| |
| |||||||
Log-Analyse und Auswertung: Win32.Backdoor.Papras/A / TR/Spy.Browse.A (Trojan) führt zu Grafikkartenproblemen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2010, 21:56
| #15 |
 |  Win32.Backdoor.Papras/A / TR/Spy.Browse.A (Trojan) führt zu Grafikkartenproblemen? So, habe GMER ausgeführt, ist nicht abgestürzt. Hat aber ewig gedauert, mehr als 5 Stunden diesmal... Log: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-31 22:07:23
Windows 5.1.2600 Service Pack 3
Running: pgtrnxzt.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT F7C24126 ZwCreateKey
SSDT F7C2411C ZwCreateThread
SSDT F7C2412B ZwDeleteKey
SSDT F7C24135 ZwDeleteValueKey
SSDT F7C2413A ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF79C18D0]
SSDT F7C24108 ZwOpenProcess
SSDT F7C2410D ZwOpenThread
SSDT F7C24144 ZwReplaceKey
SSDT F7C2413F ZwRestoreKey
SSDT F7C24130 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF79C1E70]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF79C1E00]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5EB33A0, 0x592C35, 0xE8000020]
.text tcpip.sys!IPTransmit + 10FC F35B5D3A 6 Bytes CALL F731B200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 F35B7690 6 Bytes CALL F731B200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 F35CD454 6 Bytes CALL F731B200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F77853FD 4 Bytes CALL F731B350 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F7785402 2 Bytes [90, 90] {NOP ; NOP }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F731BDB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F731BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F731BCB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F731BB30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F731BB30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F731BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F731BDB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F731BCB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F731BB30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F731BCB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F731BDB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F731BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F731BDB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F731BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F731BB30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F731BCB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F731BB30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F731BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F731BDB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F731BDB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F731BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F731BCB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F731BB30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F731BB30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F731BCB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F731BDB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F731BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y! 71230
---- Files - GMER 1.0.15 ----
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid5_gallery4205_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLW\az_multimedia.css 5530 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid5_gallery4205_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLW\mediaplayer.swf 33571 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid5_gallery4205_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLW\scripts.js 3514 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid5_gallery4205_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLW\scripts_prog.js 1146 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid5_gallery4205_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLW\swf_object.js 9320 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid5_gallery4205_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLW\ufo.js 10964 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid6_regid11_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\3_0_gross_augsburg.gif 4864 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid6_regid11_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\et_mmedetect.js 3397 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid6_regid11_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\et_overlay.php 886 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid6_regid11_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\overlay_get_clicks.js 6443 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid6_regid11_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\scripts.js 871 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid6_regid11_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\scripts_prog.js 1146 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\Kopie von neu 27102009\Dateien\Artikel,-Warum-Imagine-in-einen-Gottesdienst-passt-_arid,1262097_regid,2_puid,2_pageid,4494-Dateien\puid1_pageid6_regid11_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\styles.css 5870 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\SK neu 03112009\Dateien\Artikel,-Maerchenhafte-Geschichten-und-schoene-alte-Volkslieder-_arid,1228169_regid,1_puid,2_pageid,4492-Dateien\puid1_pageid6_regid10_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\ET_MME~1.JS 3397 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\SK neu 03112009\Dateien\Artikel,-Maerchenhafte-Geschichten-und-schoene-alte-Volkslieder-_arid,1228169_regid,1_puid,2_pageid,4492-Dateien\puid1_pageid6_regid10_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\OVERLA~1.JS 6443 bytes
File C:\Dateien\**name**\Webseiten\**unterordner**\alt html (rot)\SK neu 03112009\Dateien\Artikel,-Maerchenhafte-Geschichten-und-schoene-alte-Volkslieder-_arid,1228169_regid,1_puid,2_pageid,4492-Dateien\puid1_pageid6_regid10_backlinkaHR0cDovL3d3dy5hdWdzYnVyZ2VyLWFsbG\styles.css 5870 bytes
---- EOF - GMER 1.0.15 ----
Konnte den PC dann (wie oben) nicht mehr manuell herunterfahren -> Kaltstart. Habe dann OSAM ausgeführt, folgendes Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 h**p://www.online-solutions.ru/en/ Saved at 22:40:40 on 31.07.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "Ad-Aware Update (Daily 1).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Daily 2).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Daily 3).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Daily 4).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Weekly).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "SERVICE.CPL" - "Davilex Software bv" - C:\WINDOWS\system32\SERVICE.CPL "xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.4.10.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys "Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Computer, Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.0.0812.00.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / h**p://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161001832152 {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / h**p://office.microsoft.com/officeupdate/content/opuc3.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / h**p://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / h**p://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Internet Radio by Endicosoft.com" - "EndicoSoft.com" - C:\Programme\Internet Radio\Radio.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdmcks.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 2.4.lnk" - ? - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "ControlCenter2.0" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun "IndexSearch" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe "InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "LanguageShortcut" - ? - "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "PaperPort PTD" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe "QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "SetDefPrt" - "Brother Industories, Ltd." - C:\Programme\Brother\Brmfl04g\BrStDvPt.exe "SetIcon" - ? - \Programme\SMSC\SetIcon.exe (File not found) "SmcService" - "Sygate Technologies, Inc." - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui "SSBkgdUpdate" - "Scansoft, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AccSys WiFi Component" (accsvc) - "AccSys GmbH" - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "HID Input Service" (HidServ) - ? - C:\WINDOWS\System32\hidserv.dll (File not found) "iPod Service" (iPod Service) - "Apple Computer, Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "Messenger Sharing USN Journal Reader-Service" (usnsvc) - "Microsoft Corporation" - C:\Programme\MSN Messenger\usnsvc.dll "MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Sygate Personal Firewall" (SmcService) - "Sygate Technologies, Inc." - C:\Programme\Sygate\SPF\smc.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit h**p://forum.online-solutions.ru Code:
ATTFilter (...)
Program version: 1.1.0.0
OS Version: Microsoft windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C.
\\.\C. -> \\.\PhysicalDrive0 at offset 0x00000000'00007e00
Boot sector MD5 is: cd38df3ac5b49526a61408de03ef0647
Size 298 GB
Device Name \\.\Physical Drive0
MBR Status Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done:
Press any key to quit...
|
| Themen zu Win32.Backdoor.Papras/A / TR/Spy.Browse.A (Trojan) führt zu Grafikkartenproblemen? |
| anschluss, antivir guard, anzeige, awareness, beim starten, bildschirm, blockiert, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, dllhost.exe, druck, dsl, einstellungen, entfernen, forum, geforce, grafikkarte, guard, install.exe, jusched.exe, kompatibilität, launch, maus, media center, neue, nicht sicher, nt.exe, nvidia, prima, probleme, required, router, sanduhr, sched.exe, sekunden, starten, system, treiber, trojan, wichtig |
Baum-Darstellung