| |
| |||||||
Log-Analyse und Auswertung: Windows blockiert, 50€ ZahlungsaufforderungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.01.2012, 17:52
| #16 |
 |  Windows blockiert, 50€ Zahlungsaufforderung habe das Script ausgeführt, hier die log: Code:
ATTFilter ComboFix 12-01-13.05 - Blimsch 14.01.2012 17:38:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3072.2491 [GMT 1:00]
ausgeführt von:: F:\ComboFix.exe
Benutzte Befehlsschalter :: F:\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\D95A2
c:\programme\D95A2\lvvm.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-14 bis 2012-01-14 ))))))))))))))))))))))))))))))
.
.
2012-01-14 16:34 . 2012-01-14 16:34 -------- d--h--w- c:\windows\PIF
2012-01-14 16:16 . 2012-01-14 16:16 -------- d-----w- c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\Sophos
2012-01-14 13:31 . 2012-01-14 13:31 -------- d-----w- c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Malwarebytes
2012-01-12 22:12 . 2012-01-12 22:12 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\EndNote
2012-01-12 16:10 . 2012-01-12 16:10 -------- d-----w- c:\programme\ESET
2012-01-12 15:51 . 2012-01-12 15:51 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2012-01-12 15:51 . 2012-01-12 15:51 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-12 15:51 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 15:49 . 2012-01-12 15:49 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2012-01-12 15:47 . 2012-01-12 15:47 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2012-01-12 15:47 . 2012-01-12 15:47 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
2012-01-11 18:13 . 2007-05-12 08:23 224016 ----a-w- c:\windows\system32\tabctl32.ocx
2012-01-11 18:13 . 2007-05-12 08:23 198656 ----a-w- c:\windows\system32\comdlg32.ocx
2011-12-21 09:00 . 2011-12-21 09:00 -------- d-----w- c:\programme\OpenVPN Technologies
2011-12-18 07:24 . 2011-12-18 07:24 -------- d-----w- c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\gtk-2.0
2011-12-18 07:18 . 2011-12-18 07:40 -------- d-----w- c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\midori
2011-12-18 07:18 . 2011-12-18 07:18 -------- d-----w- c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\webkit
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 05:44 . 2011-08-06 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Sophos AutoUpdate Monitor"="c:\programme\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="d:\ malwarebytes anti-malware \mbamgui.exe" [2011-12-24 460872]
.
c:\dokumente und einstellungen\Blimsch\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
Multidesk Desktop Manager.lnk - d:\multidesk\MultiDesk.exe [2004-4-15 625664]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2010-9-15 6144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Trillian\\trillian.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\TuneUp 2010\\Integrator.exe"=
"f:\\Downloads\\utorrent.exe"=
"d:\\Skype\\Phone\\Skype.exe"=
"d:\\Winamp\\winamp.exe"=
"d:\\ChemDraw 12\\ChemDraw\\ChemDraw.exe"=
"c:\\Dokumente und Einstellungen\\Blimsch\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"d:\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Dokumente und Einstellungen\\Blimsch\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Trillian\\plugins\\skypekit.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.09.2010 08:09 691696]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [14.09.2010 21:57 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [14.09.2010 21:57 24064]
R2 MBAMService;MBAMService;d:\ malwarebytes anti-malware \mbamservice.exe [12.01.2012 16:51 652872]
R2 OODefragAgent;O&O Defrag Agent;d:\oo defrag 14\oodag.exe [24.08.2010 21:56 2281800]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [08.10.2010 16:15 163056]
R2 SAVService;Sophos Anti-Virus;c:\programme\Sophos\Sophos Anti-Virus\SavService.exe [04.06.2010 12:23 97520]
R2 swi_service;Sophos Web Intelligence Service;c:\programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [08.10.2010 16:15 1541360]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\tuneup 2010\TuneUpUtilitiesService32.exe [26.08.2010 13:43 1051968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.01.2012 16:51 20464]
R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 10:48 154752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\tuneup 2010\TuneUpUtilitiesDriver32.sys [24.02.2010 13:41 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [23.11.2011 19:38 25728]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\microsoft office\Office14\GROOVE.EXE [12.06.2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]
S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [23.11.2011 19:38 105984]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.08.2011 01:46 26112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [14.09.2010 21:57 14976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Mozilla\Firefox\Profiles\1tt8lb1u.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search? ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-14 17:41
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="045D393BE5BDA378B712095C9CCFAFDD8948D36A05349DDD548A272FF7C6B41EC0886F5CE2AB2D753CB5290B4B54AD0EFE3119905CD542E4260115198307F80A54A7DE1AA17EFB436C75911844CECAEBD63C95ADFA1E763157CA3573310EFA1976372CAD9DE79BDF717BDB4E432C5A184965FDC1FCDAF52A524DF3151AA27E98DE2B1EE1164E7A9C73E8CA0EC80F950A9096AB63420AE18B0163E268A341B029CCEA9E140ACA6E9F24D1C0CC954E980D6CB29ABCEF5E4166D5D939EB6F9C9D3E0151BD39FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB3452BA7FD869164D6794CFD21FD1DAD85CAFD901B59B1244FC843C322B5756B29C062D485792393C1A32D653CE3C7EEFB9F1F7BCF0E7C161788411B78D6BAE8CFDC7A00498C6C67891C1F609E7593638A60610348B6CBB39F7638330AC0CA0DDB16504E67E30BB682B23EC5DC7B18B3AB1E45ECC6C18DA5E630D73A096AB766719DE763564E5F31AE18C377130218CEE8C976425DD2A7B55C38081C3BE107DDA36C9D9E385514E8ED1461A96475747C48EBB688C8DB7801C4A4F94857D5189E2B14CD61D01342FBBBAAD9E579458D21EAF0471878FAA4FA149A3D58A8DDE711B5824D7C05D9E7D090435916C86FB45CF8FB74DCF58BED046B6B635A48E7A8F9198A10CE00278A5D3B46081476FEC3E25ED308FD0C28472632DD8E36082B942CC082966433B7B96ED7AC9C38A82AB5CDBB25C092B8E6127C2EC6CD7F85305ECC3DC311FE23938C49BA51DEF8DDB8C44A567BCD6B45C8E6425D8E8CBE14B1DF4E17349B0EE1110A6162B1E62DCF5B69F28386953F3B41823BBF6DABCBF9A90C6084C8ED9C8BABB390AA4203BB635269AFD798CA1A600DD612E72DFED6BD2474F898BB61E8813427B994E0D5E8FDB2AE5B520E3263D8C1720179B2CE472EB7A02AFF709C477DA0671D88962F40E96E6B651C542095C8E4A6607E207EC18C1B656B5FDE3D89434B822515A31690FF0544445A88C395B9B553DFEDF4B1250946045CAAD35A891A96099FEEA1F6D225C3E4C7D2ABE67C82DE8B1774EE7A8C406AA4F143B0449D5285967540864F388AEC41056D0E68762238855DA0EE046549EA0F4A97DE590FB7D501FB621CE363CA05AD2A2C5A55420BE10BE881FCD440FC9A0BE96F18799D1E0C8D87C4D402F6750485DA8D83349A7A6A887532B59C1BA575B36DCB6AA435B689A307543ADA06ABE29FCA279592957E5D5CC82FA439F5178566A6D90A2B24D92EF44E161A08DD7D16D033E3E75F8BEE9EAB0D0FE5E858047ECED3368584C13BE4738752835BEF752D7429CE27A01220711D8ECC991DBA8BDCA5789C747BD4AB07335DABB9DBFC6EE8215D4C2EECD7BF0C4"
.
Zeit der Fertigstellung: 2012-01-14 17:43:08
ComboFix-quarantined-files.txt 2012-01-14 16:43
ComboFix2.txt 2012-01-14 15:34
.
Vor Suchlauf: 2.273.042.432 Bytes frei
Nach Suchlauf: 2.276.261.888 Bytes frei
.
- - End Of File - - 3C264582E7AFF8C0458A6AE336717114
|
|
14.01.2012, 20:02
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows blockiert, 50€ Zahlungsaufforderung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ |
|
14.01.2012, 21:09
| #18 |
| | Windows blockiert, 50€ Zahlungsaufforderung soooo... hat etwas gedauert, aber jetzt ist auch aswMBR durch... hier die logs:
__________________gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-14 20:36:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD3200AAKB-00UAA0 rev.00.02C01
Running: m066g9fe.exe; Driver: C:\DOKUME~1\Blimsch\LOKALE~1\Temp\kwlyikoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xB6FB83BA]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0xB6FB88A4]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xB6FB8510]
SSDT spjx.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spjx.sys ZwEnumerateValueKey [0xF74FD132]
SSDT spjx.sys ZwOpenKey [0xF74E40C0]
SSDT spjx.sys ZwQueryKey [0xF74FD20A]
SSDT spjx.sys ZwQueryValueKey [0xF74FD08A]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0xB6FB8BCE]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xB6FB8576]
INT 0x62 ? 8A19EBF8
INT 0x82 ? 8A19EBF8
INT 0xB4 ? 88EE3BF8
INT 0xB4 ? 88EE3BF8
INT 0xB4 ? 88EE3BF8
INT 0xB4 ? 88EE3BF8
INT 0xB4 ? 88EE3BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 120 804E278C 1 Byte [A4]
? spjx.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9333360, 0x35483F, 0xE8000020]
.text USBPORT.SYS!DllUnload B92868AC 5 Bytes JMP 88EE31D8
.text ac9qecqq.SYS B91EF386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ac9qecqq.SYS B91EF3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ac9qecqq.SYS B91EF3C4 3 Bytes [00, 80, 02]
.text ac9qecqq.SYS B91EF3C9 1 Byte [30]
.text ac9qecqq.SYS B91EF3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text D:\OO Defrag 14\oodag.exe[444] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00402FB0 D:\OO Defrag 14\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A1A12D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] spjx.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] spjx.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spjx.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spjx.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spjx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spjx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spjx.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 88EE32D8
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ac9qecqq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A20A1F8
AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
Device \Driver\usbuhci \Device\USBPDO-0 88EE21F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A20C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A20C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A20C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A20C1F8
Device \Driver\usbuhci \Device\USBPDO-1 88EE21F8
Device \Driver\usbuhci \Device\USBPDO-2 88EE21F8
Device \Driver\usbehci \Device\USBPDO-3 88FA41F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A19F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A19F1F8
Device \Driver\Cdrom \Device\CdRom0 88FA11F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A19F1F8
Device \Driver\Cdrom \Device\CdRom1 88FA11F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A19F1F8
Device \Driver\Cdrom \Device\CdRom2 88FA11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9514F494-7C4D-4204-B56E-929252888553} 8871A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8A19F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 8A19F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8871A1F8
Device \Driver\PCI_PNP9266 \Device\0000004a spjx.sys
Device \Driver\PCI_PNP9266 \Device\0000004a spjx.sys
Device \Driver\Ftdisk \Device\HarddiskVolume8 8A19F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume9 8A19F1F8
Device \Driver\NetBT \Device\NetbiosSmb 8871A1F8
Device \Driver\usbuhci \Device\USBFDO-0 88EE21F8
Device \Driver\usbuhci \Device\USBFDO-1 88EE21F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 886FF1F8
Device \Driver\usbuhci \Device\USBFDO-2 88EE21F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 886FF1F8
Device \Driver\usbehci \Device\USBFDO-3 88FA41F8
Device \Driver\sptd \Device\2153918016 spjx.sys
Device \Driver\Ftdisk \Device\FtControl 8A19F1F8
Device \Driver\ac9qecqq \Device\Scsi\ac9qecqq1Port3Path0Target0Lun0 88CF9500
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port2Path0Target4Lun0 8A20B1F8
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 8A20B1F8
Device \Driver\ac9qecqq \Device\Scsi\ac9qecqq1 88CF9500
Device \FileSystem\Cdfs \Cdfs 88D4D500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x07 0xA8 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x84 0xF8 0xC1 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDE 0x62 0x7C 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0A 0x87 0xB2 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x84 0xF8 0xC1 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDE 0x62 0x7C 0x01 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL 045D393BE5BDA378B712095C9CCFAFDD8948D36A05349DDD548A272FF7C6B41EC0886F5CE2AB2D753CB5290B4B54AD0EFE3119905CD542E4260115198307F80A54A7DE1AA17EFB436C75911844CECAEBD63C95ADFA1E763157CA3573310EFA1976372CAD9DE79BDF717BDB4E432C5A184965FDC1FCDAF52A524DF3151AA27E98DE2B1EE1164E7A9C73E8CA0EC80F950A9096AB63420AE18B0163E268A341B029CCEA9E140ACA6E9F24D1C0CC954E980D6CB29ABCEF5E4166D5D939EB6F9C9D3E0151BD39FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB3452BA7FD869164D6794CFD21FD1DAD85CAFD901B59B1244FC843C322B5756B29C062D485792393C1A32D653CE3C7EEFB9F1F7BCF0E7C161788411B78D6BAE8CFDC7A00498C6C67891C1F609E7593638A60610348B6CBB39F7638330AC0CA0DDB16504E67E30BB682B23EC5DC7B18B3AB1E45ECC6C18DA5E630D73A096AB766719DE763564E5F31AE18C377130218CEE8C976425DD2A7B55C38081C3BE107DDA36C9D9E385514E8ED1461A96475747C48EBB688C8DB7801C4A4F94857D5189E2B14CD61D01342FBBBAAD9E579458D21EAF0471878FAA4FA149A3D58A8DDE711B5824D7C05D9E7D090435916C86FB45CF8FB74DCF58B
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:43:16 on 14.01.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ac9qecqq" (ac9qecqq) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ac9qecqq.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "catchme" (catchme) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys "doqsumar" (doqsumar) - ? - C:\WINDOWS\System32\drivers\yfexxuec.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kwlyikoc" (kwlyikoc) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\kwlyikoc.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MSI US54EX Wireless Adapter" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TAP-Win32 Adapter OAS" (tapoas) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tapoas.sys "TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - D:\TrueCrypt\truecrypt.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesDriver32.sys "vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopy.dll (File found, but it contains no detailed information) {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopyExt.dll (File found, but it contains no detailed information) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Java\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\URLREDIR.DLL {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - D:\Cisco VPN Client\vpngui.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Blimsch\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Multidesk Desktop Manager.lnk" - "smartcoder.net software development" - D:\Multidesk\MultiDesk.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "D:\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\ Malwarebytes Anti-Malware \mbamgui.exe" /starttray "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "Sophos AutoUpdate Monitor" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\almon.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Cisco VPN Client\cvpnd.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Java\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\ Malwarebytes Anti-Malware \mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - D:\Microsoft Office\Office14\GROOVE.EXE "NMSAccess" (NMSAccess) - ? - D:\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "O&O Defrag Agent" (OODefragAgent) - "O&O Software GmbH" - D:\OO Defrag 14\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Sophos Anti-Virus" (SAVService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe "Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe "Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALsvc.exe "Sophos Web Intelligence Service" (swi_service) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe "STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information) "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - D:\TuneUp 2010\TuneUpDefragService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesService32.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-14 20:43:48
-----------------------------
20:43:48.109 OS Version: Windows 5.1.2600 Service Pack 3
20:43:48.109 Number of processors: 1 586 0xA00
20:43:48.109 ComputerName: BLIMSCHS-PC UserName: Blimsch
20:43:48.406 Initialize success
20:47:03.734 AVAST engine defs: 12011401
20:47:43.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:47:43.656 Disk 0 Vendor: WDC_WD3200AAKB-00UAA0 00.02C01 Size: 305245MB BusType: 3
20:47:43.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:47:43.656 Disk 1 Vendor: WDC_WD600AB-00BVA0 21.01H21 Size: 57241MB BusType: 3
20:47:43.687 Disk 0 MBR read successfully
20:47:43.687 Disk 0 MBR scan
20:47:43.718 Disk 0 Windows XP default MBR code
20:47:43.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 12393 MB offset 63
20:47:43.718 Disk 0 Partition - 00 0F Extended LBA 292848 MB offset 25382700
20:47:43.734 Disk 0 Partition - 00 05 Extended 14605 MB offset 25382762
20:47:43.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14605 MB offset 25382763
20:47:43.750 Disk 0 Partition - 00 05 Extended 29996 MB offset 55295792
20:47:43.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29996 MB offset 55295793
20:47:44.265 Disk 0 Partition - 00 05 Extended 14998 MB offset 146641320
20:47:44.265 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 14998 MB offset 116728353
20:47:44.281 Disk 0 Partition - 00 05 Extended 233248 MB offset 238790160
20:47:44.296 Disk 0 Partition 5 00 07 HPFS/NTFS 233248 MB offset 147444633
20:47:44.312 Disk 0 scanning sectors +625137345
20:47:44.390 Disk 0 scanning C:\WINDOWS\system32\drivers
20:47:53.281 Service scanning
20:47:53.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:47:54.140 Modules scanning
20:48:06.078 Disk 0 trace - called modules:
20:48:06.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spjx.sys >>UNKNOWN [0x8a1bf938]<<
20:48:06.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a108ab8]
20:48:06.093 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a17bf18]
20:48:06.093 5 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a110d98]
20:48:06.234 AVAST engine scan C:\WINDOWS
20:48:10.937 AVAST engine scan C:\WINDOWS\system32
20:52:23.703 AVAST engine scan C:\WINDOWS\system32\drivers
20:52:53.375 AVAST engine scan C:\Dokumente und Einstellungen\Blimsch
21:01:22.859 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:04:42.656 Scan finished successfully
21:05:55.484 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
21:05:55.484 The log file has been saved successfully to "F:\aswMBR.txt"
|
|
14.01.2012, 21:18
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert, 50€ ZahlungsaufforderungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.01.2012, 21:33
| #20 |
| | Windows blockiert, 50€ Zahlungsaufforderung hier die log nach dem reboot: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:31:47 on 14.01.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ar64brxg" (ar64brxg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ar64brxg.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "catchme" (catchme) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MSI US54EX Wireless Adapter" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TAP-Win32 Adapter OAS" (tapoas) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tapoas.sys "TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesDriver32.sys "vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) (Disabled) "doqsumar" (doqsumar) - ? - C:\WINDOWS\System32\drivers\yfexxuec.sys (File found, but it contains no detailed information) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopy.dll (File found, but it contains no detailed information) {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopyExt.dll (File found, but it contains no detailed information) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Java\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\URLREDIR.DLL {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - D:\Cisco VPN Client\vpngui.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Blimsch\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Multidesk Desktop Manager.lnk" - "smartcoder.net software development" - D:\Multidesk\MultiDesk.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "D:\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\ Malwarebytes Anti-Malware \mbamgui.exe" /starttray "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "Sophos AutoUpdate Monitor" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\almon.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Cisco VPN Client\cvpnd.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Java\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\ Malwarebytes Anti-Malware \mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - D:\Microsoft Office\Office14\GROOVE.EXE "NMSAccess" (NMSAccess) - ? - D:\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "O&O Defrag Agent" (OODefragAgent) - "O&O Software GmbH" - D:\OO Defrag 14\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Sophos Anti-Virus" (SAVService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe "Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe "Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALsvc.exe "Sophos Web Intelligence Service" (swi_service) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe "STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information) "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - D:\TuneUp 2010\TuneUpDefragService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesService32.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von blimsch (14.01.2012 um 22:31 Uhr) |
|
15.01.2012, 17:29
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert, 50€ ZahlungsaufforderungZitat:
__________________ --> Windows blockiert, 50€ Zahlungsaufforderung |
|
15.01.2012, 17:45
| #22 |
| | Windows blockiert, 50€ Zahlungsaufforderung das ist mir dann auch aufgefallen, deswegen hab ich mit osam nochmal gescannt und dann gelöscht... sorry, hatte gestern beim editieren wohl die falsche log kopiert... hier jetzt die richtige: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:04:29 on 14.01.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ax5qrh51" (ax5qrh51) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ax5qrh51.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "catchme" (catchme) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MSI US54EX Wireless Adapter" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TAP-Win32 Adapter OAS" (tapoas) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tapoas.sys "TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesDriver32.sys "vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopy.dll (File found, but it contains no detailed information) {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopyExt.dll (File found, but it contains no detailed information) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Java\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\URLREDIR.DLL {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - D:\Cisco VPN Client\vpngui.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Blimsch\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Multidesk Desktop Manager.lnk" - "smartcoder.net software development" - D:\Multidesk\MultiDesk.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "D:\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\ Malwarebytes Anti-Malware \mbamgui.exe" /starttray "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "Sophos AutoUpdate Monitor" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\almon.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Cisco VPN Client\cvpnd.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Java\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\ Malwarebytes Anti-Malware \mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - D:\Microsoft Office\Office14\GROOVE.EXE "NMSAccess" (NMSAccess) - ? - D:\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "O&O Defrag Agent" (OODefragAgent) - "O&O Software GmbH" - D:\OO Defrag 14\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Sophos Anti-Virus" (SAVService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe "Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe "Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALsvc.exe "Sophos Web Intelligence Service" (swi_service) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe "STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information) "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - D:\TuneUp 2010\TuneUpDefragService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesService32.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
15.01.2012, 18:40
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert, 50€ Zahlungsaufforderung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2012, 20:35
| #24 |
| | Windows blockiert, 50€ Zahlungsaufforderung gesagt, getan, hier die drei logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-12 04:46:22
# local_time=2012-01-12 05:46:22 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 3727 3727 0 0
# compatibility_mode=8449 16775126 50 96 78200 139643793 62941 0
# scanned=117359
# found=5
# cleaned=0
# scan_time=2025
C:\Programme\51BCB\lvvm.exe a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\D95A2\lvvm.exe a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\LP\1546\2.tmp a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\LP\1548\018.exe Win32/Cycbot.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\LP\1548\25.tmp a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-14 02:00:21
# local_time=2012-01-14 03:00:21 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 168176 168176 0 0
# compatibility_mode=8449 16775142 50 96 242649 139808242 0 0
# scanned=11480
# found=0
# cleaned=0
# scan_time=418
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-14 02:46:37
# local_time=2012-01-14 03:46:37 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 169159 169159 0 0
# compatibility_mode=8449 16775142 50 96 243632 139809225 0 0
# scanned=124354
# found=12
# cleaned=0
# scan_time=2211
C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Blimsch\Lokale Einstellungen\Temp\1D.tmp Win32/Cycbot.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Blimsch\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SX1LKAL2\3[1].exe Win32/Cycbot.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\D95A2\lvvm.exe a variant of Win32/Kryptik.YXP trojan (unable to clean) 00000000000000000000000000000000 I
F:\_OTL.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
F:\_OTL\MovedFiles\01142012_003846\C_Programme\51BCB\lvvm.exe Win32/Cycbot.AK trojan (unable to clean) 00000000000000000000000000000000 I
F:\_OTL\MovedFiles\01142012_003846\C_Programme\D95A2\lvvm.exe Win32/Cycbot.AK trojan (unable to clean) 00000000000000000000000000000000 I
F:\_OTL\MovedFiles\01142012_003846\C_Programme\LP\1546\2.tmp a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
F:\_OTL\MovedFiles\01142012_003846\C_Programme\LP\1548\018.exe Win32/Cycbot.AK trojan (unable to clean) 00000000000000000000000000000000 I
F:\_OTL\MovedFiles\01142012_003846\C_Programme\LP\1548\25.tmp a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-14 06:17:47
# local_time=2012-01-14 07:17:47 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 181810 181810 0 0
# compatibility_mode=8449 16775126 50 96 11016 139821876 0 0
# scanned=125207
# found=11
# cleaned=11
# scan_time=2227
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe.vir a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe.vir a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programme\D95A2\lvvm.exe.vir a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programme\LP\1546\018.exe.vir a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programme\LP\1546\C054.exe.vir a variant of Win32/Kryptik.YYD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0065620.sys a variant of Win32/Rootkit.Agent.NVG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0066623.exe a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0067639.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0067640.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0067641.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP132\A0068990.exe a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-15 11:41:02
# local_time=2012-01-15 12:41:02 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 244313 244313 0 0
# compatibility_mode=8449 16775141 50 96 13284 139884379 0 0
# scanned=121700
# found=5
# cleaned=5
# scan_time=2318
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe.vir a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe.vir a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programme\D95A2\lvvm.exe.vir a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programme\LP\1546\018.exe.vir a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programme\LP\1546\C054.exe.vir a variant of Win32/Kryptik.YYD trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-15 06:24:44
# local_time=2012-01-15 07:24:44 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 268536 268536 0 0
# compatibility_mode=8449 16775141 50 96 7143 139908602 0 0
# scanned=121738
# found=5
# cleaned=0
# scan_time=2316
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe.vir a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe.vir a variant of Win32/Kryptik.YVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Programme\D95A2\lvvm.exe.vir a variant of Win32/Kryptik.YXP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Programme\LP\1546\018.exe.vir a variant of Win32/Kryptik.YXP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Programme\LP\1546\C054.exe.vir a variant of Win32/Kryptik.YYD trojan (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.15.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Blimsch :: BLIMSCHS-PC [Administrator] Schutz: Deaktiviert 15.01.2012 19:36:44 mbam-log-2012-01-15 (19-36-44).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199647 Laufzeit: 7 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/15/2012 at 08:29 PM
Application Version : 5.0.1142
Core Rules Database Version : 8134
Trace Rules Database Version: 5946
Scan type : Complete Scan
Total Scan Time : 00:38:54
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 478
Memory threats detected : 0
Registry items scanned : 36744
Registry threats detected : 0
File items scanned : 166979
File threats detected : 67
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@advertising[2].txt [ /advertising ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@anrtx.tacoda[1].txt [ /anrtx.tacoda ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@ar.atwola[1].txt [ /ar.atwola ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@at.atwola[1].txt [ /at.atwola ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@atwola[1].txt [ /atwola ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\7N90UPEC.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\EU2KPEA9.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\Blimsch\Cookies\G9PLN8Z5.txt [ /c.atdmt.com ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Kazy[EX]
C:\QOOBOX\QUARANTINE\C\DOKUMENTE UND EINSTELLUNGEN\BLIMSCH\ANWENDUNGSDATEN\602D9\ADF15.EXE.VIR
C:\QOOBOX\QUARANTINE\C\DOKUMENTE UND EINSTELLUNGEN\BLIMSCH\ANWENDUNGSDATEN\8CC51\ADF15.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAMME\D95A2\LVVM.EXE.VIR
Trojan.Agent/Gen-Cycbot
C:\QOOBOX\QUARANTINE\C\PROGRAMME\LP\1546\018.EXE.VIR
|
|
16.01.2012, 12:57
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert, 50€ Zahlungsaufforderung Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben. Der Rest ist nur Cookies, weg damit. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Rechner soweit wieder im Lot?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.01.2012, 14:25
| #26 |
| | Windows blockiert, 50€ Zahlungsaufforderung ja, soweit ist alles wieder normal. Das mit den Malware funden dachte ich mir selbst schon. Die Quarantänedateien können dann ja wohl weg, oder? Vielen Dank nochmal |
|
16.01.2012, 15:28
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert, 50€ Zahlungsaufforderung Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows blockiert, 50€ Zahlungsaufforderung |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, administrator, application/pdf, application/pdf:, bho, blockiert, booten, browser, cdburnerxp, cisco vpn, desktop, document, einstellungen, explorer, firefox, format, google, helper, logfile, malwarebytes, mbamservice.exe, microsoft, monitor, mozilla thunderbird, netzwerk, nvidia, plug-in, registry, rundll, scan, security, security update, software, version=1.0, windows, winlogon.exe, wrapper |
Linear-Darstellung
