| |
| |||||||
Log-Analyse und Auswertung: AntivirusPlus und Malewaredefense attackeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.01.2010, 13:46
| #16 |
 |  AntivirusPlus und Malewaredefense attacke mache mich bestimmt lächerlich aber was ist ein CF??? |
|
25.01.2010, 13:53
| #17 |
| | AntivirusPlus und Malewaredefense attacke mbm log:
__________________Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3633 Windows 5.1.2600 Service Pack 3, v.3264 Internet Explorer 8.0.6001.18702 25.01.2010 13:48:23 mbam-log-2010-01-25 (13-48-23).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 214383 Laufzeit: 54 minute(s), 43 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) rsit log: Logfile of random's system information tool 1.06 (written by random/random) Run by Start at 2010-01-25 13:50:01 Microsoft Windows XP Home Edition Service Pack 3, v.3264 System drive C: has 17 GB (46%) free of 38 GB Total RAM: 2047 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:50:10, on 25.01.2010 Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Logi_MwX.Exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe C:\WINDOWS\SOINTGR.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe C:\Programme\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SCARDS32.EXE C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Dokumente und Einstellungen\Start\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\Start.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googel.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu228\toolbaru.dll (file missing) R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu228\toolbaru.dll (file missing) O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing) O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SamsungSM PanelMgr] C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programme\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.mediamarkt.com/ O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - http://www.turntool.com/ViewerInstall.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05ad5bd87a9487e50b18/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256734702218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264173059140 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-baa7d346d270cf6d.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp06.photoprintit.de/microsite/1119/defaults/activex/ImageUploader3.cab O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: xControlCOM - Siemens - C:\Programme\Gigaset\talk&surf 5.1\xControlCOM.exe -- End of file - 7591 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Nero Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\Programme\ICQToolbar\tbu228\toolbaru.dll [] {D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968] "HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe [2005-03-08 176128] "SO5 Integrator Pass Two"=C:\WINDOWS\SOINTGR.EXE [2000-05-08 20480] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112] "SamsungSM PanelMgr"=C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe [2008-02-28 536576] "WHITNEY_S2P"=C:\Programme\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe [2006-03-27 229376] "AVP"=C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-11-10 417792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE [2003-04-02 2120704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Programme\AIM95\aim.exe [2002-11-14 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Programme\Gemeinsame Dateien\AOL\1166034023\ee\AOLSoftware.exe [2006-11-17 50736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\QTTask.exe [2009-11-10 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe [2003-11-27 26112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AntiVirus Plus.lnk] C:\Dokumente und Einstellungen\Start\Anwendungsdaten\AntiVirus Plus\AntiVirus Plus.70700.dll, start 70700 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Call Tray.lnk] C:\PROGRA~1\Gigaset\CAPI\Tools\CALLTRAY.exe [2002-01-31 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^talk&surf 5.1 Monitor.lnk] C:\PROGRA~1\Gigaset\TALK&S~1.1\SEMon21.exe [2002-08-05 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Start^Startmenü^Programme^Autostart^AntiVirus Plus.lnk] C:\Dokumente und Einstellungen\Start\Anwendungsdaten\AntiVirus Plus\AntiVirus Plus.70700.dll, start 70700 [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-10-20 219664] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 "NoFind"=0 "NoLogOff"=0 "NoSetFolders"=0 "DisallowRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Programme\mybooxx\Fotobuch\mybooxx.exe"="C:\Programme\mybooxx\Fotobuch\mybooxx.exe:*:mybooxx.exe" "C:\Programme\fotobuch.de AG\Designer\Designer.exe"="C:\Programme\fotobuch.de AG\Designer\Designer.exe:*  esigner.exe""%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\AOL 9.0b\waol.exe"="C:\Programme\AOL 9.0b\waol.exe:*:Enabled:AOL 9.0b" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-01-25 12:05:55 ----A---- C:\avenger.txt 2010-01-23 07:55:06 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2010-01-23 07:55:06 ----A---- C:\WINDOWS\system32\mucltui.dll 2010-01-22 18:44:11 ----D---- C:\Avenger 2010-01-22 18:08:42 ----D---- C:\rsit 2010-01-22 17:59:27 ----D---- C:\Dokumente und Einstellungen\Start\Anwendungsdaten\Nero 2010-01-22 17:56:03 ----D---- C:\Programme\Nero 2010-01-22 17:51:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2010-01-22 17:51:29 ----D---- C:\Programme\Gemeinsame Dateien\Nero 2010-01-22 16:26:36 ----D---- C:\Programme\Microsoft CAPICOM 2.1.0.2 2010-01-22 16:21:11 ----D---- C:\WINDOWS\system32\LogFiles 2010-01-22 16:20:01 ----D---- C:\Programme\Trend Micro 2010-01-22 16:17:53 ----D---- C:\WINDOWS\WBEM 2010-01-22 16:15:38 ----HDC---- C:\WINDOWS\ie8 2010-01-22 15:42:34 ----D---- C:\Programme\Enigma Software Group 2010-01-22 14:43:52 ----D---- C:\Programme\CCleaner 2010-01-22 14:16:59 ----A---- C:\WINDOWS\system32\rasapi0190Warner.dll 2010-01-22 14:11:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS 2010-01-22 14:00:16 ----D---- C:\Programme\QuickTime 2010-01-22 14:00:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2010-01-22 13:59:15 ----D---- C:\Programme\Gemeinsame Dateien\Apple 2010-01-22 13:58:52 ----D---- C:\Programme\Apple Software Update 2010-01-22 13:58:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2010-01-22 11:27:37 ----D---- C:\Programme\Kaspersky Lab 2010-01-22 11:27:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2010-01-22 11:17:34 ----A---- C:\WINDOWS\system32\h323log.txt 2010-01-22 10:52:01 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files 2010-01-20 21:28:24 ----A---- C:\WINDOWS\system32\hidserv.dll 2010-01-20 18:31:42 ----D---- C:\Programme\a-squared Anti-Malware 2010-01-20 15:40:41 ----D---- C:\Dokumente und Einstellungen\Start\Anwendungsdaten\Malwarebytes 2010-01-20 15:40:26 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-20 15:40:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-19 20:56:56 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2010-01-19 18:56:27 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini ======List of files/folders modified in the last 1 months====== 2010-01-25 13:13:22 ----D---- C:\WINDOWS\Temp 2010-01-25 12:44:19 ----A---- C:\WINDOWS\ModemLog_Softmodem V.32bis + Fax Class 1.txt 2010-01-25 12:44:10 ----A---- C:\WINDOWS\scardsrv.ini 2010-01-25 12:16:42 ----D---- C:\WINDOWS\Prefetch 2010-01-25 12:12:32 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-25 12:06:04 ----RD---- C:\Programme 2010-01-25 12:05:56 ----SD---- C:\WINDOWS\Tasks 2010-01-25 12:05:55 ----D---- C:\WINDOWS\system32\drivers 2010-01-25 12:05:37 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-25 12:04:45 ----D---- C:\WINDOWS 2010-01-25 09:11:32 ----A---- C:\WINDOWS\win.ini 2010-01-23 07:55:06 ----D---- C:\WINDOWS\system32 2010-01-23 07:55:05 ----HD---- C:\WINDOWS\inf 2010-01-22 17:57:30 ----SHD---- C:\WINDOWS\Installer 2010-01-22 17:57:30 ----HD---- C:\Config.Msi 2010-01-22 17:53:24 ----D---- C:\Dokumente und Einstellungen\Start\Anwendungsdaten\Adobe 2010-01-22 17:51:29 ----D---- C:\Programme\Gemeinsame Dateien 2010-01-22 17:49:46 ----D---- C:\WINDOWS\WinSxS 2010-01-22 16:28:48 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-22 16:22:05 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-22 16:22:05 ----D---- C:\WINDOWS\Help 2010-01-22 16:22:05 ----D---- C:\Programme\Internet Explorer 2010-01-22 16:18:16 ----D---- C:\WINDOWS\system32\config 2010-01-22 16:17:53 ----D---- C:\WINDOWS\system32\de-de 2010-01-22 16:17:35 ----D---- C:\WINDOWS\Media 2010-01-22 16:11:04 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-22 15:29:33 ----D---- C:\Programme\TuneUp Utilities 2010-01-22 14:49:42 ----D---- C:\WINDOWS\Debug 2010-01-22 14:49:41 ----D---- C:\WINDOWS\Minidump 2010-01-22 14:37:19 ----D---- C:\WINDOWS\pss 2010-01-22 14:17:45 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-01-22 14:17:45 ----D---- C:\Programme\Adobe 2010-01-22 14:16:59 ----D---- C:\WINDOWS\I386 2010-01-22 11:34:13 ----SHD---- C:\System Volume Information 2010-01-22 10:40:08 ----SHD---- C:\RECYCLER 2010-01-22 10:34:31 ----D---- C:\Dokumente und Einstellungen\Start\Anwendungsdaten\AOL Communicator 2010-01-21 19:55:10 ----D---- C:\Programme\StarMoney 5.0 S-Edition 2010-01-21 19:04:43 ----D---- C:\Programme\Ahead 2010-01-20 18:28:17 ----D---- C:\Dokumente und Einstellungen 2010-01-20 16:58:36 ----RASH---- C:\boot.ini 2010-01-20 16:58:36 ----A---- C:\WINDOWS\system.ini 2010-01-19 23:59:16 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2007-12-01 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-12-01 14720] R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys [] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-22 315408] R1 SSHDRV62;SSHDRV62; \??\C:\WINDOWS\System32\drivers\SSHDRV62.sys [] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\System32\drivers\ACEDRV05.sys [] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-11-27 8552] R2 CAPI;CAPI 2.0 Service; C:\WINDOWS\System32\DRIVERS\capi.sys [2002-02-11 29536] R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [] R2 NDISCAPI;NDIS CAPI Service; C:\WINDOWS\System32\DRIVERS\ndiscapi.sys [2001-12-17 28352] R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2002-06-27 106044] R2 TwkPCSC;CHIPDRIVE PC/SC Drivers; C:\WINDOWS\system32\drivers\TwkPCSC.sys [2003-04-30 11676] R2 usbhub;DSC Composite USB Device(CA100); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2007-11-30 59520] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2007-11-30 60800] R3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2007-11-30 71552] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-30 10368] R3 HRCMPA;ISDN Wan driver (Ver. 1.10.0021); C:\WINDOWS\System32\DRIVERS\hrcmpa.sys [2002-08-06 253648] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2007-11-30 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-04-19 13780] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888] R3 SISNIC;SiS-PCI-Fast Ethernet- Adaptertreiber; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768] R3 TWKPNP;CHIPDRIVE Plug and Play driver; C:\WINDOWS\System32\DRIVERS\TWKPNP.SYS [2003-04-30 5550] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2007-11-30 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2007-11-30 30208] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2007-11-30 17152] R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2007-11-30 25856] R3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2007-11-30 15104] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2007-11-30 26368] R3 vmdmd;Softmodem/Fax Port Driver; C:\WINDOWS\System32\DRIVERS\vmdmd.sys [2002-01-24 185696] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588] S2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2004-08-03 73216] S2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2004-08-03 63488] S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-03 13824] S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2002-06-27 10398] S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [] S2 TTDec;ATI WDM Teletext Decoder; C:\WINDOWS\System32\DRIVERS\ATINTTXX.sys [2004-08-03 13824] S2 TWKUSB;CHIPDRIVE USB driver; C:\WINDOWS\System32\DRIVERS\TWKUSB.SYS [2003-04-30 12906] S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-03 104960] S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2004-08-03 52224] S3 ATWPKT;ATWPKT; \??\C:\WINDOWS\system32\Drivers\ATWPKT.SYS [] S3 Bridge;MAC-Brücke; C:\WINDOWS\System32\DRIVERS\bridge.sys [2007-11-30 71552] S3 Ca100v;2Mega Camera, WDM Video Capture; C:\WINDOWS\System32\Drivers\Ca100v.sys [2002-09-01 516635] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2007-11-30 17024] S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 Gigusb;Dect USB Driver; C:\WINDOWS\System32\Drivers\Gigusb.sys [2002-08-06 59070] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744] S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2002-07-01 638366] S3 IUAPIWDM;ISDN USB Interface (Ver. 1.10.0021); C:\WINDOWS\System32\DRIVERS\IUAPIWDM.sys [2002-08-06 49344] S3 kwrdypog;kwrdypog; \??\C:\DOKUME~1\Start\LOKALE~1\Temp\kwrdypog.sys [] S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2002-11-08 52238] S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2002-11-08 70238] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-11-30 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2007-11-30 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2007-11-30 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [2003-07-16 43264] S3 siellif;siellif; C:\WINDOWS\System32\Drivers\siellif.sys [2002-08-06 115712] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2007-11-30 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2007-11-30 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936] S3 USBCamera;DSC Still Image Capture (CA100); C:\WINDOWS\System32\Drivers\Bulk100.sys [2002-07-28 10986] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2007-11-30 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2007-11-30 121984] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2007-11-30 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\System32\DRIVERS\sr.sys [2007-12-01 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AOL ACS;AOL Connectivity Service; C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] R2 AVP;Kaspersky Internet Security; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456] R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2007-12-01 268800] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632] R2 TWKSCARDSRV;CHIPDRIVE SCARD Service; C:\WINDOWS\SCARDS32.EXE [2003-04-30 264192] R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2002-04-19 65536] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2007-12-01 14336] S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408] S3 xControlCOM;xControlCOM; C:\Programme\Gigaset\talk&surf 5.1\xControlCOM.exe [2002-08-05 339968] -----------------EOF----------------- starte gleich combofix |
|
25.01.2010, 13:55
| #18 |
  | AntivirusPlus und Malewaredefense attacke Hi,
__________________schaue in das vorangegangen Post von mir, CF=ComboFix... Dass von Kaspersky kann auch ein f/p (false/positiv) sein, d.h. irrtümlich erkannt. Muß jetzt in Besprechung zum Cheff, mindestens bis 16:00 uhr... chris
__________________ |
wurde wiederhergestellt 
Don't bring me down
) 
Linear-Darstellung
