| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hilfe bei Trojaner Trojan.gen.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.03.2012, 16:10
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Hilfe bei Trojaner Trojan.gen.2 Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.03.2012, 23:37
| #17 |
 | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne,
__________________hier die drei gewünschten Logs und auch ein Log vom Full-Scan von Norton Internet Security 2012 (hat leider wieder einen Trojaner gefunden). |
|
24.03.2012, 18:16
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Warum postest du das nicht in CODE-Tags...?
__________________
__________________ |
|
24.03.2012, 20:35
| #19 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, sorry mein Fehler. Ich dachte für die 4 Logs passt zip besser. Hier nun per Code-Tags. 1) Norton Internet Security (Virus Fund): Code:
ATTFilter Scanstatistiken:
Scanzeit: 4.085 Sekunden
Scanziele: Gesamter Computer
Zähler:
Gescannte Elemente insgesamt: 337.594
– Dateien und Laufwerke: 331.683
– Registrierungseinträge: 471
– Prozesse und Elemente beim Start: 4.819
– Netzwerk und Browser-Elemente: 614
– Sonstiges: 4
– Vertrauenswürdige Dateien: 1.530
– Übersprungene Dateien: 376
Erkannte Sicherheitsrisiken insgesamt: 1
Behobene Elemente insgesamt: 1
Elemente insgesamt, die Aufmerksamkeit erfordern: 0
Behobene Bedrohungen:
Trojan.ADH.2
Typ: Anomalie
Risiko: Hoch (Hoch Verbergen, Hoch Entfernen, Hoch Leistung, Hoch Datenschutz)
Kategorien: Virus
Status: Ausgeschlossen
-----------
1 Datei
c:\system volume information\_restore{b991f27a-883f-42a9-a172-eaab1d37fffa}\rp149\a0020067.exe - Ausgeschlossen
1 Browser-Cache
Nicht behobene Bedrohungen:
Keine nicht behobenen Risiken
2) GMER-Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-22 21:14:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_HTS541680J9SA00 rev.SB2IC7JP
Running: 3fktjv7y.exe; Driver: C:\DOKUME~1\leno\LOKALE~1\Temp\uwecrkoc.sys
---- System - GMER 1.0.15 ----
SSDT 89BB8110 ZwAlertResumeThread
SSDT 89BD2468 ZwAlertThread
SSDT 8AA58CB8 ZwAllocateVirtualMemory
SSDT 8957E1C0 ZwAssignProcessToJobObject
SSDT 89D2E840 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA8827D40]
SSDT 89BB2008 ZwCreateMutant
SSDT 89B92F80 ZwCreateSymbolicLinkObject
SSDT 89B70D40 ZwCreateThread
SSDT 89B670D8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA8827FC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8828680]
SSDT 8AA4FC38 ZwDuplicateObject
SSDT 8AA14C80 ZwFreeVirtualMemory
SSDT 89BD8110 ZwImpersonateAnonymousToken
SSDT 89BD8008 ZwImpersonateThread
SSDT 8AA58C80 ZwLoadDriver
SSDT 894DD310 ZwMapViewOfSection
SSDT 89BB2130 ZwOpenEvent
SSDT 8A9FC698 ZwOpenProcess
SSDT 89BDC290 ZwOpenProcessToken
SSDT 89BAB130 ZwOpenSection
SSDT 8AA502C8 ZwOpenThread
SSDT 8957E0F0 ZwProtectVirtualMemory
SSDT 89BD2508 ZwResumeThread
SSDT 89B8DA90 ZwSetContextThread
SSDT 8AA41498 ZwSetInformationProcess
SSDT 89B671B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8828910]
SSDT 89BAB008 ZwSuspendProcess
SSDT 89BD25C8 ZwSuspendThread
SSDT 89BBF150 ZwTerminateProcess
SSDT 89BAE840 ZwTerminateThread
SSDT 89BE7080 ZwUnmapViewOfSection
SSDT 8AC46E58 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C60 805044FC 4 Bytes CALL CF34CED3
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateKey + 6 7C91D0F4 4 Bytes [68, 01, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateKey + B 7C91D0F9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateMutant + 6 7C91D114 4 Bytes [28, 02, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateMutant + B 7C91D119 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateSection + 6 7C91D184 4 Bytes [68, 02, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateSection + B 7C91D189 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [A8, 04, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenKey + 6 7C91D5D4 4 Bytes [A8, 01, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenKey + B 7C91D5D9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenMutant + 6 7C91D5E4 4 Bytes CALL 7B91ECEA
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenMutant + B 7C91D5E9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + 6 7C91D604 1 Byte [28]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [28, 03, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + 6 7C91D614 1 Byte [68]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes [68, 03, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [28, 04, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenSection + 6 7C91D634 4 Bytes [A8, 02, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenSection + B 7C91D639 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes CALL 7B91ED6B
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + 6 7C91D674 1 Byte [E8]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes CALL 7B91ED7C
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes [68, 04, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EEB9
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 1 Byte [A8]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [A8, 03, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes CALL 7B91F61D
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002D00B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002D00F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateEventW 7C80A749 5 Bytes JMP 002D0030
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 002D0170
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!OpenEventW 7C8131E0 5 Bytes JMP 002D0070
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClipboardFormatA 7E368E28 5 Bytes JMP 003C02F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClipboardFormatW 7E36AF34 5 Bytes JMP 003C02B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 003C0530
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!ActivateKeyboardLayout 7E378673 5 Bytes JMP 003C04F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!IsClipboardFormatAvailable 7E37F166 5 Bytes JMP 003C00F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardSequenceNumber 7E37F17A 2 Bytes JMP 003C0330
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardSequenceNumber + 3 7E37F17D 2 Bytes [04, 82] {ADD AL, 0x82}
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!CloseClipboard 7E380265 5 Bytes JMP 003C00B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!OpenClipboard 7E380277 5 Bytes JMP 003C0070
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!SetClipboardViewer 7E380473 5 Bytes JMP 003C04B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!ChangeClipboardChain 7E380487 5 Bytes JMP 003C0430
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!EmptyClipboard 7E380D96 5 Bytes JMP 003C0130
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardOwner 7E380DA8 5 Bytes JMP 003C0370
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 003C0030
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 003C0170
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardFormatNameA 7E381290 5 Bytes JMP 003C0270
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!CountClipboardFormats 7E38167F 5 Bytes JMP 003C01F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetOpenClipboardWindow 7E381691 5 Bytes JMP 003C03F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!EnumClipboardFormats 7E38E53D 5 Bytes JMP 003C01B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardFormatNameW 7E3A957F 5 Bytes JMP 003C0230
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardViewer 7E3BCB94 3 Bytes JMP 003C0470
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardViewer + 4 7E3BCB98 1 Byte [82]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetPriorityClipboardFormat 7E3BCC96 3 Bytes JMP 003C03B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetPriorityClipboardFormat + 4 7E3BCC9A 1 Byte [82]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetDeviceCaps 77EF5A71 5 Bytes JMP 003D0370
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectObject 77EF5B70 5 Bytes JMP 003D05B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetTextColor 77EF5D77 5 Bytes JMP 003D0970
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetBkMode 77EF5EDB 5 Bytes JMP 003D0830
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!IntersectClipRect 77EF6A56 5 Bytes JMP 003D03B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetClipBox 77EF6AA1 5 Bytes JMP 003D0330
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!DeleteObject 77EF6BFA 5 Bytes JMP 003D01B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 003D0170
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtSelectClipRgn 77EF7874 5 Bytes JMP 003D02F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectClipRgn 77EF7AA0 5 Bytes JMP 003D0570
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextMetricsW 77EF7DB9 5 Bytes JMP 003D0D30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtTextOutW 77EF8086 5 Bytes JMP 003D08B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetStretchBltMode 77EF8597 5 Bytes JMP 003D05F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!RestoreDC 77EF8B28 5 Bytes JMP 003D04F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SaveDC 77EF8BEE 5 Bytes JMP 003D0530
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetTextAlign 77EF8C8B 5 Bytes JMP 003D0930
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!MoveToEx 77EFA21A 5 Bytes JMP 003D0430
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextFaceW 77EFA5CB 5 Bytes JMP 003D0C70
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StretchDIBits 77EFB0AE 2 Bytes JMP 003D06B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StretchDIBits + 3 77EFB0B1 2 Bytes [4D, 88]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetWorldTransform 77EFB457 5 Bytes JMP 003D0630
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 003D00B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 003D00F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtEscape 77EFC3CC 5 Bytes JMP 003D02B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtTextOutA 77EFD3FA 5 Bytes JMP 003D0870
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!LineTo 77EFD997 5 Bytes JMP 003D03F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextMetricsA 77EFDF45 5 Bytes JMP 003D0CF0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetICMMode 77EFE868 5 Bytes JMP 003D0CB0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!Rectangle 77EFE9BE 5 Bytes JMP 003D08F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetFontData 77EFF314 5 Bytes JMP 003D0BB0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextFaceA 77EFF365 5 Bytes JMP 003D0C30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetPolyFillMode 77F00817 5 Bytes JMP 003D0A70
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetMiterLimit 77F00E8E 5 Bytes JMP 003D0AB0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!Escape 77F06F5A 5 Bytes JMP 003D0270
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ResetDCW 77F0B9AF 5 Bytes JMP 003D09F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateICW 77F0C813 5 Bytes JMP 003D0130
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!BeginPath 77F0D4B0 5 Bytes JMP 003D0770
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndPath 77F0D530 5 Bytes JMP 003D09B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectClipPath 77F0D5B7 5 Bytes JMP 003D0A30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndPage 77F0DC61 5 Bytes JMP 003D0230
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndDoc 77F0DEF1 5 Bytes JMP 003D01F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolyBezierTo 77F0EBD1 5 Bytes JMP 003D0470
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolylineTo 77F0EC7E 5 Bytes JMP 003D04B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CloseFigure 77F0ED1A 5 Bytes JMP 003D0070
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StartPage 77F0F49E 5 Bytes JMP 003D0670
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!RemoveFontResourceW 77F1D07C 5 Bytes JMP 003D0B70
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetGlyphOutlineW 77F1E6D1 5 Bytes JMP 003D0BF0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!AddFontResourceW 77F1FFAB 5 Bytes JMP 003D0B30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateScalableFontResourceW 77F20160 5 Bytes JMP 003D0AF0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!AbortDoc 77F24CD2 5 Bytes JMP 003D0030
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StartDocW 77F25962 5 Bytes JMP 003D0730
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StrokePath 77F260B7 5 Bytes JMP 003D06F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!FillPath 77F26144 5 Bytes JMP 003D07B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolyDraw 77F2667B 5 Bytes JMP 003D07F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ole32.dll!OleSetClipboard 77517808 5 Bytes JMP 003F0030
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 002D0110
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext] 003E0090
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW] 003E0050
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW] 003E0050
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom] 003E01D0
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext] 003E0090
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptAcquireContextW] 003E0050
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptGenRandom] 003E01D0
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptReleaseContext] 003E0090
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 002D0110
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A6147D20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
3) Osam-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:39:17 on 23.03.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.24 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Programme\PCDR5\pcdr5cuiw32.exe "PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE (File found, but it contains no detailed information) "Symantec NetDetect.job" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl "PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl "tp4ex.cpl" - "IBM Corporation" - C:\WINDOWS\system32\tp4ex.cpl "TP98.CPL" - "Lenovo Group Limited" - C:\WINDOWS\system32\TP98.CPL "TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "catchme" (catchme) - ? - C:\DOKUME~1\leno\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS "DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS "DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DozeHDD" (DozeHDD) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\DozeHDD.sys "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "filtertdidriver" (filtertdidriver) - "Huawei Technologies Co., Ltd." - C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys "IBM eGatherer" (EGATHDRV) - "IBM Corporation" - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS "IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys (File found, but it contains no detailed information) "IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120322.002\IDSxpx86.sys "IPS-Helper-Treiber" (PROCDD) - "Lenovo Group Limited" - C:\WINDOWS\System32\DRIVERS\PROCDD.SYS "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Lenovo System Interface Driver" (lenovo.smi) - "Lenovo Group Limited" - C:\WINDOWS\System32\DRIVERS\smiif32.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120322.019\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120322.019\NAVEX15.SYS "Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\ccSetx86.sys "PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\drivers\PCASp50.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pmem" (pmem) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\pmemnt.sys "PrivateDisk" (PrivateDisk) - "Utimaco Safeware AG" - C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys "Smapint" (Smapint) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\Smapint.sys "SMI Helper Driver (smihlp2)" (smihlp2) - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys "smi2" (smi2) - "IBM Corp." - C:\Programme\SMI2\smi2.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1306010.008\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1306010.008\SYMEFA.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\Ironx86.SYS "Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1306010.008\SYMTDI.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1306010.008\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\SRTSPX.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS "TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS (File found, but it contains no detailed information) "TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\WINDOWS\System32\drivers\Tppwrif.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys "WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} "SafeGuard® PrivateDisk extension" - "Utimaco Safeware AG" - C:\Programme\Lenovo\SafeGuard PrivateDisk\pdshell.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm {0FE81B52-73FA-425F-8F06-3F32451AC73F} "ClsidExtension" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {F040E541-A427-4CF7-85D8-75E3E0F476C5} "CPwmIEBrowserHelper Object" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\leno\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ACWLIcon" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe "AwaySch" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwaySch.EXE "BLOG" - ? - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog (File found, but it contains no detailed information) "cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent "DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Programme\Huawei Modems\DataCardMonitor.exe "DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "LenovoAutoScrollUtility" - "Lenovo Group Limited" - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe "LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe "LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PDService.exe" - "Utimaco Safeware AG" - "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" "PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TP4EX" - "Lenovo Group Limited" - tp4ex.exe "TPKMAPHELPER" - "Lenovo" - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper "TpShocks" - "Lenovo." - TpShocks.exe "TVT Scheduler Proxy" - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe "Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe "Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe "Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe (File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "IPS-Basisservice" (IPSSVC) - "Lenovo Group Limited" - C:\WINDOWS\system32\IPSSVC.EXE "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE "Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe "Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe "Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe "System Update" (SUService) - "Lenovo Group Limited" - c:\programme\lenovo\system update\suservice.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe "TSS Core Service" (TSSCoreService) - "IBM" - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe "TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "ACNotify" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll "AwayNotify" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwayNotify.dll "psfus" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru 4) aswMBR-Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 21:44:19
-----------------------------
21:44:19.843 OS Version: Windows 5.1.2600 Service Pack 3
21:44:19.843 Number of processors: 2 586 0xE0C
21:44:19.843 ComputerName: LENOVO-C395390B UserName: leno
21:44:22.406 Initialize success
21:59:50.013 AVAST engine defs: 12032301
22:00:32.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:00:32.703 Disk 0 Vendor: HITACHI_HTS541680J9SA00 SB2IC7JP Size: 76319MB BusType: 3
22:00:32.735 Disk 0 MBR read successfully
22:00:32.735 Disk 0 MBR scan
22:00:32.844 Disk 0 unknown MBR code
22:00:32.844 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 72070 MB offset 63
22:00:32.891 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4245 MB offset 147601440
22:00:32.907 Disk 0 scanning sectors +156295440
22:00:33.047 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:28.453 Service scanning
22:02:54.344 Modules scanning
22:03:19.610 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
22:03:25.844 Disk 0 trace - called modules:
22:03:25.860 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:03:25.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acfaab8]
22:03:25.860 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000009a[0x8ac48140]
22:03:25.875 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac47940]
22:03:27.578 AVAST engine scan C:\WINDOWS
22:03:46.860 AVAST engine scan C:\WINDOWS\system32
22:17:19.313 AVAST engine scan C:\WINDOWS\system32\drivers
22:18:21.328 AVAST engine scan C:\Dokumente und Einstellungen\leno
22:34:52.500 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:35:54.672 Scan finished successfully
22:49:50.016 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\leno\Desktop\MBR.dat"
22:49:50.016 The log file has been saved successfully to "C:\Dokumente und Einstellungen\leno\Desktop\aswMBR-23032012.txt"
|
|
25.03.2012, 14:19
| #20 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2Zitat:
Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde. Zitat:
Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Hilfe bei Trojaner Trojan.gen.2 |
| antivirus, benötige, empfehlungen, entfern, eset, gefunde, gestern, gmer, hallo zusammen, hilfe bei trojaner, malwarebytes, nicht sicher, nichts, plagegeister, quarantäne, scan, symantec, system, troja, trojan.adh.2, trojan.gen.2, trojaner, verschoben, vollständige, woche, zusammen |
Linear-Darstellung
