| |
| |||||||
Log-Analyse und Auswertung: RootKit ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.09.2009, 19:43
| #1 |
| |  RootKit Problem Guten Abend Dies ist mein erstes Thema und ich hoffe ich mach alles richtig Ich hab das folgende Problem und zwar ein sehr großes Ich habe, glaube ich, ein RootKit eingefangen  Gestern als ich avast! durchlaufen ließ hat er ein RootKit gefunden die ich gelöscht hab. Heut Mittag (bis dahin hatte ich den PC nicht eingeschaltet) ging der PC nicht an sondern ist bei "Willkommen" nach der Passworteingabe hängengeblieben. (Ich habe XP SP2). Erst als ich eine Stunde lang im Bios gefummelt hab ging der an(Ich mache Praktikum bei PC++ wo ich etwas Erfahrung habe). Nun ja nicht mal der abgesicherte Modus hat geklappt. Auf jeden Fall 5 Minuten nach dem Start hat avast 2 RootKits gefunden, die ich widerrum gelöscht hab und 3 Internetseiten geblockt. Der PC ist 30 Minuten danach von neu gestartet (von allein). Nach dem Einschalten kam eine Fehlermeldung das ich einen Virusschutz kaufen soll und ging nicht mehr weg( es hat sogar von allein eins versucht herunterzuladen, das habe ich jedoch sofort abgebrochen). Mein avast! ward dann auch geblockt 0 Provider Aktiv. Ich habe GMER heruntergeladen was sich nicht öffnen ließ, weshalb ich es gelöscht hab. Dann ist explorer.exe abgestürzt (glaub ich mal) und jetzt ist nichts mehr aktiv außer Audio. Ich habe GMER wiederhergestellt und habe es umbennant in xD mit was es sich dann öffnen ließ. Ausversehen hab ich da ein paar Sachen von Systems und Sections mit der rechten Maustaste entfernt und mache jetzt grad ein kommpletten Scan mit GMER. Ich hoffe mir kann jemand helfen Hier vor einem oder 2 Monaten der Bericht Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:27:57, on 20.07.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RNapxs.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\mdmps32.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.de.netscape.com/de/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mcilker.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [LnkSet] C:\WINDOWS\RNapxs.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/ O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dynageoviewer.cab O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spielen.com/applet/PowerLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab O16 - DPF: {990D211C-FBA4-47FB-A764-A2D7A78A79E4} (SecureLogin) - http://www.gamegarden.net/game/ggsecure.cab O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://80.237.209.20/objects/NpFp41629.dll O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.stardialer.de/StarInstall.ocx O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://controls.flatcast-data.com/data/objects/NpFv41629.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9992 bytes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:00:13, on 16.09.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Java\java6u16\bin\jusched.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Orbitdownloader\orbitdm.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Java\java6u16\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q0907241719&s=h R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.de.netscape.com/de/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mcilker.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\java6u16\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\java6u16\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\java6u16\bin\jusched.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/ O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dynageoviewer.cab O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spielen.com/applet/PowerLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab O16 - DPF: {990D211C-FBA4-47FB-A764-A2D7A78A79E4} (SecureLogin) - http://www.gamegarden.net/game/ggsecure.cab O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) - http://80.237.209.20/objects/NpFp41629.dll O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.stardialer.de/StarInstall.ocx O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://controls.flatcast-data.com/data/objects/NpFv41629.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.flatcast.com/data/objects/NpFv501.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\java6u16\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 10309 bytes GMER Scan folgt noch |
|
16.09.2009, 21:18
| #2 |
| /// Helfer-Team   | RootKit Problem Hi Samet93 und
__________________ Deine Beschreibung hört sich ja nicht allzu toll an! Code:
ATTFilter F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\sdra64.exe,
Entweder ist es eine Variante eines ZBots oder, was ich in deinem Fal eher vermute, ein Trojaner namens FakeAlert, der für die "Virenwarnungen" verantwortlich ist. Weiterer Schädling: Code:
ATTFilter O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
http://www.trojaner-board.de/69886-a...-beachten.html Poste alle anfallenden Logfiles bitte hier! Befolge außerdem bitte folgende Anleitung: http://www.trojaner-board.de/74908-a...t-scanner.html Poste bitte auch das Logfile. Viel Erfolg! Gruß Handball10 **************EDIT Was und wo wurde denn etwas von Avast! gefunden? Poste bitte das Logfile. ************************
__________________ Geändert von handball10 (16.09.2009 um 21:28 Uhr) |
|
16.09.2009, 21:48
| #3 |
| | RootKit Problem Danke für die schnelle Antwort!!!
__________________Hier die Berichte von Avast Fehler: Code:
ATTFilter 16.09.2009 22:36:14 Ramazan Ulucay 3688 Error in aswChestC: chestOpenList Error 1753.
16.09.2009 22:36:14 Ramazan Ulucay 3688 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.
16.09.2009 22:36:32 Ramazan Ulucay 3688 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
Code:
ATTFilter 12.09.2009 12:15:21 Ramazan Ulucay 1192 Sign of "HTML:SkinTrim-A [Trj]" has been found in "C:\Programme\Alwil Software\Avast4\DATA\moved\download[1].php.vir" file.
12.09.2009 15:18:08 Ramazan Ulucay 1328 Sign of "Win32:Alureon-CY [Rtk]" has been found in "C:\DOKUME~1\RAMAZA~1\LOKALE~1\Temp\d.exe" file.
14.09.2009 19:21:54 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
14.09.2009 19:22:24 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\AUTOCHK.DLL" file.
14.09.2009 19:22:27 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOKUME~1\RAMAZA~1\PROTECT.DLL" file.
15.09.2009 13:57:36 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
15.09.2009 14:07:04 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\AUTOCHK.DLL" file.
15.09.2009 14:12:43 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOKUME~1\RAMAZA~1\PROTECT.DLL" file.
15.09.2009 19:28:53 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\AUTOCHK.DLL" file.
16.09.2009 13:57:50 SYSTEM 1272 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 14:06:01 SYSTEM 1264 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 14:37:37 SYSTEM 1272 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 18:09:23 SYSTEM 1252 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 19:03:21 Ramazan Ulucay 1268 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\braviax.exe" file.
16.09.2009 19:03:45 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\dllcache\figaro.sys" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\braviax.exe" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\dllcache\figaro.sys" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\dllcache\beep.sys" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\drivers\beep.sys" file.
16.09.2009 22:39:25 Ramazan Ulucay 1168 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
Code:
ATTFilter 15.09.2009 22:41:36 SYSTEM 1276 The virus database (VPS 090915-0) was automatically updated.
16.09.2009 14:08:41 SYSTEM 1264 Automatic rootkit scan was not started as it didn't complete successfully during the last run.
16.09.2009 14:11:56 SYSTEM 1264 The virus database (VPS 090916-0) was automatically updated.
|
|
16.09.2009, 21:53
| #4 |
| /// Helfer-Team | RootKit Problem Na viel Spaß, Code:
ATTFilter 12.09.2009 12:15:21 Ramazan Ulucay 1192 Sign of "HTML:SkinTrim-A [Trj]" has been found in "C:\Programme\Alwil Software\Avast4\DATA\moved\download[1].php.vir" file.
12.09.2009 15:18:08 Ramazan Ulucay 1328 Sign of "Win32:Alureon-CY [Rtk]" has been found in "C:\DOKUME~1\RAMAZA~1\LOKALE~1\Temp\d.exe" file.
14.09.2009 19:21:54 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
14.09.2009 19:22:24 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\AUTOCHK.DLL" file.
14.09.2009 19:22:27 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOKUME~1\RAMAZA~1\PROTECT.DLL" file.
15.09.2009 13:57:36 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
15.09.2009 14:07:04 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\AUTOCHK.DLL" file.
15.09.2009 14:12:43 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOKUME~1\RAMAZA~1\PROTECT.DLL" file.
15.09.2009 19:28:53 SYSTEM 1276 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\AUTOCHK.DLL" file.
16.09.2009 13:57:50 SYSTEM 1272 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 14:06:01 SYSTEM 1264 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 14:37:37 SYSTEM 1272 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 18:09:23 SYSTEM 1252 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\sdra64.exe" file.
16.09.2009 19:03:21 Ramazan Ulucay 1268 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\braviax.exe" file.
16.09.2009 19:03:45 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\dllcache\figaro.sys" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\braviax.exe" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\dllcache\figaro.sys" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\dllcache\beep.sys" file.
16.09.2009 19:05:35 Ramazan Ulucay 1268 Sign of "Win32:FakeAV-NO [Rtk]" has been found in "C:\WINDOWS\system32\drivers\beep.sys" file.
Ich würde dir hier an der Stelle schon mal empfehlen, deine Windows-CD rauszukramen... So würde es auf jeden Fall schneller und sicherer sein. Gruß Handball10
__________________ Lustige Rechtschreibfehler des Trojanischen Pferdes "Trojan.Win32.FraudPack.ajn" Lustige Rechtschreibfehler von "XP Deluxe Protector" - Neu !! |
|
16.09.2009, 21:57
| #5 |
| | RootKit Problem Geht das nicht anders.... Ist ja nichtt mein PC sondern der meines Vaters Ich weiß sieht schlimm aus aber kannst du nicht helfen? |
|
16.09.2009, 22:02
| #6 | |
| /// Helfer-Team | RootKit ProblemZitat:
- Sicherer - Schneller - Wenn die Avastfunde so stimmen, dann wäre es das Beste. Sehen wir mal mit den Logs. Ich würde es versuchen. Würde mal sagen, du scannst noch mit GMER und MalwareBytes, stelltst die Logs hier rein, ich sehe mir das morgen an und dann schaun wir weiter. Gruß Handball10
__________________ --> RootKit Problem |
|
16.09.2009, 22:24
| #7 |
| | RootKit Problem Teil1 Code:
ATTFilter GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-16 23:17:14
Windows 5.1.2600 Service Pack 2
Running: xD.exe; Driver: C:\DOKUME~1\RAMAZA~1\LOKALE~1\Temp\ugtdipow.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 82F75BF8
INT 0x63 ? 82E0FBF8
INT 0x82 ? 82F75BF8
INT 0xB4 ? 82E0FBF8
---- Kernel code sections - GMER 1.0.15 ----
? spbj.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F772D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9A43C4C] spbj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9A43CA0] spbj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9A13040] spbj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9A1313C] spbj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9A130BE] spbj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F9A137FC] spbj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F9A136D2] spbj.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82E0F2D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9A23048] spbj.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00045926
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00045926
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00045811
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000457AC
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0004577A
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 0004542D
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00045BEB
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00045E95
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 0004542D
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00045E95
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00045BEB
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 0004542D
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00045E95
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00045926
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 0004542D
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B75926
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B75811
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B757AC
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B7577A
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00B75811
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B75926
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00B75811
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00B757AC
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B75BEB
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B75E95
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 00B7542D
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B75E95
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B75BEB
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00B7542D
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B75E95
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 00B7542D
IAT C:\WINDOWS\system32\lsass.exe[620] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 00B7542D
IAT C:\WINDOWS\system32\svchost.exe[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007C577A
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00895926
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00895811
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008957AC
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0089577A
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00895BEB
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00895E95
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 0089542D
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00895E95
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00895BEB
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 0089542D
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00895E95
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 0089542D
IAT C:\WINDOWS\system32\svchost.exe[820] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00895926
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 0089542D
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 021F5926
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 021F5811
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 021F57AC
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 021F577A
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 021F5BEB
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 021F5E95
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 021F542D
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 021F5E95
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 021F5BEB
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 021F542D
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 021F5E95
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 021F542D
IAT C:\WINDOWS\System32\svchost.exe[888] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 021F5926
IAT C:\WINDOWS\System32\svchost.exe[888] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog] 021F542D
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00625926
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00625811
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006257AC
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0062577A
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00625BEB
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00625E95
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 0062542D
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00625E95
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00625BEB
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 0062542D
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00625E95
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 0062542D
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 0062542D
IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00625926
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D85926
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D85811
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D857AC
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D8577A
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D85BEB
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D85E95
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 00D8542D
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00D85E95
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D85BEB
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00D8542D
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D85E95
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 00D8542D
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D85926
IAT C:\WINDOWS\System32\svchost.exe[1936] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 00D8542D
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405926
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405811
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004057AC
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040577A
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405BEB
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405E95
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405926
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405E95
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405BEB
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405E95
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\System32\alg.exe[2096] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405926
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405811
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004057AC
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040577A
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405BEB
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405E95
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405E95
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405BEB
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405E95
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 0040542D
IAT C:\WINDOWS\system32\spoolsv.exe[2328] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405926
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085926
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085811
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000857AC
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008577A
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085BEB
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085E95
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 0008542D
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085E95
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 0008542D
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085E95
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00085BEB
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 0008542D
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 0008542D
IAT C:\WINDOWS\system32\wuauclt.exe[2748] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085926
|
|
16.09.2009, 22:25
| #8 |
| | RootKit Problem Teil 2 Code:
ATTFilter ---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 82FE21F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 82B6D3D8
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 82E0E1F8
Device \Driver\usbuhci \Device\USBPDO-1 82E0E1F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FE41F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82FE41F8
Device \Driver\Cdrom \Device\CdRom0 82E111F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 82FE41F8
Device \Driver\Cdrom \Device\CdRom1 82E111F8
Device \Driver\atapi \Device\Ide\IdePort0 82F751F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82F751F8
Device \Driver\atapi \Device\Ide\IdePort1 82F751F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82F751F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 82F751F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82CCA1F8
Device \Driver\NetBT \Device\NetbiosSmb 82CCA1F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 82E0E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A5CE5729-5744-4A4E-98E5-372D03F89742} 82CCA1F8
Device \Driver\usbuhci \Device\USBFDO-1 82E0E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82AFB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82AFB1F8
Device \Driver\Ftdisk \Device\FtControl 82FE41F8
Device \FileSystem\Fastfat \Fat 82B6D3D8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 82B19500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDE 0x69 0xC4 0x71 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x01 0x68 0x40 0x45 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x16 0x19 0x1E 0x38 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xDC 0x34 0x31 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x0F 0x53 0x96 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x47 0x36 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD6 0x92 0xD4 0x38 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x26 0x0C 0x72 0x7D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0xE9 0xCA 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x68 0xF8 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xDC 0x34 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x0F 0x53 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x47 0x36 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD6 0x92 0xD4 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x26 0x0C 0x72 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0xE9 0xCA 0xA0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x68 0xF8 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xDC 0x34 0x31 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x0F 0x53 0x96 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x47 0x36 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD6 0x92 0xD4 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x26 0x0C 0x72 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0xE9 0xCA 0xA0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x68 0xF8 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xDC 0x34 0x31 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x0F 0x53 0x96 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x47 0x36 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD6 0x92 0xD4 0x38 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x26 0x0C 0x72 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0xE9 0xCA 0xA0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x68 0xF8 0xCF ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xDC 0x34 0x31 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x0F 0x53 0x96 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x47 0x36 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD6 0x92 0xD4 0x38 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x26 0x0C 0x72 0x7D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0xE9 0xCA 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x68 0xF8 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xDC 0x34 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x0F 0x53 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x47 0x36 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD6 0x92 0xD4 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x26 0x0C 0x72 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0xE9 0xCA 0xA0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x68 0xF8 0xCF ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xDC 0x34 0x31 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x0F 0x53 0x96 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x47 0x36 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD6 0x92 0xD4 0x38 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x26 0x0C 0x72 0x7D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0xE9 0xCA 0xA0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{55372OEM-0100-7218-5086-010030911010}
Reg HKLM\SOFTWARE\Classes\CLSID\{55372OEM-0100-7218-5086-010030911010}@12AED12 1326920
Reg HKLM\SOFTWARE\Classes\CLSID\{55372OEM-0100-7218-5086-010030911010}\InprocServer32
---- EOF - GMER 1.0.15 ----
|
|
17.09.2009, 18:55
| #9 |
| | RootKit Problem Hier der zweite Lauf von GMER Code:
ATTFilter GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-17 18:31:40
Windows 5.1.2600 Service Pack 2
Running: xD.exe; Driver: C:\DOKUME~1\RAMAZA~1\LOKALE~1\Temp\ugtdipow.sys
---- Modules - GMER 1.0.15 ----
Module spvg.sys F9A11000-F9B11000 (1048576 bytes)
Module IdeBusDr.sys (Intel Ultra ATA Storage Driver/Intel Corporation) F9F46000-F9F49000 (12288 bytes)
Module IdeChnDr.sys (Intel Ultra ATA Storage Driver/Intel Corporation) F996E000-F9982000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) F913B000-F930B000 (1900544 bytes)
Module \SystemRoot\System32\DRIVERS\DTAGND51.sys (Teledat Fast Ethernet 100 PCI NDIS5 Driver/Deutsche Telekom AG.) F9D92000-F9D9C000 (40960 bytes)
Module \SystemRoot\system32\drivers\Afc.sys (Arcsoft(R) ASPI Shell/Arcsoft, Inc.) F9E7A000-F9E82000 (32768 bytes)
Module \SystemRoot\system32\drivers\ac97intc.sys (Intel(r) Integrated Controller Hub Audio Driver/Intel Corporation) F90C9000-F90E1000 (98304 bytes)
Module \SystemRoot\System32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) F9FFA000-F9FFE000 (16384 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F9EA2000-F9EA7000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS F937B000-F9384000 (36864 bytes)
Module \SystemRoot\System32\Drivers\aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) F9CC2000-F9CCD000 (45056 bytes)
Module \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) F7CED000-F7D0E000 (135168 bytes)
Module \SystemRoot\System32\Drivers\Aavmker4.SYS (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/ALWIL Software) F9DE2000-F9DE7000 (20480 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 56.73 /NVIDIA Corporation) BF012000-BF426000 (4276224 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\aswFsBlk.sys (avast! File System Access Blocking Driver/ALWIL Software) F9E22000-F9E2A000 (32768 bytes)
Module \SystemRoot\System32\Drivers\aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) F622C000-F6242000 (90112 bytes)
Module \SystemRoot\System32\Drivers\Aspi32.SYS (ASPI for WIN32 Kernel Driver/Adaptec) F6214000-F6218000 (16384 bytes)
Module \SystemRoot\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) F7CDD000-F7CE7000 (40960 bytes)
Module \??\C:\DOKUME~1\RAMAZA~1\LOKALE~1\Temp\ugtdipow.sys (GMER) F4E9A000-F4EAF000 (86016 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (avast! service GUI component/ALWIL Software) 408
Library C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (avast! service GUI component/ALWIL Software) 0x00400000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll (Basic Functionality Module/ALWIL Software) 0x64500000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll (Task Handling Module/ALWIL Software) 0x64800000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll (avast! Auxiliary Library/ALWIL Software) 0x64580000
Library C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll (avast! Asynchronous Virus Monitor (AAVM)/ALWIL Software) 0x65000000
Library C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll (avast! AAVM Remote Procedure Call Library/ALWIL Software) 0x65100000
Library C:\Programme\Alwil Software\Avast4\German\Base.dll (avast! German Basic Module/ALWIL Software) 0x66080000
Library C:\Programme\Alwil Software\Avast4\German\Lang.dll (avast! Main German Module/ALWIL Software) 0x66100000
Process C:\Programme\Java\java6u16\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 1108
Library C:\Programme\Java\java6u16\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x00400000
Process C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) 1212
Library C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) 0x00400000
Library C:\Programme\Alwil Software\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\Programme\Alwil Software\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\Programme\Alwil Software\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Process C:\WINDOWS\system32\LEXBCES.EXE (LexBce Service/Lexmark International, Inc.) 1300
Library C:\WINDOWS\system32\LEXBCES.EXE (LexBce Service/Lexmark International, Inc.) 0x00400000
Library C:\WINDOWS\system32\lexp2p32.dll (LEXP2P32 DLL/Lexmark International, Inc.) 0x10000000
Library C:\WINDOWS\system32\lex2kusb.dll (LEX2KUSB DLL/Lexmark International, Inc.) 0x01100000
Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1336
Library C:\WINDOWS\system32\LEXLMPM.DLL (LEXLMPM DLL/Lexmark International, Inc.) 0x10000000
Library C:\WINDOWS\system32\LexBce.dll (LexBce Client/Lexmark International, Inc.) 0x63000000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmprint.dll 0x00DB0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBKPP5C.dll 0x00DD0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\WINDOWS\system32\LXBKpwr.dll (Lexmark ColorFine POR Monitor/Lexmark International, Inc.) 0x00FE0000
Process C:\WINDOWS\system32\LEXPPS.EXE (LEXPPS.EXE/Lexmark International, Inc.) 1344
Library C:\WINDOWS\system32\LEXPPS.EXE (LEXPPS.EXE/Lexmark International, Inc.) 0x00400000
Library C:\WINDOWS\system32\LEXBCE.DLL (LexBce Client/Lexmark International, Inc.) 0x63000000
Process C:\Programme\Java\java6u16\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1528
Library C:\Programme\Java\java6u16\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1736
Library C:\WINDOWS\system32\SIPPS_TAPI_Provider.tsp (T-Online Internet-Telefon 6.0 TAPI/Deutsche Telekom AG, T-Com) 0x10000000
Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1996
Library C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll (Phone Browser/Nokia) 0x10000000
Library C:\Programme\Nokia\Nokia PC Suite 7\NGSCM.DLL (Next Gen Suite Common Modules/Nokia) 0x01BF0000
Library C:\Programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr (Nokia Phone Browser language resources/Nokia) 0x01E20000
Library C:\Programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr (Nokia Phone Browser graphics resources/Nokia) 0x01E30000
Library C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Sun Microsystems, Inc.) 0x5EE60000
Library C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll (STLport/STLport Consulting, Inc.) 0x5E470000
Process C:\WINDOWS\system32\braviax.exe (*** hidden *** ) 2128
Library C:\WINDOWS\system32\braviax.exe 0x00400000
Process C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 2136
Library C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 0x00400000
Library C:\Programme\Spybot - Search & Destroy\advcheck.dll (Dateiüberprüfungs-Bibliothek/Safer-Networking Ltd.) 0x06280000
Process C:\Programme\Orbitdownloader\orbitdm.exe (Orbit Downloader/Orbitdownloader.com) 2220
Library C:\Programme\Orbitdownloader\orbitdm.exe (Orbit Downloader/Orbitdownloader.com) 0x00400000
Library C:\Programme\Orbitdownloader\download.dll (Download.dll/Orbitdownloader.com) 0x00F50000
Process C:\Dokumente und Einstellungen\Ramazan Ulucay\Desktop\xD.exe 3344
Library C:\Dokumente und Einstellungen\Ramazan Ulucay\Desktop\xD.exe 0x00400000
|
|
17.09.2009, 18:57
| #10 |
| | RootKit ProblemCode:
ATTFilter ---- Services - GMER 1.0.15 ----
Service (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/ALWIL Software) [SYSTEM] Aavmker4
Service C:\WINDOWS\system32\drivers\ac97intc.sys (Intel(r) Integrated Controller Hub Audio Driver/Intel Corporation) [MANUAL] ac97intc
Service C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft(R) ASPI Shell/Arcsoft, Inc.) [MANUAL] Afc
Service (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] Aspi32
Service C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (avast! File System Access Blocking Driver/ALWIL Software) [AUTO] aswFsBlk
Service (avast! File System Filter Driver for Windows XP/ALWIL Software) [AUTO] aswMon2
Service (avast! TDI RDR Driver/ALWIL Software) [MANUAL] aswRdr
Service (avast! self protection module/ALWIL Software) [SYSTEM] aswSP
Service (avast! TDI Filter Driver/ALWIL Software) [SYSTEM] aswTdi
Service C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) [AUTO] aswUpdSv
Service C:\Programme\Alwil Software\Avast4\ashServ.exe (avast! antivirus service/ALWIL Software) [AUTO] avast! Antivirus
Service C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service/ALWIL Software) [MANUAL] avast! Mail Scanner
Service C:\Programme\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner/ALWIL Software) [MANUAL] avast! Web Scanner
Service C:\WINDOWS\system32\DRIVERS\avmunet.sys (AVM USB Network-Driver/AVM GmbH) [MANUAL] AVMUNET
Service [SYSTEM] Beep
Service C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (System Level Service Utility/BOONTY) [MANUAL] Boonty Games
Service C:\WINDOWS\System32\Drivers\cam1210.sys (USB video camera/USB video camera) [MANUAL] CAM1210
Service (CapFilt/ensurebit) [MANUAL] CapFilt
Service C:\WINDOWS\System32\Drivers\usbuvt.sys (Universal Serial Bus Camera Driver/IC Media Corporation) [MANUAL] DCamUSBUVT
Service [MANUAL] de_serv
Service C:\WINDOWS\system32\drivers\dptrackerd.sys (Filter Driver for the Tracker/Windows (R) 2000 DDK provider) [MANUAL] dptrackerd
Service C:\WINDOWS\System32\DRIVERS\DTAGND51.sys (Teledat Fast Ethernet 100 PCI NDIS5 Driver/Deutsche Telekom AG.) [MANUAL] DTAG
Service C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com EtherLink PCI Driver/3Com Corporation) [MANUAL] EL90XBC
Service C:\WINDOWS\System32\DRIVERS\CTXH51.sys (Intel V.92 Modem/Intel Corporation) [MANUAL] ham50
Service C:\WINDOWS\system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.) [MANUAL] hamachi
Service C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys (Intel Ultra ATA Storage Driver/Intel Corporation) [BOOT] IdeBusDr
Service C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys (Intel Ultra ATA Storage Driver/Intel Corporation) [BOOT] IdeChnDr
Service C:\Programme\Java\java6u16\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\LEXBCES.EXE (LexBce Service/Lexmark International, Inc.) [AUTO] LexBceS
Service C:\Programme\Gemeinsame Dateien\Marmiko Shared\MACNDIS5.SYS (Marmiko Access NDIS 5.0 Protocol Driver/Marmiko IT-Solutions GmbH) [MANUAL] MACNDIS5
Service C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMSwissArmy
Service C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazX.SYS (Marmiko InfraIS Paketzugriff/Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [MANUAL] MIINPazX
Service MSDTC Bridge 3.0.0.0
Service C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS (T-Online Packet Analyzer/Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [MANUAL] MTOnlPktAlyX
Service C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Windows ZC Control Service/Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [AUTO] MZCCntrl
Service system32\DRIVERS\NETFWDSL.SYS [MANUAL] NETFWDSL
Service C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia USB Phone Bus Driver/Nokia) [MANUAL] nmwcd
Service C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia USB Phone Bus Driver/Nokia) [MANUAL] nmwcdc
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) [MANUAL] nv
Service System32\Drivers\om518vid.sys [MANUAL] OM518P
Service C:\WINDOWS\System32\Drivers\omcamvid.sys (Stream Class Mini Driver/OmniVision Technologies, Inc.) [MANUAL] OVT511Plus
Service C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (PCCS Mode Change Filter Driver/Nokia) [MANUAL] pccsmcfd
Service C:\WINDOWS\System32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) [MANUAL] Ps2
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv
Service C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service SMSvcHost 3.0.0.0
Service system32\DRIVERS\snp325.sys [MANUAL] SNP325
Service C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (SPBBC Driver/Symantec Corporation) [MANUAL] SPBBCDrv
Service C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (SPBBC Service/Symantec Corporation) [AUTO] SPBBCSvc
Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\Programme\Symantec\SYMEVENT.SYS [MANUAL] SymEvent
Service C:\Programme\Unlocker\UnlockerDriver5.sys UnlockerDriver5
Service C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Filter Driver for Nokia USB Phone Bus Driver/Nokia) [MANUAL] upperdev
Service C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys (Filter Driver for Nokia USB Phone Bus Driver/Nokia) [MANUAL] UsbserFilt
Service System32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service C:\WINDOWS\System32\DRIVERS\wandrv.sys (WAN NDIS Miniport Driver/America Online, Inc.) [MANUAL] wandrv
Service Windows Workflow Foundation 3.0.0.0
Service Wmi
Service [MANUAL] WMPNetworkSvc
Service C:\WINDOWS\System32\Drivers\usbVM31b.sys (Video streaming and Capture Device Driver/VM) [MANUAL] ZSMC301b
---- EOF - GMER 1.0.15 ----
|
|
17.09.2009, 18:57
| #11 |
  | RootKit Problem Windows XP RootKit Problem - HijackThis.de Support Board Crossposting, bitte entscheide dich für EIN Board. Welches willst Du wählen? Da bei Crossposting die Komplikation besteht das zwei unabhängige Helfer Nicht voneinander wissen, wie sie handeln, würde ich Dich bitten darum ein einziges Board auszuwählen. Zwei verschiedene unabhängige Helfer bedetet: Zwei verschiedene Lösungswege. Dies hat zur Bedeutung, dass die Lösungen unterschiedlich sind, aber die zwei helfer irgendwann irritiert sind, was an deinem PC gemacht wird. Da es irgendwann auffällt, dass da noch eine "zweite andere Hand" dabei ist. Welches möchtest Du wählen?
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around!  |
|
17.09.2009, 19:07
| #12 |
| | RootKit Problem Oh ok dann lösch ich da mal den Thema Danke für den Hinweis Aber jetzt kommt noch ein Fehler und zwar der PC stürzt ab wenn er im Internet ist Hier mal der Malwarebytes Bericht Code:
ATTFilter Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2813
Windows 5.1.2600 Service Pack 2
17.09.2009 19:37:18
Malwarebytes
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 193944
Laufzeit: 1 hour(s), 4 minute(s), 2 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 9
Infizierte Verzeichnisse: 1
Infizierte Dateien: 42
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
Infizierte Dateien:
C:\Dokumente und Einstellungen\Ramazan Ulucay\Lokale Einstellungen\Temp\msupd_2.exe (Trojan.FakeAlert) -> No action taken.
C:\Dokumente und Einstellungen\Ramazan Ulucay\Startmenü\Programme\Autostart\ChkDisk.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1056\A0695881.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1062\A0699108.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1062\A0699120.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708136.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708137.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708141.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708155.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708156.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708161.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708177.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708178.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1063\A0708184.sys (Trojan.KillAV) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1064\A0708201.dll (Rogue.AntiVirusPro) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1064\A0708207.exe (Rogue.PC_Antispyware2010) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1064\A0708209.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{E01E8BF3-54E8-44DF-B54D-4E22D1C5AB6F}\RP1064\A0708210.cpl (Rogue.HomeAntiVirus) -> No action taken.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T3C6G0Z6\Install[1].exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\Dokumente und Einstellungen\Ramazan Ulucay\Startmenü\Programme\Autostart\ChkDisk.lnk (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Ramazan Ulucay\Lokale Einstellungen\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\NetworkService\protect.dll (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Ramazan Ulucay\protect.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> No action taken.
Geändert von Samet93 (17.09.2009 um 19:14 Uhr) |
|
17.09.2009, 21:18
| #13 |
| /// Helfer-Team | RootKit Problem Code:
ATTFilter C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
Du hast da ja einen schönen Zoo gehabt! Von Rootkits über FakeAlert, Downloader und KillAV. Für meine Begriffe solltest du schnellstmöglich neuaufsetzen. Die beiden fett markierten sind ganz wichtig: Stolen.Data → Ändere schnellstmöglich von einem sauberen PC aus alle Passwörter, Online-Banking-Zugangsdaten etc... Hier eine Anleitung zum neuaufsetzen: http://www.trojaner-board.de/51262-a...sicherung.html Viel Erfolg! Gruß Handball10
__________________ Lustige Rechtschreibfehler des Trojanischen Pferdes "Trojan.Win32.FraudPack.ajn" Lustige Rechtschreibfehler von "XP Deluxe Protector" - Neu !! |
|
19.09.2009, 12:17
| #14 |
| | RootKit Problem Ja ich denke das wäre die beste Lösung Vielen dank an handball10 und macht keine Fehler wie ich und ladet was bei RS runter!!!! mfg Samet93 -closed- |
|
| Themen zu RootKit Problem |
| 5 minuten, adobe, antivirus, avast, avast!, bho, downloader, excel, fehlermeldung, hijack, hijackthis, hkus\s-1-5-18, internet explorer, jusched.exe, logfile, maus, neu, nicht öffnen, object, plug-in, problem, programme, rootkit, scan, sdra64.exe, seiten, server, software, solution, symantec, userinit.exe, windows, windows xp, wlan |
Linear-Darstellung
