| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Ageent2.AXDD in QuarantäneWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.07.2010, 00:24
| #1 |
 |  Trojaner Ageent2.AXDD in Quarantäne Gute Nacht miteinander Mein Partner surfte am Wochenende im weiten www-Land und hat sichdabei einen Trojaner eingehandelt. Die Antivirenschutz und Sicherheitssoftware AVG hat dies sofort erkannt. Was er genau gemacht hat, kann ich euch nicht sagen, ich weiss nur, dass er dann den PC abgestellt hat und mit seinem Kolleg Kontakt aufnahm. Die beiden Männer haben dann per TeamViewer eine Sitzung hergestellt und anscheinend den Troijaner entfernt. Dies scheint jedoch nicht der Fall zu sein, denn als ich heute nach Hause kam berichtete mir mein Partner, das AVG wieder "etwas gefunden hat" und er es in die Quarantäne verschoben hat. Er stellt den PC wieder ab. Als ich heute zu später Stunde den PC einstellte erschien die Meldung, dass C:\\WINDOWS\kmsntfps.dll nicht ausgeführt werden konnte. Habe dann auf ok geklickt und einen Blick in die Quarantäne von AVG geworfen. Dort zeigt es mir folgendes an: Infektionsart: Trojaner Agent2.AXDD, Pfad zur Datei C:\\WINDOWS\kmsntfps.dll an. Dies veranlasste mich, mich über diesen Trojaner zu informieren. Leider sind die Infos dazu spärlich. Dafür habe ich diese Board gefunden.  Ich habe alle Schritte wie in "Für alle Hilfesuchenden!" beschrieben durchgeführt. Dies sind die Dateien: Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4262 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.06.2010 23:53:31 mbam-log-2010-06-30 (23-53-31).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 133507 Laufzeit: 4 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: F:\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully und weiter: Logfile of random's system information tool 1.07 (written by random/random) Run by *** at 2010-07-01 00:05:02 Microsoft Windows XP Professional Service Pack 3 System drive C: has 73 GB (91%) free of 80 GB Total RAM: 2047 MB (71% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:05:19, on 01.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\UTILIT~1\AVG\avgwdsvc.exe D:\UTILIT~1\AVG\avgfws8.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE D:\Symantec\Norton Ghost 2003\GhostStartService.exe D:\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Programme\FreePDF_XP\fpassist.exe D:\Utilities\Scanner_CanoScan_Lide_F600\OpwareSE4.exe C:\Programme\Canon\IJPLM\IJPLMSVC.EXE D:\UTILIT~1\AVG\avgam.exe C:\Programme\Java\jre6\bin\jqs.exe D:\UTILIT~1\AVG\avgrsx.exe D:\UTILIT~1\AVG\avgtray.exe D:\UTILIT~1\AVG\avgnsx.exe C:\Programme\PowerDVD\PDVDServ.exe D:\VMware Workstation\vmware-tray.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe C:\Programme\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\oodag.exe D:\Utilities\Hardcopy\hardcopy.exe C:\WINDOWS\system32\svchost.exe D:\Utilities\Logitech\SetPoint\SetPoint.exe D:\Utilities\Automachron\achron.exe D:\VMware Workstation\vmware-authd.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\System32\svchost.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\trend micro\Markus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/Startseite/start.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Utilities\AVG\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Utilities\AVG\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Utilities\AVG\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Utilities\AVG\Toolbar\IEToolbar.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [OpwareSE4] "D:\Utilities\Scanner_CanoScan_Lide_F600\OpwareSE4.exe" O4 - HKLM\..\Run: [AVG8_TRAY] D:\UTILIT~1\AVG\avgtray.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vmware-tray] D:\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Startup: Automachron.lnk = D:\Utilities\Automachron\achron.exe O4 - Global Startup: Hardcopy.lnk = D:\Utilities\Hardcopy\hardcopy.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Utilities\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = D:\Microsoft Office 2003\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: Easy-WebPrint Drucken - res://D:\Utilities\Drucker_Canon_i560\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://D:\Utilities\Drucker_Canon_i560\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://D:\Utilities\Drucker_Canon_i560\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://D:\Utilities\Drucker_Canon_i560\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\programme\bonjour\mdnsnsp.dll' missing O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227430395750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{487B88F4-DBAE-4784-A919-4E67815C0E7E}: NameServer = 81.221.250.10 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Utilities\AVG\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\UTILIT~1\AVG\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\UTILIT~1\AVG\avgfws8.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: GhostStartService - Symantec Corporation - D:\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 11157 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\User_Feed_Synchronization-{27ADC493-12D9-490F-8DF3-ADDEDA3C4821}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - D:\Utilities\AVG\avgssie.dll [2009-12-12 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - D:\Utilities\AVG\Toolbar\IEToolbar.dll [2009-06-16 1004800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-23 278192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-05 814648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - D:\Utilities\AVG\Toolbar\IEToolbar.dll [2009-06-16 1004800] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-23 278192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] "GhostStartTrayApp"=D:\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2004-01-28 94208] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2005-05-27 146944] "OpwareSE4"=D:\Utilities\Scanner_CanoScan_Lide_F600\OpwareSE4.exe [2006-10-11 75304] "AVG8_TRAY"=D:\UTILIT~1\AVG\avgtray.exe [2010-03-20 2046816] "RemoteControl"=C:\Programme\PowerDVD\PDVDServ.exe [2004-11-02 32768] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-05-26 413696] "vmware-tray"=D:\VMware Workstation\vmware-tray.exe [2007-05-01 68400] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "Adobe Reader Speed Launcher"=D:\Adobe\Reader\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816] "CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-10 68856] "PC Suite Tray"=D:\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Hardcopy.lnk - D:\Utilities\Hardcopy\hardcopy.exe Logitech SetPoint.lnk - D:\Utilities\Logitech\SetPoint\SetPoint.exe Microsoft Office OneNote 2003 Schnellstart.lnk - D:\Microsoft Office 2003\OFFICE11\ONENOTEM.EXE C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart Automachron.lnk - D:\Utilities\Automachron\achron.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-03-23 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-07-30 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "D:\Utilities\AVG\avgam.exe"="D:\Utilities\AVG\avgam.exe:*:Enabled:avgam.exe" "D:\Utilities\AVG\avgupd.exe"="D:\Utilities\AVG\avgupd.exe:*:Enabled:avgupd.exe" "D:\Utilities\AVG\avgnsx.exe"="D:\Utilities\AVG\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "D:\Utilities\iTunes\iTunes.exe"="D:\Utilities\iTunes\iTunes.exe:*:Enabled:iTunes" "D:\Utilities\TeamViewer\TeamViewer.exe"="D:\Utilities\TeamViewer\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26fe29c1-bea0-11dd-b36e-005056c00008}] shell\AutoRun\command - M:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39407171-beef-11dd-b371-005056c00008}] shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c83afd2-6581-11df-9b0b-005056c00008}] shell\Shell00\command - M:\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e6a1bc-b94f-11dd-b355-005056c00008}] shell\AutoRun\command - M:\umenu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e89cd0aa-5d08-11de-97f1-005056c00008}] shell\AutoRun\command - M:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2010-07-01 00:05:02 ----D---- C:\rsit 2010-07-01 00:05:02 ----D---- C:\Programme\trend micro 2010-06-30 23:42:27 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2010-06-30 23:42:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-06-12 14:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-06-12 14:50:13 ----SHD---- C:\Config.Msi 2010-06-12 14:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-06-12 14:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-06-12 14:47:06 ----D---- C:\WINDOWS\ie8updates 2010-06-12 14:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-06-12 14:43:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-06-12 14:43:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ ======List of files/folders modified in the last 1 months====== 2010-07-01 00:05:02 ----RD---- C:\Programme 2010-07-01 00:03:56 ----D---- C:\Temp 2010-06-30 23:59:16 ----D---- C:\WINDOWS 2010-06-30 23:58:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware 2010-06-30 23:58:04 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VMware 2010-06-30 23:56:38 ----RSD---- C:\WINDOWS\Fonts 2010-06-30 23:56:38 ----D---- C:\WINDOWS\system32\drivers 2010-06-30 23:55:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-30 23:53:41 ----D---- C:\WINDOWS\Prefetch 2010-06-30 23:33:39 ----D---- C:\WINDOWS\Temp 2010-06-30 23:33:39 ----D---- C:\WINDOWS\Debug 2010-06-28 04:56:25 ----D---- C:\WINDOWS\system32 2010-06-28 04:26:09 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ZoomBrowser EX 2010-06-28 04:26:06 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CameraWindowDC 2010-06-27 20:55:57 ----HD---- C:\$AVG8.VAULT$ 2010-06-27 20:08:11 ----HD---- C:\WINDOWS\inf 2010-06-27 20:08:11 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-27 18:42:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg8 2010-06-27 06:55:30 ----SHD---- C:\System Volume Information 2010-06-27 06:55:30 ----D---- C:\WINDOWS\system32\Restore 2010-06-26 07:10:42 ----RSD---- C:\WINDOWS\assembly 2010-06-26 07:10:13 ----D---- C:\WINDOWS\Microsoft.NET 2010-06-23 21:25:57 ----SHD---- C:\WINDOWS\Installer 2010-06-23 15:05:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-06-23 15:05:45 ----D---- C:\WINDOWS\WinSxS 2010-06-23 14:58:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM 2010-06-23 14:46:47 ----D---- C:\Programme\FreePDF_XP 2010-06-13 08:18:35 ----D---- C:\WINDOWS\system32\wbem 2010-06-12 14:51:14 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-06-12 14:49:43 ----A---- C:\WINDOWS\win.ini 2010-06-12 14:48:33 ----HD---- C:\WINDOWS\$hf_mig$ 2010-06-12 14:48:09 ----A---- C:\WINDOWS\vbaddin.ini 2010-06-12 14:47:13 ----D---- C:\Programme\Internet Explorer 2010-06-07 04:21:40 ----D---- C:\Programme\Microsoft Silverlight ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-30 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-30 27784] R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 GhPciScan;GhostPciScanner; \??\D:\Symantec\Norton Ghost 2003\ghpciscan.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2003-12-17 17005] R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys [] R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2007-05-01 28592] R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [] R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [] R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [] R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys [] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\D:\VMware Workstation\vstor2-ws60.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-23 1034752] R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-04-27 29208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-09-06 71168] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys [] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-05-01 16816] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-04-27 29208] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] S3 MHIKEY10;MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [] S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys [2008-11-14 40960] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2007-05-01 30768] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg8wd;AVG8 WatchDog; D:\UTILIT~1\AVG\avgwdsvc.exe [2009-07-30 297752] R2 avgfws8;AVG8 Firewall; D:\UTILIT~1\AVG\avgfws8.exe [2009-07-30 1370488] R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2007-01-31 96370] R2 GhostStartService;GhostStartService; D:\Symantec\Norton Ghost 2003\GhostStartService.exe [2003-12-17 200704] R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280] R2 VMAuthdService;VMware Authorization Service; D:\VMware Workstation\vmware-authd.exe [2007-05-01 109360] R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2007-05-01 121648] R2 vmount2;VMware Virtual Mount Manager Extended; C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104] R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2007-05-01 150320] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2010-01-29 135664] S3 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-23 360448] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-07-13 542496] S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-08 2528960] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ufad-ws60;VMware Agent Service; D:\VMware Workstation\vmware-ufad.exe [2007-04-09 187184] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- und zuletzt: Record Number: 48648 Source Name: Tcpip Time Written: 20100524151532.000000+120 Event Type: warning User: =====Application event log===== Computer Name: *** Event Code: 100 Message: Cannot connect to VMX: E:\My Virtual Machines\Windows XP Professional\Windows XP Professional.vmx Record Number: 17363 Source Name: vmauthd Time Written: 20100407040942.000000+120 Event Type: error User: Computer Name: *** Event Code: 100 Message: Cannot connect to VMX: E:\My Virtual Machines\Windows XP Professional\Windows XP Professional.vmx Record Number: 17267 Source Name: vmauthd Time Written: 20100403073416.000000+120 Event Type: error User: Computer Name: *** Event Code: 20 Message: Record Number: 17249 Source Name: Google Update Time Written: 20100402081214.000000+120 Event Type: error User: NT-AUTORITÄT\SYSTEM Computer Name: *** Event Code: 1517 Message: Die Registrierung des Benutzers "PC-MARKUS\Markus" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden. Record Number: 17203 Source Name: Userenv Time Written: 20100331211932.000000+120 Event Type: warning User: NT-AUTORITÄT\SYSTEM Computer Name: *** Event Code: 100 Message: Cannot connect to VMX: E:\My Virtual Machines\Windows XP Professional\Windows XP Professional.vmx Record Number: 17179 Source Name: vmauthd Time Written: 20100330173549.000000+120 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"D:\Symantec\Norton Ghost 2003\";C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Programme\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1 "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=0403 "TEMP"=C:\Temp "TMP"=C:\Temp "windir"=%SystemRoot% "CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Was kann / muss ich unternehmen um diesen Trojaner los zu werden? Mit Dank und Grüssen aus der Schweiz coloured |
|
01.07.2010, 21:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner Ageent2.AXDD in Quarantäne Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
04.07.2010, 18:23
| #3 |
| | Trojaner Ageent2.AXDD in Quarantäne Hallo Arne
__________________Herzlichen Dank für deine Antwort. Entschuldige bitte meine späte Antwort. Da mein Arbeitsort und Wohnort meines Partner weit auseinader liegen, habe ich nicht immer Zugriff auf dessen PC, da ich nicht täglich bei ihm zu Hause bin. Heute hat mir AVG mitgeteilt, dass die folgende Bedrohung gefunden wurde: Datei ist infiziert. Dateiname: baragus-budd2.com/pek/index.php. Name der Bedrohung: Exploit: Phoenix Exploit Kit (type 1112). Weiter listete AVG den Prozessnamen auf: C:\WINDOWS\system32\svchost.exe, sowie eine Prozess-ID: 500. So als erstes habe ich den Vollscan mit Malwarebytes durchgeführt. Hier das Ergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
***.malwarebytes.org
Datenbank Version: 4274
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04.07.2010 18:25:46
mbam-log-2010-07-04 (18-25-46).txt
Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Durchsuchte Objekte: 201010
Laufzeit: 37 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Als erstes das Extra.TxT [code]OTL Extras logfile created on: 04.07.2010 19:32:43 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): E:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78.13 Gb Total Space | 70.74 Gb Free Space | 90.55% Space Free | Partition Type: NTFS Drive D: | 111.78 Gb Total Space | 102.78 Gb Free Space | 91.95% Space Free | Partition Type: NTFS Drive E: | 146.48 Gb Total Space | 115.36 Gb Free Space | 78.75% Space Free | Partition Type: NTFS Drive F: | 43.43 Gb Total Space | 19.96 Gb Free Space | 45.95% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-*** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Utilities\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Microsoft Office 2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office 2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with Paint Shop Pro 9] -- "D:\Utilities\PaintShop_Pro_9\\Paint Shop Pro 9.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Utilities\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Utilities\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Utilities\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found "C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found "D:\Utilities\AVG\avgam.exe" = D:\Utilities\AVG\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "D:\Utilities\AVG\avgupd.exe" = D:\Utilities\AVG\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "D:\Utilities\AVG\avgnsx.exe" = D:\Utilities\AVG\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "D:\Utilities\iTunes\iTunes.exe" = D:\Utilities\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "D:\Utilities\TeamViewer\TeamViewer.exe" = D:\Utilities\TeamViewer\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater "{53480380-2B62-4FC9-A147-64AF851FBBB5}" = O&O Defrag Server Edition "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{90A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003 "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}" = Norton Ghost "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14 "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "ATI Display Driver" = ATI Display Driver "AVG8Uninstall" = AVG 8.5 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung "Canon MOV Decoder" = Canon MOV Decoder "CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560 "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0 "CSCLIB" = Canon Camera Support Core Library "DelTIF" = TIF-Löscher von Helmut Rohrbeck "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "EOS Utility" = Canon Utilities EOS Utility "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "FreePDF_XP" = FreePDF XP (Remove only) "ie7" = Windows Internet Explorer 7 "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "IrfanVie Geändert von coloured (04.07.2010 um 19:18 Uhr) |
|
04.07.2010, 19:39
| #4 |
| | Trojaner Ageent2.AXDD in Quarantäne Entwerder bin ich doof oder die Broweser treiben Spässe mit mir. Ich kann mein Beitrag nicht posten. Habe es nach dem felschlagenden langen post mit teilen versucht. Dies geht jedoch auch nicht. Hier ein weiterer Versuch. Hier die 2 Logfiles von OTL: Als erstes das Extra.TxT [code]OTL Extras logfile created on: 04.07.2010 19:32:43 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): E:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78.13 Gb Total Space | 70.74 Gb Free Space | 90.55% Space Free | Partition Type: NTFS Drive D: | 111.78 Gb Total Space | 102.78 Gb Free Space | 91.95% Space Free | Partition Type: NTFS Drive E: | 146.48 Gb Total Space | 115.36 Gb Free Space | 78.75% Space Free | Partition Type: NTFS Drive F: | 43.43 Gb Total Space | 19.96 Gb Free Space | 45.95% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-*** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Utilities\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Microsoft Office 2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office 2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with Paint Shop Pro 9] -- "D:\Utilities\PaintShop_Pro_9\\Paint Shop Pro 9.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Utilities\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Utilities\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Utilities\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found "C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found "D:\Utilities\AVG\avgam.exe" = D:\Utilities\AVG\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "D:\Utilities\AVG\avgupd.exe" = D:\Utilities\AVG\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "D:\Utilities\AVG\avgnsx.exe" = D:\Utilities\AVG\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "D:\Utilities\iTunes\iTunes.exe" = D:\Utilities\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "D:\Utilities\TeamViewer\TeamViewer.exe" = D:\Utilities\TeamViewer\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater "{53480380-2B62-4FC9-A147-64AF851FBBB5}" = O&O Defrag Server Edition "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{90A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003 "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}" = Norton Ghost "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14 "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "ATI Display Driver" = ATI Display Driver "AVG8Uninstall" = AVG 8.5 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung "Canon MOV Decoder" = Canon MOV Decoder "CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560 "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0 "CSCLIB" = Canon Camera Support Core Library "DelTIF" = TIF-Löscher von Helmut Rohrbeck "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "EOS Utility" = Canon Utilities EOS Utility "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "FreePDF_XP" = FreePDF XP (Remove only) "ie7" = Windows Internet Explorer 7 "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "IrfanView" = IrfanView (remove only) "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MOBILedit!" = MOBILedit! 3.2 "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NeroVision!UninstallKey" = Nero Digital "NMPUninstallKey" = Nero Media Player "Nokia PC Suite" = Nokia PC Suite "PhotoStitch" = Canon Utilities PhotoStitch "Redirection Port Monitor" = RedMon - Redirection Port Monitor "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "TeamViewer 5" = TeamViewer 5 "Winamp" = Winamp (nur entfernen) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.07.2010 15:58:1 |
|
04.07.2010, 20:05
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ageent2.AXDD in Quarantäne Bitte die Logs zippen und hier anhängen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2010, 20:06
| #6 |
| | Trojaner Ageent2.AXDD in Quarantäne Guten Abend Gibt es hier einen Modertor? Warum kann ich meine Logfiles nicht korrekt posten? Nach dem ersten misslungenen Versuch habe ich mir gedacht, dass alle drei Files eine zu hohe Datenmenge ist. Desshalb wollte ich es in drei Teilen. Leider geht es nicht so wie ich es gerne möchte. Entwedert die Browser Firefox und IE melden Verbindungsprobleme zum Server und wenn es doch funktioniert steht das Logfile nicht in einer "Code-Box" und es ist nicht das ganze File sichtbar. Was mach ich falsch. Danke Claudia / coloured |
|
04.07.2010, 20:13
| #7 |
| | Trojaner Ageent2.AXDD in Quarantäne Danke. Es kommt gleich |
|
04.07.2010, 20:20
| #8 | |
| | Trojaner Ageent2.AXDD in QuarantäneZitat:
|
|
04.07.2010, 20:25
| #9 |
| | Trojaner Ageent2.AXDD in Quarantäne Hoffe es klappt. |
|
04.07.2010, 20:29
| #10 |
| | Trojaner Ageent2.AXDD in Quarantäne und zum zweiten. |
|
04.07.2010, 20:32
| #11 |
| | Trojaner Ageent2.AXDD in Quarantäne ich habe keine nerven mehr. mehr als anhängen und auf hochladen kann ich nicht. warum sind dise dinger dann nicht zu sehen? |
|
04.07.2010, 20:42
| #12 |
| | Trojaner Ageent2.AXDD in Quarantäne So jetzt hat es auch die übermüdete Claudia gaschaft. |
|
04.07.2010, 21:43
| #13 |
| | Trojaner Ageent2.AXDD in Quarantäne Gute Nacht miteinander.  für die Geduld.Gruss Claudia |
|
05.07.2010, 08:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ageent2.AXDD in Quarantäne Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2010, 13:39
| #15 |
| | Trojaner Ageent2.AXDD in Quarantäne Hier die daten: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-05 13:09:15
Windows 5.1.2600 Service Pack 3
Running: uvs38nrm.exe; Driver: C:\Temp\uxlcapoc.sys
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\wuauclt.exe[720] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[720] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\wuauclt.exe[720] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1496] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 00E1000A
.text C:\WINDOWS\Explorer.EXE[2480] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2480] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[2480] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B6000C
---- Devices - GMER 1.0.15 ----
Device \Driver\usbhub \Device\0000006a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000006b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000006c hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000006d hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 4FA02AA39774E89540F9FA161EABC45F1BCE3414C38735311BC1F4A4447429AE8DD099AB8E49986ABC8C9A42C167B1E8F31A83E1B0A3936E8808EFDB74089520FC72219E1ADA24F7ACF8A354D3FBAB008B82F8C4C39612E57452E3944D16405B8669B5C57EF73EC597C030198AE6DEBF2BC679B04527F5680A3CA00747D1A78458CEACBE88633EEECB18BFB41F969A58E3594D6A0293A8DABA14D540DEE66DD5E36F407983549F21DC69B79A5270D30E875F208E488CB737395E199D9472D79E5D4A0F3B42767FA1A053DC16E4CBA1B9AC35830B6B36520AFED264D5ED085040BE961B1B19672348AFA55D441FF3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74C4FBF063125DDC79BD12B2ACF0515B382752277D1A197B611784009BA843A9B79F32E90591044AA11EB5D4006ECC71DE8FD83501D76C8A0BA9BE7875DBEB576A5558C5B8421B20FBEB294A1C8E4AEC8659F8DCA1B714FB2F764FAB0BB8CA4E3CB3335F99E3138627941210122EEDE977B6C2959915FE45B1A8091DAF7A40805A7F518BEC780BA168C5665D34F72C16C239E4CB37BEF9A0F66BF591C6A9EB2FE6D2636C5D5AF731F375559D3C23B962DC8900355863851C5159713521FF94DF943F1A
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:35:06 on 05.07.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.6 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "NokiaConnectionManager" - "Nokia" - D:\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP2.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys "AVG AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\Drivers\avgldx86.sys "AVG On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\Drivers\avgmfx86.sys "AVG8 Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\Drivers\avgtdix.sys "avgrkx86.sys" (AvgRkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\Drivers\avgrkx86.sys "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GhostPciScanner" (GhPciScan) - "Symantec Corporation" - D:\Symantec\Norton Ghost 2003\ghpciscan.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MHIKEY10" (MHIKEY10) - ? - C:\WINDOWS\System32\Drivers\MHIKEY10.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Realtek IR Driver" (Rts516xIR) - ? - C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys (File not found) "Realtek Smartcard Reader Driver" (USBCCID) - "Realtek Semiconductor Corporation" - C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys "RTS5121.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\WINDOWS\System32\Drivers\RTS5121.sys (File not found) "VMware Bridge Protocol" (VMnetBridge) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys "VMware hcmon" (hcmon) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\hcmon.sys "VMware kbd" (vmkbd) - "VMware, Inc." - C:\WINDOWS\system32\drivers\VMkbd.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\WINDOWS\system32\drivers\vmnetuserif.sys "VMware VMparport" (VMparport) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\VMparport.sys "VMware vmx86" (vmx86) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmx86.sys "Vstor2 Virtual Storage Driver" (vstor2) - "VMware, Inc." - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys "Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - D:\VMware Workstation\vstor2-ws60.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) Claudia |
|
| Themen zu Trojaner Ageent2.AXDD in Quarantäne |
| .vault, adobe, avg, avg security toolbar, bho, bonjour, browser, browseui preloader, canon, desktop, einstellungen, excel, explorer, firewall, fontcache, generic, google, gupdate, hdaudio.sys, hijack, hijackthis, microsoft office 2003, object, plug-in, programme, realtek, registry, remote control, schutz, security, shortcut, symantec, system, trojaner, windows, windows xp |
Linear-Darstellung
