System32\atikvmag.dll Address: 0xBF09A000 Size: 270336 File Visible: - Signed: - Status: - Name: ativvaxx.dll Image Path: C:\WINDOWS\System32\ativvaxx.dll Address: 0xBF37D000 Size: 1753088 File Visible: - Signed: - Status: - Name: audstub.sys Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBA7C3000 Size: 3072 File Visible: - Signed: - Status: - Name: avgio.sys Image Path: D:\Avira\AntiVir PersonalEdition Classic\avgio.sys Address: 0xBA618000 Size: 6144 File Visible: - Signed: - Status: - Name: avgntflt.sys Image Path: D:\Avira\AntiVir PersonalEdition Classic\avgntflt.sys Address: 0xAC52D000 Size: 81920 File Visible: - Signed: - Status: - Name: avipbb.sys Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Address: 0xB0924000 Size: 69632 File Visible: - Signed: - Status: - Name: avmbtpar.sys Image Path: C:\WINDOWS\system32\DRIVERS\avmbtpar.sys Address: 0xB95FE000 Size: 60032 File Visible: - Signed: - Status: - Name: avmbtser.sys Image Path: C:\WINDOWS\system32\DRIVERS\avmbtser.sys Address: 0xBA1B8000 Size: 61056 File Visible: - Signed: - Status: - Name: avmbtsnd.sys Image Path: C:\WINDOWS\system32\drivers\avmbtsnd.sys Address: 0xBA198000 Size: 49664 File Visible: - Signed: - Status: - Name: avmcowan.sys Image Path: C:\WINDOWS\system32\DRIVERS\avmcowan.sys Address: 0xB967E000 Size: 53248 File Visible: - Signed: - Status: - Name: avmdsloe.sys Image Path: C:\WINDOWS\system32\DRIVERS\avmdsloe.sys Address: 0xB966E000 Size: 39552 File Visible: - Signed: - Status: - Name: avmndsl.sys Image Path: C:\WINDOWS\system32\DRIVERS\avmndsl.sys Address: 0xB965E000 Size: 38720 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS Address: 0xBA4C0000 Size: 16384 File Visible: - Signed: - Status: - Name: bcm4sbxp.sys Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys Address: 0xBA138000 Size: 45312 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xBA600000 Size: 4224 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: - Status: - Name: capi_cip.sys Image Path: C:\WINDOWS\system32\DRIVERS\capi_cip.sys Address: 0xB917E000 Size: 374144 File Visible: - Signed: - Status: - Name: Cdfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xBA2E8000 Size: 63744 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xBA178000 Size: 62976 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: - Status: - Name: CmBatt.sys Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys Address: 0xB9C71000 Size: 13952 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: compbatt.sys Address: 0xBA4BC000 Size: 10240 File Visible: - Signed: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: - Status: - Name: dmio.sys Image Path: dmio.sys Address: 0xB9EFA000 Size: 154112 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xB968E000 Size: 61440 File Visible: - Signed: - Status: - Name: drvmcdb.sys Image Path: drvmcdb.sys Address: 0xB9E83000 Size: 85344 File Visible: - Signed: - Status: - Name: drvnddm.sys Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys Address: 0xBA2D8000 Size: 38240 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB08AF000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA63E000 Size: 8192 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xB0945000 Size: 12288 File Visible: - Signed: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 File Visible: - Signed: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xBA70A000 Size: 4096 File Visible: - Signed: - Status: - Name: ElbyCDIO.sys Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys Address: 0xBA60A000 Size: 8064 File Visible: - Signed: - Status: - Name: Fastfat.SYS Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS Address: 0xB08D8000 Size: 143744 File Visible: - Signed: - Status: - Name: Fips.SYS Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xBA268000 Size: 44672 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: fltmgr.sys Address: 0xB9EAA000 Size: 129792 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xBA5FC000 Size: 7936 File Visible: - Signed: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xB9F20000 Size: 126336 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806E5000 Size: 134400 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xB9432000 Size: 163840 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xBA4A0000 Size: 28672 File Visible: - Signed: - Status: - Name: HSF_CNXT.sys Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys Address: 0xB0C6A000 Size: 717952 File Visible: - Signed: - Status: - Name: HSF_DPV.sys Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys Address: 0xB0D1A000 Size: 1035008 File Visible: - Signed: - Status: - Name: HSFHWAZL.sys Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys Address: 0xB0E17000 Size: 201600 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xADFE3000 Size: 264832 File Visible: - Signed: - Status: - Name: i2omgmt.SYS Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Address: 0xB9C79000 Size: 8576 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xBA158000 Size: 52992 File Visible: - Signed: - Status: - Name: imapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xBA168000 Size: 42112 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xBA318000 Size: 40448 File Visible: - Signed: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xB0AA7000 Size: 152832 File Visible: - Signed: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xB0B4E000 Size: 75264 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xBA0A8000 Size: 37632 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBA440000 Size: 25216 File Visible: - Signed: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: - Status: - Name: kmixer.sys Image Path: C:\WINDOWS\system32\drivers\kmixer.sys Address: 0xAC412000 Size: 172416 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xB91FE000 Size: 143360 File Visible: - Signed: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xB9E6C000 Size: 92288 File Visible: - Signed: - Status: - Name: mdmxsdk.sys Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys Address: 0xAE120000 Size: 11840 File Visible: - Signed: - Status: - Name: mnmdd.SYS Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xBA602000 Size: 4224 File Visible: - Signed: - Status: - Name: Modem.SYS Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS Address: 0xBA478000 Size: 30336 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBA438000 Size: 23552 File Visible: - Signed: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xAE1C9000 Size: 180608 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xB095D000 Size: 455296 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xBA4B0000 Size: 19072 File Visible: - Signed: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xB961E000 Size: 35072 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xB9C35000 Size: 15488 File Visible: - Signed: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xB9D1E000 Size: 105344 File Visible: - Signed: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xB9DB2000 Size: 182656 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xB9C55000 Size: 10112 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xAE436000 Size: 14592 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB9167000 Size: 91520 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xBA1D8000 Size: 40576 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xBA218000 Size: 34688 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xB0ACD000 Size: 162816 File Visible: - Signed: - Status: - Name: nic1394.sys Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys Address: 0xBA1A8000 Size: 61824 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xBA340000 Size: 30848 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xB9DDF000 Size: 574976 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xBA799000 Size: 2944 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: ohci1394.sys Address: 0xBA108000 Size: 61696 File Visible: - Signed: - Status: - Name: omci.sys Image Path: C:\WINDOWS\system32\DRIVERS\omci.sys Address: 0xBA468000 Size: 17088 File Visible: - Signed: - Status: - Name: packet.sys Image Path: C:\WINDOWS\system32\DRIVERS\packet.sys Address: 0xAE652000 Size: 12672 File Visible: - Signed: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xBA330000 Size: 19712 File Visible: - Signed: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xB9F3F000 Size: 68224 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xBA670000 Size: 3328 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xBA328000 Size: 28672 File Visible: - Signed: - Status: - Name: Pcouffin.sys Image Path: C:\WINDOWS\System32\Drivers\Pcouffin.sys Address: 0xB960E000 Size: 47360 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xB91DA000 Size: 147456 File Visible: - Signed: - Status: - Name: PQNTDrv.SYS Image Path: C:\WINDOWS\System32\Drivers\PQNTDrv.SYS Address: 0xBA70E000 Size: 2688 File Visible: - Signed: - Status: - Name: psched.sys Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB912E000 Size: 69120 File Visible: - Signed: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBA458000 Size: 17792 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xBA0F8000 Size: 36320 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xB9163000 Size: 8832 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xB964E000 Size: 51328 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xB963E000 Size: 41472 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xB962E000 Size: 48384 File Visible: - Signed: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBA460000 Size: 16512 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xB09CD000 Size: 175744 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xBA604000 Size: 4224 File Visible: - Signed: - Status: - Name: rdpdr.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xB90FE000 Size: 196224 File Visible: - Signed: - Status: - Name: redbook.sys Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xBA188000 Size: 57728 File Visible: - Signed: - Status: - Name: rimmptsk.sys Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys Address: 0xBA430000 Size: 28544 File Visible: - Signed: - Status: - Name: rimsptsk.sys Image Path: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys Address: 0xBA148000 Size: 51328 File Visible: - Signed: - Status: - Name: rixdptsk.sys Image Path: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys Address: 0xB9250000 Size: 307968 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAC4BD000 Size: 49152 File Visible: No Signed: - Status: - Name: s24trans.sys Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys Address: 0xAE64A000 Size: 13568 File Visible: - Signed: - Status: - Name: SbieDrv.sys Image Path: D:\Sandboxie\SbieDrv.sys Address: 0xAD432000 Size: 126976 File Visible: - Signed: - Status: - Name: SCSIPORT.SYS Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS Address: 0xB9ECA000 Size: 98304 File Visible: - Signed: - Status: - Name: sdbus.sys Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys Address: 0xB929C000 Size: 79232 File Visible: - Signed: - Status: - Name: snapman.sys Image Path: snapman.sys Address: 0xB9D38000 Size: 107104 File Visible: - Signed: - Status: - Name: sr.sys Image Path: sr.sys Address: 0xB9E98000 Size: 73472 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xADF69000 Size: 333952 File Visible: - Signed: - Status: - Name: sscdbhk5.sys Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys Address: 0xBA5E2000 Size: 5568 File Visible: - Signed: - Status: - Name: ssmdrv.sys Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys Address: 0xBA378000 Size: 21248 File Visible: - Signed: - Status: - Name: ssrtln.sys Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys Address: 0xBA498000 Size: 23488 File Visible: - Signed: - Status: - Name: sthda.sys Image Path: C:\WINDOWS\system32\drivers\sthda.sys Address: 0xB0E49000 Size: 1111840 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xBA5E4000 Size: 4352 File Visible: - Signed: - Status: - Name: SynTP.sys Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys Address: 0xB9221000 Size: 191872 File Visible: - Signed: - Status: - Name: sysaudio.sys Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xAD3A2000 Size: 60800 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xB0AF5000 Size: 361600 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBA450000 Size: 20480 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xBA1C8000 Size: 40704 File Visible: - Signed: - Status: - Name: tfsnboio.sys Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys Address: 0xBA3F8000 Size: 25824 File Visible: - Signed: - Status: - Name: tfsncofs.sys Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys Address: 0xBA2F8000 Size: 34784 File Visible: - Signed: - Status: - Name: tfsndrct.sys Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys Address: 0xBA6B9000 Size: 4064 File Visible: - Signed: - Status: - Name: tfsndres.sys Image Path: C:\WINDOWS\system32\dla\tfsndres.sys Address: 0xBA6B6000 Size: 2208 File Visible: - Signed: - Status: - Name: tfsnifs.sys Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys Address: 0xAE5E8000 Size: 86528 File Visible: - Signed: - Status: - Name: tfsnopio.sys Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys Address: 0xAE7E3000 Size: 15168 File Visible: - Signed: - Status: - Name: tfsnpool.sys Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys Address: 0xBA5B0000 Size: 6304 File Visible: - Signed: - Status: - Name: tfsnudf.sys Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys Address: 0xAE5CF000 Size: 98656 File Visible: - Signed: - Status: - Name: tfsnudfa.sys Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys Address: 0xAE5B6000 Size: 100544 File Visible: - Signed: - Status: - Name: tifsfilt.sys Image Path: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys Address: 0xBA3F0000 Size: 32320 File Visible: - Signed: - Status: - Name: timntr.sys Image Path: timntr.sys Address: 0xB9D53000 Size: 388800 File Visible: - Signed: - Status: - Name: tmactmon.sys Image Path: C:\WINDOWS\system32\drivers\tmactmon.sys Address: 0xAE164000 Size: 77824 File Visible: - Signed: - Status: - Name: tmcomm.sys Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys Address: 0xAE19F000 Size: 172032 File Visible: - Signed: - Status: - Name: tmevtmgr.sys Image Path: C:\WINDOWS\system32\drivers\tmevtmgr.sys Address: 0xAE336000 Size: 61440 File Visible: - Signed: - Status: - Name: TmPreFlt.sys Image Path: D:\Trend Micro\OfficeScan Client\TmPreFlt.sys Address: 0xBA2C8000 Size: 53248 File Visible: - Signed: - Status: - Name: tmtdi.sys Image Path: C:\WINDOWS\system32\DRIVERS\tmtdi.sys Address: 0xB09F8000 Size: 71680 File Visible: - Signed: - Status: - Name: TmXPFlt.sys Image Path: D:\Trend Micro\OfficeScan Client\TmXPFlt.sys Address: 0xAE5FE000 Size: 294912 File Visible: - Signed: - Status: - Name: truecrypt.sys Image Path: C:\WINDOWS\System32\drivers\truecrypt.sys Address: 0xB0A52000 Size: 208512 File Visible: - Signed: - Status: - Name: Udfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS Address: 0xB08C7000 Size: 66048 File Visible: - Signed: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB90A0000 Size: 384768 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xBA5E0000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBA428000 Size: 30208 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBA208000 Size: 59520 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB92B0000 Size: 147456 File Visible: - Signed: - Status: - Name: USBSTOR.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Address: 0xBA370000 Size: 26368 File Visible: - Signed: - Status: - Name: usbuhci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xBA420000 Size: 20608 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xBA4A8000 Size: 20992 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB945A000 Size: 81920 File Visible: - Signed: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xBA0C8000 Size: 53760 File Visible: - Signed: - Status: - Name: VSApiNt.sys Image Path: D:\Trend Micro\OfficeScan Client\VSApiNt.sys Address: 0xAE66E000 Size: 1213344 File Visible: - Signed: - Status: - Name: w39n51.sys Image Path: C:\WINDOWS\system32\DRIVERS\w39n51.sys Address: 0xB92D4000 Size: 1429632 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xBA248000 Size: 34560 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xBA3B8000 Size: 20480 File Visible: - Signed: - Status: - Name: wdmaud.sys Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xAD1ED000 Size: 83072 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - [/code] |
29.07.2009, 13:44 | #6 |
| TROJ_AUTORUN.JBK auf USB-Stick Und last but not least: Biddeschön der zweite Teil der Ausgabe von RootRepeal. [code] ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/07/29 14:16 Program Version: Version 1.3.3.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8a878e48 Size: 11 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x8a492838 Size: 11 Object: Hidden Code [Driver: UdfsЅఆ䵃慖, IRP_MJ_READ] Process: System Address: 0x8a487f10 Size: 11 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a4698a0 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_READ] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_WRITE] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_EA] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_EA] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLEANUP] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP] Process: System Address: 0x8a445b88 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_READ] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x8a491160 Size: 99 Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ] Process: System Address: 0x8a4d4a68 Size: 11 Object: Hidden Code [Driver: Srv, IRP_MJ_READ] Process: System Address: 0x899420d8 Size: 11 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8a4d4e98 Size: 11 Object: Hidden Code [Driver: NpfsЅఆ剒敬0, IRP_MJ_READ] Process: System Address: 0x8a2a7260 Size: 11 Object: Hidden Code [Driver: Msfsࠅఆ剒敬π, IRP_MJ_READ] Process: System Address: 0x8a5cce28 Size: 11 Object: Hidden Code [Driver: tfsndrctȆఄ䵃奌䌨, IRP_MJ_READ] Process: System Address: 0x8a4e4678 Size: 11 Object: Hidden Code [Driver: tfsnboioࠆ扏煓ࠁఊ瑔摦─逈, IRP_MJ_READ] Process: System Address: 0x8a4ae168 Size: 11 Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ] Process: System Address: 0x8a2aba00 Size: 11 Object: Hidden Code [Driver: tfsnudfaІ䵃慖Ёఏ灇敦珨, IRP_MJ_READ] Process: System Address: 0x897ad5f0 Size: 11 Object: Hidden Code [Driver: tfsnudf, IRP_MJ_READ] Process: System Address: 0x8a2842f0 Size: 11 Object: Hidden Code [Driver: Cdfs扏煓అ浗灩PROCESSO, IRP_MJ_READ] Process: System Address: 0x8a4844d0 Size: 11 Object: Hidden Code [Driver: tfsncofsȆ䵃慖ȁఉ瑎捦܉@考, IRP_MJ_READ] Process: System Address: 0x8a4e4798 Size: 11 [/code] Schon mal vielen Dank für die Hilfe! BTW System neu aufsetzen - also den USB-Stick plätten und die PortableApps neu installieren? Oder bekomme ich vielleicht doch, wenn ja wie, die Google-Umleitung im Firefox portable weg, ohne dass Restschädlinge bleiben? |
29.07.2009, 22:56 | #7 | ||
/// Helfer-Team | TROJ_AUTORUN.JBK auf USB-Stick hi 1. Schalte alle Anwendungen und Programme ab (aus dem Autostart & Dienste), die möglicherweise die Bereinigung behindern könnten Antivirenprogramm und Firewall nicht abschalten!!: Code:
ATTFilter **Spybot + TeaTimer Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten): Zitat:
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. starte dein System neu auf 4. - **Speichermedien wie Externe Festplatte/USB-Stick usw bitte anschließen, halte dabei die Shift-Taste gedrückt! - Lade das Combofix von einem der folgenden Download Spiegel herunter: BleepingComputer - ForoSpyware - Wichtig!: installiere auf den Desktop - Antiviren, - und andere Schutz/Spyprogramme bitte deaktivieren - Schließe jeder externe Datenträger (USB Stick und USB Festplatte etc) an dein Computer an - dabei die Shift-Taste bitte unbedingt gedrückt halten! - Per Doppelklick die ComboFix.exe starten und den Anweisungen folgen - Falls die Microsoft-Windows-Wiederherstellungskonsole auf dein Rechner nicht installiert ist, und wenn du direkt gefragt wirst, es zu ermöglichen stimme dem Lizenzvertrag zu. Danach erscheint ein Fenster zur Bestätigung, ansonsten wird ComboFix mit der Arbeit fortfahren - bestätige mit "ja", damit den Suchlauf automatisch beginnen kann Zitat:
** Eine bebilderte Anleitung findest Du hier: bleepingcomputer.com/combofix/Anleitung 5. poste erneut: Trend Micro HijackThis-Logfile Geändert von kira (29.07.2009 um 23:01 Uhr) |
30.07.2009, 11:06 | #8 | ||
| TROJ_AUTORUN.JBK auf USB-Stick Moin, >2. (MalwareBytes) >Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"[/list] Biddeschön: Zitat:
>- wird ein Log-Datei - C:\ComboFix.txt erstellt, deren Inhalte bitte posten Biddeschön: Zitat:
|
30.07.2009, 11:07 | #9 | |
| TROJ_AUTORUN.JBK auf USB-Stick >5. poste erneut: Trend Micro HijackThis-Logfile Und zu guter letzt: Zitat:
|
30.07.2009, 17:44 | #10 |
| TROJ_AUTORUN.JBK auf USB-Stick
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
01.08.2009, 16:54 | #11 |
| TROJ_AUTORUN.JBK auf USB-Stick Ich nehme an, dass hier keine weitere Antwort mehr erfolgt?! |
02.09.2009, 21:33 | #12 |
| TROJ_AUTORUN.JBK auf USB-Stick Doch. Du bist entlassen. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
03.09.2009, 04:38 | #13 |
| TROJ_AUTORUN.JBK auf USB-Stick Na dann: Danke für die Hilfe. |
Themen zu TROJ_AUTORUN.JBK auf USB-Stick |
adobe, antivir, antivirus, avira, bho, blockiert, bonjour, browser, computer, downloader, error, excel, firefox, free download, helper, hijack, hijackthis, hkus\s-1-5-18, infiziert., internet, internet explorer, keine dateien, officescan, plug-in, recycle, rundll, senden, server, software, usb-stick, virus, windows, windows xp |