|
Plagegeister aller Art und deren Bekämpfung: Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.12.2011, 01:12 | #1 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Hallo liebes Forum! Ich denke mein Internet hat sich etwas ,,zugezogen" und ich weiss nicht mehr, wie ich es weg bekommen. Ich habe es dadurch bemerkt, dass immer wenn ich was über Google gesucht habe und angeklickt, wurde ich auf ganz andere Seiten weitergeleitet. Z.B. habe ich nach Chip bei Google gesucht und wurde weitergelitet auf : hxxp://www.clicksystemsion.com/... und ich kenne die Seite nicht. Während des Ladens stand unten in der Ecke: ,,Warten auf poiskwebdll.com" Ich habe mein Antivirus einen Systemcheck machen lassen und er fand das: tr/dldr.dofoil.d.303 und betitelte es als Malware. Natürlich wurde es gelöscht doch nach ca. einer Stunde kam es wieder. Und so geht es immer weiter. Googeln danach hat mir keine Ergenisse gebracht. Ich hoffe ihr könnte mir helfen. Wenn ihr noch Informationen braucht werde ich natürlich versuchen sie euch zu geben, obwohl ich wenig Ahnung von PCs habe. Lieben Gruß, Tina |
19.12.2011, 07:20 | #2 |
/// Malwareteam | Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder!Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld Gruß, PsYcHoTiC
__________________ |
19.12.2011, 07:59 | #3 |
/// Malwareteam | Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder!Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1: OTL Wir benötigen zunächst einen Überblick über dein System, um das weitere Vorgehen zu koordinieren: Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
19.12.2011, 20:45 | #4 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Hallo Marius, zunächst einmal vielen Dank für deine Hilfe! Ich habe mich für die Bereinigung entschieden, da ich auch vom formatieren keine Ahnung habe Ich habe die Log-files mit ODT erstellt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.12.2011 20:40:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = E:\Dokumente und Einstellungen\Tina\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 79,89% Memory free 5,09 Gb Paging File | 4,42 Gb Available in Paging File | 86,77% Paging File free Paging file location(s): e:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive D: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 465,75 Gb Total Space | 335,94 Gb Free Space | 72,13% Space Free | Partition Type: NTFS Computer Name: TINA-07AEAE5B67 | User Name: Tina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Digital Photo Professional] -- E:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Games\BnW\runblack.exe" = E:\Games\BnW\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.) "E:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe" = E:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.) "E:\Programme\Bonjour\mDNSResponder.exe" = Dienst "Bonjour" "E:\Dokumente und Einstellungen\Tina\Eigene Dateien\Downloads\tinyumbrella-4.21.01.exe" = E:\Dokumente und Einstellungen\Tina\Eigene Dateien\Downloads\tinyumbrella-4.21.01.exe:*:Enabled:TinyUmbrella - Save your SHSH! -- () "E:\Programme\Avira\AntiVir Desktop\ipmgui.exe" = E:\Programme\Avira\AntiVir Desktop\ipmgui.exe:*:Enabled:Avira In Product Messaging -- (Avira Operations GmbH & Co. KG) "E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Temp\SSUPDATE.EXE" = E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Temp\SSUPDATE.EXE:*:Enabled:SUPERAntiSpyware Update Application -- (SUPERAntiSpyware.com) "E:\Programme\Mozilla Firefox\firefox.exe" = E:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "E:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe" = E:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe:*:Enabled:Java(TM) Update Checker -- (Sun Microsystems, Inc.) "E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Temp\jre-6u30-windows-i586-iftw-rv.exe" = E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Temp\jre-6u30-windows-i586-iftw-rv.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "E:\Programme\Avira\AntiVir Desktop\avnotify.exe" = E:\Programme\Avira\AntiVir Desktop\avnotify.exe:*:Enabled:Avira Notification Tool -- (Avira Operations GmbH & Co. KG) "E:\Programme\Electronic Arts\Die Sims 3\Game\Bin\Sims3LauncherW.exe" = E:\Programme\Electronic Arts\Die Sims 3\Game\Bin\Sims3LauncherW.exe:*:Enabled:Sims3Launcher -- (EA.com) "E:\Programme\Origin\LegacyPM\EACoreServer.exe" = E:\Programme\Origin\LegacyPM\EACoreServer.exe:*:Enabled:EA Core Server Application -- (Electronic Arts) "E:\Programme\Electronic Arts\Die Sims 3\Game\Bin\TS3W.exe" = E:\Programme\Electronic Arts\Die Sims 3\Game\Bin\TS3W.exe:*:Enabled:Sims 3 -- (Electronic Arts Inc.) "E:\Programme\Java\jre6\bin\javaw.exe" = E:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "E:\Programme\Gemeinsame Dateien\Java\Java Update\jaucheck.exe" = E:\Programme\Gemeinsame Dateien\Java\Java Update\jaucheck.exe:*:Enabled:Java(TM) Update Client Checker -- (Sun Microsystems, Inc.) "E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" = E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:Adobe Reader and Acrobat Manager -- (Adobe Systems Incorporated) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03990400-F19A-468C-B089-19BDC6289F7E}" = Tycoon City New York Patch #2 "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{562817EC-0640-4947-9513-570A53D55877}" = Grey's Anatomy "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5FF50E1A-4E6D-454B-BA00-6E15D6216BFB}" = Wildlife Park Gold "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{740B51D7-C903-4536-9530-B6304C937F51}" = Wildlife Park 2 Familien Edition "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7D43809F-5EE4-4CD0-8B43-7A623AEB55B7}" = Falk Navi-Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{82BF01FD-1FC2-4E33-861B-B32E8DC22723}" = TSR Workshop "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{99B0BF05-A054-4692-B707-9A7520D71A64}" = Germany's Next Topmodel "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0BBC906-9A33-4C79-A26A-758ED3503769}" = Belkin Wireless Setup utility "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5101403-2C42-40E0-8D9E-5E49E7C3B89E}" = Tycoon City - New York "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "AbiWord2" = AbiWord 2.8.6 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "DiskAid_is1" = DiskAid 4.64 "DPP" = Canon Utilities Digital Photo Professional 3.8 "EOS Utility" = Canon Utilities EOS Utility "Free Audio Dub_is1" = Free Audio Dub version 1.7.7.324 "ie8" = Windows Internet Explorer 8 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{A0BBC906-9A33-4C79-A26A-758ED3503769}" = Belkin Wireless Setup utility "IrfanView" = IrfanView (remove only) "Kaspersky Online Scanner" = Kaspersky Online Scanner "LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA Drivers" = NVIDIA Drivers "Origin" = Origin "Original Data Security Tools" = Canon Utilities Original Data Security Tools "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "Pizza Syndicate" = Pizza Syndicate "TIPP10_is1" = TIPP10 Version 2.0.3 "Tropico3" = Tropico 3 1.00 "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "United Arts Limited_meinxxl" = meinxxl "VLC media player" = VLC media player 1.1.4 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WFTK" = Canon Utilities WFT Utility "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.06.2011 19:12:23 | Computer Name = TINA-07AEAE5B67 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung wmplayer.exe, Version 9.0.0.4503, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.06.2011 15:30:16 | Computer Name = TINA-07AEAE5B67 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.06.2011 15:30:16 | Computer Name = TINA-07AEAE5B67 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.06.2011 15:30:17 | Computer Name = TINA-07AEAE5B67 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.06.2011 15:30:17 | Computer Name = TINA-07AEAE5B67 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 28.06.2011 08:13:07 | Computer Name = TINA-07AEAE5B67 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 5.0.0.4183, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 02.07.2011 06:01:44 | Computer Name = TINA-07AEAE5B67 | Source = MsiInstaller | ID = 11402 Description = Produkt: Adobe Reader 9.4.5 - Deutsch -- Fehler 1402. Schlüssel konnte nicht geöffnet werden: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL. Systemfehler 5. Überprüfen Sie, ob Sie ausreichende Zugriffsrechte auf diesen Schlüssel besitzen, oder setzen Sie sich mit Ihrem Supportpersonal in Verbindung. Error - 02.07.2011 06:01:48 | Computer Name = TINA-07AEAE5B67 | Source = MsiInstaller | ID = 1024 Description = Produkt: Adobe Reader 9.4.5 - Deutsch - Update "Adobe Reader 9.4.5 - CPSID_83708" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error - 02.07.2011 06:01:48 | Computer Name = TINA-07AEAE5B67 | Source = MsiInstaller | ID = 1024 Description = Produkt: Adobe Reader 9.4.5 - Deutsch - Update "Adobe Reader 9.4.2 - CPSID_83708" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error - 11.08.2011 06:18:06 | Computer Name = TINA-07AEAE5B67 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 19.12.2011 15:19:32 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:19:32 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:19:32 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:19:32 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:19:32 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:19:32 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:21:25 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:23:04 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:24:06 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 Error - 19.12.2011 15:37:43 | Computer Name = TINA-07AEAE5B67 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem Fehler beendet: %%127 < End of report > |
19.12.2011, 20:46 | #5 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Der Übersicht halber der 2. Log in einem neuen Post:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2011 20:40:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = E:\Dokumente und Einstellungen\Tina\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 79,89% Memory free 5,09 Gb Paging File | 4,42 Gb Available in Paging File | 86,77% Paging File free Paging file location(s): e:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive D: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 465,75 Gb Total Space | 335,94 Gb Free Space | 72,13% Space Free | Partition Type: NTFS Computer Name: TINA-07AEAE5B67 | User Name: Tina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Dokumente und Einstellungen\Tina\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - E:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - E:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - E:\Programme\ASUS\EPU-4 Engine\FourEngine.exe () PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll () MOD - E:\Programme\Mozilla Firefox\mozjs.dll () MOD - E:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll () MOD - E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll () MOD - E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL () MOD - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - E:\Programme\ASUS\EPU-4 Engine\FourEngine.exe () MOD - E:\Programme\ASUS\EPU-4 Engine\pngio.dll () MOD - E:\Programme\ASUS\EPU-4 Engine\AsSpindownTimeout.dll () MOD - \\?\globalroot\systemroot\system32\mswsock.dll () MOD - E:\WINDOWS\system32\AsIO.dll () ========== Win32 Services (SafeList) ========== SRV - (ZuneWlanCfgSvc) -- File not found SRV - (ZuneNetworkSvc) -- File not found SRV - (ZuneBusEnum) -- File not found SRV - (WMZuneComm) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (UxTuneUp) -- E:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- E:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- E:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASKUTIL) -- E:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- E:\WINDOWS\system32\drivers\s1039bus.sys (MCCI Corporation) DRV - (s1039mdm) -- E:\WINDOWS\system32\drivers\s1039mdm.sys (MCCI Corporation) DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- E:\WINDOWS\system32\drivers\s1039mgmt.sys (MCCI Corporation) DRV - (s1039obex) -- E:\WINDOWS\system32\drivers\s1039obex.sys (MCCI Corporation) DRV - (s1039mdfl) -- E:\WINDOWS\system32\drivers\s1039mdfl.sys (MCCI Corporation) DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- E:\WINDOWS\system32\drivers\s1039unic.sys (MCCI Corporation) DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- E:\WINDOWS\system32\drivers\s1039nd5.sys (MCCI Corporation) DRV - (SASDIFSV) -- E:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (StarOpen) -- E:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (libusb0) -- E:\WINDOWS\system32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvsmu) -- E:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvnetbus) -- E:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- E:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (AsIO) -- E:\WINDOWS\system32\drivers\AsIO.sys () DRV - (AmdPPM) -- E:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (WinUSB) -- E:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation) DRV - (MTsensor) -- E:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (BCM43XX) -- E:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: E:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.11.14 17:46:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.12.09 23:17:02 | 000,000,000 | ---D | M] [2010.05.01 15:26:39 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Extensions [2011.12.15 15:05:08 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\l6g47qec.default\extensions [2010.06.25 11:16:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\l6g47qec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.15 18:07:05 | 000,000,000 | ---D | M] (No name found) -- E:\Programme\Mozilla Firefox\extensions () (No name found) -- E:\DOKUMENTE UND EINSTELLUNGEN\TINA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\L6G47QEC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- E:\DOKUMENTE UND EINSTELLUNGEN\TINA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\L6G47QEC.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI [2011.03.22 23:30:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- E:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.11.14 17:46:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Programme\mozilla firefox\components\browsercomps.dll [2011.03.22 23:30:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.06 20:57:28 | 000,001,392 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 20:57:28 | 000,002,252 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.06 20:57:28 | 000,001,153 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 20:57:28 | 000,006,805 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 20:57:28 | 000,001,178 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 20:57:28 | 000,001,105 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.08.20 13:35:26 | 000,000,874 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] E:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Six Engine] E:\Programme\ASUS\EPU-4 Engine\FourEngine.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\Programme\Bonjour\mdnsNSP.dll File not found O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1297632329484 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B99911F4-DA02-456F-9780-DE45C2156672}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) -E:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - E:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.09.16 05:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{014d43bb-1b3f-11e0-9542-00248cf790c6}\Shell - "" = AutoRun O33 - MountPoints2\{014d43bb-1b3f-11e0-9542-00248cf790c6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{014d43bb-1b3f-11e0-9542-00248cf790c6}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- E:\WINDOWS\System32\ [2011.12.16 21:47:54 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Tina\Desktop\Forum [2011.12.15 15:15:28 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth [2011.12.15 00:46:00 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2011.12.15 00:35:27 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\NtmsData [2011.12.15 00:02:07 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2011.12.14 23:57:01 | 000,000,000 | -HSD | C] -- E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\89740b0f [2011.12.12 18:51:03 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\M-Photo_Ltd [2011.12.12 18:50:30 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\M-Photo [2011.12.12 18:50:06 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\United Arts Limited [2011.12.12 18:49:48 | 000,000,000 | ---D | C] -- E:\Program Files [2011.12.04 23:18:33 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software [2011.11.27 23:19:01 | 000,028,992 | ---- | C] (TuneUp Software) -- E:\WINDOWS\System32\uxtuneup.dll [2011.11.27 23:17:41 | 000,031,552 | ---- | C] (TuneUp Software) -- E:\WINDOWS\System32\TURegOpt.exe [2011.11.27 23:17:38 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012 [2011.11.27 23:17:27 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\TuneUp Software [2011.11.27 23:17:13 | 000,000,000 | ---D | C] -- E:\Programme\TuneUp Utilities 2012 [2011.11.27 23:16:55 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.11.27 23:16:48 | 000,000,000 | -HSD | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} [7 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [17 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- E:\WINDOWS\System32\ [2011.12.19 20:18:05 | 000,200,819 | ---- | M] () -- E:\WINDOWS\System32\nvapps.xml [2011.12.19 20:17:56 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat [2011.12.18 21:16:53 | 000,002,422 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl [2011.12.16 22:43:25 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat [2011.12.16 22:05:05 | 000,103,545 | ---- | M] () -- E:\Dokumente und Einstellungen\Tina\Desktop\IMG_0608.jpg [2011.12.16 22:03:40 | 000,102,041 | ---- | M] () -- E:\Dokumente und Einstellungen\Tina\Desktop\IMG_0570.jpg [2011.12.16 21:28:03 | 000,000,276 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.12.16 17:50:27 | 000,142,832 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2011.12.12 18:49:48 | 011,541,952 | ---- | M] () -- E:\WINDOWS\System32\United Arts Limited_meinxxl_uninstaller.exe [2011.12.11 17:56:53 | 000,075,599 | ---- | M] () -- E:\Dokumente und Einstellungen\Tina\Desktop\smiley.jpg [2011.12.09 23:14:51 | 000,134,856 | ---- | M] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avipbb.sys [2011.11.28 13:21:04 | 000,527,616 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat [2011.11.28 13:21:04 | 000,502,826 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat [2011.11.28 13:21:04 | 000,105,710 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat [2011.11.28 13:21:04 | 000,088,350 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\win32k.sys [2011.11.22 17:55:13 | 000,022,266 | ---- | M] () -- E:\Dokumente und Einstellungen\Tina\Eigene Dateien\Exzerpt LW.odt [7 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [17 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.16 22:05:05 | 000,103,545 | ---- | C] () -- E:\Dokumente und Einstellungen\Tina\Desktop\IMG_0608.jpg [2011.12.16 22:03:40 | 000,102,041 | ---- | C] () -- E:\Dokumente und Einstellungen\Tina\Desktop\IMG_0570.jpg [2011.12.15 00:02:07 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat [2011.12.12 18:49:48 | 011,541,952 | ---- | C] () -- E:\WINDOWS\System32\United Arts Limited_meinxxl_uninstaller.exe [2011.12.11 17:56:52 | 000,075,599 | ---- | C] () -- E:\Dokumente und Einstellungen\Tina\Desktop\smiley.jpg [2011.11.27 23:17:38 | 000,001,713 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012.lnk [2011.11.22 17:55:13 | 000,022,266 | ---- | C] () -- E:\Dokumente und Einstellungen\Tina\Eigene Dateien\Exzerpt LW.odt [2011.02.05 20:58:51 | 000,000,529 | ---- | C] () -- E:\WINDOWS\eReg.dat [2011.01.09 17:12:27 | 000,002,528 | ---- | C] () -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.10.16 18:04:44 | 000,000,116 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini [2010.10.02 14:08:18 | 000,007,168 | ---- | C] () -- E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.11 21:56:48 | 000,000,000 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.09.11 21:55:59 | 000,007,168 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys [2010.08.15 15:39:06 | 001,456,640 | ---- | C] () -- E:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi [2010.08.15 14:56:53 | 000,002,528 | ---- | C] () -- E:\Dokumente und Einstellungen\Tina\Anwendungsdaten\$_hpcst$.hpc [2010.05.01 15:26:24 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat [2010.04.16 09:38:43 | 000,000,137 | ---- | C] () -- E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.11.06 18:49:21 | 001,454,213 | ---- | C] () -- E:\Programme\wrar390d.exe [2009.11.06 18:08:56 | 000,024,576 | R--- | C] () -- E:\WINDOWS\System32\AsIO.dll [2009.11.06 18:08:56 | 000,012,400 | R--- | C] () -- E:\WINDOWS\System32\drivers\AsIO.sys [2009.11.06 18:08:50 | 000,011,832 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp64.sys [2009.11.06 18:08:50 | 000,010,216 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp32.sys [2009.11.06 18:02:45 | 000,004,984 | R--- | C] () -- E:\WINDOWS\System32\drivers\nvphy.bin [2009.11.06 17:45:35 | 000,034,758 | ---- | C] () -- E:\WINDOWS\Ascd_log.ini [2009.11.06 17:44:52 | 000,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys [2009.11.06 17:44:38 | 000,028,914 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini [2009.11.06 17:44:37 | 000,010,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009.07.08 20:38:02 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI [2009.07.08 20:37:06 | 000,142,832 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2009.07.08 13:47:58 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat [2009.07.08 13:46:37 | 000,001,082 | ---- | C] () -- E:\WINDOWS\System32\OEMINFO.INI [2009.07.08 13:42:31 | 000,023,504 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat [2008.10.16 20:46:00 | 001,703,936 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll [2008.10.16 20:46:00 | 001,630,208 | ---- | C] () -- E:\WINDOWS\System32\nwiz.exe [2008.10.16 20:46:00 | 001,486,848 | ---- | C] () -- E:\WINDOWS\System32\nview.dll [2008.10.16 20:46:00 | 001,339,392 | ---- | C] () -- E:\WINDOWS\System32\nvdspsch.exe [2008.10.16 20:46:00 | 001,019,904 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll [2008.10.16 20:46:00 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll [2008.10.16 20:46:00 | 000,442,368 | ---- | C] () -- E:\WINDOWS\System32\nvappbar.exe [2008.10.16 20:46:00 | 000,425,984 | ---- | C] () -- E:\WINDOWS\System32\keystone.exe [2008.10.16 20:46:00 | 000,286,720 | ---- | C] () -- E:\WINDOWS\System32\nvnt4cpl.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- E:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelFrench.dll [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,527,616 | ---- | C] () -- E:\WINDOWS\System32\perfh007.dat [2004.08.04 13:00:00 | 000,502,826 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- E:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,105,710 | ---- | C] () -- E:\WINDOWS\System32\perfc007.dat [2004.08.04 13:00:00 | 000,088,350 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- E:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat [2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\dcache.bin [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat [2003.09.26 16:45:22 | 000,024,576 | ---- | C] () -- E:\WINDOWS\System32\shutdowncomputer.exe [2003.07.30 10:48:28 | 000,004,711 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat [2003.07.30 09:49:22 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin [2003.06.19 14:43:30 | 000,196,669 | ---- | C] () -- E:\WINDOWS\System32\insTool.exe [2003.01.10 05:34:00 | 000,188,416 | ---- | C] () -- E:\WINDOWS\System32\DetectHardware.exe [2002.12.23 21:23:50 | 000,024,576 | ---- | C] () -- E:\WINDOWS\System32\WinXPDisableZeroConfigation.exe [2002.12.23 14:22:24 | 000,040,960 | ---- | C] () -- E:\WINDOWS\System32\RemoveInstallShield.exe < End of report > |
19.12.2011, 21:18 | #6 |
/// Malwareteam | Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! GMER Bitte
__________________ --> Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! |
20.12.2011, 11:51 | #7 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! oh man das hat gedauert GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover Rootkit scan 2011-12-20 11:37:18 Windows 5.1.2600 Service Pack 3 Running: yuf919um.exe; Driver: E:\DOKUME~1\Tina\LOKALE~1\Temp\ffqdykow.sys ---- System - GMER 1.0.15 ---- SSDT BA775D9C ZwClose SSDT BA775D56 ZwCreateKey SSDT BA775DA6 ZwCreateSection SSDT BA775D4C ZwCreateThread SSDT BA775D5B ZwDeleteKey SSDT BA775D65 ZwDeleteValueKey SSDT BA775D97 ZwDuplicateObject SSDT BA775D6A ZwLoadKey SSDT BA775D38 ZwOpenProcess SSDT BA775D3D ZwOpenThread SSDT BA775DBF ZwQueryValueKey SSDT BA775D74 ZwReplaceKey SSDT BA775DB0 ZwRequestWaitReplyPort SSDT BA775D6F ZwRestoreKey SSDT BA775DAB ZwSetContextThread SSDT BA775DB5 ZwSetSecurityObject SSDT BA775D60 ZwSetValueKey SSDT BA775DBA ZwSystemDebugControl SSDT BA775D47 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text E:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E3F360, 0x32E21D, 0xE8000020] .text afd.sys B63E3300 2 Bytes [08, 04] .text afd.sys B63E3304 3 Bytes [80, FC, 01] {CMP AH, 0x1} .text afd.sys B63E3308 2 Bytes [80, 04] .text afd.sys B63E330C 3 Bytes [80, FC, 01] {CMP AH, 0x1} .text afd.sys B63E3315 92 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ... .INIT E:\WINDOWS\System32\drivers\afd.sys entry point in ".INIT" section [0xB63F0920] ? E:\WINDOWS\System32\drivers\afd.sys suspicious PE modification ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) BA258000-BA266000 (57344 bytes) Module (noname) (*** hidden *** ) B961A000-B9624000 (40960 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:716] B961EE40 Thread System [4:720] B961EE40 Thread System [4:724] 898C6520 Thread System [4:728] 898C6520 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1 ---- Files - GMER 1.0.15 ---- File E:\WINDOWS\$NtUninstallKB32132$\2306083599 0 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\@ 2048 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\L 0 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\L\thyfmaut 138496 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\loader.tlb 2632 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U 0 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@00000001 45968 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@000000c0 3072 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@000000cb 3072 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@000000cf 1536 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@80000000 26112 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@800000c0 32768 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@800000cb 24064 bytes File E:\WINDOWS\$NtUninstallKB32132$\2306083599\U\@800000cf 31744 bytes File E:\WINDOWS\$NtUninstallKB32132$\630551253 0 bytes ---- EOF - GMER 1.0.15 ---- |
20.12.2011, 15:52 | #8 |
/// Malwareteam | Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Hallo Tina, das sieht nicht gut aus - dein System ist mit dem ZeroAccess-Rootkit infiziert! Wir brauchen noch weitere Informationen zum System, mach bitte Folgendes! Schritt 1. TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 3: Farbar´s Service Scanner Downloade dir bitte Farbar's Service Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
21.12.2011, 00:12 | #9 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Hallo marius! Zunächst der TDSS Kiler: 00:10:27.0734 0504 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 00:10:29.0734 0504 ============================================================ 00:10:29.0734 0504 Current date / time: 2011/12/21 00:10:29.0734 00:10:29.0734 0504 SystemInfo: 00:10:29.0734 0504 00:10:29.0734 0504 OS Version: 5.1.2600 ServicePack: 3.0 00:10:29.0734 0504 Product type: Workstation 00:10:29.0734 0504 ComputerName: TINA-07AEAE5B67 00:10:29.0734 0504 UserName: Tina 00:10:29.0734 0504 Windows directory: E:\WINDOWS 00:10:29.0734 0504 System windows directory: E:\WINDOWS 00:10:29.0734 0504 Processor architecture: Intel x86 00:10:29.0734 0504 Number of processors: 2 00:10:29.0734 0504 Page size: 0x1000 00:10:29.0734 0504 Boot type: Normal boot 00:10:29.0734 0504 ============================================================ 00:10:30.0968 0504 Initialize success 00:10:34.0859 3168 ============================================================ 00:10:34.0859 3168 Scan started 00:10:34.0859 3168 Mode: Manual; 00:10:34.0859 3168 ============================================================ 00:10:36.0156 3168 Abiosdsk - ok 00:10:36.0250 3168 abp480n5 - ok 00:10:36.0437 3168 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) E:\WINDOWS\system32\DRIVERS\ACPI.sys 00:10:36.0437 3168 ACPI - ok 00:10:36.0812 3168 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) E:\WINDOWS\system32\drivers\ACPIEC.sys 00:10:36.0812 3168 ACPIEC - ok 00:10:36.0812 3168 adpu160m - ok 00:10:36.0843 3168 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys 00:10:36.0843 3168 aec - ok 00:10:36.0890 3168 AFD (f0e359af1e34a737376ab532f347f15d) E:\WINDOWS\System32\drivers\afd.sys 00:10:36.0890 3168 Suspicious file (Forged): E:\WINDOWS\System32\drivers\afd.sys. Real md5: f0e359af1e34a737376ab532f347f15d, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9 00:10:36.0890 3168 AFD ( Rootkit.Win32.ZAccess.aml ) - infected 00:10:36.0890 3168 AFD - detected Rootkit.Win32.ZAccess.aml (0) 00:10:36.0906 3168 Aha154x - ok 00:10:36.0906 3168 aic78u2 - ok 00:10:36.0906 3168 aic78xx - ok 00:10:36.0921 3168 AliIde - ok 00:10:36.0953 3168 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys 00:10:36.0953 3168 AmdPPM - ok 00:10:36.0953 3168 amsint - ok 00:10:36.0968 3168 asc - ok 00:10:36.0968 3168 asc3350p - ok 00:10:36.0968 3168 asc3550 - ok 00:10:37.0000 3168 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys 00:10:37.0000 3168 AsIO - ok 00:10:37.0031 3168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys 00:10:37.0031 3168 AsyncMac - ok 00:10:37.0046 3168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys 00:10:37.0062 3168 atapi - ok 00:10:37.0062 3168 Atdisk - ok 00:10:37.0078 3168 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys 00:10:37.0078 3168 Atmarpc - ok 00:10:37.0125 3168 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys 00:10:37.0125 3168 audstub - ok 00:10:37.0156 3168 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys 00:10:37.0156 3168 avgntflt - ok 00:10:37.0171 3168 avipbb (475fbb85956534720858ae72010c0a43) E:\WINDOWS\system32\DRIVERS\avipbb.sys 00:10:37.0171 3168 avipbb - ok 00:10:37.0171 3168 avkmgr (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys 00:10:37.0171 3168 avkmgr - ok 00:10:37.0187 3168 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) E:\WINDOWS\system32\DRIVERS\bcmwl5.sys 00:10:37.0187 3168 BCM43XX - ok 00:10:37.0218 3168 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys 00:10:37.0218 3168 Beep - ok 00:10:37.0250 3168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys 00:10:37.0250 3168 cbidf2k - ok 00:10:37.0250 3168 cd20xrnt - ok 00:10:37.0265 3168 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys 00:10:37.0265 3168 Cdaudio - ok 00:10:37.0281 3168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys 00:10:37.0281 3168 Cdfs - ok 00:10:37.0312 3168 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) E:\WINDOWS\system32\DRIVERS\cdrom.sys 00:10:37.0312 3168 Cdrom - ok 00:10:37.0312 3168 Changer - ok 00:10:37.0343 3168 CmdIde - ok 00:10:37.0343 3168 Cpqarray - ok 00:10:37.0343 3168 dac2w2k - ok 00:10:37.0359 3168 dac960nt - ok 00:10:37.0359 3168 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys 00:10:37.0375 3168 Disk - ok 00:10:37.0390 3168 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) E:\WINDOWS\system32\drivers\dmboot.sys 00:10:37.0406 3168 dmboot - ok 00:10:37.0437 3168 dmio (53720ab12b48719d00e327da470a619a) E:\WINDOWS\system32\drivers\dmio.sys 00:10:37.0437 3168 dmio - ok 00:10:37.0468 3168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys 00:10:37.0468 3168 dmload - ok 00:10:37.0468 3168 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys 00:10:37.0484 3168 DMusic - ok 00:10:37.0484 3168 dpti2o - ok 00:10:37.0484 3168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys 00:10:37.0484 3168 drmkaud - ok 00:10:37.0593 3168 EraserUtilDrvI9 - ok 00:10:37.0625 3168 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys 00:10:37.0625 3168 Fastfat - ok 00:10:37.0640 3168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys 00:10:37.0640 3168 Fdc - ok 00:10:37.0671 3168 Fips (b0678a548587c5f1967b0d70bacad6c1) E:\WINDOWS\system32\drivers\Fips.sys 00:10:37.0671 3168 Fips - ok 00:10:37.0687 3168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys 00:10:37.0687 3168 Flpydisk - ok 00:10:37.0703 3168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys 00:10:37.0703 3168 FltMgr - ok 00:10:37.0718 3168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys 00:10:37.0718 3168 Fs_Rec - ok 00:10:37.0718 3168 Ftdisk (8f1955ce42e1484714b542f341647778) E:\WINDOWS\system32\DRIVERS\ftdisk.sys 00:10:37.0734 3168 Ftdisk - ok 00:10:37.0750 3168 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 00:10:37.0750 3168 GEARAspiWDM - ok 00:10:37.0765 3168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys 00:10:37.0765 3168 Gpc - ok 00:10:37.0781 3168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys 00:10:37.0781 3168 HDAudBus - ok 00:10:37.0781 3168 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys 00:10:37.0781 3168 hidusb - ok 00:10:37.0812 3168 hpn - ok 00:10:37.0843 3168 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys 00:10:37.0843 3168 HTTP - ok 00:10:37.0859 3168 i2omgmt - ok 00:10:37.0859 3168 i2omp - ok 00:10:37.0859 3168 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) E:\WINDOWS\system32\DRIVERS\i8042prt.sys 00:10:37.0859 3168 i8042prt - ok 00:10:37.0875 3168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys 00:10:37.0875 3168 Imapi - ok 00:10:37.0875 3168 ini910u - ok 00:10:38.0031 3168 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) E:\WINDOWS\system32\drivers\RtkHDAud.sys 00:10:38.0062 3168 IntcAzAudAddService - ok 00:10:38.0062 3168 IntelIde - ok 00:10:38.0078 3168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys 00:10:38.0093 3168 Ip6Fw - ok 00:10:38.0109 3168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 00:10:38.0109 3168 IpFilterDriver - ok 00:10:38.0140 3168 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys 00:10:38.0140 3168 IpInIp - ok 00:10:38.0171 3168 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys 00:10:38.0171 3168 IpNat - ok 00:10:38.0187 3168 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys 00:10:38.0187 3168 IPSec - ok 00:10:38.0203 3168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys 00:10:38.0203 3168 IRENUM - ok 00:10:38.0218 3168 isapnp (6dfb88f64135c525433e87648bda30de) E:\WINDOWS\system32\DRIVERS\isapnp.sys 00:10:38.0218 3168 isapnp - ok 00:10:38.0218 3168 Kbdclass (1704d8c4c8807b889e43c649b478a452) E:\WINDOWS\system32\DRIVERS\kbdclass.sys 00:10:38.0218 3168 Kbdclass - ok 00:10:38.0250 3168 kbdhid (b6d6c117d771c98130497265f26d1882) E:\WINDOWS\system32\DRIVERS\kbdhid.sys 00:10:38.0250 3168 kbdhid - ok 00:10:38.0265 3168 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys 00:10:38.0265 3168 kmixer - ok 00:10:38.0265 3168 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys 00:10:38.0265 3168 KSecDD - ok 00:10:38.0281 3168 lbrtfdc - ok 00:10:38.0296 3168 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) E:\WINDOWS\system32\drivers\libusb0.sys 00:10:38.0296 3168 libusb0 - ok 00:10:38.0312 3168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys 00:10:38.0312 3168 mnmdd - ok 00:10:38.0343 3168 Modem (6fb74ebd4ec57a6f1781de3852cc3362) E:\WINDOWS\system32\drivers\Modem.sys 00:10:38.0343 3168 Modem - ok 00:10:38.0343 3168 Mouclass (b24ce8005deab254c0251e15cb71d802) E:\WINDOWS\system32\DRIVERS\mouclass.sys 00:10:38.0343 3168 Mouclass - ok 00:10:38.0375 3168 mouhid (66a6f73c74e1791464160a7065ce711a) E:\WINDOWS\system32\DRIVERS\mouhid.sys 00:10:38.0375 3168 mouhid - ok 00:10:38.0390 3168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys 00:10:38.0390 3168 MountMgr - ok 00:10:38.0390 3168 mraid35x - ok 00:10:38.0406 3168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys 00:10:38.0421 3168 MRxDAV - ok 00:10:38.0468 3168 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 00:10:38.0468 3168 MRxSmb - ok 00:10:38.0484 3168 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys 00:10:38.0484 3168 Msfs - ok 00:10:38.0500 3168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys 00:10:38.0500 3168 MSKSSRV - ok 00:10:38.0515 3168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys 00:10:38.0515 3168 MSPCLOCK - ok 00:10:38.0531 3168 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys 00:10:38.0531 3168 MSPQM - ok 00:10:38.0531 3168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys 00:10:38.0531 3168 mssmbios - ok 00:10:38.0546 3168 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys 00:10:38.0546 3168 MTsensor - ok 00:10:38.0562 3168 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys 00:10:38.0578 3168 Mup - ok 00:10:38.0609 3168 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys 00:10:38.0609 3168 NDIS - ok 00:10:38.0656 3168 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys 00:10:38.0656 3168 NdisTapi - ok 00:10:38.0671 3168 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys 00:10:38.0671 3168 Ndisuio - ok 00:10:38.0687 3168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys 00:10:38.0687 3168 NdisWan - ok 00:10:38.0703 3168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys 00:10:38.0703 3168 NDProxy - ok 00:10:38.0703 3168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys 00:10:38.0703 3168 NetBIOS - ok 00:10:38.0718 3168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys 00:10:38.0718 3168 NetBT - ok 00:10:38.0734 3168 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys 00:10:38.0734 3168 Npfs - ok 00:10:38.0750 3168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys 00:10:38.0765 3168 Ntfs - ok 00:10:38.0796 3168 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys 00:10:38.0796 3168 Null - ok 00:10:38.0968 3168 nv (8cb0f8a7ba9af08c89dca1f3202d5829) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys 00:10:39.0062 3168 nv - ok 00:10:39.0109 3168 NVENETFD (7d275ecda4628318912f6c945d5cf963) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys 00:10:39.0109 3168 NVENETFD - ok 00:10:39.0125 3168 nvnetbus (b64aacefad2be5bff5353fe681253c67) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys 00:10:39.0125 3168 nvnetbus - ok 00:10:39.0140 3168 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) E:\WINDOWS\system32\DRIVERS\nvsmu.sys 00:10:39.0140 3168 nvsmu - ok 00:10:39.0171 3168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 00:10:39.0171 3168 NwlnkFlt - ok 00:10:39.0187 3168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 00:10:39.0203 3168 NwlnkFwd - ok 00:10:39.0203 3168 Parport (f84785660305b9b903fb3bca8ba29837) E:\WINDOWS\system32\DRIVERS\parport.sys 00:10:39.0203 3168 Parport - ok 00:10:39.0218 3168 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys 00:10:39.0218 3168 PartMgr - ok 00:10:39.0234 3168 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) E:\WINDOWS\system32\drivers\ParVdm.sys 00:10:39.0234 3168 ParVdm - ok 00:10:39.0234 3168 PCI (387e8dedc343aa2d1efbc30580273acd) E:\WINDOWS\system32\DRIVERS\pci.sys 00:10:39.0250 3168 PCI - ok 00:10:39.0250 3168 PCIDump - ok 00:10:39.0265 3168 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) E:\WINDOWS\system32\DRIVERS\pciide.sys 00:10:39.0265 3168 PCIIde - ok 00:10:39.0312 3168 Pcmcia (a2a966b77d61847d61a3051df87c8c97) E:\WINDOWS\system32\drivers\Pcmcia.sys 00:10:39.0328 3168 Pcmcia - ok 00:10:39.0328 3168 PDCOMP - ok 00:10:39.0328 3168 PDFRAME - ok 00:10:39.0328 3168 PDRELI - ok 00:10:39.0343 3168 PDRFRAME - ok 00:10:39.0343 3168 perc2 - ok 00:10:39.0343 3168 perc2hib - ok 00:10:39.0375 3168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys 00:10:39.0375 3168 PptpMiniport - ok 00:10:39.0390 3168 Processor (2cb55427c58679f49ad600fccba76360) E:\WINDOWS\system32\DRIVERS\processr.sys 00:10:39.0390 3168 Processor - ok 00:10:39.0390 3168 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys 00:10:39.0390 3168 PSched - ok 00:10:39.0406 3168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys 00:10:39.0406 3168 Ptilink - ok 00:10:39.0421 3168 ql1080 - ok 00:10:39.0421 3168 Ql10wnt - ok 00:10:39.0421 3168 ql12160 - ok 00:10:39.0437 3168 ql1240 - ok 00:10:39.0437 3168 ql1280 - ok 00:10:39.0453 3168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys 00:10:39.0468 3168 RasAcd - ok 00:10:39.0468 3168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 00:10:39.0468 3168 Rasl2tp - ok 00:10:39.0468 3168 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys 00:10:39.0484 3168 RasPppoe - ok 00:10:39.0484 3168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys 00:10:39.0484 3168 Raspti - ok 00:10:39.0484 3168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys 00:10:39.0484 3168 Rdbss - ok 00:10:39.0500 3168 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys 00:10:39.0500 3168 RDPCDD - ok 00:10:39.0546 3168 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) E:\WINDOWS\system32\drivers\RDPWD.sys 00:10:39.0546 3168 RDPWD - ok 00:10:39.0546 3168 redbook (ed761d453856f795a7fe056e42c36365) E:\WINDOWS\system32\DRIVERS\redbook.sys 00:10:39.0546 3168 redbook - ok 00:10:39.0625 3168 s1039bus (d259d085f215b57b7170dc2d0b646b2a) E:\WINDOWS\system32\DRIVERS\s1039bus.sys 00:10:39.0625 3168 s1039bus - ok 00:10:39.0656 3168 s1039mdfl (4d2b6621b5913e8b1cbb650a6037b8a2) E:\WINDOWS\system32\DRIVERS\s1039mdfl.sys 00:10:39.0656 3168 s1039mdfl - ok 00:10:39.0671 3168 s1039mdm (8149799844ab2e91ea92e9cad4224254) E:\WINDOWS\system32\DRIVERS\s1039mdm.sys 00:10:39.0687 3168 s1039mdm - ok 00:10:39.0703 3168 s1039mgmt (5e91068b3f5e003b83d8a99dc0c76e2c) E:\WINDOWS\system32\DRIVERS\s1039mgmt.sys 00:10:39.0718 3168 s1039mgmt - ok 00:10:39.0734 3168 s1039nd5 (df54dbf1c4105d2074d07929f6ba91aa) E:\WINDOWS\system32\DRIVERS\s1039nd5.sys 00:10:39.0734 3168 s1039nd5 - ok 00:10:39.0750 3168 s1039obex (1bc084b0708d42e29e2222346149e52f) E:\WINDOWS\system32\DRIVERS\s1039obex.sys 00:10:39.0765 3168 s1039obex - ok 00:10:39.0781 3168 s1039unic (2e8ccb7bf5b1eb34bcf4ebf880b3e11c) E:\WINDOWS\system32\DRIVERS\s1039unic.sys 00:10:39.0796 3168 s1039unic - ok 00:10:39.0906 3168 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 00:10:39.0906 3168 SASDIFSV - ok 00:10:39.0906 3168 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 00:10:39.0906 3168 SASKUTIL - ok 00:10:39.0968 3168 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys 00:10:39.0968 3168 Secdrv - ok 00:10:39.0968 3168 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys 00:10:39.0968 3168 serenum - ok 00:10:39.0984 3168 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) E:\WINDOWS\system32\DRIVERS\serial.sys 00:10:39.0984 3168 Serial - ok 00:10:40.0046 3168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys 00:10:40.0046 3168 Sfloppy - ok 00:10:40.0046 3168 Simbad - ok 00:10:40.0062 3168 Sparrow - ok 00:10:40.0093 3168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys 00:10:40.0093 3168 splitter - ok 00:10:40.0109 3168 sr (50fa898f8c032796d3b1b9951bb5a90f) E:\WINDOWS\system32\DRIVERS\sr.sys 00:10:40.0109 3168 sr - ok 00:10:40.0156 3168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys 00:10:40.0156 3168 Srv - ok 00:10:40.0187 3168 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys 00:10:40.0187 3168 ssmdrv - ok 00:10:40.0203 3168 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys 00:10:40.0203 3168 StarOpen - ok 00:10:40.0218 3168 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys 00:10:40.0218 3168 swenum - ok 00:10:40.0234 3168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys 00:10:40.0234 3168 swmidi - ok 00:10:40.0234 3168 symc810 - ok 00:10:40.0234 3168 symc8xx - ok 00:10:40.0250 3168 SymIM - ok 00:10:40.0250 3168 SymIMMP - ok 00:10:40.0250 3168 sym_hi - ok 00:10:40.0265 3168 sym_u3 - ok 00:10:40.0281 3168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys 00:10:40.0281 3168 sysaudio - ok 00:10:40.0328 3168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys 00:10:40.0328 3168 Tcpip - ok 00:10:40.0343 3168 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys 00:10:40.0343 3168 TDPIPE - ok 00:10:40.0359 3168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys 00:10:40.0375 3168 TDTCP - ok 00:10:40.0406 3168 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys 00:10:40.0406 3168 TermDD - ok 00:10:40.0421 3168 TosIde - ok 00:10:40.0484 3168 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) E:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys 00:10:40.0484 3168 TuneUpUtilitiesDrv - ok 00:10:40.0500 3168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys 00:10:40.0500 3168 Udfs - ok 00:10:40.0500 3168 ultra - ok 00:10:40.0515 3168 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys 00:10:40.0515 3168 Update - ok 00:10:40.0546 3168 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) E:\WINDOWS\system32\Drivers\usbaapl.sys 00:10:40.0546 3168 USBAAPL - ok 00:10:40.0593 3168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys 00:10:40.0593 3168 usbccgp - ok 00:10:40.0593 3168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys 00:10:40.0593 3168 usbehci - ok 00:10:40.0609 3168 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys 00:10:40.0609 3168 usbhub - ok 00:10:40.0609 3168 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys 00:10:40.0609 3168 usbohci - ok 00:10:40.0656 3168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys 00:10:40.0656 3168 usbscan - ok 00:10:40.0671 3168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 00:10:40.0671 3168 USBSTOR - ok 00:10:40.0703 3168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys 00:10:40.0703 3168 VgaSave - ok 00:10:40.0703 3168 ViaIde - ok 00:10:40.0718 3168 VolSnap (a5a712f4e880874a477af790b5186e1d) E:\WINDOWS\system32\drivers\VolSnap.sys 00:10:40.0718 3168 VolSnap - ok 00:10:40.0734 3168 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys 00:10:40.0734 3168 Wanarp - ok 00:10:40.0750 3168 wceusbsh (46a247f6617526afe38b6f12f5512120) E:\WINDOWS\system32\DRIVERS\wceusbsh.sys 00:10:40.0765 3168 wceusbsh - ok 00:10:40.0812 3168 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys 00:10:40.0812 3168 Wdf01000 - ok 00:10:40.0812 3168 WDICA - ok 00:10:40.0843 3168 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys 00:10:40.0859 3168 wdmaud - ok 00:10:40.0890 3168 WinUSB (fd600b032e741eb6aab509fc630f7c42) E:\WINDOWS\system32\DRIVERS\WinUSB.sys 00:10:40.0890 3168 WinUSB - ok 00:10:40.0921 3168 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys 00:10:40.0921 3168 WpdUsb - ok 00:10:40.0984 3168 WudfPf (eaa6324f51214d2f6718977ec9ce0def) E:\WINDOWS\system32\DRIVERS\WudfPf.sys 00:10:40.0984 3168 WudfPf - ok 00:10:41.0015 3168 WudfRd (f91ff1e51fca30b3c3981db7d5924252) E:\WINDOWS\system32\DRIVERS\wudfrd.sys 00:10:41.0015 3168 WudfRd - ok 00:10:41.0046 3168 zumbus (337b9607f041b77824411750069aff2d) E:\WINDOWS\system32\DRIVERS\zumbus.sys 00:10:41.0046 3168 zumbus - ok 00:10:41.0062 3168 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 00:10:41.0156 3168 \Device\Harddisk0\DR0 - ok 00:10:41.0156 3168 Boot (0x1200) (7e3092bbc25913ccde461198f92f4f40) \Device\Harddisk0\DR0\Partition0 00:10:41.0156 3168 \Device\Harddisk0\DR0\Partition0 - ok 00:10:41.0156 3168 ============================================================ 00:10:41.0156 3168 Scan finished 00:10:41.0156 3168 ============================================================ 00:10:41.0156 2068 Detected object count: 1 00:10:41.0156 2068 Actual detected object count: 1 00:10:49.0281 2068 AFD ( Rootkit.Win32.ZAccess.aml ) - skipped by user 00:10:49.0281 2068 AFD ( Rootkit.Win32.ZAccess.aml ) - User select action: Skip |
21.12.2011, 00:32 | #10 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! So hier aswMBR: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-21 00:13:09 ----------------------------- 00:13:09.984 OS Version: Windows 5.1.2600 Service Pack 3 00:13:09.984 Number of processors: 2 586 0x203 00:13:09.984 ComputerName: TINA-07AEAE5B67 UserName: Tina 00:13:18.953 Initialize success 00:15:03.265 AVAST engine defs: 11122001 00:15:13.281 Service scanning 00:15:14.171 Modules scanning 00:15:15.515 Module: E:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS** 00:15:16.843 Disk 0 trace - called modules: 00:15:16.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x898d9ba0]<< 00:15:16.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adabab8] 00:15:16.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8ab2f550] 00:15:16.859 \Driver\00001161[0x8ab2c5c8] -> IRP_MJ_CREATE -> 0x898d9ba0 00:15:17.468 AVAST engine scan E:\WINDOWS 00:15:31.703 AVAST engine scan E:\WINDOWS\system32 00:17:29.062 AVAST engine scan E:\WINDOWS\system32\drivers 00:17:32.531 File: E:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Zeroot-B [Rtk] 00:17:49.109 AVAST engine scan E:\Dokumente und Einstellungen\Tina 00:26:35.281 File: E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\89740b0f\X **INFECTED** Win32:Inject-AQZ [Trj] 00:29:07.375 File: E:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Temporary Internet Files\Content.IE5\86RE85FT\2[1].exe **INFECTED** Win32:Kryptik-GBX [Trj] 00:30:00.281 AVAST engine scan E:\Dokumente und Einstellungen\All Users 00:30:26.218 Scan finished successfully 00:31:42.453 The log file has been saved successfully to "E:\Dokumente und Einstellungen\Tina\Desktop\aswMBR.txt" |
21.12.2011, 00:33 | #11 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Und FSS: Farbar Service Scanner Ran by Tina (administrator) on 21-12-2011 at 00:32:51 Microsoft Windows XP Home Edition Service Pack 3 (X86) ******************************************************** Service Check: ============== File Check: =========== E:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366 E:\WINDOWS\system32\rpcss.dll [2004-08-04 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B E:\WINDOWS\system32\services.exe [2004-08-04 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC E:\WINDOWS\system32\dhcpcsvc.dll [2004-08-04 13:00] - [2008-04-14 03:22] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360 E:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit E:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit E:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit E:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit E:\WINDOWS\system32\dnsrslvr.dll [2004-08-04 13:00] - [2009-04-20 18:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07 Connection Status: ================== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. **** End of log **** LG Tina |
21.12.2011, 08:49 | #12 |
/// Malwareteam | Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Schritt 1: TDSS-Killer Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread. Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
21.12.2011, 19:23 | #13 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Hallöchen! Hier TDSS: 19:16:57.0453 0448 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 19:16:57.0531 0448 ============================================================ 19:16:57.0531 0448 Current date / time: 2011/12/21 19:16:57.0531 19:16:57.0531 0448 SystemInfo: 19:16:57.0531 0448 19:16:57.0531 0448 OS Version: 5.1.2600 ServicePack: 3.0 19:16:57.0531 0448 Product type: Workstation 19:16:57.0531 0448 ComputerName: TINA-07AEAE5B67 19:16:57.0531 0448 UserName: Tina 19:16:57.0531 0448 Windows directory: E:\WINDOWS 19:16:57.0531 0448 System windows directory: E:\WINDOWS 19:16:57.0531 0448 Processor architecture: Intel x86 19:16:57.0531 0448 Number of processors: 2 19:16:57.0531 0448 Page size: 0x1000 19:16:57.0531 0448 Boot type: Normal boot 19:16:57.0531 0448 ============================================================ 19:16:58.0687 0448 Initialize success 19:17:08.0078 2768 ============================================================ 19:17:08.0078 2768 Scan started 19:17:08.0078 2768 Mode: Manual; 19:17:08.0078 2768 ============================================================ 19:17:08.0328 2768 Abiosdsk - ok 19:17:08.0328 2768 abp480n5 - ok 19:17:08.0375 2768 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) E:\WINDOWS\system32\DRIVERS\ACPI.sys 19:17:08.0375 2768 ACPI - ok 19:17:08.0390 2768 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) E:\WINDOWS\system32\drivers\ACPIEC.sys 19:17:08.0390 2768 ACPIEC - ok 19:17:08.0406 2768 adpu160m - ok 19:17:08.0453 2768 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys 19:17:08.0453 2768 aec - ok 19:17:08.0500 2768 AFD (f0e359af1e34a737376ab532f347f15d) E:\WINDOWS\System32\drivers\afd.sys 19:17:08.0500 2768 Suspicious file (Forged): E:\WINDOWS\System32\drivers\afd.sys. Real md5: f0e359af1e34a737376ab532f347f15d, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9 19:17:08.0500 2768 AFD ( Rootkit.Win32.ZAccess.aml ) - infected 19:17:08.0500 2768 AFD - detected Rootkit.Win32.ZAccess.aml (0) 19:17:08.0500 2768 Aha154x - ok 19:17:08.0515 2768 aic78u2 - ok 19:17:08.0515 2768 aic78xx - ok 19:17:08.0515 2768 AliIde - ok 19:17:08.0562 2768 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys 19:17:08.0562 2768 AmdPPM - ok 19:17:08.0562 2768 amsint - ok 19:17:08.0578 2768 asc - ok 19:17:08.0578 2768 asc3350p - ok 19:17:08.0593 2768 asc3550 - ok 19:17:08.0640 2768 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys 19:17:08.0640 2768 AsIO - ok 19:17:08.0671 2768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:17:08.0671 2768 AsyncMac - ok 19:17:08.0671 2768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys 19:17:08.0687 2768 atapi - ok 19:17:08.0687 2768 Atdisk - ok 19:17:08.0703 2768 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:17:08.0718 2768 Atmarpc - ok 19:17:08.0765 2768 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys 19:17:08.0765 2768 audstub - ok 19:17:08.0781 2768 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys 19:17:08.0781 2768 avgntflt - ok 19:17:08.0796 2768 avipbb (475fbb85956534720858ae72010c0a43) E:\WINDOWS\system32\DRIVERS\avipbb.sys 19:17:08.0796 2768 avipbb - ok 19:17:08.0812 2768 avkmgr (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys 19:17:08.0812 2768 avkmgr - ok 19:17:08.0812 2768 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) E:\WINDOWS\system32\DRIVERS\bcmwl5.sys 19:17:08.0812 2768 BCM43XX - ok 19:17:08.0843 2768 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys 19:17:08.0843 2768 Beep - ok 19:17:08.0859 2768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys 19:17:08.0875 2768 cbidf2k - ok 19:17:08.0875 2768 cd20xrnt - ok 19:17:08.0906 2768 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys 19:17:08.0906 2768 Cdaudio - ok 19:17:08.0921 2768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys 19:17:08.0921 2768 Cdfs - ok 19:17:08.0937 2768 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) E:\WINDOWS\system32\DRIVERS\cdrom.sys 19:17:08.0937 2768 Cdrom - ok 19:17:08.0937 2768 Changer - ok 19:17:08.0968 2768 CmdIde - ok 19:17:08.0984 2768 Cpqarray - ok 19:17:08.0984 2768 dac2w2k - ok 19:17:09.0000 2768 dac960nt - ok 19:17:09.0000 2768 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys 19:17:09.0000 2768 Disk - ok 19:17:09.0046 2768 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) E:\WINDOWS\system32\drivers\dmboot.sys 19:17:09.0046 2768 dmboot - ok 19:17:09.0078 2768 dmio (53720ab12b48719d00e327da470a619a) E:\WINDOWS\system32\drivers\dmio.sys 19:17:09.0078 2768 dmio - ok 19:17:09.0109 2768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys 19:17:09.0109 2768 dmload - ok 19:17:09.0140 2768 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys 19:17:09.0140 2768 DMusic - ok 19:17:09.0140 2768 dpti2o - ok 19:17:09.0156 2768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys 19:17:09.0156 2768 drmkaud - ok 19:17:09.0234 2768 EraserUtilDrvI9 - ok 19:17:09.0265 2768 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys 19:17:09.0265 2768 Fastfat - ok 19:17:09.0296 2768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys 19:17:09.0296 2768 Fdc - ok 19:17:09.0296 2768 Fips (b0678a548587c5f1967b0d70bacad6c1) E:\WINDOWS\system32\drivers\Fips.sys 19:17:09.0296 2768 Fips - ok 19:17:09.0312 2768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys 19:17:09.0312 2768 Flpydisk - ok 19:17:09.0359 2768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys 19:17:09.0359 2768 FltMgr - ok 19:17:09.0375 2768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys 19:17:09.0375 2768 Fs_Rec - ok 19:17:09.0375 2768 Ftdisk (8f1955ce42e1484714b542f341647778) E:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:17:09.0390 2768 Ftdisk - ok 19:17:09.0406 2768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 19:17:09.0406 2768 GEARAspiWDM - ok 19:17:09.0437 2768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys 19:17:09.0437 2768 Gpc - ok 19:17:09.0437 2768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys 19:17:09.0437 2768 HDAudBus - ok 19:17:09.0468 2768 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys 19:17:09.0468 2768 hidusb - ok 19:17:09.0468 2768 hpn - ok 19:17:09.0515 2768 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys 19:17:09.0531 2768 HTTP - ok 19:17:09.0531 2768 i2omgmt - ok 19:17:09.0531 2768 i2omp - ok 19:17:09.0546 2768 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) E:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:17:09.0546 2768 i8042prt - ok 19:17:09.0546 2768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys 19:17:09.0562 2768 Imapi - ok 19:17:09.0562 2768 ini910u - ok 19:17:09.0703 2768 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) E:\WINDOWS\system32\drivers\RtkHDAud.sys 19:17:09.0734 2768 IntcAzAudAddService - ok 19:17:09.0734 2768 IntelIde - ok 19:17:09.0765 2768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys 19:17:09.0781 2768 Ip6Fw - ok 19:17:09.0796 2768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:17:09.0796 2768 IpFilterDriver - ok 19:17:09.0828 2768 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys 19:17:09.0828 2768 IpInIp - ok 19:17:09.0859 2768 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys 19:17:09.0859 2768 IpNat - ok 19:17:09.0875 2768 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys 19:17:09.0875 2768 IPSec - ok 19:17:09.0890 2768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys 19:17:09.0890 2768 IRENUM - ok 19:17:09.0906 2768 isapnp (6dfb88f64135c525433e87648bda30de) E:\WINDOWS\system32\DRIVERS\isapnp.sys 19:17:09.0906 2768 isapnp - ok 19:17:09.0921 2768 Kbdclass (1704d8c4c8807b889e43c649b478a452) E:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:17:09.0921 2768 Kbdclass - ok 19:17:09.0937 2768 kbdhid (b6d6c117d771c98130497265f26d1882) E:\WINDOWS\system32\DRIVERS\kbdhid.sys 19:17:09.0937 2768 kbdhid - ok 19:17:09.0953 2768 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys 19:17:09.0953 2768 kmixer - ok 19:17:09.0968 2768 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys 19:17:09.0984 2768 KSecDD - ok 19:17:09.0984 2768 lbrtfdc - ok 19:17:10.0000 2768 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) E:\WINDOWS\system32\drivers\libusb0.sys 19:17:10.0015 2768 libusb0 - ok 19:17:10.0015 2768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys 19:17:10.0015 2768 mnmdd - ok 19:17:10.0031 2768 Modem (6fb74ebd4ec57a6f1781de3852cc3362) E:\WINDOWS\system32\drivers\Modem.sys 19:17:10.0046 2768 Modem - ok 19:17:10.0046 2768 Mouclass (b24ce8005deab254c0251e15cb71d802) E:\WINDOWS\system32\DRIVERS\mouclass.sys 19:17:10.0046 2768 Mouclass - ok 19:17:10.0046 2768 mouhid (66a6f73c74e1791464160a7065ce711a) E:\WINDOWS\system32\DRIVERS\mouhid.sys 19:17:10.0046 2768 mouhid - ok 19:17:10.0062 2768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys 19:17:10.0062 2768 MountMgr - ok 19:17:10.0078 2768 mraid35x - ok 19:17:10.0093 2768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:17:10.0109 2768 MRxDAV - ok 19:17:10.0125 2768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:17:10.0125 2768 MRxSmb - ok 19:17:10.0156 2768 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys 19:17:10.0156 2768 Msfs - ok 19:17:10.0187 2768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys 19:17:10.0187 2768 MSKSSRV - ok 19:17:10.0203 2768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:17:10.0203 2768 MSPCLOCK - ok 19:17:10.0218 2768 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys 19:17:10.0218 2768 MSPQM - ok 19:17:10.0218 2768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:17:10.0218 2768 mssmbios - ok 19:17:10.0234 2768 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys 19:17:10.0234 2768 MTsensor - ok 19:17:10.0250 2768 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys 19:17:10.0265 2768 Mup - ok 19:17:10.0296 2768 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys 19:17:10.0312 2768 NDIS - ok 19:17:10.0343 2768 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:17:10.0343 2768 NdisTapi - ok 19:17:10.0359 2768 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:17:10.0359 2768 Ndisuio - ok 19:17:10.0375 2768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:17:10.0375 2768 NdisWan - ok 19:17:10.0390 2768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys 19:17:10.0390 2768 NDProxy - ok 19:17:10.0406 2768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys 19:17:10.0406 2768 NetBIOS - ok 19:17:10.0437 2768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys 19:17:10.0437 2768 NetBT - ok 19:17:10.0453 2768 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys 19:17:10.0453 2768 Npfs - ok 19:17:10.0468 2768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys 19:17:10.0484 2768 Ntfs - ok 19:17:10.0484 2768 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys 19:17:10.0484 2768 Null - ok 19:17:10.0656 2768 nv (8cb0f8a7ba9af08c89dca1f3202d5829) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys 19:17:10.0765 2768 nv - ok 19:17:10.0781 2768 NVENETFD (7d275ecda4628318912f6c945d5cf963) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys 19:17:10.0781 2768 NVENETFD - ok 19:17:10.0781 2768 nvnetbus (b64aacefad2be5bff5353fe681253c67) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys 19:17:10.0796 2768 nvnetbus - ok 19:17:10.0796 2768 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) E:\WINDOWS\system32\DRIVERS\nvsmu.sys 19:17:10.0796 2768 nvsmu - ok 19:17:10.0812 2768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:17:10.0812 2768 NwlnkFlt - ok 19:17:10.0843 2768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:17:10.0843 2768 NwlnkFwd - ok 19:17:10.0843 2768 Parport (f84785660305b9b903fb3bca8ba29837) E:\WINDOWS\system32\DRIVERS\parport.sys 19:17:10.0843 2768 Parport - ok 19:17:10.0859 2768 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys 19:17:10.0859 2768 PartMgr - ok 19:17:10.0875 2768 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) E:\WINDOWS\system32\drivers\ParVdm.sys 19:17:10.0875 2768 ParVdm - ok 19:17:10.0890 2768 PCI (387e8dedc343aa2d1efbc30580273acd) E:\WINDOWS\system32\DRIVERS\pci.sys 19:17:10.0890 2768 PCI - ok 19:17:10.0890 2768 PCIDump - ok 19:17:10.0906 2768 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) E:\WINDOWS\system32\DRIVERS\pciide.sys 19:17:10.0906 2768 PCIIde - ok 19:17:10.0937 2768 Pcmcia (a2a966b77d61847d61a3051df87c8c97) E:\WINDOWS\system32\drivers\Pcmcia.sys 19:17:10.0937 2768 Pcmcia - ok 19:17:10.0953 2768 PDCOMP - ok 19:17:10.0953 2768 PDFRAME - ok 19:17:10.0953 2768 PDRELI - ok 19:17:10.0968 2768 PDRFRAME - ok 19:17:10.0968 2768 perc2 - ok 19:17:10.0984 2768 perc2hib - ok 19:17:10.0984 2768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys 19:17:10.0984 2768 PptpMiniport - ok 19:17:11.0000 2768 Processor (2cb55427c58679f49ad600fccba76360) E:\WINDOWS\system32\DRIVERS\processr.sys 19:17:11.0000 2768 Processor - ok 19:17:11.0000 2768 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys 19:17:11.0000 2768 PSched - ok 19:17:11.0015 2768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys 19:17:11.0015 2768 Ptilink - ok 19:17:11.0015 2768 ql1080 - ok 19:17:11.0031 2768 Ql10wnt - ok 19:17:11.0031 2768 ql12160 - ok 19:17:11.0031 2768 ql1240 - ok 19:17:11.0046 2768 ql1280 - ok 19:17:11.0046 2768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys 19:17:11.0046 2768 RasAcd - ok 19:17:11.0062 2768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:17:11.0062 2768 Rasl2tp - ok 19:17:11.0062 2768 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:17:11.0062 2768 RasPppoe - ok 19:17:11.0078 2768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys 19:17:11.0078 2768 Raspti - ok 19:17:11.0093 2768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys 19:17:11.0093 2768 Rdbss - ok 19:17:11.0093 2768 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:17:11.0093 2768 RDPCDD - ok 19:17:11.0140 2768 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) E:\WINDOWS\system32\drivers\RDPWD.sys 19:17:11.0140 2768 RDPWD - ok 19:17:11.0156 2768 redbook (ed761d453856f795a7fe056e42c36365) E:\WINDOWS\system32\DRIVERS\redbook.sys 19:17:11.0156 2768 redbook - ok 19:17:11.0234 2768 s1039bus (d259d085f215b57b7170dc2d0b646b2a) E:\WINDOWS\system32\DRIVERS\s1039bus.sys 19:17:11.0234 2768 s1039bus - ok 19:17:11.0265 2768 s1039mdfl (4d2b6621b5913e8b1cbb650a6037b8a2) E:\WINDOWS\system32\DRIVERS\s1039mdfl.sys 19:17:11.0265 2768 s1039mdfl - ok 19:17:11.0281 2768 s1039mdm (8149799844ab2e91ea92e9cad4224254) E:\WINDOWS\system32\DRIVERS\s1039mdm.sys 19:17:11.0296 2768 s1039mdm - ok 19:17:11.0312 2768 s1039mgmt (5e91068b3f5e003b83d8a99dc0c76e2c) E:\WINDOWS\system32\DRIVERS\s1039mgmt.sys 19:17:11.0328 2768 s1039mgmt - ok 19:17:11.0343 2768 s1039nd5 (df54dbf1c4105d2074d07929f6ba91aa) E:\WINDOWS\system32\DRIVERS\s1039nd5.sys 19:17:11.0343 2768 s1039nd5 - ok 19:17:11.0359 2768 s1039obex (1bc084b0708d42e29e2222346149e52f) E:\WINDOWS\system32\DRIVERS\s1039obex.sys 19:17:11.0375 2768 s1039obex - ok 19:17:11.0390 2768 s1039unic (2e8ccb7bf5b1eb34bcf4ebf880b3e11c) E:\WINDOWS\system32\DRIVERS\s1039unic.sys 19:17:11.0406 2768 s1039unic - ok 19:17:11.0515 2768 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 19:17:11.0515 2768 SASDIFSV - ok 19:17:11.0515 2768 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 19:17:11.0515 2768 SASKUTIL - ok 19:17:11.0562 2768 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys 19:17:11.0562 2768 Secdrv - ok 19:17:11.0578 2768 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys 19:17:11.0578 2768 serenum - ok 19:17:11.0578 2768 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) E:\WINDOWS\system32\DRIVERS\serial.sys 19:17:11.0578 2768 Serial - ok 19:17:11.0625 2768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys 19:17:11.0625 2768 Sfloppy - ok 19:17:11.0625 2768 Simbad - ok 19:17:11.0640 2768 Sparrow - ok 19:17:11.0671 2768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys 19:17:11.0671 2768 splitter - ok 19:17:11.0671 2768 sr (50fa898f8c032796d3b1b9951bb5a90f) E:\WINDOWS\system32\DRIVERS\sr.sys 19:17:11.0687 2768 sr - ok 19:17:11.0703 2768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys 19:17:11.0718 2768 Srv - ok 19:17:11.0734 2768 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys 19:17:11.0750 2768 ssmdrv - ok 19:17:11.0781 2768 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys 19:17:11.0781 2768 StarOpen - ok 19:17:11.0796 2768 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys 19:17:11.0796 2768 swenum - ok 19:17:11.0812 2768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys 19:17:11.0812 2768 swmidi - ok 19:17:11.0812 2768 symc810 - ok 19:17:11.0828 2768 symc8xx - ok 19:17:11.0828 2768 SymIM - ok 19:17:11.0828 2768 SymIMMP - ok 19:17:11.0843 2768 sym_hi - ok 19:17:11.0843 2768 sym_u3 - ok 19:17:11.0859 2768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys 19:17:11.0859 2768 sysaudio - ok 19:17:11.0906 2768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys 19:17:11.0906 2768 Tcpip - ok 19:17:11.0937 2768 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys 19:17:11.0937 2768 TDPIPE - ok 19:17:11.0953 2768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys 19:17:11.0953 2768 TDTCP - ok 19:17:11.0984 2768 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys 19:17:11.0984 2768 TermDD - ok 19:17:11.0984 2768 TosIde - ok 19:17:12.0046 2768 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) E:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys 19:17:12.0062 2768 TuneUpUtilitiesDrv - ok 19:17:12.0062 2768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys 19:17:12.0062 2768 Udfs - ok 19:17:12.0062 2768 ultra - ok 19:17:12.0093 2768 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys 19:17:12.0093 2768 Update - ok 19:17:12.0125 2768 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) E:\WINDOWS\system32\Drivers\usbaapl.sys 19:17:12.0125 2768 USBAAPL - ok 19:17:12.0156 2768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:17:12.0156 2768 usbccgp - ok 19:17:12.0156 2768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys 19:17:12.0156 2768 usbehci - ok 19:17:12.0171 2768 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys 19:17:12.0171 2768 usbhub - ok 19:17:12.0171 2768 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys 19:17:12.0171 2768 usbohci - ok 19:17:12.0187 2768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys 19:17:12.0187 2768 usbscan - ok 19:17:12.0218 2768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:17:12.0218 2768 USBSTOR - ok 19:17:12.0234 2768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys 19:17:12.0234 2768 VgaSave - ok 19:17:12.0234 2768 ViaIde - ok 19:17:12.0234 2768 VolSnap (a5a712f4e880874a477af790b5186e1d) E:\WINDOWS\system32\drivers\VolSnap.sys 19:17:12.0250 2768 VolSnap - ok 19:17:12.0250 2768 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys 19:17:12.0250 2768 Wanarp - ok 19:17:12.0281 2768 wceusbsh (46a247f6617526afe38b6f12f5512120) E:\WINDOWS\system32\DRIVERS\wceusbsh.sys 19:17:12.0281 2768 wceusbsh - ok 19:17:12.0312 2768 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys 19:17:12.0312 2768 Wdf01000 - ok 19:17:12.0328 2768 WDICA - ok 19:17:12.0343 2768 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys 19:17:12.0343 2768 wdmaud - ok 19:17:12.0390 2768 WinUSB (fd600b032e741eb6aab509fc630f7c42) E:\WINDOWS\system32\DRIVERS\WinUSB.sys 19:17:12.0390 2768 WinUSB - ok 19:17:12.0437 2768 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys 19:17:12.0437 2768 WpdUsb - ok 19:17:12.0484 2768 WudfPf (eaa6324f51214d2f6718977ec9ce0def) E:\WINDOWS\system32\DRIVERS\WudfPf.sys 19:17:12.0500 2768 WudfPf - ok 19:17:12.0515 2768 WudfRd (f91ff1e51fca30b3c3981db7d5924252) E:\WINDOWS\system32\DRIVERS\wudfrd.sys 19:17:12.0531 2768 WudfRd - ok 19:17:12.0546 2768 zumbus (337b9607f041b77824411750069aff2d) E:\WINDOWS\system32\DRIVERS\zumbus.sys 19:17:12.0546 2768 zumbus - ok 19:17:12.0562 2768 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 19:17:12.0671 2768 \Device\Harddisk0\DR0 - ok 19:17:12.0671 2768 Boot (0x1200) (7e3092bbc25913ccde461198f92f4f40) \Device\Harddisk0\DR0\Partition0 19:17:12.0671 2768 \Device\Harddisk0\DR0\Partition0 - ok 19:17:12.0671 2768 ============================================================ 19:17:12.0671 2768 Scan finished 19:17:12.0671 2768 ============================================================ 19:17:12.0671 0872 Detected object count: 1 19:17:12.0671 0872 Actual detected object count: 1 19:17:23.0437 0872 Backup copy found, using it.. 19:17:23.0453 0872 E:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot 19:17:24.0250 0872 E:\WINDOWS\system32\c_76483.nls - will be deleted on reboot 19:17:24.0781 0872 AFD ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure 19:17:33.0281 1556 Deinitialize success |
21.12.2011, 20:40 | #14 |
| Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! und ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 11-12-21.02 - Tina 21.12.2011 20:18:59.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3327.2918 [GMT 1:00] ausgeführt von:: e:\dokumente und einstellungen\Tina\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . e:\dokumente und einstellungen\Tina\WINDOWS E:\install.exe e:\windows\$NtUninstallKB32132$ e:\windows\$NtUninstallKB32132$\2306083599\@ e:\windows\$NtUninstallKB32132$\2306083599\L\thyfmaut e:\windows\$NtUninstallKB32132$\2306083599\loader.tlb e:\windows\$NtUninstallKB32132$\2306083599\U\@00000001 e:\windows\$NtUninstallKB32132$\2306083599\U\@000000c0 e:\windows\$NtUninstallKB32132$\2306083599\U\@000000cb e:\windows\$NtUninstallKB32132$\2306083599\U\@000000cf e:\windows\$NtUninstallKB32132$\2306083599\U\@80000000 e:\windows\$NtUninstallKB32132$\2306083599\U\@800000c0 e:\windows\$NtUninstallKB32132$\2306083599\U\@800000cb e:\windows\$NtUninstallKB32132$\2306083599\U\@800000cf e:\windows\$NtUninstallKB32132$\630551253 e:\windows\assembly\GAC_MSIL\desktop.ini e:\windows\IsUn0407.exe e:\windows\system32\ e:\windows\system32\oobe\isperror e:\windows\system32\oobe\isperror\ispcnerr.htm e:\windows\system32\oobe\isperror\ispdtone.htm e:\windows\system32\oobe\isperror\isphdshk.htm e:\windows\system32\oobe\isperror\ispins.htm e:\windows\system32\oobe\isperror\ispnoanw.htm e:\windows\system32\oobe\isperror\isppberr.htm e:\windows\system32\oobe\isperror\ispphbsy.htm e:\windows\system32\oobe\isperror\ispsbusy.htm e:\windows\system32\SET3D.tmp e:\windows\system32\SET41.tmp e:\windows\system32\SET42.tmp e:\windows\system32\SET49.tmp e:\windows\system32\SET65.tmp e:\windows\system32\SET66.tmp e:\windows\system32\WINXP e:\windows\system32\WINXP\msgclose.exe e:\windows\system32\WINXP\setup.inx . . ((((((((((((((((((((((( Dateien erstellt von 2011-11-21 bis 2011-12-21 )))))))))))))))))))))))))))))) . . 2011-12-17 00:13 . 2011-12-17 00:13 -------- d-----r- e:\dokumente und einstellungen\NetworkService\Favoriten 2011-12-15 14:15 . 2011-12-15 14:15 -------- d-----w- e:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth 2011-12-14 23:35 . 2011-12-19 22:31 -------- d-----w- e:\windows\system32\NtmsData 2011-12-14 22:57 . 2011-12-14 22:57 -------- d-sh--w- e:\dokumente und einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\89740b0f 2011-12-12 17:51 . 2011-12-12 17:51 -------- d-----w- e:\dokumente und einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\M-Photo_Ltd 2011-12-12 17:50 . 2011-12-12 17:50 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\M-Photo 2011-12-12 17:49 . 2011-12-12 17:52 -------- d-----w- E:\Program Files 2011-12-12 17:49 . 2011-12-12 17:49 11541952 ----a-w- e:\windows\system32\United Arts Limited_meinxxl_uninstaller.exe 2011-12-04 22:18 . 2011-12-04 22:18 -------- d-----w- e:\dokumente und einstellungen\LocalService\Anwendungsdaten\TuneUp Software 2011-11-27 22:19 . 2011-11-18 13:13 28992 ----a-w- e:\windows\system32\uxtuneup.dll 2011-11-27 22:17 . 2011-11-18 13:13 31552 ----a-w- e:\windows\system32\TURegOpt.exe 2011-11-27 22:17 . 2011-11-27 22:17 -------- d-----w- e:\dokumente und einstellungen\Tina\Anwendungsdaten\TuneUp Software 2011-11-27 22:17 . 2011-12-14 23:35 -------- d-----w- e:\programme\TuneUp Utilities 2012 2011-11-27 22:16 . 2011-11-27 22:17 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software 2011-11-27 22:16 . 2011-11-27 22:16 -------- d-sh--w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-21 18:18 . 2004-08-04 12:00 138496 ----a-w- e:\windows\system32\drivers\afd.sys 2011-12-09 22:14 . 2011-10-24 14:17 134856 ----a-w- e:\windows\system32\drivers\avipbb.sys 2011-11-23 14:40 . 2004-08-04 12:00 1859712 ----a-w- e:\windows\system32\win32k.sys 2011-11-04 19:13 . 2004-09-29 18:47 916992 ----a-w- e:\windows\system32\wininet.dll 2011-11-04 19:13 . 2004-08-04 12:00 43520 ----a-w- e:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2004-08-04 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- e:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- e:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- e:\windows\system32\csrsrv.dll 2011-10-26 10:49 . 2004-08-04 12:00 2151424 ----a-w- e:\windows\system32\ntoskrnl.exe 2011-10-26 10:49 . 2004-08-04 00:50 2029568 ----a-w- e:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- e:\windows\system32\encdec.dll 2011-10-11 13:00 . 2011-10-24 14:17 36000 ----a-w- e:\windows\system32\drivers\avkmgr.sys 2011-10-11 13:00 . 2009-11-07 17:13 74640 ----a-w- e:\windows\system32\drivers\avgntflt.sys 2011-10-10 14:22 . 2009-07-08 12:42 692736 ----a-w- e:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2004-08-04 12:00 604160 ----a-w- e:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 18:59 614912 ----a-w- e:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2004-08-04 12:00 23040 ----a-w- e:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- e:\windows\system32\oleacc.dll 2009-11-17 13:01 . 2010-08-15 14:39 1456640 ----a-w- e:\programme\Gemeinsame Dateien\Falk Navi-Manager.msi 2009-11-06 17:49 . 2009-11-06 17:49 1454213 ----a-w- e:\programme\wrar390d.exe 2011-11-14 16:46 . 2011-06-10 18:20 134104 ----a-w- e:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="e:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "SUPERAntiSpyware"="e:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-19 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="e:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-10-16 13578240] "nwiz"="nwiz.exe" [2008-10-16 1630208] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-10-16 86016] "Six Engine"="e:\programme\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-13 5634560] "bcmwltry"="bcmwltry.exe" [2003-07-25 462848] "NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] "Adobe ARM"="e:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="e:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- e:\programme\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneWlanCfgSvc"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "ZuneBusEnum"=2 (0x2) "WMZuneComm"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="e:\programme\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="e:\programme\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="e:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Games\\BnW\\runblack.exe"= "e:\programme\Microsoft ActiveSync\rapimgr.exe"= e:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "e:\programme\Microsoft ActiveSync\wcescomm.exe"= e:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "e:\programme\Microsoft ActiveSync\WCESMgr.exe"= e:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Programme\\Lionhead Studios Ltd\\Black & White\\runblack.exe"= "e:\programme\Bonjour\mDNSResponder.exe"= Dienst "Bonjour" "e:\\Programme\\iTunes\\iTunes.exe"= "e:\\Dokumente und Einstellungen\\Tina\\Eigene Dateien\\Downloads\\tinyumbrella-4.21.01.exe"= "e:\\Programme\\Avira\\AntiVir Desktop\\ipmgui.exe"= "e:\\Dokumente und Einstellungen\\Tina\\Lokale Einstellungen\\Temp\\SSUPDATE.EXE"= "e:\\Programme\\Mozilla Firefox\\firefox.exe"= "e:\\Programme\\Gemeinsame Dateien\\Java\\Java Update\\jucheck.exe"= "e:\\Programme\\Avira\\AntiVir Desktop\\avnotify.exe"= "e:\\Programme\\Electronic Arts\\Die Sims 3\\Game\\Bin\\Sims3LauncherW.exe"= "e:\\Programme\\Origin\\LegacyPM\\EACoreServer.exe"= "e:\\Programme\\Electronic Arts\\Die Sims 3\\Game\\Bin\\TS3W.exe"= "e:\\Programme\\Java\\jre6\\bin\\javaw.exe"= "e:\\Programme\\Gemeinsame Dateien\\Java\\Java Update\\jaucheck.exe"= "e:\\Programme\\Windows Media Player\\wmplayer.exe"= "e:\\Programme\\Windows Media Player\\setup_wm.exe"= "e:\\Programme\\Mozilla Firefox\\plugin-container.exe"= "e:\\Programme\\Gemeinsame Dateien\\Adobe\\ARM\\1.0\\AdobeARM.exe"= "e:\\Dokumente und Einstellungen\\Tina\\Eigene Dateien\\Downloads\\tdsskiller.exe"= "e:\\Dokumente und Einstellungen\\Tina\\Eigene Dateien\\Downloads\\aswMBR.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [24.10.2011 15:17 36000] R1 SASDIFSV;SASDIFSV;e:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872] R1 SASKUTIL;SASKUTIL;e:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656] R2 AntiVirSchedulerService;Avira Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [24.10.2011 15:17 86224] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;e:\windows\system32\drivers\libusb0.sys [20.08.2011 14:15 28160] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384] S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\e:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> e:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?] S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);e:\windows\system32\drivers\s1039bus.sys [08.01.2011 16:54 98672] S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;e:\windows\system32\drivers\s1039mdfl.sys [08.01.2011 16:54 14960] S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;e:\windows\system32\drivers\s1039mdm.sys [08.01.2011 16:54 124016] S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s1039mgmt.sys [08.01.2011 16:54 117872] S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);e:\windows\system32\drivers\s1039nd5.sys [08.01.2011 16:54 25456] S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;e:\windows\system32\drivers\s1039obex.sys [08.01.2011 16:54 113904] S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);e:\windows\system32\drivers\s1039unic.sys [08.01.2011 16:54 123504] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [31.10.2011 16:22 10064] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;"e:\dokumente und einstellungen\Tina\Eigene Dateien\WMZuneComm.exe" --> e:\dokumente und einstellungen\Tina\Eigene Dateien\WMZuneComm.exe [?] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners . 2011-12-16 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - e:\dokumente und einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\l6g47qec.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-90944416.sys SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-21 20:33 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) @="" "Installed"="1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) @="" "Installed"="1" "NoChange"="1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) @="" "Installed"="1" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(964) e:\programme\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(1740) e:\windows\system32\webcheck.dll e:\windows\system32\WPDShServiceObj.dll e:\windows\system32\PortableDeviceTypes.dll e:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . e:\programme\Avira\AntiVir Desktop\avguard.exe e:\programme\Avira\AntiVir Desktop\avshadow.exe e:\windows\RTHDCPL.EXE e:\windows\system32\RUNDLL32.EXE e:\windows\system32\bcmwltry.exe e:\progra~1\MICROS~3\rapimgr.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-12-21 20:38:18 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-12-21 19:38 . Vor Suchlauf: 12 Verzeichnis(se), 364.500.905.984 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 366.054.645.760 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - E4A1E14BCD612266E042D7ED512C92FD |
23.12.2011, 11:04 | #15 |
/// Selecta Jahrusso | Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! Hy, PsYcHoTiC ist bisschen verhindert. Weihnachtsstress kennen wir doch alle oder Wie läuft der Rechner ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder! |
ahnung, andere, antivirus, brauch, chip, forum, gelöscht, gesuch, gesucht, googel, googeln, google, hoffe, informationen, interne, internet, kommt immer wieder, malware, natürlich, nicht mehr, pcs, seite, seiten, stunde, versuche, wenig, wenig ahnung |