| |
| |||||||
Log-Analyse und Auswertung: searchnu hat sich als Startseite eingenistetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.03.2012, 20:17
| #1 |
 |  searchnu hat sich als Startseite eingenistet Hallo Boardmembers, Seit ca. 3 Tagen hat sich meine Internet Startseite von Google auf wXX.searchnu.com/406 umgestellt. Ich habe schon mehrmals erfolglos versucht im Browser wieder auf Google umzustellen. In verschiedenen englisch sprachigen Foren habe ich herausgefunden, dass es sich offensichtlich um einen Trojaner handelt, der durch die Searchqu Toolbar verursacht wird. Meine Frau meint, sie hätte kürzlich unbeabsichtigt einen Download auf einer Website gestartet. Danach hat sie die Anwendung aber mit CCleaner wieder deinstalliert. Sie kann nicht mehr mit Sicherheit sagen um welche Anwendung und welche WEbseite es sich handelte. Ich danke Euch schon Vorab für jegliche Unterstützung. Hier die Logfiles von DDS und GMER: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by Marina at 17:38:52 on 2012-03-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3066.1844 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\lg_swupdate\GiljabiStart.exe C:\Program Files\LG Software\LG OSD\HotKey.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\LG Software\LG Magnifier\Maglev.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conime.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchnu.com/406 uDefault_Page_URL = hxxp://www.lge.com mDefault_Page_URL = hxxp://www.lge.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [LG Intelligent Update] "c:\program files\lg_swupdate\giljabistart.exe" Gilautouc mRun: [KeybdUtility] c:\program files\lg software\lg osd\HotKey.exe mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [LGSR_Menu] "c:\program files\lg software\lg smart recovery\muitransfer\muistartmenu.exe" "c:\program files\lg software\lg smart recovery" updatewithcreateonce software\cyberlink\PowerRecover mRun: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [BatteryMiser 5] c:\program files\lg software\batterymiser\BatteryMiser5.exe mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: bmnet.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{054F3BEF-DCDE-48C5-A63F-4098EC0B9CBB} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D79A7E95-6A18-4529-9663-C3B1F528166E} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: SEH: BatteryMiser PSAP Class: {26f5978f-6493-4ee3-b114-c0c3accf9d4d} - c:\windows\system32\bmpsap.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\marina\appdata\roaming\mozilla\firefox\profiles\zm0rp9h2.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\users\marina\appdata\roaming\mozilla\firefox\profiles\zm0rp9h2.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll FF - component: c:\users\marina\appdata\roaming\mozilla\firefox\profiles\zm0rp9h2.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\marina\appdata\roaming\mozilla\firefox\profiles\zm0rp9h2.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\plugins\npgbfnc_abn.dll FF - plugin: c:\users\marina\appdata\roaming\mozilla\firefox\profiles\zm0rp9h2.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-3-28 228376] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-5-31 10368] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 FontCache;Serviço de Cache de Fontes do Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-11 1153368] R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-11 9216] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-9-2 224384] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-11 3662848] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-31 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-31 8456] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-2-19 112128] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-30 36608] S3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-2-19 102912] S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2008-5-26 81704] . =============== Created Last 30 ================ . 2012-03-18 12:58:31 -------- d-----w- c:\programdata\boost_interprocess 2012-03-16 14:22:44 -------- dc----w- c:\program files\iTunes 2012-03-14 17:56:09 -------- d-----w- c:\users\marina\appdata\local\Ilivid Player 2012-03-14 17:55:37 -------- dc----w- c:\program files\iLivid 2012-03-14 17:54:48 -------- d-----w- c:\users\marina\appdata\local\PackageAware 2012-03-14 12:26:40 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 12:26:39 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 12:26:39 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 12:26:39 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 12:26:39 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 12:26:39 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 12:26:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-03-14 12:26:22 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 12:26:21 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-06 15:20:13 -------- dc----w- c:\program files\iPod 2012-03-06 15:20:12 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-03-06 15:18:04 -------- dc----w- c:\program files\Bonjour 2012-02-26 11:19:25 -------- d-----w- c:\users\marina\appdata\roaming\EurekaLog 2012-02-18 18:20:08 -------- d-----w- c:\users\marina\.thumbnails 2012-02-18 18:18:43 -------- d-----w- c:\users\marina\.gimp-2.6 2012-02-18 18:17:36 -------- dc----w- c:\program files\GIMP-2.0 . ==================== Find3M ==================== . 2012-02-17 22:03:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 17:40:26,65 =============== DDS ATTACH: . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 28/03/2009 13:53:25 System Uptime: 18/03/2012 17:34:40 (0 hours ago) . Motherboard: LG Electronics | | Montevina Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2401/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 148 GiB total, 79,788 GiB free. D: is FIXED (NTFS) - 139 GiB total, 88,746 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Adaptador do Microsoft 6to4 Device ID: ROOT\*6TO4MP\0012 Manufacturer: Microsoft Name: Adaptador do Microsoft 6to4 #6 PNP Device ID: ROOT\*6TO4MP\0012 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) AC3Filter (remove only) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.0 - Português Apple Application Support Apple Mobile Device Support Apple Software Update µTorrent Atualização do produto Microsoft Office Excel 2007 Help (KB963678) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualização do produto Microsoft Office Word 2007 Help (KB963665) Audacity 1.2.6 AVG 2012 BatteryMiser 5 Bonjour Brother MFL-Pro Suite MFC-490CW CCleaner CDBurnerXP CyberLink YouCam D3DX10 Dropbox e-Wörterbücher EASEUS Partition Master 4.1.1 Home Edition Exact Audio Copy 0.99pb5 EzManual FreeRIP v3.5 GIMP 2.6.12 Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iCloud ImgBurn Instalação do DivX Intel(R) Network Connections 13.0.42.0 Intel® Matrix Storage Manager e Intel® Turbo Memory Intel® Turbo Memory Iomega Encryption IrfanView (remove only) IRPF2010 - Declaração de Ajuste Anual e Final de Espólio IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País iTunes Java Auto Updater Java(TM) 6 Update 30 Lern-o-Mat LG Fan Mode Tile for Windows Mobility Center LG Intelligent Update LG Magnifier LG OSD LG Smart Indicator LG Smart Recovery LG TouchPad Tile for Windows Mobility Center MagicDisc 2.7.106 MediaMonkey 4.0 Microsoft .NET Framework 3.5 Language Pack SP1 - ptb Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile PTB Language Pack Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Mozilla Firefox 10.0.2 (x86 pt-BR) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neroxml NVIDIA Drivers OGA Notifier 2.0.0048.0 Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) PaperPort Image Printer PDFCreator phase-6 2.1.2.1b QuickTime Realtek High Definition Audio Driver Receitanet Java 2010.02a RemoteComms External Disk Access Revo Uninstaller 1.83 SAMSUNG Mobile Composite Device Software SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung New PC Studio USB Driver Installer ScanSoft PaperPort 11 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663) Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870) Segoe UI Shutterfly Express Uploader Skype Click to Call Skype™ 5.5 SpeechRedist Spybot - Search & Destroy Subtitle Workshop 2.51 Synaptics Pointing Device Driver Uninstall 1.0.0.1 Unreal Tournament 2004 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 VLC media player 1.0.5 Vodafone Mobile Connect Lite WBFS Manager 3.0 Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR . ==== End Of File =========================== GMER GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-03-18 19:05:49 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000 Running: dizld5nq.exe; Driver: C:\Users\Marina\AppData\Local\Temp\agdiakog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA3926F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA3926FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA3927080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA392711C] INT 0x01 \??\C:\Users\Marina\AppData\Local\Temp\mbr.sys A495FC42 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 3F1 832EDB74 4 Bytes [3C, 6F, 92, A3] .text ntkrnlpa.exe!KeSetEvent + 621 832EDDA4 8 Bytes [E4, 6F, 92, A3, 80, 70, 92, ...] {IN AL, 0x6f; XCHG EDX, EAX; MOV [0xa3927080], EAX} .text ntkrnlpa.exe!KeSetEvent + 681 832EDE04 4 Bytes [1C, 71, 92, A3] .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F607320, 0x3F5147, 0xE8000020] ? C:\Users\Marina\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Tempo de Execução da Estrutura de Driver em Modo Kernel/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Tempo de Execução da Estrutura de Driver em Modo Kernel/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gerenciador de Filtro do Filesystem Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df05833e2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001eb21690c9 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df05833e2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001eb21690c9 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- |
| Themen zu searchnu hat sich als Startseite eingenistet |
| 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, avg, bonjour, browser, cpu, defender, driver./avg, error, excel, firefox, flash player, fontcache, google, google earth, home, internet, microsoft office word, monitor, mozilla, office 2007, plug-in, registry, rundll, searchnu, searchqu, searchqu toolbar, security, sicherheit, software, svchost.exe, system, trojaner, udp, vista 32 bit, vodafone, windows |
Baum-Darstellung