Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Blue Screen beim Anmelden oder auch während der Nutzung des PC's (https://www.trojaner-board.de/108524-blue-screen-beim-anmelden-waehrend-nutzung-pcs.html)

villakarow 19.02.2012 01:15
Hallo,

Gmer ist paar mal abgestüzt, daher habe ich es dann sein gelassen.

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:46:27 on 18.02.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AirPort Disk Prefs" - "Apple Inc." - C:\Program Files\AirPort\APDiskPrefs.exe
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"AMD IO Driver" (amdiox86) - ? - C:\Windows\System32\DRIVERS\amdiox86.sys  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\Heiko\AppData\Local\Temp\catchme.sys  (File not found)
"DSDrv4" (DSDrv4) - ? - C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys  (File not found)
"DVBS2 Service" (FireDTV_DVBS2) - "digital everywhere" - C:\Windows\System32\DRIVERS\FireDTV_BDA_DVBS2.sys
"Freecom Turbo USB 2.0" (NinjaUSB) - ? - C:\Windows\System32\drivers\NinjaUSB.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Nokia USB Flashing Phone Parent" (nmwcdnsu) - ? - C:\Windows\System32\drivers\nmwcdnsu.sys  (File not found)
"Nokia USB Generic" (nmwcdc) - ? - C:\Windows\System32\drivers\ccdcmbo.sys  (File not found)
"Nokia USB Phone Parent" (nmwcd) - ? - C:\Windows\System32\drivers\ccdcmb.sys  (File not found)
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"SonicWALL NetExtender Adapter" (NxDrv) - "SonicWALL Inc." - C:\Windows\System32\DRIVERS\NxDrv.sys
"SWDUMon" (SWDUMon) - ? - C:\Windows\System32\DRIVERS\SWDUMon.sys  (File found, but it contains no detailed information)
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"UsbserFilt" (UsbserFilt) - ? - C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys  (File not found)
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? -  (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? -  (File not found | COM-object registry key not found)
{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"watchmi tray.lnk" - ? - C:\Program Files\watchmi\TvdTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ApplePhotoStreams" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"iCloudServices" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
"rfxsrvtray" - "Tobit.Software" - "C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AirPort Base Station Agent" - "Apple Inc." - "C:\Program Files\AirPort\APAgent.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avast" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
"BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared files\brs.exe
"CLMLServer" - "CyberLink" - "G:\Program Files\Power2Go\CLMLSvc.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LGODDFU" - ? - "G:\Program Files\fwupdate.exe" blrun
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl9" - "CyberLink Corp." - "G:\Program Files\PowerDVD9\PDVD9Serv.exe"
"SonicWALLNetExtender" - "SonicWALL Inc." - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON Stylus DX4400 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBCAE.DLL
"PCL hpf3l02t" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l02t.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"CyberLink Product - 2012/01/08 18:39:41" (CLKMSVC10_E1A16B3C) - "CyberLink" - G:\Program Files\PowerDVD9\NavFilter\kmsvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MySQL" (MySQL) - ? - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe  (File found, but it contains no detailed information)
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe
"SonicWALL NetExtender Service" (SONICWALL_NetExtender) - "SonicWALL Inc." - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"watchmi service" (watchmi) - ? - C:\Program Files\watchmi\TvdService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"ScCertProp" - ? - wlnotify.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-18 15:51:29
-----------------------------
15:51:29.482    OS Version: Windows 6.1.7601 Service Pack 1
15:51:29.482    Number of processors: 1 586 0x3702
15:51:35.513    ComputerName: HEIKO-PC  UserName: Heiko
15:53:14.021    Initialize success
15:53:34.635    AVAST engine defs: 12021800
15:54:52.912    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
15:54:52.912    Disk 0 Vendor: SAMSUNG_ CR10 Size: 476940MB BusType: 3
15:54:52.943    Disk 0 MBR read successfully
15:54:52.958    Disk 0 MBR scan
15:54:52.958    Disk 0 Windows 7 default MBR code
15:54:52.974    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      101936 MB offset 63
15:54:53.005    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      290000 MB offset 208766976
15:54:53.005    Disk 0 Partition - 00    0F Extended LBA            70000 MB offset 802689024
15:54:53.037    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        15000 MB offset 946049024
15:54:53.115    Disk 0 scanning sectors +976769024
15:54:53.208    Disk 0 scanning C:\Windows\system32\drivers
15:55:13.253    Service scanning
15:55:24.027    Modules scanning
15:55:37.709    Disk 0 trace - called modules:
15:55:37.741    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
15:55:37.756    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86762030]
15:55:37.756    3 CLASSPNP.SYS[8b5d759e] -> nt!IofCallDriver -> [0x864928b0]
15:55:37.772    5 ACPI.sys[837a53d4] -> nt!IofCallDriver -> \Device\0000006d[0x8608c030]
15:55:40.710    AVAST engine scan C:\Windows
15:55:45.563    AVAST engine scan C:\Windows\system32
15:59:09.368    AVAST engine scan C:\Windows\system32\drivers
15:59:24.004    AVAST engine scan C:\Users\Heiko
16:10:07.479    AVAST engine scan C:\ProgramData
16:19:28.788    Scan finished successfully
01:10:22.758    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
01:10:22.773    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
Vielen Dank.

cosinus 19.02.2012 19:15
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

villakarow 26.02.2012 00:25
Ist gemacht. SuperAntiSpyware sieht ja irgendwie nicht so gut aus.

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.25.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

25.02.2012 11:41:07
mbam-log-2012-02-25 (11-41-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 584132
Laufzeit: 2 Stunde(n), 27 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/25/2012 at 11:19 PM

Application Version : 5.0.1144

Core Rules Database Version : 8278
Trace Rules Database Version: 6090

Scan type      : Complete Scan
Total Scan Time : 07:37:51

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 894
Memory threats detected  : 0
Registry items scanned    : 36263
Registry threats detected : 0
File items scanned        : 220390
File threats detected    : 42

Adware.Tracking Cookie
        C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Cookies\M6HZJY3E.txt [ /doubleclick.net ]
        C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Cookies\LSTHO05Y.txt [ /atdmt.com ]
        C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Cookies\6PQC12PS.txt [ /msnportal.112.2o7.net ]
        C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Cookies\C8OJ4M3X.txt [ /amazon-adsystem.com ]
        C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Cookies\1ELR8NAO.txt [ /c1.atdmt.com ]
        C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Cookies\DF36N1EN.txt [ /c.atdmt.com ]
        C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Cookies\C42AVEAX.txt [ /h.atdmt.com ]
        C:\USERS\HEIKO\AppData\Roaming\Microsoft\Windows\Cookies\Low\heiko@www.google[1].txt [ Cookie:heiko@www.google.com/accounts ]
        C:\USERS\HEIKO\Cookies\M6HZJY3E.txt [ Cookie:heiko@doubleclick.net/ ]
        C:\USERS\HEIKO\Cookies\LSTHO05Y.txt [ Cookie:heiko@atdmt.com/ ]
        C:\USERS\HEIKO\Cookies\6PQC12PS.txt [ Cookie:heiko@msnportal.112.2o7.net/ ]
        C:\USERS\HEIKO\Cookies\C8OJ4M3X.txt [ Cookie:heiko@amazon-adsystem.com/ ]
        C:\USERS\HEIKO\Cookies\1ELR8NAO.txt [ Cookie:heiko@c1.atdmt.com/ ]
        C:\USERS\HEIKO\Cookies\C42AVEAX.txt [ Cookie:heiko@h.atdmt.com/ ]
        www.googleadservices.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        .stepstone.112.2o7.net [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        logging.ourstats.de [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        logging.ourstats.de [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        www.hotpantyporn.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        www.hotpantyporn.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        www.hotpantyporn.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        .autoscout24.112.2o7.net [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        tracking.fitness.de [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        tracking.fitness.de [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HEIKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\COOKIES.SQLITE ]
Vielen Dank.
Heiko

cosinus 26.02.2012 15:38
Sieht ok aus, da wurden nur Cookies gefunden. Die können weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

villakarow 26.02.2012 19:10
Vielen Dank Arne.

Leider hatte ich heute beim hochfahren wieder einen Blue Screen.
Zwei Möglichkeiten:
1. Ich habe eine Verteilerleiste mit Ausschalter, trenne also meinen PC komplett vom Stromnetz. Habe schon mal bemerkt, dass wenn ich nach dem Stromeinschalten ein wenig warte und dann erst den PC anschalte, es keinen Blue Screen gibt. Zufall?

2. GGf. liegt es an meiner HDD - die hat schoon einige Jahre auf dem Buckel. Kann das sein?

Beste Grüße
Heiko

cosinus 26.02.2012 19:49
Ein BlueScreen kann so viele Ursachen haben.
Frag mal hier in der Hardwareabteilung

villakarow 03.03.2012 10:02
Hi Arne,

herzlichen Dank Deine Hilfe. Wünsche Dir ein sonniges WE.
Beste Grüße
Heiko

cosinus 05.03.2012 12:01
Ok, abgesheen vom BlueScreen wären wir durch. Vllt schaffst du es ja, die Updates zu prüfen, oder kommen die BlueScreens zu häufig?

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:38 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131