| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner Funde in System32 und temp ordner. Häufiger BluescreenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.03.2010, 02:23
| #1 |
| |  Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen Hallo an alle, Enschuldigt, ich habe jetzt schon mehrere Posts durchgelesen, verstehe aber immer weniger. Bin leider kein Profi. Ich habe seid einigen Tagen das Problem, dass AVG Free jetzt inzwischen minütlich Trojaner im System32 und Temp Ordner findet. (wie z.B.: PSW.Agent.PFCI der immer neue *.tmp ordner im windows\temp Ordner erstellt - Trojaner FakeAV.UY, Trojaner Cryptic.L,verschiedene Generic16.* Trojaner und andere im System32 Ordner. Zusätzlich erscheint mehrmals der BlueScreen und er fährt Herunter. Firefox öffnet ständig neue Tabs. Kam bisher so nie vor. Könnt Ihr mir bitte weiterhelfen. Ich will nur sehr ungern Formatieren und Neuinstallieren. Zusätzlich ist mein DVD Laufwerk am Laptop kaputt, also erkennt er nichtmal etwas zum booten. Vielen Dank schonmal im vorraus. Geändert von BWeikert (05.03.2010 um 03:01 Uhr) |
|
05.03.2010, 02:56
| #2 |
| | Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen Hier die RSIT Log und Info Datei.
__________________CCCleaner und Gmer (Gmer mit ausgeschaltetem Files Häckchen da es ewig dauert und ich nicht sicher bin ob es benötigt wird) Gmer: Code:
ATTFilter GMER 1.0.15.15281 - h**p://***.gmer.net
Rootkit scan 2010-03-05 02:54:48
Windows 6.0.6002 Service Pack 2
Running: 8ggdgkpe.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x83501282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x83501474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x83500F32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8350167C]
INT 0x52 ? 870ECF00
INT 0x62 ? 870ECF00
INT 0x72 ? 85169BF8
INT 0x82 ? 85169BF8
INT 0x92 ? 85169BF8
INT 0x92 ? 85169BF8
INT 0x92 ? 85169BF8
INT 0x92 ? 870ECF00
INT 0x92 ? 85169BF8
INT 0xA3 ? 870ECF00
INT 0xB2 ? 870ECF00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 209 828CA94C 8 Bytes [82, 12, 50, 83, 74, 14, 50, ...] {ADC BYTE [EDX], 0x50; XOR DWORD [ESP+EDX+0x50], -0x7d}
.text ntkrnlpa.exe!KeSetEvent + 621 828CAD64 4 Bytes [32, 0F, 50, 83]
.text ntkrnlpa.exe!KeSetEvent + 6E5 828CAE28 4 Bytes [7C, 16, 50, 83]
? System32\Drivers\spyj.sys Das System kann den angegebenen Pfad nicht finden. !
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x8348E014]
.text USBPORT.SYS!DllUnload 8F7B341B 5 Bytes JMP 870EC4E0
.text au13k495.SYS 8FB5F000 22 Bytes [82, E3, BD, 82, 6C, E2, BD, ...]
.text au13k495.SYS 8FB5F017 45 Bytes [00, 32, C7, F9, 82, 3D, C5, ...]
.text au13k495.SYS 8FB5F045 135 Bytes [4A, 8C, 82, FD, C9, 85, 82, ...]
.text au13k495.SYS 8FB5F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text au13k495.SYS 8FB5F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtProtectVirtualMemory 77C34D34 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtWriteVirtualMemory 77C35674 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!KiUserExceptionDispatcher 77C35DC8 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[1416] ole32.dll!CoCreateInstance 77799EA6 5 Bytes JMP 0112000A
.text C:\Windows\system32\svchost.exe[1416] USER32.dll!GetCursorPos 769D0B88 5 Bytes JMP 0114000A
.text C:\Windows\Explorer.EXE[1648] ntdll.dll!NtProtectVirtualMemory 77C34D34 5 Bytes JMP 0080000A
.text C:\Windows\Explorer.EXE[1648] ntdll.dll!NtWriteVirtualMemory 77C35674 5 Bytes JMP 0081000A
.text C:\Windows\Explorer.EXE[1648] ntdll.dll!KiUserExceptionDispatcher 77C35DC8 5 Bytes JMP 007F000A
.text C:\Windows\system32\wuauclt.exe[5416] ntdll.dll!NtProtectVirtualMemory 77C34D34 5 Bytes JMP 000E000A
.text C:\Windows\system32\wuauclt.exe[5416] ntdll.dll!NtWriteVirtualMemory 77C35674 5 Bytes JMP 0020000A
.text C:\Windows\system32\wuauclt.exe[5416] ntdll.dll!KiUserExceptionDispatcher 77C35DC8 5 Bytes JMP 000D000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82E926D6] \SystemRoot\System32\Drivers\spyj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82E92042] \SystemRoot\System32\Drivers\spyj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82E92800] \SystemRoot\System32\Drivers\spyj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82E920C0] \SystemRoot\System32\Drivers\spyj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82E9213E] \SystemRoot\System32\Drivers\spyj.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82EA1E9C] \SystemRoot\System32\Drivers\spyj.sys
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortWritePortUchar] 838FB84F
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8FB820
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\au13k495.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85F2C1F8
Device \FileSystem\fastfat \FatCdrom 88F211F8
Device \Driver\volmgr \Device\VolMgrControl 8516B1F8
Device \Driver\PCI_PNP1536 \Device\00000051 spyj.sys
Device \Driver\usbuhci \Device\USBPDO-0 86F8E1F8
Device \Driver\usbuhci \Device\USBPDO-1 86F8E1F8
Device \Driver\sptd \Device\1674679549 spyj.sys
Device \Driver\usbehci \Device\USBPDO-2 86F891F8
Device \Driver\usbuhci \Device\USBPDO-3 86F8E1F8
Device \Driver\usbuhci \Device\USBPDO-4 86F8E1F8
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 86F8E1F8
Device \Driver\usbehci \Device\USBPDO-6 86F891F8
Device \Driver\volmgr \Device\HarddiskVolume1 8516B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8516B1F8
Device \Driver\cdrom \Device\CdRom0 861681F8
Device \Driver\volmgr \Device\HarddiskVolume3 8516B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort0 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort1 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort2 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort3 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort4 85F2A1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 85F2B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 85F2B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 85F2B1F8
Device \Driver\cdrom \Device\CdRom1 861681F8
Device \Driver\volmgr \Device\HarddiskVolume4 8516B1F8
Device \Driver\USBSTOR \Device\00000077 88946500
Device \Driver\netbt \Device\NetBt_Wins_Export 887CD500
Device \Driver\USBSTOR \Device\00000078 88946500
Device \Driver\Smb \Device\NetbiosSmb 887C3500
Device \Driver\iScsiPrt \Device\RaidPort0 8722E1F8
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\netbt \Device\NetBT_Tcpip_{4D6A460F-7A87-434A-BF60-040E487F1399} 887CD500
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 86F8E1F8
Device \Driver\usbuhci \Device\USBFDO-1 86F8E1F8
Device \Driver\usbehci \Device\USBFDO-2 86F891F8
Device \Driver\usbuhci \Device\USBFDO-3 86F8E1F8
Device \Driver\usbuhci \Device\USBFDO-4 86F8E1F8
Device \Driver\usbuhci \Device\USBFDO-5 86F8E1F8
Device \Driver\usbehci \Device\USBFDO-6 86F891F8
Device \Driver\netbt \Device\NetBT_Tcpip_{4E9C8FCA-0178-4A7A-A31D-C3F1EF908C8F} 887CD500
Device \Driver\netbt \Device\NetBT_Tcpip_{490F8986-1306-48EB-BB51-21F44A1813D3} 887CD500
Device \Driver\au13k495 \Device\Scsi\au13k4951Port6Path0Target0Lun0 8728F1F8
Device \Driver\au13k495 \Device\Scsi\au13k4951 8728F1F8
Device \FileSystem\fastfat \Fat 88F211F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 8A6EF1F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 86013A9A
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xC3 0xF1 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x48 0xE5 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xC3 0xF1 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x48 0xE5 0x2B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xC3 0xF1 0x6C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x48 0xE5 0x2B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF8 0x75 0x06 0xED ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF8 0x75 0x06 0xED ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x5C 0x2E 0xBA ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SOFTWARE\Classes\WindowsMail.Url.Mailto\shell\open\com@ "%ProgramFiles%\Windows Mail\WinMail.exe" /mailurl:"%1"
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Vielen Dank schonmal im Vorraus, ich hoffe das hilft! Grüße Geändert von BWeikert (05.03.2010 um 03:19 Uhr) |
|
10.03.2010, 16:08
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen Hallo und
__________________ Da ist ein Rootkit im System, das muss erstmal weg: Lad Dir bitte ISO-Image von PartedMagic herunter, müssten ca. 90 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn oder Nero per Imagebrennfunktion unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist  4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken 5. Mounte die Partition wo Windows installiert ist, meistens isses /dev/sda1 6. Benenne auf sda1 die Datei /windows/system32/drivers/atapi.sys um in atapi.bad 7. Kopiere die saubere atapi.sys in den Pfad hinein (/windows/system32/drivers) (müsste eigentlich alles ganz easy über den graphischen Dateibowser in Linux gehen) 8. Starte den Rechner neu und boote Windows 9. Die in Linux umbenannte Datei (atapi.bad in system32\drivers) bei Virustotal.com auswerten lassen und Ergebnislink posten 10. Einen neuen Durchlauf mit GMER machen und Log posten
__________________ |
|
10.03.2010, 19:29
| #4 |
| | Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen Vielen Dank für die Antwort. Ich hab jetzt zwei Probleme: 1. Woher bekomme ich eine saubere atapi.sys ? 2. Mein DVD Laufwerk funktioniert nicht. Ich kann nichts booten. Hab es über einen USB Stick versucht. Klappt auch nicht. Gibt es noch einen anderen Weg? Grüße B. |
|
10.03.2010, 19:37
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen Meine erste Antwort war auch etwas unvollständig  Das hier sollte eigentlich vor dem Teil mit PartedMagic: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.03.2010, 16:54
| #6 |
| | Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen So, ich musste erstmal einen USB Stick usw. kaufen, dehalb hat es jetzt etwas länger gedauert. Aber hier die Ergebnisse. hxxp://www.virustotal.com/de/analisis/db3081a2184656f98f54599a11553a2bddc9da89981ee05303c738ac03cd614e-1269359027 Und der Gmer.log Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-03-23 16:51:37
Windows 6.0.6002 Service Pack 2
Running: 8ggdgkpe.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8370F282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8370F474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8370EF32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8370F67C]
INT 0x52 ? 8703FF00
INT 0x62 ? 8703FF00
INT 0x72 ? 85169BF8
INT 0x82 ? 85169BF8
INT 0x92 ? 85169BF8
INT 0x92 ? 85169BF8
INT 0x92 ? 85169BF8
INT 0x92 ? 8703FF00
INT 0x92 ? 85169BF8
INT 0xA3 ? 8703FF00
INT 0xB2 ? 8703FF00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 209 82AEA94C 8 Bytes [82, F2, 70, 83, 74, F4, 70, ...] {XOR DL, 0x70; XOR DWORD [ESP+ESI*8+0x70], -0x7d}
.text ntkrnlpa.exe!KeSetEvent + 621 82AEAD64 4 Bytes [32, EF, 70, 83] {XOR CH, BH; JO 0xffffffffffffff87}
.text ntkrnlpa.exe!KeSetEvent + 6E5 82AEAE28 4 Bytes [7C, F6, 70, 83] {JL 0xfffffffffffffff8; JO 0xffffffffffffff87}
? System32\Drivers\spke.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8F3AE41B 5 Bytes JMP 8703F4E0
.text atyjsof6.SYS 8F557000 22 Bytes [82, 23, A1, 82, 6C, 22, A1, ...]
.text atyjsof6.SYS 8F557017 45 Bytes [00, 32, C7, 59, 83, 3D, C5, ...]
.text atyjsof6.SYS 8F557045 135 Bytes [4A, AE, 82, FD, C9, A7, 82, ...]
.text atyjsof6.SYS 8F5570CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text atyjsof6.SYS 8F5570DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [834926D6] \SystemRoot\System32\Drivers\spke.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83492042] \SystemRoot\System32\Drivers\spke.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83492800] \SystemRoot\System32\Drivers\spke.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [834920C0] \SystemRoot\System32\Drivers\spke.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8349213E] \SystemRoot\System32\Drivers\spke.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [834A1E9C] \SystemRoot\System32\Drivers\spke.sys
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortWritePortUchar] 838F57CF
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8F57A0
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\System32\Drivers\Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\atyjsof6.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85F2C1F8
Device \FileSystem\fastfat \FatCdrom 893421F8
Device \Driver\volmgr \Device\VolMgrControl 8516B1F8
Device \Driver\usbuhci \Device\USBPDO-0 870BE1F8
Device \Driver\PCI_PNP2945 \Device\00000051 spke.sys
Device \Driver\usbuhci \Device\USBPDO-1 870BE1F8
Device \Driver\usbehci \Device\USBPDO-2 86F681F8
Device \Driver\usbuhci \Device\USBPDO-3 870BE1F8
Device \Driver\usbuhci \Device\USBPDO-4 870BE1F8
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 870BE1F8
Device \Driver\usbehci \Device\USBPDO-6 86F681F8
Device \Driver\volmgr \Device\HarddiskVolume1 8516B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8516B1F8
Device \Driver\cdrom \Device\CdRom0 871A01F8
Device \Driver\cdrom \Device\CdRom1 871A01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F2A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort0 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort1 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort2 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort3 85F2A1F8
Device \Driver\atapi \Device\Ide\IdePort4 85F2A1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 85F2B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 85F2B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 85F2B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8516B1F8
Device \Driver\volmgr \Device\HarddiskVolume4 8516B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 887DE500
Device \Driver\USBSTOR \Device\00000077 88934500
Device \Driver\USBSTOR \Device\00000078 88934500
Device \Driver\Smb \Device\NetbiosSmb 887D4500
Device \Driver\iScsiPrt \Device\RaidPort0 871941F8
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\netbt \Device\NetBT_Tcpip_{4D6A460F-7A87-434A-BF60-040E487F1399} 887DE500
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 870BE1F8
Device \Driver\usbuhci \Device\USBFDO-1 870BE1F8
Device \Driver\sptd \Device\887384957 spke.sys
Device \Driver\usbehci \Device\USBFDO-2 86F681F8
Device \Driver\usbuhci \Device\USBFDO-3 870BE1F8
Device \Driver\usbuhci \Device\USBFDO-4 870BE1F8
Device \Driver\usbuhci \Device\USBFDO-5 870BE1F8
Device \Driver\usbehci \Device\USBFDO-6 86F681F8
Device \Driver\netbt \Device\NetBT_Tcpip_{4E9C8FCA-0178-4A7A-A31D-C3F1EF908C8F} 887DE500
Device \Driver\netbt \Device\NetBT_Tcpip_{490F8986-1306-48EB-BB51-21F44A1813D3} 887DE500
Device \Driver\atyjsof6 \Device\Scsi\atyjsof61Port6Path0Target0Lun0 871A51F8
Device \Driver\atyjsof6 \Device\Scsi\atyjsof61 871A51F8
Device \FileSystem\fastfat \Fat 893421F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 899201F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x94 0xC3 0xFF 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xC3 0xF1 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x48 0xE5 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xC3 0xF1 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x48 0xE5 0x2B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xC3 0xF1 0x6C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0x48 0xE5 0x2B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF8 0x75 0x06 0xED ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF8 0x75 0x06 0xED ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x5C 0x2E 0xBA ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xEE 0x23 0xEC ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0xBA 0x4D 0x2C ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x4C 0x37 0x4E ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x94 0xC3 0xFF 0xFE ...
Reg HKLM\SOFTWARE\Classes\WindowsMail.Url.Mailto\shell\open\com@ "%ProgramFiles%\Windows Mail\WinMail.exe" /mailurl:"%1"
---- EOF - GMER 1.0.15 ----
Danke für die Hilfe. Nachdem ich die vielen roten Funde bei Virustotal gesehen habe hab ich ein bisschen die Hoffnung verloren. Ich hoffe ich komme um eine Neuinstallation herum. Danke nochmal! Geändert von BWeikert (23.03.2010 um 17:01 Uhr) |
|
24.03.2010, 08:55
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen Das Rootkit ist erledigt  Mach bitte ein Log mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2010, 13:32
| #8 |
| | Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen So hier jetzt die Combofix log datei. Code:
ATTFilter ComboFix 10-03-23.04 - **** 24.03.2010 13:11:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.2135 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\recycler\S-1-5-21-0719639088-9378417051-089957272-5585
c:\recycler\S-1-5-21-3928187653-4000017498-611602234-1726
c:\recycler\S-1-5-21-4170438828-6889576712-311800631-5311
c:\users\**\AppData\Roaming\bcrypt.html
c:\windows\system32\lowsec
c:\windows\system32\patohono.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-02-24 bis 2010-03-24 ))))))))))))))))))))))))))))))
.
2010-03-24 12:25 . 2010-03-24 12:25 -------- d-----w- c:\users\****\AppData\Local\temp
2010-03-24 12:25 . 2010-03-24 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-24 12:03 . 2010-03-24 12:03 -------- d-----w- c:\users\****\AppData\Local\AVG Security Toolbar
2010-03-24 11:56 . 2010-03-24 11:56 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-03-23 16:29 . 2010-03-23 12:03 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-23 15:05 . 2010-03-23 12:03 19944 ----a-w- C:\atapi.sys
2010-03-17 17:27 . 2010-03-24 12:07 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-16 05:54 . 2010-03-16 05:55 599 ----a-w- c:\windows\_MSSETUP.BAT
2010-03-16 05:54 . 1996-09-28 16:22 14103 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-13 22:57 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-13 22:57 . 2010-03-13 22:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-11 00:53 . 2010-03-11 00:53 -------- d-----w- c:\programdata\BioWare
2010-03-11 00:48 . 2010-03-11 00:48 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-03-11 00:15 . 2010-03-11 00:36 -------- d-----w- c:\program files\Dragon Age
2010-03-05 21:18 . 2010-03-05 21:18 -------- d-----w- c:\programdata\CCP
2010-03-05 21:18 . 2010-03-05 21:18 -------- d-----w- c:\users\****\AppData\Local\CCP
2010-03-05 01:37 . 2010-03-05 01:37 -------- d-----w- c:\program files\CCleaner
2010-03-05 01:30 . 2010-03-05 01:31 -------- d-----w- C:\rsit
2010-03-05 01:30 . 2010-03-05 01:31 -------- d-----w- c:\program files\trend micro
2010-03-04 19:49 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-04 19:49 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-04 19:49 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-04 19:47 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-04 19:47 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-04 19:47 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-04 19:47 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-04 19:47 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-04 19:47 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-04 19:47 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-04 19:47 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-04 19:47 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-04 19:47 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-03-04 19:39 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-04 19:39 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-04 11:01 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-03-04 11:01 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-03-04 11:01 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-04 11:01 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-04 11:01 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 11:01 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-04 11:00 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-03-04 11:00 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-03-04 11:00 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-03-04 11:00 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-03-04 11:00 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-03-04 11:00 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-03-04 11:00 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-04 10:55 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-03-03 20:34 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-03-03 20:34 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-03-03 20:34 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-03-03 20:34 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-03-03 20:34 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-03-03 20:34 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-03-03 20:34 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-03-03 20:34 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-03-03 20:34 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-02-28 13:22 . 2010-03-01 12:43 -------- d-----w- c:\program files\Eufloria
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 12:09 . 2009-07-30 20:00 224550 ----a-w- c:\programdata\nvModes.dat
2010-03-24 11:54 . 2009-07-30 19:27 -------- d-----w- c:\programdata\avg8
2010-03-24 11:14 . 2009-11-04 12:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-24 10:58 . 2009-08-10 13:37 -------- d-----w- c:\users\****\AppData\Roaming\vlc
2010-03-23 15:39 . 2009-07-30 19:50 -------- d-----w- c:\users\****\AppData\Roaming\Skype
2010-03-23 15:33 . 2009-07-30 21:13 -------- d-----w- c:\program files\Steam
2010-03-23 15:02 . 2009-07-30 19:51 -------- d-----w- c:\users\****\AppData\Roaming\skypePM
2010-03-23 12:08 . 2006-11-02 15:33 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-03-23 12:08 . 2006-11-02 15:33 122648 ----a-w- c:\windows\system32\perfc007.dat
2010-03-22 12:27 . 2009-07-31 10:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-13 13:32 . 2010-02-13 12:39 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-11 00:48 . 2009-07-30 19:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-11 00:47 . 2009-12-25 14:17 -------- d-----w- c:\programdata\Media Center Programs
2010-03-11 00:31 . 2009-08-10 11:52 -------- d-----w- c:\users\****\AppData\Roaming\Azureus
2010-03-09 13:28 . 2009-07-31 17:17 1 ----a-w- c:\users\****\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-06 18:45 . 2010-02-16 20:13 -------- d-----w- c:\program files\FreeTrack
2010-02-24 09:16 . 2009-11-10 13:29 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 08:29 . 2009-07-30 19:42 -------- d-----w- c:\program files\Spyware Doctor
2010-02-22 10:28 . 2009-11-07 17:58 -------- d-----w- c:\programdata\ifolor
2010-02-22 10:23 . 2009-10-28 11:53 -------- d-----w- c:\program files\Canon
2010-02-22 10:23 . 2009-07-30 11:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 23:23 . 2009-11-04 12:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-17 16:21 . 2009-12-10 02:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 10:22 . 2010-01-12 17:58 -------- d-----w- c:\users\****\AppData\Roaming\Winamp
2010-02-13 13:21 . 2009-07-30 19:54 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-11 11:01 . 2010-02-10 13:06 -------- d-----w- c:\users\****\AppData\Roaming\Canon
2010-02-07 17:46 . 2010-02-07 17:24 -------- d-----w- c:\users\****\AppData\Roaming\The Path
2010-02-03 17:26 . 2010-02-03 16:38 -------- d-----w- c:\users\****\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-02-03 16:22 . 2010-02-02 23:30 -------- d-----w- c:\program files\Electronic Arts
2010-02-02 23:04 . 2010-02-02 23:04 -------- d-----w- c:\program files\PowerISO
2010-01-31 13:47 . 2009-12-08 12:40 -------- d-----w- c:\program files\QuickTime
2010-01-31 13:45 . 2010-01-10 12:56 -------- d-----w- c:\program files\Common Files\Apple
2010-01-30 15:44 . 2010-01-30 15:44 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-25 23:10 . 2010-01-25 21:30 -------- d-----w- c:\program files\JDownloader
2010-01-25 03:43 . 2010-01-25 03:41 -------- d-----w- c:\users\****\AppData\Roaming\My Battle for Middle-earth Files
2010-01-25 00:08 . 2010-01-25 00:08 -------- d-----w- c:\users\****\AppData\Roaming\Stardock
2010-01-25 00:07 . 2010-01-25 00:07 -------- dc-h--w- c:\programdata\{F8999601-BE77-433E-A70A-B7766E47AE73}
2010-01-25 00:07 . 2010-01-25 00:07 -------- d-----w- c:\programdata\Stardock
2010-01-25 00:07 . 2010-01-25 00:07 -------- d-----w- c:\program files\Stardock
2010-01-24 23:58 . 2009-08-10 11:50 -------- d-----w- c:\program files\Vuze
2010-01-10 19:48 . 2010-01-10 19:48 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 19:48 . 2010-01-10 19:48 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-22 2046816]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-08-04 09:10 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-12-08 11:33 1173384 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 13:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-02 19:17 707080 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-27 16:00 13781536 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-22 16:43 1217872 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 17:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26 3561720 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-21 05:45 39424 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-01 23:46 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-10 21:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c2,26,a3,8f,1f,11,ca,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-30 721904]
R0 tqkavlpq;tqkavlpq; [x]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-30 297752]
R2 rbsdcasl;Serial Mouse Helper;c:\windows\System32\svchost.exe [2008-01-18 21504]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-30 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-30 108552]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-24 13225]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rbsdcasl
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xjkxsrzx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{7D94440C-8FC4-43A6-9800-0C1F76E6CC33} - (no file)
ShellIconOverlayIdentifiers-{7D94440C-8FC4-43A6-9800-0C1F76E6CC33} - (no file)
HKCU-Run-AdobeBridge - (no file)
SharedTaskScheduler-{a0cfc7a4-e42e-4c27-b871-1f4051dabb8a} - (no file)
SSODL-yatesojom-{a0cfc7a4-e42e-4c27-b871-1f4051dabb8a} - (no file)
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll
MSConfigStartUp-pugazidus - c:\windows\system32\zinetiho.dll
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TOY5KNQ8OC - c:\users\****\AppData\Local\Temp\Nfr.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-03-24 13:25
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\windows\TEMP\TMP0000004B53A950A4F6FFAC70 524288 bytes executable
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3648.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3648.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-03-24 13:29:25
ComboFix-quarantined-files.txt 2010-03-24 12:29
Vor Suchlauf: 11 Verzeichnis(se), 24.339.197.952 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 25.228.734.464 Bytes frei
- - End Of File - - 943C6014B9B5355AE806213F5A048F16
Grüße |
|
| Themen zu Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen |
| avg, avg free, bluescree, bluescreen, dvd, dvd laufwerk, erkennt, erstell, erstellt, formatieren, free, generic, kaputt, laptop, laufwerk, mehrere trojaner, neue, ordner, problem, schonmal, system, system32, temp, temp ordner, trojaner, verschiedene, windows, windows\temp, zusätzlich |
Linear-Darstellung
