|
Log-Analyse und Auswertung: O17 ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.01.2009, 14:59 | #1 |
| O17 Problem Hallo habe mir wohl einen Trojaner geangelt, der mich bei link sporadisch auf andere Seiten lenkt. Hier mein Log File Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:55:38, on 24.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4CEC2C-EE29-4304-8E58-6AEADCDBE2BE}: NameServer = 85.255.115.21,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D03372-313B-4DB5-A32A-10C1FF4D2F95}: NameServer = 85.255.115.21,85.255.112.91 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.21,85.255.112.91 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.21,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.21,85.255.112.91 O23 - Service: McAfee Application Installer Cleanup (0234671230059253) (0234671230059253mcinstcleanup) - Unknown owner - C:\Users\Leif\AppData\Local\Temp\023467~1.EXE (file missing) O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 7241 bytes Folgendes Problem: Wenn ich die unbekannten DNS Verweise lösche, wird überhaupt keine dns mehr aufgelöst, folglich kann ich gar keine Seiten mehr öffnen. Hat jemand ne Idee, was ich machen könnte? |
24.01.2009, 20:42 | #2 |
/// the machine /// TB-Ausbilder | O17 Problemhi und Gmer scannen lassen Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
__________________ |
24.01.2009, 22:07 | #3 |
| O17 Problem GMER 1.0.14.14536 - http://www.gmer.net
__________________Rootkit scan 2009-01-24 22:06:28 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.14 ---- SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenProcess [0x9A5A1BCE] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenThread [0x9A5A1CBC] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwTerminateProcess [0x9A5A1B32] INT 0x52 ? 86890BF8 INT 0x62 ? 86890BF8 INT 0x62 ? 86890BF8 INT 0x62 ? 86890BF8 INT 0x81 ? 85963BF8 INT 0x91 ? 85963BF8 INT 0xA1 ? 86890BF8 INT 0xB3 ? 86890BF8 ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!KeSetTimerEx + 624 81CBCBE8 4 Bytes [ CE, 1B, 5A, 9A ] .text ntkrnlpa.exe!KeSetTimerEx + 640 81CBCC04 4 Bytes [ BC, 1C, 5A, 9A ] .text ntkrnlpa.exe!KeSetTimerEx + 854 81CBCE18 4 Bytes [ 32, 1B, 5A, 9A ] ? System32\Drivers\spha.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload 8238D46F 5 Bytes JMP 868901D8 .text au95t2v4.SYS 8F2CE000 22 Bytes [ 26, 42, FC, 81, 10, 41, FC, ... ] .text au95t2v4.SYS 8F2CE017 130 Bytes [ 00, 32, 97, 71, 80, 3D, 95, ... ] .text au95t2v4.SYS 8F2CE09A 14 Bytes [ C5, 81, 9C, 83, C5, 81, 60, ... ] .text au95t2v4.SYS 8F2CE0A9 35 Bytes [ 70, C5, 81, A0, 67, C5, 81, ... ] .text au95t2v4.SYS 8F2CE0CE 10 Bytes [ 00, 00, 00, 00, 00, 00, 57, ... ] .text ... ---- User code sections - GMER 1.0.14 ---- .text C:\Users\Leif\Downloads\gmer\gmer.exe[3160] kernel32.dll!WriteFile + 6 76CCC90C 1 Byte [ CC ] ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806106D2] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80610040] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806107FC] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806100BE] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8061013C] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortNotification] 0F2D5338 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortWritePortUchar] 0001A985 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortWritePortUlong] 2F533800 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 01A0850F IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 57560000 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortGetScatterGatherList] BF59046A IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortReadPortUchar] [8F2F2028] \SystemRoot\System32\Drivers\au95t2v4.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortStallExecution] 3350738D IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortGetParentBusType] 0FA7F3C0 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortRequestCallback] 00018785 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 08553900 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00FD850F IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortCompleteRequest] 8B660000 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortMoveMemory] 89664443 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458BEC45 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 02C083EC IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] EE458966 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortReadPortUshort] 0340438B IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] F04589C3 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortInitialize] 5008458D IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortGetDeviceBase] 68525252 IAT \SystemRoot\System32\Drivers\au95t2v4.SYS[ataport.SYS!AtaPortDeviceStateChange] 90000000 ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73667BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [736A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7366D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7365F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73667599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7365E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7369B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7366D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7366012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73660095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [736571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [736ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [736875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7365DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7365668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [736566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73661E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 859681F8 Device \Driver\netbt \Device\NetBT_Tcpip_{C4D03372-313B-4DB5-A32A-10C1FF4D2F95} 874FE3A0 Device \Driver\netbt \Device\NetBT_Tcpip_{2C4CEC2C-EE29-4304-8E58-6AEADCDBE2BE} 874FE3A0 Device \Driver\volmgr \Device\VolMgrControl 859651F8 Device \Driver\usbohci \Device\USBPDO-0 868921F8 Device \Driver\usbohci \Device\USBPDO-1 868921F8 Device \Driver\usbehci \Device\USBPDO-2 868931F8 Device \Driver\usbohci \Device\USBPDO-3 868921F8 Device \Driver\usbohci \Device\USBPDO-4 868921F8 AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys Device \Driver\usbehci \Device\USBPDO-5 868931F8 Device \Driver\USBSTOR \Device\00000070 871181F8 Device \Driver\volmgr \Device\HarddiskVolume1 859651F8 Device \Driver\sptd \Device\1981869667 spha.sys Device \Driver\volmgr \Device\HarddiskVolume2 859651F8 Device \Driver\cdrom \Device\CdRom0 86895500 Device \Driver\volmgr \Device\HarddiskVolume3 859651F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859671F8 Device \Driver\atapi \Device\Ide\IdePort0 859671F8 Device \Driver\atapi \Device\Ide\IdePort1 859671F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 859671F8 Device \Driver\cdrom \Device\CdRom1 86895500 Device \Driver\volmgr \Device\HarddiskVolume4 859651F8 Device \Driver\volmgr \Device\HarddiskVolume5 859651F8 Device \Driver\volmgr \Device\HarddiskVolume6 859651F8 Device \Driver\netbt \Device\NetBt_Wins_Export 874FE3A0 Device \Driver\volmgr \Device\HarddiskVolume7 859651F8 Device \Driver\Smb \Device\NetbiosSmb 873B2500 Device \Driver\iScsiPrt \Device\RaidPort0 868341F8 Device \Driver\PCI_PNP3651 \Device\0000004f spha.sys AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys Device \Driver\USBSTOR \Device\0000006a 871181F8 Device \Driver\usbohci \Device\USBFDO-0 868921F8 Device \Driver\usbohci \Device\USBFDO-1 868921F8 Device \Driver\USBSTOR \Device\0000006d 871181F8 Device \Driver\usbehci \Device\USBFDO-2 868931F8 Device \Driver\USBSTOR \Device\0000006e 871181F8 Device \Driver\usbohci \Device\USBFDO-3 868921F8 Device \Driver\USBSTOR \Device\0000006f 871181F8 Device \Driver\usbohci \Device\USBFDO-4 868921F8 Device \Driver\usbehci \Device\USBFDO-5 868931F8 Device \Driver\au95t2v4 \Device\Scsi\au95t2v41Port3Path0Target0Lun0 869AF500 Device \Driver\au95t2v4 \Device\Scsi\au95t2v41 869AF500 Device \FileSystem\cdfs \Cdfs 87D531F8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x83 0x3D 0x24 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0x8D 0x33 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x87 0xB0 0x1E 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0x91 0x0D 0x72 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x83 0x3D 0x24 0x98 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0x8D 0x33 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x87 0xB0 0x1E 0xAB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0x91 0x0D 0x72 ... ---- EOF - GMER 1.0.14 ---- |
24.01.2009, 22:11 | #4 |
/// the machine /// TB-Ausbilder | O17 Problem Anleitung SmitfraudFix (by S!Ri) Klick auf das Symbol und lies die Anleitung -> und lass das System durchsuchen. (Option 2)
lass das tool danach mit option 5 laufen im normalmodus!
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.01.2009, 22:46 | #5 |
| O17 Problem SmitFraudFix v2.391 Scan done at 22:42:33,69, 24.01.2009 Run from C:\Users\Leif\Desktop\SmitfraudFix OS: Microsoft Windows [Version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{2C4CEC2C-EE29-4304-8E58-6AEADCDBE2BE}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{2C4CEC2C-EE29-4304-8E58-6AEADCDBE2BE}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{2C4CEC2C-EE29-4304-8E58-6AEADCDBE2BE}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
24.01.2009, 22:57 | #6 |
/// the machine /// TB-Ausbilder | O17 Problem schliesse bitte alle externen medien an!
__________________ --> O17 Problem |
Themen zu O17 Problem |
1.exe, bho, bonjour, computer, defender, desktop, document, excel, explorer, firefox, hijack, hijackthis, internet, internet explorer, local\temp, log, mein log, mozilla, pdf, problem, refresh, rundll, seiten, software, system, temp, trojaner, verweise, virus, vista, windows, windows defender, windows sidebar |