|
Plagegeister aller Art und deren Bekämpfung: Ein oder mehrere Trojanaer (Ursprung Facebook)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2011, 16:41 | #16 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) Okay Done. (Das war nur ein Eintrag, den ich gelöscht habe) |
24.10.2011, 18:30 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ein oder mehrere Trojanaer (Ursprung Facebook) Dann mach bitte ein neues Log mit dem TDSS-Killer.
__________________
__________________ |
24.10.2011, 19:46 | #18 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) 20:45:37.0281 1796 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
__________________20:45:37.0484 1796 ============================================================ 20:45:37.0484 1796 Current date / time: 2011/10/24 20:45:37.0484 20:45:37.0484 1796 SystemInfo: 20:45:37.0484 1796 20:45:37.0484 1796 OS Version: 5.1.2600 ServicePack: 3.0 20:45:37.0484 1796 Product type: Workstation 20:45:37.0484 1796 ComputerName: EU 20:45:37.0484 1796 UserName: xxx 20:45:37.0484 1796 Windows directory: C:\WINDOWS 20:45:37.0484 1796 System windows directory: C:\WINDOWS 20:45:37.0484 1796 Processor architecture: Intel x86 20:45:37.0484 1796 Number of processors: 3 20:45:37.0484 1796 Page size: 0x1000 20:45:37.0484 1796 Boot type: Normal boot 20:45:37.0484 1796 ============================================================ 20:45:38.0578 1796 Initialize success 20:45:43.0421 2736 ============================================================ 20:45:43.0421 2736 Scan started 20:45:43.0421 2736 Mode: Manual; SigCheck; TDLFS; 20:45:43.0421 2736 ============================================================ 20:45:44.0609 2736 Abiosdsk - ok 20:45:44.0625 2736 abp480n5 - ok 20:45:44.0671 2736 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:45:44.0859 2736 ACPI - ok 20:45:44.0875 2736 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:45:44.0968 2736 ACPIEC - ok 20:45:44.0968 2736 adpu160m - ok 20:45:44.0984 2736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:45:45.0031 2736 aec - ok 20:45:45.0078 2736 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:45:45.0093 2736 AFD - ok 20:45:45.0093 2736 Aha154x - ok 20:45:45.0109 2736 aic78u2 - ok 20:45:45.0109 2736 aic78xx - ok 20:45:45.0125 2736 AliIde - ok 20:45:45.0125 2736 amsint - ok 20:45:45.0140 2736 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 20:45:45.0203 2736 Arp1394 - ok 20:45:45.0218 2736 asc - ok 20:45:45.0218 2736 asc3350p - ok 20:45:45.0218 2736 asc3550 - ok 20:45:45.0250 2736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:45:45.0312 2736 AsyncMac - ok 20:45:45.0328 2736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:45:45.0390 2736 atapi - ok 20:45:45.0390 2736 Atdisk - ok 20:45:45.0484 2736 ati2mtag (caadf7aa3abc6afcb3d02b129de9863a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:45:45.0593 2736 ati2mtag - ok 20:45:45.0640 2736 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 20:45:45.0671 2736 atksgt - ok 20:45:45.0718 2736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:45:45.0781 2736 Atmarpc - ok 20:45:45.0796 2736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:45:45.0875 2736 audstub - ok 20:45:45.0906 2736 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 20:45:45.0921 2736 avgntflt - ok 20:45:45.0953 2736 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys 20:45:45.0968 2736 avipbb - ok 20:45:46.0000 2736 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 20:45:46.0015 2736 avkmgr - ok 20:45:46.0046 2736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:45:46.0125 2736 Beep - ok 20:45:46.0156 2736 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys 20:45:46.0187 2736 BTCFilterService - ok 20:45:46.0218 2736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:45:46.0312 2736 cbidf2k - ok 20:45:46.0312 2736 cd20xrnt - ok 20:45:46.0359 2736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:45:46.0437 2736 Cdaudio - ok 20:45:46.0468 2736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:45:46.0531 2736 Cdfs - ok 20:45:46.0546 2736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:45:46.0609 2736 Cdrom - ok 20:45:46.0625 2736 Changer - ok 20:45:46.0625 2736 CmdIde - ok 20:45:46.0640 2736 Cpqarray - ok 20:45:46.0703 2736 cpuz130 - ok 20:45:46.0750 2736 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\System32\DRIVERS\d347bus.sys 20:45:46.0765 2736 d347bus ( UnsignedFile.Multi.Generic ) - warning 20:45:46.0765 2736 d347bus - detected UnsignedFile.Multi.Generic (1) 20:45:46.0765 2736 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys 20:45:46.0781 2736 d347prt ( UnsignedFile.Multi.Generic ) - warning 20:45:46.0781 2736 d347prt - detected UnsignedFile.Multi.Generic (1) 20:45:46.0781 2736 dac2w2k - ok 20:45:46.0781 2736 dac960nt - ok 20:45:46.0828 2736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:45:46.0890 2736 Disk - ok 20:45:46.0906 2736 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 20:45:46.0984 2736 dmboot - ok 20:45:47.0000 2736 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 20:45:47.0078 2736 dmio - ok 20:45:47.0093 2736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:45:47.0171 2736 dmload - ok 20:45:47.0187 2736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:45:47.0265 2736 DMusic - ok 20:45:47.0265 2736 dpti2o - ok 20:45:47.0265 2736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:45:47.0328 2736 drmkaud - ok 20:45:47.0375 2736 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\System32\DRIVERS\ENTECH.sys 20:45:47.0375 2736 ENTECH - ok 20:45:47.0390 2736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:45:47.0453 2736 Fastfat - ok 20:45:47.0468 2736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:45:47.0531 2736 Fdc - ok 20:45:47.0546 2736 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 20:45:47.0593 2736 Fips - ok 20:45:47.0609 2736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:45:47.0671 2736 Flpydisk - ok 20:45:47.0703 2736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:45:47.0765 2736 FltMgr - ok 20:45:47.0781 2736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:45:47.0843 2736 Fs_Rec - ok 20:45:47.0843 2736 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:45:47.0937 2736 Ftdisk - ok 20:45:47.0953 2736 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys 20:45:47.0968 2736 gdrv - ok 20:45:47.0984 2736 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 20:45:47.0984 2736 giveio ( UnsignedFile.Multi.Generic ) - warning 20:45:47.0984 2736 giveio - detected UnsignedFile.Multi.Generic (1) 20:45:48.0015 2736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:45:48.0078 2736 Gpc - ok 20:45:48.0093 2736 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys 20:45:48.0109 2736 hamachi - ok 20:45:48.0125 2736 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:45:48.0171 2736 HDAudBus - ok 20:45:48.0203 2736 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:45:48.0265 2736 HidUsb - ok 20:45:48.0281 2736 hpn - ok 20:45:48.0328 2736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:45:48.0343 2736 HTTP - ok 20:45:48.0343 2736 i2omgmt - ok 20:45:48.0359 2736 i2omp - ok 20:45:48.0390 2736 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:45:48.0437 2736 i8042prt - ok 20:45:48.0484 2736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:45:48.0546 2736 Imapi - ok 20:45:48.0546 2736 ini910u - ok 20:45:48.0656 2736 IntcAzAudAddService (2feb5bf0312e1cb76cd2caa875cbaa5d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:45:48.0796 2736 IntcAzAudAddService - ok 20:45:48.0796 2736 IntelIde - ok 20:45:48.0828 2736 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:45:48.0906 2736 ip6fw - ok 20:45:48.0921 2736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:45:49.0015 2736 IpFilterDriver - ok 20:45:49.0031 2736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:45:49.0093 2736 IpInIp - ok 20:45:49.0109 2736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:45:49.0187 2736 IpNat - ok 20:45:49.0203 2736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:45:49.0265 2736 IPSec - ok 20:45:49.0281 2736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:45:49.0343 2736 IRENUM - ok 20:45:49.0359 2736 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:45:49.0421 2736 isapnp - ok 20:45:49.0453 2736 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:45:49.0515 2736 Kbdclass - ok 20:45:49.0531 2736 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:45:49.0578 2736 kbdhid - ok 20:45:49.0609 2736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:45:49.0671 2736 kmixer - ok 20:45:49.0718 2736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:45:49.0734 2736 KSecDD - ok 20:45:49.0750 2736 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 20:45:49.0765 2736 L8042Kbd - ok 20:45:49.0781 2736 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 20:45:49.0781 2736 L8042mou - ok 20:45:49.0812 2736 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys 20:45:49.0828 2736 LBeepKE - ok 20:45:49.0828 2736 lbrtfdc - ok 20:45:49.0843 2736 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 20:45:49.0843 2736 LHidFilt - ok 20:45:49.0875 2736 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20:45:49.0875 2736 lirsgt - ok 20:45:49.0875 2736 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 20:45:49.0890 2736 LMouFilt - ok 20:45:49.0890 2736 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 20:45:49.0890 2736 LMouKE - ok 20:45:49.0968 2736 lredbooo - ok 20:45:49.0984 2736 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys 20:45:49.0984 2736 LUsbFilt - ok 20:45:50.0000 2736 MBAMSwissArmy - ok 20:45:50.0031 2736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:45:50.0109 2736 mnmdd - ok 20:45:50.0140 2736 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 20:45:50.0203 2736 Modem - ok 20:45:50.0234 2736 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys 20:45:50.0265 2736 motccgp - ok 20:45:50.0312 2736 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 20:45:50.0343 2736 motccgpfl - ok 20:45:50.0375 2736 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys 20:45:50.0421 2736 motmodem - ok 20:45:50.0421 2736 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys 20:45:50.0453 2736 MotoSwitchService - ok 20:45:50.0468 2736 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys 20:45:50.0484 2736 Motousbnet - ok 20:45:50.0515 2736 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys 20:45:50.0531 2736 motusbdevice - ok 20:45:50.0562 2736 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:45:50.0625 2736 Mouclass - ok 20:45:50.0625 2736 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:45:50.0703 2736 mouhid - ok 20:45:50.0734 2736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:45:50.0781 2736 MountMgr - ok 20:45:50.0796 2736 mraid35x - ok 20:45:50.0796 2736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:45:50.0859 2736 MRxDAV - ok 20:45:50.0890 2736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:45:50.0921 2736 MRxSmb - ok 20:45:50.0937 2736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:45:51.0000 2736 Msfs - ok 20:45:51.0015 2736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:45:51.0093 2736 MSKSSRV - ok 20:45:51.0109 2736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:45:51.0171 2736 MSPCLOCK - ok 20:45:51.0187 2736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:45:51.0250 2736 MSPQM - ok 20:45:51.0265 2736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:45:51.0312 2736 mssmbios - ok 20:45:51.0343 2736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:45:51.0390 2736 Mup - ok 20:45:51.0406 2736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:45:51.0468 2736 NDIS - ok 20:45:51.0500 2736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:45:51.0515 2736 NdisTapi - ok 20:45:51.0531 2736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:45:51.0593 2736 Ndisuio - ok 20:45:51.0593 2736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:45:51.0656 2736 NdisWan - ok 20:45:51.0687 2736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:45:51.0687 2736 NDProxy - ok 20:45:51.0703 2736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:45:51.0765 2736 NetBIOS - ok 20:45:51.0781 2736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:45:51.0843 2736 NetBT - ok 20:45:51.0859 2736 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 20:45:51.0921 2736 NIC1394 - ok 20:45:51.0968 2736 nltdi (19c50a0051fed34cc2544cd45114e4e5) C:\WINDOWS\system32\drivers\nltdi.sys 20:45:51.0968 2736 nltdi ( UnsignedFile.Multi.Generic ) - warning 20:45:51.0968 2736 nltdi - detected UnsignedFile.Multi.Generic (1) 20:45:52.0000 2736 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys 20:45:52.0031 2736 nmwcd - ok 20:45:52.0046 2736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:45:52.0109 2736 Npfs - ok 20:45:52.0125 2736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:45:52.0187 2736 Ntfs - ok 20:45:52.0234 2736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:45:52.0296 2736 Null - ok 20:45:52.0343 2736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:45:52.0406 2736 NwlnkFlt - ok 20:45:52.0406 2736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:45:52.0484 2736 NwlnkFwd - ok 20:45:52.0500 2736 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 20:45:52.0562 2736 ohci1394 - ok 20:45:52.0578 2736 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 20:45:52.0640 2736 Parport - ok 20:45:52.0656 2736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:45:52.0703 2736 PartMgr - ok 20:45:52.0734 2736 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 20:45:52.0796 2736 ParVdm - ok 20:45:52.0796 2736 PCAMPR5 - ok 20:45:52.0828 2736 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS 20:45:52.0843 2736 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning 20:45:52.0843 2736 PCANDIS5 - detected UnsignedFile.Multi.Generic (1) 20:45:52.0875 2736 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 20:45:52.0937 2736 PCI - ok 20:45:52.0937 2736 PCIDump - ok 20:45:52.0968 2736 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:45:53.0031 2736 PCIIde - ok 20:45:53.0062 2736 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:45:53.0140 2736 Pcmcia - ok 20:45:53.0140 2736 PDCOMP - ok 20:45:53.0140 2736 PDFRAME - ok 20:45:53.0156 2736 PDRELI - ok 20:45:53.0156 2736 PDRFRAME - ok 20:45:53.0171 2736 perc2 - ok 20:45:53.0171 2736 perc2hib - ok 20:45:53.0187 2736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:45:53.0250 2736 PptpMiniport - ok 20:45:53.0265 2736 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 20:45:53.0312 2736 Processor - ok 20:45:53.0328 2736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:45:53.0390 2736 PSched - ok 20:45:53.0390 2736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:45:53.0453 2736 Ptilink - ok 20:45:53.0484 2736 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:45:53.0484 2736 PxHelp20 - ok 20:45:53.0500 2736 ql1080 - ok 20:45:53.0500 2736 Ql10wnt - ok 20:45:53.0515 2736 ql12160 - ok 20:45:53.0515 2736 ql1240 - ok 20:45:53.0515 2736 ql1280 - ok 20:45:53.0531 2736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:45:53.0593 2736 RasAcd - ok 20:45:53.0609 2736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:45:53.0671 2736 Rasl2tp - ok 20:45:53.0687 2736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:45:53.0750 2736 RasPppoe - ok 20:45:53.0750 2736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:45:53.0828 2736 Raspti - ok 20:45:53.0843 2736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:45:53.0906 2736 Rdbss - ok 20:45:53.0921 2736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:45:53.0984 2736 RDPCDD - ok 20:45:54.0031 2736 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 20:45:54.0046 2736 RDPWD - ok 20:45:54.0078 2736 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:45:54.0125 2736 redbook - ok 20:45:54.0218 2736 RTHDMIAzAudService (a5a9f4b77d7ff2b02633999ff71a7e9b) C:\WINDOWS\system32\drivers\RtKHDMI.sys 20:45:54.0281 2736 RTHDMIAzAudService - ok 20:45:54.0312 2736 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 20:45:54.0328 2736 RTLE8023xp - ok 20:45:54.0359 2736 SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys 20:45:54.0359 2736 SCREAMINGBDRIVER - ok 20:45:54.0390 2736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:45:54.0468 2736 Secdrv - ok 20:45:54.0468 2736 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:45:54.0531 2736 serenum - ok 20:45:54.0531 2736 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 20:45:54.0593 2736 Serial - ok 20:45:54.0609 2736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:45:54.0671 2736 Sfloppy - ok 20:45:54.0718 2736 Simbad - ok 20:45:54.0765 2736 SMCSMC WirelessUSB(SMC2662W)(R) (eaa9a0911c5cefaab85b57e2b1a7cd54) C:\WINDOWS\system32\DRIVERS\Net62151.sys 20:45:54.0765 2736 SMCSMC WirelessUSB(SMC2662W)(R) ( UnsignedFile.Multi.Generic ) - warning 20:45:54.0765 2736 SMCSMC WirelessUSB(SMC2662W)(R) - detected UnsignedFile.Multi.Generic (1) 20:45:54.0781 2736 Sparrow - ok 20:45:54.0812 2736 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys 20:45:54.0828 2736 speedfan - ok 20:45:54.0828 2736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:45:54.0890 2736 splitter - ok 20:45:54.0921 2736 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys 20:45:54.0937 2736 sptd - ok 20:45:54.0953 2736 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 20:45:55.0000 2736 sr - ok 20:45:55.0031 2736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:45:55.0046 2736 Srv - ok 20:45:55.0062 2736 SSHDRV5C - ok 20:45:55.0078 2736 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 20:45:55.0093 2736 ssmdrv - ok 20:45:55.0093 2736 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys 20:45:55.0109 2736 SVKP ( UnsignedFile.Multi.Generic ) - warning 20:45:55.0109 2736 SVKP - detected UnsignedFile.Multi.Generic (1) 20:45:55.0125 2736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:45:55.0187 2736 swenum - ok 20:45:55.0203 2736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:45:55.0265 2736 swmidi - ok 20:45:55.0265 2736 symc810 - ok 20:45:55.0281 2736 symc8xx - ok 20:45:55.0281 2736 sym_hi - ok 20:45:55.0296 2736 sym_u3 - ok 20:45:55.0296 2736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:45:55.0359 2736 sysaudio - ok 20:45:55.0390 2736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:45:55.0406 2736 Tcpip - ok 20:45:55.0421 2736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:45:55.0500 2736 TDPIPE - ok 20:45:55.0515 2736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:45:55.0593 2736 TDTCP - ok 20:45:55.0609 2736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:45:55.0656 2736 TermDD - ok 20:45:55.0671 2736 TosIde - ok 20:45:55.0687 2736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:45:55.0750 2736 Udfs - ok 20:45:55.0750 2736 ultra - ok 20:45:55.0843 2736 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Programme\Unlocker\UnlockerDriver5.sys 20:45:55.0859 2736 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning 20:45:55.0859 2736 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1) 20:45:55.0875 2736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:45:55.0953 2736 Update - ok 20:45:55.0984 2736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:45:56.0046 2736 usbccgp - ok 20:45:56.0062 2736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:45:56.0109 2736 usbehci - ok 20:45:56.0125 2736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:45:56.0187 2736 usbhub - ok 20:45:56.0187 2736 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 20:45:56.0250 2736 usbohci - ok 20:45:56.0265 2736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:45:56.0343 2736 usbscan - ok 20:45:56.0359 2736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:45:56.0406 2736 USBSTOR - ok 20:45:56.0437 2736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:45:56.0500 2736 VgaSave - ok 20:45:56.0500 2736 ViaIde - ok 20:45:56.0515 2736 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 20:45:56.0578 2736 VolSnap - ok 20:45:56.0609 2736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:45:56.0671 2736 Wanarp - ok 20:45:56.0765 2736 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 20:45:56.0781 2736 Wdf01000 - ok 20:45:56.0796 2736 WDICA - ok 20:45:56.0812 2736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:45:56.0859 2736 wdmaud - ok 20:45:56.0921 2736 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 20:45:56.0968 2736 WmiAcpi - ok 20:45:57.0015 2736 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:45:57.0031 2736 WpdUsb - ok 20:45:57.0046 2736 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:45:57.0062 2736 WudfPf - ok 20:45:57.0062 2736 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:45:57.0078 2736 WudfRd - ok 20:45:57.0109 2736 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys 20:45:57.0125 2736 xusb21 - ok 20:45:57.0140 2736 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 20:45:57.0265 2736 \Device\Harddisk0\DR0 - ok 20:45:57.0265 2736 Boot (0x1200) (ce398dda82b6ab33ed783adf7de862b8) \Device\Harddisk0\DR0\Partition0 20:45:57.0265 2736 \Device\Harddisk0\DR0\Partition0 - ok 20:45:57.0296 2736 Boot (0x1200) (a24c4fed5e76d76c6ec730d1352760b0) \Device\Harddisk0\DR0\Partition1 20:45:57.0296 2736 \Device\Harddisk0\DR0\Partition1 - ok 20:45:57.0312 2736 Boot (0x1200) (f786a216f49ed491b8582010c35c534d) \Device\Harddisk0\DR0\Partition2 20:45:57.0312 2736 \Device\Harddisk0\DR0\Partition2 - ok 20:45:57.0312 2736 ============================================================ 20:45:57.0312 2736 Scan finished 20:45:57.0312 2736 ============================================================ 20:45:57.0406 1792 Detected object count: 8 20:45:57.0406 1792 Actual detected object count: 8 20:46:01.0062 1792 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:01.0062 1792 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:01.0062 1792 giveio ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:01.0062 1792 nltdi ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 nltdi ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:01.0062 1792 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:01.0062 1792 SMCSMC WirelessUSB(SMC2662W)(R) ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 SMCSMC WirelessUSB(SMC2662W)(R) ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:01.0062 1792 SVKP ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 SVKP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:01.0062 1792 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:01.0062 1792 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
25.10.2011, 08:41 | #19 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ein oder mehrere Trojanaer (Ursprung Facebook) Die Einträge da sind ok. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
27.10.2011, 12:59 | #20 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) Combofix Logfile: Code:
ATTFilter ComboFix 11-10-27.03 - xxx 27.10.2011 13:32:37.1.3 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3326.2617 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\xxx\Eigene Dateien\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\xxx\Anwendungsdaten\chrtmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL0084.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL0384.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL0393.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL0764.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL1643.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL1973.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL2515.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL2624.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL2683.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL3025.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL3163.tmp c:\dokumente und einstellungen\xxx\Eigene Dateien\~WRL3166.tmp c:\dokumente und einstellungen\xxx\WINDOWS c:\programme\messenger\msmsgsin.exe c:\programme\msn\msncorefiles\copymar.exe c:\programme\msn\msncorefiles\custdial.dll c:\programme\msn\msncorefiles\logonmgr.dll c:\windows\daemon.dll c:\windows\help\tours\htmltour\unlock_playing.htm c:\windows\IsUn0407.exe c:\windows\system32\d3d9caps.dat c:\windows\tsoc.log . . ((((((((((((((((((((((( Dateien erstellt von 2011-09-27 bis 2011-10-27 )))))))))))))))))))))))))))))) . . 2011-10-20 09:52 . 2011-10-20 09:52 -------- d-----w- C:\_OTL 2011-10-17 18:00 . 2011-10-17 18:00 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Avira 2011-10-17 17:59 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-17 17:59 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-10-17 17:59 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-10-17 17:59 . 2011-10-17 17:59 -------- d-----w- c:\programme\Avira 2011-10-17 17:59 . 2011-10-17 17:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2011-10-10 09:09 . 2011-10-10 09:09 4550304 ----a-w- c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2011-10-08 17:55 . 2011-10-08 17:55 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Malwarebytes 2011-10-08 17:55 . 2011-10-08 17:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2011-10-08 17:55 . 2011-10-08 19:02 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2011-10-08 17:55 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-07 12:49 . 2011-10-08 12:43 -------- d-s---w- c:\dokumente und einstellungen\NetworkService\UserData 2011-10-06 12:42 . 2011-10-06 12:42 -------- d-----w- c:\programme\ESET 2011-10-05 20:27 . 2011-09-29 07:09 773080 ----a-w- c:\programme\Mozilla Firefox\mozsqlite3.dll 2011-10-05 20:27 . 2011-09-29 07:09 16856 ----a-w- c:\programme\Mozilla Firefox\plugin-container.exe 2011-10-05 20:27 . 2011-09-29 07:09 134104 ----a-w- c:\programme\Mozilla Firefox\components\browsercomps.dll 2011-10-05 20:27 . 2011-09-29 07:09 89048 ----a-w- c:\programme\Mozilla Firefox\libEGL.dll 2011-10-05 20:27 . 2011-09-29 07:09 719832 ----a-w- c:\programme\Mozilla Firefox\mozcpp19.dll 2011-10-05 20:27 . 2011-09-29 07:09 478168 ----a-w- c:\programme\Mozilla Firefox\libGLESv2.dll 2011-10-05 20:27 . 2011-09-29 07:09 1833944 ----a-w- c:\programme\Mozilla Firefox\mozjs.dll 2011-10-05 20:27 . 2011-09-29 07:09 15832 ----a-w- c:\programme\Mozilla Firefox\mozalloc.dll 2011-10-05 20:27 . 2011-09-29 00:26 2106216 ----a-w- c:\programme\Mozilla Firefox\D3DCompiler_43.dll 2011-10-05 20:27 . 2011-09-29 00:26 1998168 ----a-w- c:\programme\Mozilla Firefox\d3dx9_43.dll 2011-09-28 05:26 . 2010-09-29 15:13 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys 2011-09-28 05:26 . 2010-04-01 11:31 23424 ----a-w- c:\windows\system32\drivers\Motousbnet.sys 2011-09-28 05:26 . 2010-01-25 16:56 9472 ----a-w- c:\windows\system32\drivers\motusbdevice.sys 2011-09-28 05:26 . 2009-01-29 14:11 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys 2011-09-28 05:26 . 2010-12-03 12:03 20352 ----a-w- c:\windows\system32\drivers\motccgp.sys 2011-09-28 05:26 . 2009-01-29 14:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys 2011-09-28 05:26 . 2007-11-02 12:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys 2011-09-28 05:26 . 2011-09-28 05:26 -------- d-----w- c:\programme\Gemeinsame Dateien\Motorola Shared 2011-09-28 05:26 . 2011-09-28 05:26 -------- d-----w- c:\programme\Motorola . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2002-08-29 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-09 09:11 . 2002-08-29 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 14:10 . 2002-08-29 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-09-05 13:55 . 2002-08-29 12:00 672768 ----a-w- c:\windows\system32\wininet.dll 2011-09-05 13:55 . 2009-07-23 03:05 81920 ------w- c:\windows\system32\ieencode.dll 2011-09-05 13:55 . 2002-08-29 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-09-05 13:54 . 2009-07-23 03:05 371200 ------w- c:\windows\system32\html.iec 2011-08-19 16:32 . 2011-06-14 12:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-17 13:49 . 2002-08-29 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-12 11:51 . 2009-07-22 06:24 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2011-09-29 07:09 . 2011-10-05 20:27 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-10-13 17351304] "ICQ"="c:\programme\ICQ7.5\ICQ.exe" [2011-08-01 124480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\xxx\Startmenü\Programme\Autostart\ EZ Connect Wireless USB Utility.lnk - c:\programme\SMC\EZ Connect Wireless USB\WlanMonitor.exe [2004-7-9 532480] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ LOLRecorder.lnk - c:\programme\LOLReplay\LOLRecorder.exe [2011-10-7 406016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 10:28 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^xxx^Startmenü^Programme^Autostart^Registration Prince of Persia Warrior Within.LNK] path=c:\dokumente und einstellungen\xxx\Startmenü\Programme\Autostart\Registration Prince of Persia Warrior Within.LNK backup=c:\windows\pss\Registration Prince of Persia Warrior Within.LNKStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ----a-w- c:\programme\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\programme\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] 2004-08-22 15:05 81920 ----a-w- c:\programme\D-Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-06-16 04:03 221184 ----a-w- c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-06-16 04:03 81920 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2010-07-06 19:19 98304 ----a-w- c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-03-09 02:52 15872 ----a-w- c:\programme\Unlocker\UnlockerAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ICQ Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "PnkBstrA"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "npggsvc"=3 (0x3) "MotoHelper"=2 (0x2) "LBTServ"=3 (0x3) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) "nlsvc"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Age of Empires III\\age3.exe"= "d:\\Kopie von Warcraft III \\Warcraft III.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programme\\Hamachi\\hamachi.exe"= "d:\\Valve\\hl.exe"= "d:\\EE\\Empire Earth I ZdE\\EE-AOC.exe"= "d:\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"= "d:\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "c:\\Programme\\7-Zip\\7zFM.exe"= "c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Programme\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "d:\\League of Legends\\lol.launcher.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\ICQ7.5\\ICQ.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8395:TCP"= 8395:TCP:League of Legends Launcher "8395:UDP"= 8395:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6910:TCP"= 6910:TCP:League of Legends Launcher "6910:UDP"= 6910:UDP:League of Legends Launcher "6888:TCP"= 6888:TCP:League of Legends Launcher "6888:UDP"= 6888:UDP:League of Legends Launcher "6947:TCP"= 6947:TCP:League of Legends Launcher "6947:UDP"= 6947:UDP:League of Legends Launcher "6886:TCP"= 6886:TCP:League of Legends Launcher "6886:UDP"= 6886:UDP:League of Legends Launcher "6892:TCP"= 6892:TCP:League of Legends Launcher "6892:UDP"= 6892:UDP:League of Legends Launcher "6899:TCP"= 6899:TCP:League of Legends Launcher "6899:UDP"= 6899:UDP:League of Legends Launcher "6925:TCP"= 6925:TCP:League of Legends Launcher "6925:UDP"= 6925:UDP:League of Legends Launcher "6946:TCP"= 6946:TCP:League of Legends Launcher "6946:UDP"= 6946:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6940:TCP"= 6940:TCP:League of Legends Launcher "6940:UDP"= 6940:UDP:League of Legends Launcher "6984:TCP"= 6984:TCP:League of Legends Launcher "6984:UDP"= 6984:UDP:League of Legends Launcher "6967:TCP"= 6967:TCP:League of Legends Launcher "6967:UDP"= 6967:UDP:League of Legends Launcher "6976:TCP"= 6976:TCP:League of Legends Launcher "6976:UDP"= 6976:UDP:League of Legends Launcher "6921:TCP"= 6921:TCP:League of Legends Launcher "6921:UDP"= 6921:UDP:League of Legends Launcher "6902:TCP"= 6902:TCP:League of Legends Launcher "6902:UDP"= 6902:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17.10.2011 19:59 36000] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.04.2007 18:08 81688] R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2011 19:59 86224] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [22.10.2010 15:53 10384] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [18.04.2010 14:11 2368] R3 SMCSMC WirelessUSB(SMC2662W)(R);SMC SMC WirelessUSB(SMC2662W)(R) Service for SMC EZ Connect Wireless USB Adapter(SMC2662W);c:\windows\system32\drivers\Net62151.sys [21.09.2004 17:43 121344] S1 SSHDRV5C;SSHDRV5C;\??\c:\windows\system32\drivers\SSHDRV5C.sys --> c:\windows\system32\drivers\SSHDRV5C.sys [?] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [02.07.2010 00:01 136176] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [28.09.2011 07:26 6016] S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [06.05.2009 09:08 104272] S3 cpuz130;cpuz130;\??\c:\dokume~1\xxx\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\xxx\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?] S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [02.07.2010 00:01 136176] S3 lredbooo;lredbooo;\??\c:\dokume~1\xxx\LOKALE~1\Temp\lredbooo.sys --> c:\dokume~1\xxx\LOKALE~1\Temp\lredbooo.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [28.09.2011 07:26 20352] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [28.09.2011 07:26 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [28.09.2011 07:26 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [28.09.2011 07:26 9472] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01.07.2010 15:21 34896] S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [22.07.2009 08:56 155136] S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [22.07.2009 08:56 5248] S4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [28.06.2010 08:46 247608] S4 MotoHelper;MotoHelper Service;c:\programme\Motorola\MotoHelper\MotoHelperService.exe [27.01.2011 23:13 226624] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.08.2009 16:25 691696] . Inhalt des "geplante Tasks" Ordners . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-07-01 22:01] . 2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-07-01 22:01] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = mLocal Page = IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\32qewamd.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-Microsoft® Windows Update - c:\dokumente und einstellungen\xxx\M-1-52-5782-8752-5245\winsvc.exe MSConfigStartUp-RGSC - d:\gta\Rockstar Games Social Club\RGSCLauncher.exe AddRemove-Call of Duty Modern Warfare 2_is1 - d:\cod 6 -v1\unins000.exe AddRemove-conduitEngine - c:\programme\ConduitEngine\ConduitEngineUninstall.exe AddRemove-Free YouTube Download_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Uninstall.exe AddRemove-FreeDoko - d:\ doppelkopf\uninst.exe AddRemove-Gothic II - Die Nacht des Raben - d:\jowood\GOTHIC~1\UNWISE.EXE AddRemove-HijackThis - c:\dokumente und einstellungen\xxx\Eigene Dateien\Downloads\HijackThis.exe AddRemove-Mafia II_is1 - d:\mafia ii\unins000.exe AddRemove-Worms2 - d:\team18\Worms2\Uninst.isu AddRemove-Worms2 Demo - d:\team17\Worms2\Uninst.isu AddRemove-{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} - d:\herr der ringe2\EAUninstall.exe AddRemove-NCsoft-GuildWars - d:\gw\NCLauncher.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-10-27 13:35 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-117609710-1417001333-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:39,e3,38,1e,5c,e9,24,8d,31,27,09,80,6c,75,91,0b,9c,66,48,7b,75,c3,38, 00,28,c9,ac,04,9c,51,b7,53,03,10,e3,0c,0b,f4,29,a4,fd,69,7c,2a,2d,31,b2,d4,\ "??"=hex:1b,c6,eb,3d,78,e8,25,f7,56,67,94,1c,cb,98,93,af . [HKEY_USERS\S-1-5-21-117609710-1417001333-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:38,d2,18,94,45,dd,3b,cc,ae,73,66,8b,22,dd,1d,dd,14,da,75,9b,a7, 8e,6d,8e,09,97,bb,5c,e4,08,86,3b,54,1b,ec,18,1a,4d,a7,1e,09,fe,b8,2c,16,60,\ "rkeysecu"=hex:c4,20,84,99,8c,51,94,c9,1d,77,da,0a,60,e3,39,47 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*] "DisplayName"="???\16?\11\09" "DeviceDesc"="???\16?\11\09" "ProviderName"="?A?\11?\16?\11??" "MFG"="???????" "ReinstallString"=".10.1000.8" "DeviceInstanceIds"=multi:"f:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(1080) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll . Zeit der Fertigstellung: 2011-10-27 13:36:49 ComboFix-quarantined-files.txt 2011-10-27 11:36 . Vor Suchlauf: 14 Verzeichnis(se), 165.458.481.152 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 165.642.477.568 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer . - - End Of File - - F77567AD0A66B2E0CD283A23629463B1 |
27.10.2011, 14:48 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ein oder mehrere Trojanaer (Ursprung Facebook) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ --> Ein oder mehrere Trojanaer (Ursprung Facebook) |
29.10.2011, 16:08 | #22 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-10-29 16:59:31 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 ST3500418AS rev.CC34 Running: m1jzpld5.exe; Driver: C:\DOKUME~1\Valentin\LOKALE~1\Temp\pxtdapob.sys ---- System - GMER 1.0.15 ---- SSDT BA73206C ZwClose SSDT BA732026 ZwCreateKey SSDT BA732076 ZwCreateSection SSDT BA73201C ZwCreateThread SSDT BA73202B ZwDeleteKey SSDT BA732035 ZwDeleteValueKey SSDT BA732067 ZwDuplicateObject SSDT BA73203A ZwLoadKey SSDT BA732008 ZwOpenProcess SSDT BA73200D ZwOpenThread SSDT BA73208F ZwQueryValueKey SSDT BA732044 ZwReplaceKey SSDT BA732080 ZwRequestWaitReplyPort SSDT BA73203F ZwRestoreKey SSDT BA73207B ZwSetContextThread SSDT BA732085 ZwSetSecurityObject SSDT BA732030 ZwSetValueKey SSDT BA73208A ZwSystemDebugControl SSDT BA732017 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB49E5000, 0x238387, 0xE8000020] .text C:\WINDOWS\System32\DRIVERS\atksgt.sys section is writeable [0xA4B5A300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\System32\DRIVERS\lirsgt.sys section is writeable [0xBA478300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Mozilla Firefox\firefox.exe[3756] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0121FAE0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software) AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software) AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software) AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x29 0xF6 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x99 0x39 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x15 0xFE 0x8C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x29 0xF6 0x56 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x99 0x39 0x5B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x15 0xFE 0x8C ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 1.0.15 ---- |
29.10.2011, 16:20 | #23 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:19:13 on 29.10.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 7.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz130" (cpuz130) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\cpuz130\cpuz_x32.sys (File not found) "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\System32\DRIVERS\ENTECH.sys "gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "lredbooo" (lredbooo) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\lredbooo.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (File not found) "nltdi" (nltdi) - "Locktime Software" - C:\WINDOWS\system32\drivers\nltdi.sys "PCAMPR5 NDIS Protocol Driver" (PCAMPR5) - ? - C:\WINDOWS\system32\PCAMPR5.SYS (File not found) "PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SMC SMC WirelessUSB(SMC2662W)(R) Service for SMC EZ Connect Wireless USB Adapter(SMC2662W)" (SMCSMC WirelessUSB(SMC2662W)(R)) - "ATMEL" - C:\WINDOWS\System32\DRIVERS\Net62151.sys "speedfan" (speedfan) - "Almico Software" - C:\WINDOWS\System32\speedfan.sys "SSHDRV5C" (SSHDRV5C) - ? - C:\WINDOWS\system32\drivers\SSHDRV5C.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SVKP" (SVKP) - "AntiCracking" - C:\WINDOWS\system32\SVKP.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.5" - "ICQ, LLC." - C:\Programme\ICQ7.5\ICQ.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "LOLRecorder.lnk" - ? - C:\Programme\LOLReplay\LOLRecorder.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\desktop.ini "EZ Connect Wireless USB Utility.lnk" - "ATMEL" - C:\Programme\SMC\EZ Connect Wireless USB\WlanMonitor.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.5\ICQ.exe" silent loginmode=4 "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "B Register C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll" - ? - "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer "B Register C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll" - ? - "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer "B Register C:\Programme\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll" - "DivX, Inc." - "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer "B Register C:\Programme\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll" - "DivX, Inc." - "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll",DllRegisterServer "B Register C:\Programme\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll" - "DivX, Inc." - "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer "B Register C:\Programme\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll" - "DivX, Inc." - "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ".NET Runtime Optimization Service v4.0.20506_X86" (clr_optimization_v4.0.20506_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
09.11.2011, 10:52 | #24 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) Wie geht es jetzt weiter? |
09.11.2011, 11:03 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ein oder mehrere Trojanaer (Ursprung Facebook) Ich warte immer noch auf aswMBR
__________________ Logfiles bitte immer in CODE-Tags posten |
12.11.2011, 14:01 | #26 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) -.- Das habe ich ganz vergessen. Tut mire Leid kommt sofort! |
12.11.2011, 14:54 | #27 |
| Ein oder mehrere Trojanaer (Ursprung Facebook) aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-12 14:17:45 ----------------------------- 14:17:45.000 OS Version: Windows 5.1.2600 Service Pack 3 14:17:45.000 Number of processors: 3 586 0x402 14:17:45.000 ComputerName: EU UserName: 14:17:48.906 Initialize success 14:27:06.968 AVAST engine defs: 11111200 14:27:40.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 14:27:40.437 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3 14:27:42.437 Disk 0 MBR read successfully 14:27:42.453 Disk 0 MBR scan 14:27:42.468 Disk 0 Windows XP default MBR code 14:27:42.468 Disk 0 scanning sectors +976752000 14:27:42.531 Disk 0 scanning C:\WINDOWS\system32\drivers 14:27:50.390 Service scanning 14:27:51.390 Modules scanning 14:27:53.640 Disk 0 trace - called modules: 14:27:53.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 14:27:53.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af34ab8] 14:27:53.656 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8af7b718] 14:27:53.656 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x8af93d98] 14:27:54.703 AVAST engine scan C:\WINDOWS 14:28:20.578 AVAST engine scan C:\WINDOWS\system32 14:31:41.125 AVAST engine scan C:\WINDOWS\system32\drivers 14:31:57.203 AVAST engine scan C:\Dokumente und Einstellungen\xxx 14:36:02.031 AVAST engine scan C:\Dokumente und Einstellungen\All Users 14:37:32.500 Scan finished successfully 14:51:59.546 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\Anti Troj benutzt\MBR.dat" 14:51:59.546 The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\Anti Troj benutzt\aswMBR.txt" |
14.11.2011, 11:48 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ein oder mehrere Trojanaer (Ursprung Facebook) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Ein oder mehrere Trojanaer (Ursprung Facebook) |
antivir, antivir guard, askbar, avira, babylon toolbar, babylontoolbar, c:\windows\system32\rundll32.exe, classpnp.sys, conduit, converter, desktop, device driver, einstellungen, excel, facebook allezdax, firefox, flash player, format, google earth, hal.dll, helper, home, installation, locker, mozilla, object, plug-in, problem, rootkit, rootkit.win32.tdss.tdl4, rundll, scan, software, svchost, system, usb, windows, windows xp, winload toolbar |