Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 5O euro Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.03.2012, 20:20   #16
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



So hier der Kombofix

Code:
ATTFilter
ComboFix 12-03-13.01 - Heiko 13.03.2012  19:41:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.894.295 [GMT 1:00]
ausgeführt von:: c:\users\Heiko\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Heiko\AppData\Roaming\DVDSubEditLastFile0.txt
c:\users\Heiko\AppData\Roaming\Local
c:\users\Heiko\AppData\Roaming\Local\Temp\DDM\Settings\138494.avi.ddr
c:\users\Heiko\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\138494.avi.ddp
c:\windows\system32\jgaw400.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 18:52 . 2012-03-13 18:58	--------	d-----w-	c:\users\Heiko\AppData\Local\temp
2012-03-13 18:52 . 2012-03-13 18:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-13 17:09 . 2012-03-13 17:09	--------	d-----w-	C:\_OTL
2012-03-12 19:23 . 2012-03-12 19:23	--------	d-----w-	c:\program files\ESET
2012-03-12 16:37 . 2012-03-12 16:37	--------	d-----w-	c:\users\Heiko\AppData\Roaming\Malwarebytes
2012-03-12 16:37 . 2012-03-12 16:37	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-12 16:37 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-12 16:37 . 2012-03-12 16:37	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-27 10:36 . 2012-02-27 10:36	--------	d-----w-	c:\program files\CCleaner
2012-02-16 08:45 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 13:39 . 2011-05-16 16:27	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-12-19 12:52	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 18:57 . 2011-10-14 16:15	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-08 06:03 . 2012-03-09 16:56	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{13FB42D0-E59C-4D54-9079-DE65A90FA27E}\mpengine.dll
2012-01-12 19:52 . 2012-02-16 08:45	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-02-02 12:07 . 2011-07-08 08:25	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"HostManager"="c:\program files\Common Files\AOL\1189262390\ee\AOLSoftware.exe" [2006-09-26 50736]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-12 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-12-08 12:51	774144	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = 
mStart Page = 
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-SkypeM - c:\users\Heiko\AppData\Local\Skype\Skype.exe
AddRemove-AOL Toolbar 4.0 - c:\program files\AOL\AOL Toolbar 4.0\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-13 19:59
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\StkASv2K.exe
c:\windows\wanmpsvc.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\iashost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-13  20:11:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-13 19:10
.
Vor Suchlauf: 18 Verzeichnis(se), 25.829.949.440 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 25.380.245.504 Bytes frei
.
- - End Of File - - 37039091CC43C4EE154CD415DA2D7297
         
So wie schauts aus?

Alt 13.03.2012, 20:24   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
5O euro Trojaner - Standard

5O euro Trojaner



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________

__________________

Alt 13.03.2012, 21:13   #18
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



So hier erstmal das GMER log, werde jetzt mit osram weiter machen...

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-13 21:09:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HDT722525DLA380 rev.V44OA96A
Running: zpxktv20.exe; Driver: C:\Users\Heiko\AppData\Local\Temp\fwdoipoc.sys


---- System - GMER 1.0.15 ----

SSDT            885189D6                                                                                                                                             ZwCreateSection
SSDT            885189E0                                                                                                                                             ZwRequestWaitReplyPort
SSDT            885189DB                                                                                                                                             ZwSetContextThread
SSDT            885189E5                                                                                                                                             ZwSetSecurityObject
SSDT            885189EA                                                                                                                                             ZwSystemDebugControl
SSDT            88518977                                                                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                                                        820C0998 4 Bytes  [D6, 89, 51, 88] {SALC ; MOV [ECX-0x78], EDX}
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                                                        820C0CBC 4 Bytes  [E0, 89, 51, 88]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                                                        820C0CF0 4 Bytes  [DB, 89, 51, 88]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                                                        820C0D54 4 Bytes  [E5, 89, 51, 88]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                                                        820C0D9C 4 Bytes  [EA, 89, 51, 88]
.text           ...                                                                                                                                                  

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                [74367817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                 [743BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                             [7436BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                       [7435F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                 [743675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                              [7435E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                  [74398395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                     [7436DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                             [7435FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                              [7435FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                               [743571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                       [743ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                          [7438C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                             [7435D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                       [74356853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                      [7435687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                         [74362AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
__________________

Alt 13.03.2012, 21:23   #19
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:20:44 on 13.03.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"AVM FRITZ!Box SL" (AVMUNET) - "AVM GmbH" - C:\Windows\System32\DRIVERS\avmunet.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"fwdoipoc" (fwdoipoc) - ? - C:\Users\Heiko\AppData\Local\Temp\fwdoipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Syntek STK1150" (StkAMini) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkAMini.sys
"Syntek STK1150 Filter Driver" (StkScan) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkScan.sys
"UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN)" (ZD1211U(WLAN)) - "ZyDAS Technology Corporation" - C:\Windows\System32\DRIVERS\zd1211u.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Program Files\ICQLite\ICQLiteShell.dll
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "Ulead UDF Driver" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Empowering Technology Monitor" - ? - C:\Windows\system32\SysMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ATICCC" - ? - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"  (File found, but it contains no detailed information)
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"HostManager" - "America Online, Inc." - C:\Program Files\Common Files\AOL\1189262390\ee\AOLSoftware.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Syntek STK1150 Service" (StkASSrv) - "Syntek America Inc." - C:\Windows\System32\StkASv2K.exe
"WAN Miniport (ATW) Service" (WANMiniportService) - "America Online, Inc." - C:\Windows\wanmpsvc.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\ACER(N~1.SCR  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 13.03.2012, 22:46   #20
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 21:24:49
-----------------------------
21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2
21:24:49.753    Number of processors: 2 586 0xF02
21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko
21:25:04.854    Initialize success
21:30:29.650    AVAST engine defs: 12031300
21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3
21:31:02.472    Disk 0 MBR read successfully
21:31:02.472    Disk 0 MBR scan
21:31:02.628    Disk 0 unknown MBR code
21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63
21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980
21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485
21:31:02.878    Disk 0 scanning sectors +488392065
21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers
21:32:04.763    Service scanning
21:32:31.720    Modules scanning
21:33:34.479    Disk 0 trace - called modules:
21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 
21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]
21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]
21:33:35.540    AVAST engine scan C:\Windows
21:34:06.225    AVAST engine scan C:\Windows\system32
21:40:44.696    AVAST engine scan C:\Windows\system32\drivers
21:41:00.623    AVAST engine scan C:\Users\Heiko
22:06:29.536    AVAST engine scan C:\ProgramData
22:15:01.325    Scan finished successfully
22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 21:24:49
-----------------------------
21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2
21:24:49.753    Number of processors: 2 586 0xF02
21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko
21:25:04.854    Initialize success
21:30:29.650    AVAST engine defs: 12031300
21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3
21:31:02.472    Disk 0 MBR read successfully
21:31:02.472    Disk 0 MBR scan
21:31:02.628    Disk 0 unknown MBR code
21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63
21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980
21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485
21:31:02.878    Disk 0 scanning sectors +488392065
21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers
21:32:04.763    Service scanning
21:32:31.720    Modules scanning
21:33:34.479    Disk 0 trace - called modules:
21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 
21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]
21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]
21:33:35.540    AVAST engine scan C:\Windows
21:34:06.225    AVAST engine scan C:\Windows\system32
21:40:44.696    AVAST engine scan C:\Windows\system32\drivers
21:41:00.623    AVAST engine scan C:\Users\Heiko
22:06:29.536    AVAST engine scan C:\ProgramData
22:15:01.325    Scan finished successfully
22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
22:34:48.559    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:48.567    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 21:24:49
-----------------------------
21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2
21:24:49.753    Number of processors: 2 586 0xF02
21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko
21:25:04.854    Initialize success
21:30:29.650    AVAST engine defs: 12031300
21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3
21:31:02.472    Disk 0 MBR read successfully
21:31:02.472    Disk 0 MBR scan
21:31:02.628    Disk 0 unknown MBR code
21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63
21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980
21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485
21:31:02.878    Disk 0 scanning sectors +488392065
21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers
21:32:04.763    Service scanning
21:32:31.720    Modules scanning
21:33:34.479    Disk 0 trace - called modules:
21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 
21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]
21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]
21:33:35.540    AVAST engine scan C:\Windows
21:34:06.225    AVAST engine scan C:\Windows\system32
21:40:44.696    AVAST engine scan C:\Windows\system32\drivers
21:41:00.623    AVAST engine scan C:\Users\Heiko
22:06:29.536    AVAST engine scan C:\ProgramData
22:15:01.325    Scan finished successfully
22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
         


Alt 14.03.2012, 15:11   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
5O euro Trojaner - Standard

5O euro Trojaner



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
--> 5O euro Trojaner

Alt 14.03.2012, 18:55   #22
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



Hoffe das hat geklappt, ging mir sehr schnell das ganze..
Disk0 Windows 600MBR Fixed Successfully

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 21:24:49
-----------------------------
21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2
21:24:49.753    Number of processors: 2 586 0xF02
21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko
21:25:04.854    Initialize success
21:30:29.650    AVAST engine defs: 12031300
21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3
21:31:02.472    Disk 0 MBR read successfully
21:31:02.472    Disk 0 MBR scan
21:31:02.628    Disk 0 unknown MBR code
21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63
21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980
21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485
21:31:02.878    Disk 0 scanning sectors +488392065
21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers
21:32:04.763    Service scanning
21:32:31.720    Modules scanning
21:33:34.479    Disk 0 trace - called modules:
21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 
21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]
21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]
21:33:35.540    AVAST engine scan C:\Windows
21:34:06.225    AVAST engine scan C:\Windows\system32
21:40:44.696    AVAST engine scan C:\Windows\system32\drivers
21:41:00.623    AVAST engine scan C:\Users\Heiko
22:06:29.536    AVAST engine scan C:\ProgramData
22:15:01.325    Scan finished successfully
22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 21:24:49
-----------------------------
21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2
21:24:49.753    Number of processors: 2 586 0xF02
21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko
21:25:04.854    Initialize success
21:30:29.650    AVAST engine defs: 12031300
21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3
21:31:02.472    Disk 0 MBR read successfully
21:31:02.472    Disk 0 MBR scan
21:31:02.628    Disk 0 unknown MBR code
21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63
21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980
21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485
21:31:02.878    Disk 0 scanning sectors +488392065
21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers
21:32:04.763    Service scanning
21:32:31.720    Modules scanning
21:33:34.479    Disk 0 trace - called modules:
21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 
21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]
21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]
21:33:35.540    AVAST engine scan C:\Windows
21:34:06.225    AVAST engine scan C:\Windows\system32
21:40:44.696    AVAST engine scan C:\Windows\system32\drivers
21:41:00.623    AVAST engine scan C:\Users\Heiko
22:06:29.536    AVAST engine scan C:\ProgramData
22:15:01.325    Scan finished successfully
22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
22:34:48.559    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:48.567    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 21:24:49
-----------------------------
21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2
21:24:49.753    Number of processors: 2 586 0xF02
21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko
21:25:04.854    Initialize success
21:30:29.650    AVAST engine defs: 12031300
21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3
21:31:02.472    Disk 0 MBR read successfully
21:31:02.472    Disk 0 MBR scan
21:31:02.628    Disk 0 unknown MBR code
21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63
21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980
21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485
21:31:02.878    Disk 0 scanning sectors +488392065
21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers
21:32:04.763    Service scanning
21:32:31.720    Modules scanning
21:33:34.479    Disk 0 trace - called modules:
21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 
21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]
21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]
21:33:35.540    AVAST engine scan C:\Windows
21:34:06.225    AVAST engine scan C:\Windows\system32
21:40:44.696    AVAST engine scan C:\Windows\system32\drivers
21:41:00.623    AVAST engine scan C:\Users\Heiko
22:06:29.536    AVAST engine scan C:\ProgramData
22:15:01.325    Scan finished successfully
22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
22:34:48.559    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:34:48.567    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
22:36:05.948    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
22:36:05.957    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"





aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 18:49:40
-----------------------------
18:49:40.598    OS Version: Windows 6.0.6002 Service Pack 2
18:49:40.598    Number of processors: 2 586 0xF02
18:49:40.598    ComputerName: HEIKO-PC  UserName: Heiko
18:50:29.832    Initialize success
18:50:54.698    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
         

Alt 14.03.2012, 21:15   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
5O euro Trojaner - Standard

5O euro Trojaner



Ja und jetzt ein neues Log mit aswMBR machen wie ich gepostet habe
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.03.2012, 18:20   #24
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



Irgendwas ging da wohl gestern schief mit dem log

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-15 17:50:41
-----------------------------
17:50:41.839    OS Version: Windows 6.0.6002 Service Pack 2
17:50:41.839    Number of processors: 2 586 0xF02
17:50:41.839    ComputerName: HEIKO-PC  UserName: Heiko
17:50:45.131    Initialize success
17:56:15.577    AVAST engine defs: 12031401
17:57:08.101    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
17:58:37.026    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:58:37.041    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3
17:58:37.072    Disk 0 MBR read successfully
17:58:37.088    Disk 0 MBR scan
17:58:39.288    Disk 0 Windows VISTA default MBR code
17:58:39.303    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63
17:58:39.553    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980
17:58:39.631    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485
17:58:39.678    Disk 0 scanning sectors +488392065
17:58:39.958    Disk 0 scanning C:\Windows\system32\drivers
17:59:03.904    Service scanning
17:59:51.469    Modules scanning
17:59:58.754    Disk 0 trace - called modules:
17:59:58.785    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 
17:59:58.785    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84903030]
17:59:58.801    3 CLASSPNP.SYS[865b58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848d85e0]
18:00:00.392    AVAST engine scan C:\Windows
18:00:17.802    AVAST engine scan C:\Windows\system32
18:05:22.501    AVAST engine scan C:\Windows\system32\drivers
18:05:39.224    AVAST engine scan C:\Users\Heiko
18:13:45.236    AVAST engine scan C:\ProgramData
18:16:04.968    Scan finished successfully
18:18:18.966    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"
18:18:19.006    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
         
Ich hofe mal jetzt passts?

Alt 15.03.2012, 23:32   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
5O euro Trojaner - Standard

5O euro Trojaner



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.03.2012, 19:28   #26
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



So hier schonmal das erste log, weiter gehts mit dem nächsten..

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

16.03.2012 17:53:27
mbam-log-2012-03-16 (17-53-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 318964
Laufzeit: 1 Stunde(n), 15 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 16.03.2012, 22:25   #27
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/16/2012 at 09:54 PM

Application Version : 5.0.1146

Core Rules Database Version : 8344
Trace Rules Database Version: 6156

Scan type       : Complete Scan
Total Scan Time : 02:08:56

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 884
Memory threats detected   : 0
Registry items scanned    : 34743
Registry threats detected : 0
File items scanned        : 209586
File threats detected     : 0
         
Super schaut doch gut aus! Dank dir!

Alt 17.03.2012, 11:20   #28
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



Jetzt ist glaub ich alles Hinüber

Gestern gings noch einwandfrei, heute Morgen wollte ich den Pc anschmeisen. Geht nicht an ein hoher langezogener Piepton erklingt, kurze pause wieder der Piepton, das piept ständig. (Hab schon mal auf listen nachgesehen, glaube aber nicht das es dies ist?)

Also nochmal einschalten wollen geht nicht. Etwas gewartet dann gings, stand ne Meldung da PC Konte nicht gestarten werden. Soll Pc normal gestartet werden oder als System Repair (oder so ähnlich), hierbei wird festgestellt warum der Pc nicht gestartet werden konnte, dabei wurden einige Aktionen durchgeführt und es gab auch einen Log.
An den bin ich aber nicht rangekommen, da pc wieder abstürzte..
Erneut hochgefahren, nach den Problemen geschaut, numero eins war das ein neuer Treiber für irgendwas von AMD benötigt würde...
Nummero 2 das der PC automatisch neugestartet wurde weil Antivirus ein Problem gemeldet hatte, das warscheinlich mit einem anderen Virenprogramm zusammenhängen würde...

Waren noch 3 weitere Probleme da zu sehen , aber dann ist er mir wieder abgestürzt..

Bei dem erneuten hochfahren kam wieder ein neuer Bildschirm den ich noch nie sah, dort Stand das Windows die Digitale Signatur dieser Datei nicht überprüfen konnte!
0xc0000428

Solle eine Windows cd einlegen und reparieren, ist ein Kauf Pc und ich habe keine Windows Cd nur so eine Anytime Upgrade, die mir aber nichts nützen wird...
Habe noch zwei Datensicherungs Cds, die ich damals als ich den Pc neu hatte erstellt habe, nützen die was???

Ansonsten habe ich nur noch einige Recovery Cds von Acer ?

Soderle was mache ich nun am besten??

Alt 17.03.2012, 13:02   #29
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



Hab jetzt mal Avira deinstalliert, so erstmal läuft der Computer wieder...

Hier mal die Fehlermeldungen die ich finden konnte:

Fehler:
Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Application Error" /> 
  <EventID Qualifiers="0">1000</EventID> 
  <Level>2</Level> 
  <Task>100</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:25:55.000Z" /> 
  <EventRecordID>531116</EventRecordID> 
  <Channel>Application</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>ACER(N~1.SCR</Data> 
  <Data>0.0.0.0</Data> 
  <Data>2a425e19</Data> 
  <Data>kernel32.dll</Data> 
  <Data>6.0.6002.18005</Data> 
  <Data>49e037dd</Data> 
  <Data>0eedfade</Data> 
  <Data>0003fbae</Data> 
  <Data>38c</Data> 
  <Data>01cd042855678e80</Data> 
  </EventData>
  </Event>
         
Code:
ATTFilter
 <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="volsnap" /> 
  <EventID Qualifiers="49158">35</EventID> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-11T22:53:41.780Z" /> 
  <EventRecordID>458213</EventRecordID> 
  <Channel>System</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>\Device\HarddiskVolumeShadowCopy17</Data> 
  <Data>C:</Data> 
  <Binary>000000000200300000000000230006C000000000000000000E000000000000000000000000000000</Binary> 
  </EventData>
  </Event>
         
Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> 
  <EventID Qualifiers="49152">4609</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>16</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:26:57.000Z" /> 
  <EventRecordID>531122</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>Application</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="param1">d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp</Data> 
  <Data Name="param2">45</Data> 
  <Data Name="param3">8007043c</Data> 
  </EventData>
  </Event>
         
Code:
ATTFilter
Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> 
  <EventID Qualifiers="49152">4609</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>16</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T09:33:31.000Z" /> 
  <EventRecordID>531108</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>Application</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="param1">d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp</Data> 
  <Data Name="param2">45</Data> 
  <Data Name="param3">8007043c</Data> 
  </EventData>
  </Event>
         
Dieser Fehler gleich 11Mal:
Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> 
  <EventID Qualifiers="49152">10005</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:34:15.000Z" /> 
  <EventRecordID>461992</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>System</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="param1">1068</Data> 
  <Data Name="param2">BITS</Data> 
  <Data Name="param3" /> 
  <Data Name="param4">{4991D34B-80A1-4291-83B6-3328366B9097}</Data> 
  </EventData>
  </Event>
         
Warnungen:

Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-RasSstp" Guid="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}" EventSourceName="RasSstp" /> 
  <EventID Qualifiers="0">18</EventID> 
  <Version>0</Version> 
  <Level>3</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:36:09.000Z" /> 
  <EventRecordID>462079</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>System</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="Error Message">Das System kann die angegebene Datei nicht finden.</Data> 
  </EventData>
  </Event>
         
Code:
ATTFilter
 <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="cdrom" /> 
  <EventID Qualifiers="32772">51</EventID> 
  <Level>3</Level> 
  <Task>0</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-16T21:32:20.719Z" /> 
  <EventRecordID>461658</EventRecordID> 
  <Channel>System</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>\Device\CdRom0</Data> 
  <Binary>0F0068000100000000000000330004802D010000150000C000000000000000000000000000000000DC2C010000000000FFFFFFFF01000000400000C40200000000200A1248020040000000000401000000000000F012798500000000C004718548BC09840000000028000000000000000200000000000000700005000000000A00000000210000000000000000000000</Binary> 
  </EventData>
  </Event>
         
Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="RemoteAccess" /> 
  <EventID Qualifiers="0">20192</EventID> 
  <Level>3</Level> 
  <Task>0</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:36:18.000Z" /> 
  <EventRecordID>462089</EventRecordID> 
  <Channel>System</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
  <EventData /> 
  </Event>
         
Fehler:
Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" /> 
  <EventID Qualifiers="49152">7026</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:17:14.000Z" /> 
  <EventRecordID>461983</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>System</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="param1">avipbb avkmgr spldr ssmdrv Wanarpv6</Data> 
  </EventData>
  </Event>
         
Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> 
  <EventID Qualifiers="49152">4609</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>16</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:26:57.000Z" /> 
  <EventRecordID>531122</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>Application</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="param1">d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp</Data> 
  <Data Name="param2">45</Data> 
  <Data Name="param3">8007043c</Data> 
  </EventData>
  </Event>
         
Code:
ATTFilter
- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-CodeIntegrity" Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" /> 
  <EventID>3001</EventID> 
  <Version>0</Version> 
  <Level>3</Level> 
  <Task>1</Task> 
  <Opcode>101</Opcode> 
  <Keywords>0x8000000000000000</Keywords> 
  <TimeCreated SystemTime="2012-03-17T10:35:46.910Z" /> 
  <EventRecordID>19815</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="4" ThreadID="8" /> 
  <Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel> 
  <Computer>Heiko-PC</Computer> 
  <Security UserID="S-1-5-18" /> 
  </System>
- <EventData>
  <Data Name="FileNameLength">30</Data> 
  <Data Name="FileNameBuffer">system32\drivers\PSDNServ.sys</Data> 
  </EventData>
  </Event>
         
Im ACEEventlog gibts noch ettliche informationen von Fehlern heute...


Das eine log von diesem System Repair konnte ich aber nicht finden..

Im moment geht der PC weider

Alt 17.03.2012, 14:19   #30
reggie
 
5O euro Trojaner - Standard

5O euro Trojaner



Hab jetzt das eine Log gefunden:

Code:
ATTFilter
Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: 3/16/2012 9:13:38 PM (GMT)
Number of repair attempts: 1

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 218 ms

Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 140 ms

Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 219 ms

Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 15 ms

Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 578 ms

Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: Boot status test
Result: Completed successfully. Error code =  0x0
Time taken = 15 ms

Test Performed: 
---------------------------
Name: Setup state check
Result: Completed successfully. Error code =  0x0
Time taken = 952 ms

Test Performed: 
---------------------------
Name: Registry hives test
Result: Completed successfully. Error code =  0x0
Time taken = 3120 ms

Test Performed: 
---------------------------
Name: Windows boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: Bugcheck analysis
Result: Completed successfully. Error code =  0x0
Time taken = 1154 ms

Test Performed: 
---------------------------
Name: Access control test
Result: Completed successfully. Error code =  0x0
Time taken = 27035 ms

Test Performed: 
---------------------------
Name: File system test (chkdsk)
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: Software installation log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: Fallback diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Root cause found: 
---------------------------
Unspecified changes to system configuration might have caused the problem.

Repair action: System Restore
Result: Completed successfully. Error code =  0x0
Time taken = 68125 ms

---------------------------
---------------------------
         
Komisch im Log steht 16.3 obwohl doch heute der 17.3 ist ???? Datum und Uhrzeit des PC stimmt...

Antwort

Themen zu 5O euro Trojaner
acrobat update, administrator, adobe, antivir, avg, avira, bho, browser, computer, dateisystem, defender, desktop, euro, exe, explorer, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, internet explorer, microsoft, opera, performance, plug-in, popup, programme, safer networking, seiten, trojane, trojaner, vista, windows




Ähnliche Themen: 5O euro Trojaner


  1. 100 Euro Trojaner WIN xp 64 bit
    Log-Analyse und Auswertung - 28.06.2012 (1)
  2. Windows/Verschluesselungstrojaner WinXP *100 Euro Paysafe / 50 Euro Ucash
    Log-Analyse und Auswertung - 03.05.2012 (11)
  3. 50 euro trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (6)
  4. 50 Euro Trojaner
    Log-Analyse und Auswertung - 04.04.2012 (3)
  5. 50 euro trojaner
    Log-Analyse und Auswertung - 03.04.2012 (21)
  6. 50 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (4)
  7. 50 Euro Trojaner
    Log-Analyse und Auswertung - 27.03.2012 (10)
  8. 50 Euro Trojaner
    Log-Analyse und Auswertung - 20.03.2012 (21)
  9. AKM Trojaner 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (16)
  10. 50 euro trojaner
    Log-Analyse und Auswertung - 10.03.2012 (1)
  11. 50 Euro Sperre, 50 Euro Virus
    Log-Analyse und Auswertung - 12.02.2012 (14)
  12. 50 euro trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (1)
  13. 50 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.01.2012 (1)
  14. 50 Euro Trojaner
    Log-Analyse und Auswertung - 04.01.2012 (9)
  15. 50 Euro Trojaner
    Log-Analyse und Auswertung - 03.01.2012 (1)
  16. BKA-Trojaner 100 Euro
    Log-Analyse und Auswertung - 27.07.2011 (5)
  17. BKA Trojaner 100 Euro..
    Log-Analyse und Auswertung - 05.06.2011 (1)

Zum Thema 5O euro Trojaner - So hier der Kombofix Code: Alles auswählen Aufklappen ATTFilter ComboFix 12-03-13.01 - Heiko 13.03.2012 19:41:27.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.894.295 [GMT 1:00] ausgeführt von:: c:\users\Heiko\Desktop\ComboFix.exe SP: Windows - 5O euro Trojaner...
Archiv
Du betrachtest: 5O euro Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.