| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Teile der Festplatte versteckt und nicht aufrufbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.03.2011, 10:31
| #1 |
| |  Teile der Festplatte versteckt und nicht aufrufbar Wie im Titel schon steht, sind weite Teile meine festplatte angeblich "leer" obwohl, sie immernoch genauso groß sind wie früher. Vermutlich ein Trojaner, der sie verbirgt. Ursprünglich wollte mir Malware dann nochn Programm zur Lösung des Problems andrehen, die hab ich aber mit dem Malwarebytes Tool entfernen können. Hab dann mit ner Bootfähigen Sicherheits DVD versucht alles zu entfernen, hat aber nicht funktioniert. Hier mein Malwarebytes Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6173 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26.03.2011 16:19:38 mbam-log-2011-03-26 (16-19-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 498959 Laufzeit: 1 Stunde(n), 58 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 4 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 7 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 58 Infizierte Speicherprozesse: c:\Users\FMewes\AppData\Local\Temp\1818802488.exe (Malware.Packer.Gen) -> 4352 -> Unloaded process successfully. c:\Users\FMewes\AppData\Local\Temp\h1ylztfe8v.exe (Malware.Packer.Gen) -> 1820 -> Unloaded process successfully. c:\Users\FMewes\AppData\Local\Temp\h1ylztfe8v.exe (Malware.Packer.Gen) -> 4044 -> Unloaded process successfully. c:\programdata\grafpygsymuoyt.exe (Trojan.FakeAlert) -> 3788 -> Unloaded process successfully. Infizierte Speichermodule: c:\Windows\System32\zo9zep2.dll (Trojan.Downloader.Gen) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9B220C3-A500-99BD-F210-04B53A2C8951} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{B9B220C3-A500-99BD-F210-04B53A2C8951} (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvVqZkfgokdg (Malware.Packer.Gen) -> Value: LvVqZkfgokdg -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvVqZkfgokdg (Malware.Packer.Gen) -> Value: LvVqZkfgokdg -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NfgaGuo (Trojan.Downloader.Gen) -> Value: uPc+kt0NfgaGuo -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NfgaGuo (Trojan.Downloader.Gen) -> Value: uPc+kt0NfgaGuo -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GrAFPYgSYMuoYt (Trojan.FakeAlert) -> Value: GrAFPYgSYMuoYt -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\engel (Trojan.Proxy) -> Value: engel -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\FMewes\AppData\Local\Temp\3254401066.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3360966312.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3431489335.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3471266837.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3496336542.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3677400452.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3793816439.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\393091206.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3957833444.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\755832007.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\877384325.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1040210456.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1115068795.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\12289162.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1248935896.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1269154253.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1323387028.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1340361329.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1383370926.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1432701161.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\151239562.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1536370321.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1767356330.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1780306537.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1782607586.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1818802488.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\1930896836.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2101275564.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2444350170.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2469419874.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2600531431.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2764761575.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2957813504.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2982106844.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\2982873207.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3150182824.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3163972887.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\919262622.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\975802313.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\h1ylztfe8v.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\3561708308.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\4037136538.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\iou4nj.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\nlkdn36nmt7f6k.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\programdata\45342472.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\ihsijxm.exe (Rootkit.MBR) -> Quarantined and deleted successfully. c:\Windows\System32\sgq5khdenr.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\ldrc43e.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\SysWOW64\sgq5khdenr.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files (x86)\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Temp\91337e03-fc3f-4959-b06c-3e832a2545fc\offerapp-2516.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\System32\zo9zep2.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\program files (x86)\lara croft and the guardian of light\lcgollauncher.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\grafpygsymuoyt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\internetexplorerupdate.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mousedriver.exe (Trojan.Proxy) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Local\Temp\xwrsxu.exe (Trojan.Proxy) -> Quarantined and deleted successfully. c:\Users\FMewes\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> Quarantined and deleted successfully. |
| Themen zu Teile der Festplatte versteckt und nicht aufrufbar |
| .dll, anti-malware, browser, dateien, disabletaskmgr, dvd, entfernen, explorer, festplatte, helper, leer, log, lösung, malware, malwarebytes, microsoft, programm, pum.hijack.displayproperties, pum.hijack.taskmanager, software, start, start menu, system, system32, syswow64, temp, trojan.agent, trojan.downloader.gen, trojan.fakealert, trojaner, updates |
Baum-Darstellung