|
Plagegeister aller Art und deren Bekämpfung: SATA Festplatte nicht verfügbar Malware/VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.05.2011, 16:08 | #1 |
| SATA Festplatte nicht verfügbar Malware/Virus Hallo, Ich habe ziemlich genau das selbe Problem wie einige andere hier auch. Heute kam einmal die Warnung "SATA festplatte kann nciht verwendet werden [..]" nachdem Avira einen Trojaner gefunden hat. Malewarebytes hat 10 infizierte Datein gefunden. Meine Datein sind durch unhide.exe wieder sichtbar. OTL Report gibts unten. Ha, gerade als ich das schreibe findet Avira noch "JAVA/Exdoer.BV" und "TR/Ransom.Chameleon.ly" ich weiß jedoch nicht ob die was mit dem Fesplatten problem zu tun hat. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 5/19/2011 4:40:13 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Quirin\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free 16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 562.60 Gb Total Space | 236.64 Gb Free Space | 42.06% Space Free | Partition Type: NTFS Drive D: | 354.27 Gb Total Space | 313.05 Gb Free Space | 88.37% Space Free | Partition Type: NTFS Computer Name: QUIRIN-PC | User Name: Quirin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-571902242-4071237047-3597003287-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition) "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "CCleaner" = CCleaner [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4523 Banner Remover 1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem "{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7FA856CB-5544-449D-84C5-07A18CD51467}" = Loong "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "AC3Filter" = AC3Filter (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Champions Online" = Champions Online "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "DivX Setup.divx.com" = DivX-Setup "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EA Download Manager" = EA Download Manager "FL Studio 9" = FL Studio 9 "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Gmask 1.70 English" = Gmask 1.70 English "Hardcore" = Hardcore "hon" = Heroes of Newerth "IL Download Manager" = IL Download Manager "League of Legends_is1" = League of Legends "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.4 (remove only) "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PoiZone" = PoiZone "Precision" = EVGA Precision 2.0.2 "PunkBusterSvc" = PunkBuster Services "Sawer" = Sawer "StarCraft II" = StarCraft II "Steam App 400" = Portal "Steam App 440" = Team Fortress 2 "Steam App 550" = Left 4 Dead 2 "Steam App 630" = Alien Swarm "Steam App 97100" = Section 8: Prejudice "Toxic Biohazard" = Toxic Biohazard "TrueCrypt" = TrueCrypt "Two Worlds II" = Two Worlds II "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.1.4 "Webcam Video Capture_is1" = Webcam Video Capture 4.8.0 "WinGimp-2.0_is1" = GIMP 2.6.11 "Worms Reloaded_is1" = Worms Reloaded ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-571902242-4071237047-3597003287-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/19/2011 4:49:10 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/19/2011 4:49:10 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7035 Error - 5/19/2011 4:49:10 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7035 Error - 5/19/2011 4:49:11 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/19/2011 4:49:11 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8034 Error - 5/19/2011 4:49:11 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8034 Error - 5/19/2011 4:49:12 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/19/2011 4:49:12 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9048 Error - 5/19/2011 4:49:12 AM | Computer Name = Quirin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9048 Error - 5/19/2011 10:05:20 AM | Computer Name = Quirin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Adobe_Flash_Player.exe, Version: 1.7.8800.0, Zeitstempel: 0x4d776bb8 Name des fehlerhaften Moduls: Adobe_Flash_Player.exe, Version: 1.7.8800.0, Zeitstempel: 0x4d776bb8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001149 ID des fehlerhaften Prozesses: 0x1344 Startzeit der fehlerhaften Anwendung: 0x01cc162dc4ec1c07 Pfad der fehlerhaften Anwendung: C:\Users\Quirin\AppData\Local\Temp\Adobe_Flash_Player.exe Pfad des fehlerhaften Moduls: C:\Users\Quirin\AppData\Local\Temp\Adobe_Flash_Player.exe Berichtskennung: 07765bfd-8221-11e0-a3a2-0025114539ea [ System Events ] Error - 5/19/2011 10:16:43 AM | Computer Name = Quirin-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?19.?05.?2011 um 16:13:59 unerwartet heruntergefahren. Error - 5/19/2011 10:17:08 AM | Computer Name = Quirin-PC | Source = PNRPSvc | ID = 102 Description = Error - 5/19/2011 10:17:08 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peer Networking Grouping" ist vom Dienst "Peer Name Resolution Protocol" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 5/19/2011 10:17:08 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution Protocol" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = PNRPSvc | ID = 102 Description = Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = PNRPSvc | ID = 102 Description = Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peer Networking Grouping" ist vom Dienst "Peer Name Resolution Protocol" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution Protocol" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peer Networking Grouping" ist vom Dienst "Peer Name Resolution Protocol" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 5/19/2011 10:17:19 AM | Computer Name = Quirin-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution Protocol" wurde mit folgendem Fehler beendet: %%-2140993535 < End of report > So... Avira hat nichts mehr gefunden und malewarbytes auch nicht. Wenn ich auf den Windowsbutton links unten klicke sehe ich aber die Shotcutsymbole nicht. Problem behoben? |
19.05.2011, 19:20 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | SATA Festplatte nicht verfügbar Malware/VirusZitat:
__________________ |
26.05.2011, 17:02 | #3 |
| SATA Festplatte nicht verfügbar Malware/Virus Hier zur Vollständigkeit.
__________________Ich hatte aber keine Probleme mehr; steht ja auch da alles gelöscht usw. ----------------------------------------------------- www.malwarebytes.org Datenbank Version: 6609 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 19.05.2011 16:11:51 mbam-log-2011-05-19 (16-11-51).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 172680 Laufzeit: 1 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: c:\programdata\lnaptpqehmuno.exe (Rogue.Installer.Gen) -> 3288 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnAPTpQehMuNO (Rogue.Installer.Gen) -> Value: lnAPTpQehMuNO -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\lnaptpqehmuno.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Quirin\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Quirin\AppData\Local\Temp\jar_cache4061105179442696498.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Quirin\AppData\Local\Temp\tmp855B.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Quirin\AppData\Local\Temp\tmp9EF3.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully. |
26.05.2011, 19:40 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | SATA Festplatte nicht verfügbar Malware/VirusZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu SATA Festplatte nicht verfügbar Malware/Virus |
7-zip, adobe, adobe flash player, avira, c:\windows\system32\rundll32.exe, converter, desktop, dll, error, explorer, festplatte, flash player, format, grand theft auto, infizierte, infizierte datei, install.exe, league of legends, logfile, malewarbytes, mozilla, mp3, nvidia, nvidia update, oldtimer, problem, registry, rojaner gefunden, rundll, scan, security, shell32.dll, shortcut, software, studio, syswow64, trojaner, trojaner gefunden, warnung, windows |