| Bekomme TR/PCK.Katusha.L.181 & andere nicht los Servus Leute
Ich befürchte ich habe ein großes Problem auf meinem Rechner. Die letzten zwei Tage bekomme ich nur noch Trojanerwarnungen von meinem AntiVirus (Avira AntiVir). Es hat Trojaner wie den TR/PCK.Katusha.L.181 und Viren wie den HIDDENEXT/Crypted gefunden. Ich habe mich etwas über die Viren erkundigt und sie sollen wirklich bösartig sein und auch bis hin zum töten des Mainboards, Festplatte etc. führen.
Könnt ihr mir da helfen, ich kenn mich selbst nicht viel damit aus und ich weiss auch nicht wie und woher ich die bekommen hab. Ich würde ungern mein gerade neu gekauften Lappi wegwerfen.
Ich hab hier noch die Logs von OTL (Oldtimer) und gmer: OTL: Zitat:
OTL logfile created on: 03.06.2010 00:36:55 - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDXP | %ProgramFiles% = C:\Programme
Drive C: | 111,67 Gb Total Space | 66,98 Gb Free Space | 59,97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FH-CLIENT
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal ========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\WINDXP\explorer.exe (Microsoft Corporation)
PRC - C:\WINDXP\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
PRC - C:\WINDXP\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDXP\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ==========
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDXP\system32\uxtuneup.dll (TuneUp Software)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SentinelProtectionServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (STacSV) -- C:\WINDXP\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\WINDXP\System32\Drivers\sptd.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\WINDXP\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (adatadrv) -- C:\WINDXP\system32\drivers\adatadrv.sys (none)
DRV - (ssmdrv) -- C:\WINDXP\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDXP\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\WINDXP\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (Sentinel) -- C:\WINDXP\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (SNTNLUSB) -- C:\WINDXP\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (BCM43XX) -- C:\WINDXP\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDXP\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDXP\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDXP\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDXP\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDXP\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (STHDA) -- C:\WINDXP\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (PAC7302) -- C:\WINDXP\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (DLADResM) -- C:\WINDXP\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDXP\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDXP\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDXP\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDXP\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDXP\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDXP\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDXP\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDXP\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDXP\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDXP\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDXP\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (nv) -- C:\WINDXP\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (b57w2k) -- C:\WINDXP\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (FWLANUSB) -- C:\WINDXP\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDXP\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (USBCCID) -- C:\WINDXP\system32\drivers\usbccid.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 24 F7 C9 A1 C8 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ==========
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.03 09:58:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.03 09:58:11 | 000,000,000 | ---D | M]
[2010.03.21 05:13:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.06.02 23:57:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9hqb08zd.default\extensions
[2010.03.21 06:14:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9hqb08zd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.18 17:44:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9hqb08zd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.02 23:57:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv522.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001.08.23 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConverterFree] C:\programme\dvdvideosoft\free youtube to mp3 converter\freeyoutubetomp3converterconverter.exe File not found
O4 - HKLM..\Run: [HelpHXDSUI] c:\programme\gemeinsame dateien\microsoft shared\help\1033\helphxdsui.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDXP\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDXP\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDXP\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDXP\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDXP\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [pluginsafedisc] c:\programme\daemon tools pro\plugins\grabbers\safedisctages.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TechnologiesHuawei] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uGTl.exe File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VideoFileToIPODwinhttp] c:\programme\gemeinsame dateien\dvdvideosoft\dll\layerwindows.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Steam] C:\Programme\Neuer Ordner\Steam.exe (Valve Corporation)
O4 - HKLM..\RunServices: [CoreBurning] C:\programme\gemeinsame dateien\dvdvideosoft\dll\layerwindows.exe File not found
O4 - HKLM..\RunServices: [MicrosoftHXDSUI] C:\programme\gemeinsame dateien\microsoft shared\help\1033\helphxdsui.exe File not found
O4 - HKLM..\RunServices: [ReportingDWIntl20] c:\programme\gemeinsame dateien\microsoft shared\dw\1063\microsofterror.exe File not found
O4 - HKLM..\RunServices: [systemMicrosoft] c:\programme\microsoft office\office12\1033\officemicrosoft.exe File not found
O4 - HKLM..\RunServices: [TechnologiesDataCardSetup] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uGTl.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268425433325 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268855148843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDXP\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{17521b2a-35a9-11df-9f27-0021709d3d18}\Shell - "" = AutoRun
O33 - MountPoints2\{17521b2a-35a9-11df-9f27-0021709d3d18}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17521b2a-35a9-11df-9f27-0021709d3d18}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{89fe4f00-35b2-11df-9f2b-0021709d3d18}\Shell - "" = AutoRun
O33 - MountPoints2\{89fe4f00-35b2-11df-9f2b-0021709d3d18}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89fe4f00-35b2-11df-9f2b-0021709d3d18}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{89fe4f03-35b2-11df-9f2b-0021709d3d18}\Shell - "" = AutoRun
O33 - MountPoints2\{89fe4f03-35b2-11df-9f2b-0021709d3d18}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89fe4f03-35b2-11df-9f2b-0021709d3d18}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c7e39d77-398f-11df-9f41-0021709d3d18}\Shell - "" = AutoRun
O33 - MountPoints2\{c7e39d77-398f-11df-9f41-0021709d3d18}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7e39d77-398f-11df-9f41-0021709d3d18}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ==========
[2010.06.02 22:47:06 | 000,000,000 | ---D | C] -- C:\Programme\Neuer Ordner
[2010.06.02 22:38:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mumble
[2010.06.02 22:38:23 | 000,000,000 | ---D | C] -- C:\Programme\Mumble
[2010.06.01 02:01:06 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.05.31 19:47:45 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.05.31 19:36:25 | 000,000,000 | ---D | C] -- C:\sysprep
[2010.05.31 19:26:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Desktop Security 2010
[2010.05.29 17:14:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Heroes of Newerth
[2010.05.27 16:46:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2010.05.27 15:58:08 | 000,000,000 | ---D | C] -- C:\WINDXP\pss
[2010.05.27 15:40:50 | 000,000,000 | ---D | C] -- C:\WINDXP\System32\appmgmt
[5 C:\WINDXP\*.tmp files -> C:\WINDXP\*.tmp -> ]
[1 C:\WINDXP\System32\*.tmp files -> C:\WINDXP\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ==========
[2010.06.02 23:58:07 | 000,000,041 | ---- | M] () -- C:\WINDXP\Filzip.ini
[2010.06.02 23:46:12 | 000,002,206 | ---- | M] () -- C:\WINDXP\System32\wpa.dbl
[2010.06.02 23:46:08 | 000,050,299 | ---- | M] () -- C:\WINDXP\System32\nvModes.001
[2010.06.02 23:45:38 | 000,000,006 | -H-- | M] () -- C:\WINDXP\tasks\SA.DAT
[2010.06.02 23:45:37 | 000,002,048 | --S- | M] () -- C:\WINDXP\bootstat.dat
[2010.06.02 22:49:30 | 000,000,689 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.06.02 22:40:27 | 000,002,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\MumbleAutomaticCertificateBackup.p12
[2010.06.02 01:15:42 | 003,670,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2010.06.02 01:15:17 | 002,105,920 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.02 01:14:08 | 000,050,299 | ---- | M] () -- C:\WINDXP\System32\nvModes.dat
[2010.05.31 19:47:45 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk
[2010.05.27 16:08:00 | 000,000,970 | ---- | M] () -- C:\WINDXP\win.ini
[2010.05.27 15:59:06 | 000,000,227 | ---- | M] () -- C:\WINDXP\system.ini
[2010.05.27 15:59:06 | 000,000,208 | -HS- | M] () -- C:\boot.ini
[5 C:\WINDXP\*.tmp files -> C:\WINDXP\*.tmp -> ]
[1 C:\WINDXP\System32\*.tmp files -> C:\WINDXP\System32\*.tmp -> ] ========== Files Created - No Company Name ==========
[2010.06.02 22:47:12 | 000,000,689 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.06.02 22:40:27 | 000,002,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\MumbleAutomaticCertificateBackup.p12
[2010.05.31 19:47:45 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk
[2010.04.15 16:00:04 | 000,000,291 | ---- | C] () -- C:\WINDXP\System32\Remover.ini
[2010.04.15 16:00:00 | 000,000,566 | ---- | C] () -- C:\WINDXP\System32\SP7302.INI
[2010.04.12 11:37:48 | 000,002,788 | ---- | C] () -- C:\WINDXP\RbSystem.ini
[2010.04.12 11:36:26 | 000,012,800 | ---- | C] () -- C:\WINDXP\System32\PWUtility.dll
[2010.04.12 11:36:26 | 000,007,168 | ---- | C] () -- C:\WINDXP\System32\dtctrace.dll
[2010.04.12 11:36:25 | 000,040,960 | ---- | C] () -- C:\WINDXP\System32\xcd73532.dll
[2010.04.12 11:35:56 | 000,655,360 | ---- | C] () -- C:\WINDXP\System32\dslang32.dll
[2010.04.12 11:35:56 | 000,327,680 | ---- | C] () -- C:\WINDXP\System32\ldf251.dll
[2010.03.31 12:42:52 | 000,354,816 | ---- | C] () -- C:\WINDXP\System32\psisdecd.dll
[2010.03.30 23:43:00 | 000,819,200 | ---- | C] () -- C:\WINDXP\System32\xvidcore.dll
[2010.03.30 23:43:00 | 000,180,224 | ---- | C] () -- C:\WINDXP\System32\xvidvfw.dll
[2010.03.15 20:48:53 | 000,685,816 | ---- | C] () -- C:\WINDXP\System32\drivers\sptd.sys
[2010.03.13 00:43:14 | 000,000,041 | ---- | C] () -- C:\WINDXP\Filzip.ini
[2010.03.12 23:41:43 | 000,000,234 | ---- | C] () -- C:\WINDXP\wininit.ini
[2008.09.27 11:30:45 | 001,703,936 | ---- | C] () -- C:\WINDXP\System32\nvwdmcpl.dll
[2008.09.27 11:30:45 | 001,474,560 | ---- | C] () -- C:\WINDXP\System32\nview.dll
[2008.09.27 11:30:45 | 001,019,904 | ---- | C] () -- C:\WINDXP\System32\nvwimg.dll
[2008.09.27 11:30:45 | 000,466,944 | ---- | C] () -- C:\WINDXP\System32\nvshell.dll
< End of report >
| gmer: Zitat:
GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-06-03 00:41:15
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT BAFB33B6 ZwCreateKey
SSDT BAFB33AC ZwCreateThread
SSDT BAFB33BB ZwDeleteKey
SSDT BAFB33C5 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT BAFB33CA ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xBA6BE0B0]
SSDT BAFB3398 ZwOpenProcess
SSDT BAFB339D ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT BAFB33D4 ZwReplaceKey
SSDT BAFB33CF ZwRestoreKey
SSDT BAFB33C0 ZwSetValueKey
SSDT BAFB33A7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDXP\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload B9C238AC 5 Bytes JMP 89B571C8
? System32\Drivers\acxc7wyk.SYS Das System kann den angegebenen Pfad nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6BEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6BEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6BEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6BF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6BF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D429A] sptd.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xAC 0xB6 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0x7B 0xC6 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x86 0x16 0x2A 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xAC 0xB6 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0x7B 0xC6 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x86 0x16 0x2A 0x65 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
| |