| |
| |||||||
Log-Analyse und Auswertung: Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.09.2010, 07:13
| #1 |
| |  Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Hallo Zusammen, ich bekomme täglich die Fehlermeldung, dass die Datei "launchhh.vbs" im System32 Ordner nicht gefunden wurde, dazu kommt, dass mein Microsoft Essentials mir immer wieder die beiden Folgenden bedrohungen anzeigt: Worm: Win32/Autorun!inf Worm: BAT/Rowmuny.A Die beiden "Würmer" werden dann von MS entfernt und es steht erfolgreich dort, dann kommen sie allerdings nach ca. 15 Min wieder!!! Außerdem ist mir aufgefallen, dass beim Start von Windows Vista unten in der Taskleiste kurz "Project Blackout V.2" erscheint und dann wieder verschwindet! Anbei mal der HiJack:HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:13:17, on 16.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Windows\Explorer.EXE C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Program Files\Samsung\Easy ALS Manager\EasyALSManager.exe C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Windows\WindowsMobile\wmdcBase.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Users\André Döring\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe, O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\install\server.exe O4 - HKLM\..\Run: [recyclerr] C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\install\server.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [recyclerr] C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\server.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files\SmarThru 4\WebCapture.dll1.htm O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files\SmarThru 4\WebCapture.dll2.htm O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files\SmarThru 4\WebCapture.dll.htm O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra button: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra button: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra button: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU) O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 9432 bytes Vielen Dank für Eure Hilfe und viele Grüße, Ash |
|
16.09.2010, 08:31
| #2 |
  | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Hi,
__________________oh-ha, das ist einiges los... bevor ich mich verkühnstele: Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris Für mich: O4 - HKCU\..\Run: [recyclerr] C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\server.exe O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\install\server.exe O4 - HKLM\..\Run: [recyclerr] C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\server.exe
__________________ |
|
17.09.2010, 11:53
| #3 |
| | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Anbei die beiden Logfiles:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4629 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 17.09.2010 12:30:59 mbam-log-2010-09-17 (12-30-59).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 139904 Laufzeit: 8 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe (Trojan.Dropper) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0uf17x02-1r75-b4n4-0x2e-j4lt8mgw5s0o} (Generic.Bot.H) -> No action taken. HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\recyclerr (Trojan.Dropper) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\recyclerr (Trojan.Dropper) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Downloader) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\users\andré döring\appdata\roaming\recyclerr\recyclerr.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe,) Good: (userinit.exe) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\André Döring\AppData\Roaming\recyclerr\recyclerr.exe (Trojan.Dropper) -> No action taken. C:\ntldr.exe (Trojan.Dropper) -> No action taken. C:\Windows\System32\drivers\tmpp.exe (Trojan.Dropper) -> No action taken. C:\Users\André Döring\AppData\Local\Temp\85782640_server.exe (Trojan.Dropper) -> No action taken. C:\Windows\System32\launch.vbs (Malware.Trace) -> No action taken. C:\Windows\System32\logg.txt (Malware.Trace) -> No action taken. C:\Users\André Döring\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken. _____________________________________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2010 12:47:47 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\André Döring\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 63,11 Gb Free Space | 56,41% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 110,41 Gb Free Space | 99,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BÜRO-PC Current User Name: André Döring Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\André Döring\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Samsung\Easy ALS Manager\EasyALSManager.exe (SAMSUNG Electronics) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\André Döring\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (OpenVPNService) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe () SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (RDPDISPM) -- C:\Windows\System32\drivers\rdpdispm.sys (Microsoft Corporation) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.05.03 12:48:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.05 21:17:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.03 10:50:45 | 000,000,000 | ---D | M] [2010.02.17 08:51:37 | 000,000,000 | ---D | M] -- C:\Users\André Döring\AppData\Roaming\mozilla\Extensions [2010.09.16 14:49:32 | 000,000,000 | ---D | M] -- C:\Users\André Döring\AppData\Roaming\mozilla\Firefox\Profiles\221mjg2t.default\extensions [2010.05.04 01:52:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\André Döring\AppData\Roaming\mozilla\Firefox\Profiles\221mjg2t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.17 08:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.216.127.130 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4f5a5a35-b728-11df-ab02-00265eac7e91}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\{50c0ccbd-b101-11df-b1e6-00265eac7e91}\Shell - "" = AutoRun O33 - MountPoints2\{50c0ccbd-b101-11df-b1e6-00265eac7e91}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{5677e86d-7ddc-11df-90fe-001e101f5224}\Shell - "" = AutoRun O33 - MountPoints2\{5677e86d-7ddc-11df-90fe-001e101f5224}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{cc8c8841-5692-11df-bc68-00265eac7e91}\Shell - "" = AutoRun O33 - MountPoints2\{cc8c8841-5692-11df-bc68-00265eac7e91}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{cc8c889e-5692-11df-bc68-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{cc8c889e-5692-11df-bc68-001e101f63cf}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{fb50c96c-7280-11df-8049-001e101f82a0}\Shell - "" = AutoRun O33 - MountPoints2\{fb50c96c-7280-11df-8049-001e101f82a0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.16 19:39:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.09.16 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\André Döring\AppData\Roaming\Malwarebytes [2010.09.16 17:36:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.16 17:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.16 17:36:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.16 17:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.15 08:32:24 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.15 08:23:08 | 000,000,000 | ---D | C] -- C:\Users\André Döring\Documents\Bluetooth-Exchange-Ordner [2010.09.10 15:51:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ntr [2010.09.09 17:43:54 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll [2010.09.03 10:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2010.09.03 10:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN [2010.09.03 09:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010.09.03 09:05:34 | 000,000,000 | ---D | C] -- C:\Users\André Döring\AppData\Roaming\Leadertech [2010.08.27 19:06:00 | 000,000,000 | ---D | C] -- C:\Users\André Döring\AppData\Roaming\U3 [2010.08.22 17:35:23 | 000,000,000 | RHSD | C] -- C:\Users\André Döring\AppData\Roaming\recyclerr [2010.08.20 17:00:55 | 000,000,000 | ---D | C] -- C:\Users\André Döring\AppData\Roaming\IrfanView [2010.08.20 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2010.08.14 17:27:35 | 009,960,800 | ---- | C] (Alcohol Soft Development Team) -- C:\Users\André Döring\AppData\Roaming\4rokv6786RO.exe [2010.08.14 17:15:40 | 009,960,800 | ---- | C] (Alcohol Soft Development Team) -- C:\Users\André Döring\AppData\Roaming\4uifb7893UI.exe ========== Files - Modified Within 30 Days ========== [2010.09.17 12:47:22 | 002,621,440 | -HS- | M] () -- C:\Users\André Döring\NTUSER.DAT [2010.09.17 12:43:23 | 000,065,536 | -HS- | M] () -- C:\Users\André Döring\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf [2010.09.17 12:43:22 | 000,524,288 | -HS- | M] () -- C:\Users\André Döring\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms [2010.09.17 12:37:12 | 001,453,908 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.17 12:37:12 | 000,632,242 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.17 12:37:12 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.17 12:37:12 | 000,127,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.17 12:37:12 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.17 12:33:01 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.17 12:33:01 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.17 12:32:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.17 12:32:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.17 12:32:54 | 2106,093,568 | -HS- | M] () -- C:\hiberfil.sys [2010.09.17 12:31:44 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.17 12:31:40 | 002,892,173 | -H-- | M] () -- C:\Users\André Döring\AppData\Local\IconCache.db [2010.09.17 12:21:07 | 000,000,142 | ---- | M] () -- C:\Windows\System32\launchhh.vbs [2010.09.17 12:19:26 | 000,007,458 | ---- | M] () -- C:\Windows\System32\launch.bat [2010.09.17 12:19:21 | 000,000,480 | ---- | M] () -- C:\Windows\System32\net.vbs [2010.09.16 19:39:38 | 350,984,340 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.09.16 17:36:36 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.16 14:38:43 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk [2010.09.16 08:01:36 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini [2010.09.09 17:43:34 | 000,001,024 | ---- | M] () -- C:\Users\André Döring\.rnd [2010.09.09 17:42:22 | 000,037,711 | ---- | M] () -- C:\Users\André Döring\Desktop\Warnung_2.jpg [2010.09.09 17:40:27 | 000,043,382 | ---- | M] () -- C:\Users\André Döring\Desktop\Warnung_1.jpg [2010.09.02 14:17:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.29 00:45:53 | 000,111,616 | ---- | M] () -- C:\Users\André Döring\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010.09.16 19:39:38 | 350,984,340 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.09.16 17:36:36 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.16 08:29:14 | 000,000,142 | ---- | C] () -- C:\Windows\System32\launchhh.vbs [2010.09.10 16:28:43 | 000,007,458 | ---- | C] () -- C:\Windows\System32\launch.bat [2010.09.09 17:43:54 | 000,773,120 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB [2010.09.09 17:42:22 | 000,037,711 | ---- | C] () -- C:\Users\André Döring\Desktop\Warnung_2.jpg [2010.09.09 17:40:27 | 000,043,382 | ---- | C] () -- C:\Users\André Döring\Desktop\Warnung_1.jpg [2010.08.22 17:35:37 | 000,000,480 | ---- | C] () -- C:\Windows\System32\net.vbs [2010.08.19 08:40:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.14 19:53:25 | 000,000,160 | ---- | C] () -- C:\Users\André Döring\AppData\Roaming\delme.bat [2010.08.14 16:23:45 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.07.09 10:07:39 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.09 10:07:39 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.07.05 21:49:43 | 000,000,593 | ---- | C] () -- C:\Users\André Döring\AppData\Roaming\XING-Plugin Update Log.txt [2010.06.10 03:29:17 | 000,001,037 | ---- | C] () -- C:\Users\André Döring\AppData\Local\Account.atomsvc [2010.05.25 08:45:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.05.25 08:45:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.05.25 08:45:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.05.25 08:45:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.04.08 22:15:36 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.02.23 18:54:05 | 000,000,008 | RHS- | C] () -- C:\ProgramData\88EFD5287A.sys [2010.02.23 18:54:04 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.02.14 20:11:52 | 000,011,404 | ---- | C] () -- C:\Users\André Döring\AppData\Roaming\SmarThruOptions.xml [2010.02.14 20:11:30 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll [2010.02.14 20:11:29 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll [2010.02.14 20:05:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2010.02.14 20:05:47 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2010.02.14 20:05:46 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2010.02.14 20:05:46 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2010.02.14 20:05:21 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll [2010.01.25 23:59:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.01.14 17:16:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.01.08 00:23:30 | 000,111,616 | ---- | C] () -- C:\Users\André Döring\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.05 02:02:02 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.11.25 09:25:47 | 000,002,134 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.11.25 09:21:48 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.11.25 09:21:48 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.11.25 08:58:59 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys [2008.11.25 08:57:24 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.11.25 08:17:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.25 08:17:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll [2008.11.25 08:17:31 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > _____________________________________________________ OTL Extras logfile created on: 17.09.2010 12:47:47 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\André Döring\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 63,11 Gb Free Space | 56,41% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 110,41 Gb Free Space | 99,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BÜRO-PC Current User Name: André Döring Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 ______________ Ich habe bei malewarebytes nur einen quick-scan laufen lassen können, der full-scan brach immer wieder bei 50022 Dateien ab. Des Weiteren habe ich die 10 Probleme mit dem Programm behoben, war das falsch??? Viele Grüße und vor allem, vielen Dank  |
|
18.09.2010, 19:00
| #4 |
| | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Hi, das EXTRA-log von OTL ist nicht vollständig. Das Du die Funde mit MAM gelöscht hast ist Okay, es besteht allerdings Rootkitverdacht (da sind typische Treiber installiert)... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\System32\launchhh.vbs
C:\Windows\System32\launch.bat
C:\Windows\System32\net.vbs
C:\Windows\System32\igfxdev.dll
Packe die Dateien C:\Windows\System32\launchhh.vbs C:\Windows\System32\launch.bat C:\Windows\System32\net.vbs lade sie hoch und schicke mir ein PM mit download und löschlink... Fileuplod: File-Upload.net - Ihr kostenloser File Hoster!, hochladen und den Link (mit Löschlink) als "PrivateMail" an mich... Die Dateien kennst Du nicht? Ich habe das was gefunden (im Web) über die Dateien, das sieht nicht gut aus. Von einem sauberen Rechner sofort alle Passwörter im WEB ändern! Fix für OTL:
Code:
ATTFilter
:OTL
DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
O33 - MountPoints2\{4f5a5a35-b728-11df-ab02-00265eac7e91}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{50c0ccbd-b101-11df-b1e6-00265eac7e91}\Shell - "" = AutoRun
O33 - MountPoints2\{50c0ccbd-b101-11df-b1e6-00265eac7e91}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5677e86d-7ddc-11df-90fe-001e101f5224}\Shell - "" = AutoRun
O33 - MountPoints2\{5677e86d-7ddc-11df-90fe-001e101f5224}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc8c8841-5692-11df-bc68-00265eac7e91}\Shell - "" = AutoRun
O33 - MountPoints2\{cc8c8841-5692-11df-bc68-00265eac7e91}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc8c889e-5692-11df-bc68-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{cc8c889e-5692-11df-bc68-001e101f63cf}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{fb50c96c-7280-11df-8049-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fb50c96c-7280-11df-8049-001e101f82a0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
[2010.08.22 17:35:23 | 000,000,000 | RHSD | C] -- C:\Users\André Döring\AppData\Roaming\recyclerr
[2010.09.16 08:29:14 | 000,000,142 | ---- | C] () -- C:\Windows\System32\launchhh.vbs
[2010.09.10 16:28:43 | 000,007,458 | ---- | C] () -- C:\Windows\System32\launch.bat
[2010.08.22 17:35:37 | 000,000,480 | ---- | C] () -- C:\Windows\System32\net.vbs
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00
:Commands
[emptytemp]
[Reboot]
Wenn es sich um kein 64-Bit System handelt (von dem ich ausgehe): Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
18.09.2010, 20:38
| #5 |
| |  Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Hi, anbei die Ergebnisse des Online-Tests: 1.) C:\Windows\System32\launchhh.vbs Antivirus Version Last Update Result AhnLab-V3 2010.09.19.00 2010.09.18 - AntiVir 8.2.4.58 2010.09.18 - Antiy-AVL 2.0.3.7 2010.09.18 - Authentium 5.2.0.5 2010.09.18 - Avast 4.8.1351.0 2010.09.18 - Avast5 5.0.594.0 2010.09.18 - AVG 9.0.0.851 2010.09.18 - BitDefender 7.2 2010.09.18 - CAT-QuickHeal 11.00 2010.09.18 - ClamAV 0.96.2.0-git 2010.09.18 - Comodo 6119 2010.09.18 - DrWeb 5.0.2.03300 2010.09.18 - Emsisoft 5.0.0.37 2010.09.18 - eSafe 7.0.17.0 2010.09.17 - eTrust-Vet 36.1.7862 2010.09.17 - F-Prot 4.6.1.107 2010.09.18 - F-Secure 9.0.15370.0 2010.09.18 - Fortinet 4.1.143.0 2010.09.18 - GData 21 2010.09.18 - Ikarus T3.1.1.88.0 2010.09.18 - Jiangmin 13.0.900 2010.09.18 - K7AntiVirus 9.63.2552 2010.09.18 - Kaspersky 7.0.0.125 2010.09.18 - McAfee 5.400.0.1158 2010.09.18 - McAfee-GW-Edition 2010.1C 2010.09.18 - Microsoft 1.6201 2010.09.18 - NOD32 5460 2010.09.18 - Norman 6.06.06 2010.09.18 - nProtect 2010-09-18.01 2010.09.18 - Panda 10.0.2.7 2010.09.18 - PCTools 7.0.3.5 2010.09.18 - Prevx 3.0 2010.09.18 - Rising 22.65.05.00 2010.09.18 - Sophos 4.57.0 2010.09.18 - Sunbelt 6894 2010.09.18 - SUPERAntiSpyware 4.40.0.1006 2010.09.18 - Symantec 20101.1.1.7 2010.09.18 - TheHacker 6.7.0.0.023 2010.09.18 - TrendMicro 9.120.0.1004 2010.09.18 - TrendMicro-HouseCall 9.120.0.1004 2010.09.18 - VBA32 3.12.14.0 2010.09.17 - ViRobot 2010.9.18.4048 2010.09.18 - VirusBuster 12.65.13.0 2010.09.18 - Additional information Show all MD5 : d027f4d5eebe73889e0a8b5843f5b9e4 SHA1 : 7d1aa857c0e8aaf94e4c430d9f7ac075da51998e SHA256: 31dc2b1fa93efdd356e9b24812e986066f99c2cf494ee9850dcc983313242a63 ssdeep: 3:ZK2iopFtSHFocYowhYhFNAJFXQKMMLBKWAIEGfNLHERHb4ZRDSHFoOU/vn:ZtiopDi4KhFS75 SG5ERELiVU/vn File size : 142 bytes First seen: 2010-04-27 11:34:03 Last seen : 2010-09-18 19:18:24 TrID: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ______________________________________________________________ 2.) C:\Windows\System32\launch.bat Antivirus Version Last Update Result AhnLab-V3 2010.09.19.00 2010.09.18 - AntiVir 8.2.4.58 2010.09.18 - Antiy-AVL 2.0.3.7 2010.09.18 - Authentium 5.2.0.5 2010.09.18 - Avast 4.8.1351.0 2010.09.18 - Avast5 5.0.594.0 2010.09.18 - AVG 9.0.0.851 2010.09.18 - BitDefender 7.2 2010.09.18 - CAT-QuickHeal 11.00 2010.09.18 - ClamAV 0.96.2.0-git 2010.09.18 - Comodo 6119 2010.09.18 - DrWeb 5.0.2.03300 2010.09.18 - Emsisoft 5.0.0.37 2010.09.18 - eSafe 7.0.17.0 2010.09.17 - eTrust-Vet 36.1.7862 2010.09.17 - F-Prot 4.6.1.107 2010.09.18 - F-Secure 9.0.15370.0 2010.09.18 - Fortinet 4.1.143.0 2010.09.18 - GData 21 2010.09.18 - Ikarus T3.1.1.88.0 2010.09.18 - Jiangmin 13.0.900 2010.09.18 - K7AntiVirus 9.63.2552 2010.09.18 - Kaspersky 7.0.0.125 2010.09.18 - McAfee 5.400.0.1158 2010.09.18 - McAfee-GW-Edition 2010.1C 2010.09.18 Heuristic.LooksLike.Win32.Suspicious.E Microsoft 1.6201 2010.09.18 - NOD32 5460 2010.09.18 MSIL/Zamog.A Norman 6.06.06 2010.09.18 - nProtect 2010-09-18.01 2010.09.18 - Panda 10.0.2.7 2010.09.18 - PCTools 7.0.3.5 2010.09.18 - Prevx 3.0 2010.09.18 - Rising 22.65.05.00 2010.09.18 - Sophos 4.57.0 2010.09.18 - Sunbelt 6894 2010.09.18 - SUPERAntiSpyware 4.40.0.1006 2010.09.18 - Symantec 20101.1.1.7 2010.09.18 - TheHacker 6.7.0.0.023 2010.09.18 - TrendMicro 9.120.0.1004 2010.09.18 - TrendMicro-HouseCall 9.120.0.1004 2010.09.18 - VBA32 3.12.14.0 2010.09.17 - ViRobot 2010.9.18.4048 2010.09.18 - VirusBuster 12.65.13.0 2010.09.18 - Additional information Show all MD5 : 60305a2c7da44952cef3dd29a18cc363 SHA1 : aa950b8c8bff415cedb741c682da0328e4058c54 SHA256: b72edce8eb76c4ed8d604320f6b90d3db992971322261a6397893405cac51825 ssdeep: 96:CktkG8zAYzQziJjUzHfzjQznwzq1zhGz0hdhz1Wz5zXxcdQxij4JS3Wz3zLzXf:l2GGRiRrO C4esaVhcd93gDvv File size : 7458 bytes First seen: 2010-09-18 19:24:52 Last seen : 2010-09-18 19:24:52 TrID: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ________________________________________________ 3.) C:\Windows\System32\net.vbs Antivirus Version Last Update Result AhnLab-V3 2010.09.19.00 2010.09.18 - AntiVir 8.2.4.58 2010.09.18 - Antiy-AVL 2.0.3.7 2010.09.18 - Authentium 5.2.0.5 2010.09.18 - Avast 4.8.1351.0 2010.09.18 - Avast5 5.0.594.0 2010.09.18 - AVG 9.0.0.851 2010.09.18 - BitDefender 7.2 2010.09.18 - CAT-QuickHeal 11.00 2010.09.18 - ClamAV 0.96.2.0-git 2010.09.18 - Comodo 6119 2010.09.18 - DrWeb 5.0.2.03300 2010.09.18 - eSafe 7.0.17.0 2010.09.17 - eTrust-Vet 36.1.7862 2010.09.17 - F-Prot 4.6.1.107 2010.09.18 - F-Secure 9.0.15370.0 2010.09.18 - Fortinet 4.1.143.0 2010.09.18 - GData 21 2010.09.18 - Ikarus T3.1.1.88.0 2010.09.18 - Jiangmin 13.0.900 2010.09.18 - K7AntiVirus 9.63.2552 2010.09.18 - Kaspersky 7.0.0.125 2010.09.18 - McAfee 5.400.0.1158 2010.09.18 - McAfee-GW-Edition 2010.1C 2010.09.18 Heuristic.LooksLike.Win32.Suspicious.B Microsoft 1.6201 2010.09.18 - NOD32 5460 2010.09.18 MSIL/Lolmehot.E Norman 6.06.06 2010.09.18 - nProtect 2010-09-18.01 2010.09.18 - Panda 10.0.2.7 2010.09.18 - PCTools 7.0.3.5 2010.09.18 - Prevx 3.0 2010.09.18 - Rising 22.65.05.00 2010.09.18 - Sophos 4.57.0 2010.09.18 - Sunbelt 6894 2010.09.18 - SUPERAntiSpyware 4.40.0.1006 2010.09.18 - Symantec 20101.1.1.7 2010.09.18 - TheHacker 6.7.0.0.023 2010.09.18 - TrendMicro 9.120.0.1004 2010.09.18 - TrendMicro-HouseCall 9.120.0.1004 2010.09.18 - VBA32 3.12.14.0 2010.09.17 - ViRobot 2010.9.18.4048 2010.09.18 - VirusBuster 12.65.13.0 2010.09.18 - Additional information Show all MD5 : 9fef7400ff0807762c05c3ce567d0b55 SHA1 : 57a8acd37b3e7b6cc8174a743d84ebdfc3622d43 SHA256: eb50950655ed0c2a4e512b7b74a07514f3364c7543ef2ea576cc09ac92cbfdda ssdeep: 12:/s3vAWCYha/ycqD/yBViAz1Loisf2vCSrRSv:U/A34XD/yBViATQFWSv File size : 480 bytes First seen: 2010-06-03 11:40:31 Last seen : 2010-09-18 19:27:11 TrID: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ______________________________________________ 4.) C:\Windows\System32\igfxdev.dll Antivirus Version Last Update Result AhnLab-V3 2010.09.19.00 2010.09.18 - AntiVir 8.2.4.58 2010.09.18 - Antiy-AVL 2.0.3.7 2010.09.18 - Authentium 5.2.0.5 2010.09.18 - Avast 4.8.1351.0 2010.09.18 - Avast5 5.0.594.0 2010.09.18 - AVG 9.0.0.851 2010.09.18 - BitDefender 7.2 2010.09.18 - CAT-QuickHeal 11.00 2010.09.18 - ClamAV 0.96.2.0-git 2010.09.18 - Comodo 6119 2010.09.18 - DrWeb 5.0.2.03300 2010.09.18 - Emsisoft 5.0.0.37 2010.09.18 - eSafe 7.0.17.0 2010.09.17 - eTrust-Vet 36.1.7862 2010.09.17 - F-Prot 4.6.1.107 2010.09.18 - F-Secure 9.0.15370.0 2010.09.18 - Fortinet 4.1.143.0 2010.09.18 - GData 21 2010.09.18 - Ikarus T3.1.1.88.0 2010.09.18 - Jiangmin 13.0.900 2010.09.18 - K7AntiVirus 9.63.2552 2010.09.18 - Kaspersky 7.0.0.125 2010.09.18 - McAfee 5.400.0.1158 2010.09.18 - McAfee-GW-Edition 2010.1C 2010.09.18 - Microsoft 1.6201 2010.09.18 - NOD32 5460 2010.09.18 - Norman 6.06.06 2010.09.18 - nProtect 2010-09-18.01 2010.09.18 - Panda 10.0.2.7 2010.09.18 - PCTools 7.0.3.5 2010.09.18 - Prevx 3.0 2010.09.18 - Rising 22.65.05.00 2010.09.18 - Sophos 4.57.0 2010.09.18 - Sunbelt 6894 2010.09.18 - SUPERAntiSpyware 4.40.0.1006 2010.09.18 - Symantec 20101.1.1.7 2010.09.18 - TheHacker 6.7.0.0.023 2010.09.18 - TrendMicro 9.120.0.1004 2010.09.18 - TrendMicro-HouseCall 9.120.0.1004 2010.09.18 - VBA32 3.12.14.0 2010.09.17 - ViRobot 2010.9.18.4048 2010.09.18 - VirusBuster 12.65.13.0 2010.09.18 - Additional information Show all MD5 : 37a4924b767a94124c168d1d480d4db2 SHA1 : 31bcb5ffcf94ff4c82b64e709b44153e8a8d5f3f SHA256: da1fd79aefcfb822f17c5e3b19a94d0372642f05ded639c63be67a0b536eccb1 ssdeep: 3072:TPUVTM0S0SFCypIPR4Qr891rItApBxJBi+74gPT/etaA/60Z6W:zo0IPR4Qo91EiQa4gPb Nne6 File size : 208896 bytes First seen: 2010-09-18 19:30:17 Last seen : 2010-09-18 19:30:17 TrID: DirectShow filter (52.6%) Windows OCX File (32.2%) Win32 Executable MS Visual C++ (generic) (9.8%) Win32 Executable Generic (2.2%) Win32 Dynamic Link Library (generic) (1.9%) sigcheck: publisher....: Intel Corporation copyright....: Copyright 1999-2006, Intel Corporation product......: Intel(R) Common User Interface description..: igfxdev Module original name: IGFXDEV.DLL internal name: IGFXDEV file version.: 7.14.10.1540 comments.....: signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x185C2 timedatestamp....: 0x48989EEA (Tue Aug 05 18:41:46 2008) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x24F7C, 0x25000, 6.68, 1dc52c9d4c5eb655692a4caa0541b808 .rdata, 0x26000, 0x5892, 0x6000, 5.19, 9e53d15e0549a59881b271083b7af4a0 .data, 0x2C000, 0x441C, 0x2000, 3.61, 33aace1b07d42c23dd4d67c2a9678195 .rsrc, 0x31000, 0x1004, 0x2000, 4.44, 7931b503ec2aa134af81c111aca1114c .reloc, 0x33000, 0x28F6, 0x3000, 4.56, d006a8e9b65d49a01998ce223d5bb784 [[ 6 import(s) ]] KERNEL32.dll: GlobalAlloc, InterlockedDecrement, CloseHandle, SetEvent, OpenEventA, LocalFree, FormatMessageA, CreateMutexA, WaitForSingleObject, ReleaseMutex, WideCharToMultiByte, lstrlenW, RaiseException, lstrlenA, DisableThreadLibraryCalls, GetModuleFileNameA, GlobalLock, MultiByteToWideChar, LoadResource, FindResourceA, LoadLibraryExA, GetConsoleCP, SetFilePointer, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, SetLastError, GlobalUnlock, IsDBCSLeadByte, GlobalFree, GetModuleHandleA, GetLastError, GetSystemPowerStatus, LoadLibraryA, GetProcAddress, GetCurrentProcess, FreeLibrary, GetVersionExA, InterlockedIncrement, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, Sleep, GetLocaleInfoA, lstrcmpiA, SizeofResource, WriteConsoleA, SetStdHandle, ReadFile, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, InterlockedExchange, GetACP, GetThreadLocale, RtlUnwind, HeapFree, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, GetOEMCP, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, HeapDestroy, HeapCreate, VirtualFree, ExitProcess, WriteFile, GetStdHandle, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetConsoleMode USER32.dll: ChangeDisplaySettingsA, PostMessageA, RegisterWindowMessageA, GetSystemMetrics, CharNextA, FindWindowA, BroadcastSystemMessageA, EnumDisplayDevicesA, GetDC, ReleaseDC, UnregisterClassA GDI32.dll: CreateDCA, DeleteDC, GetDeviceCaps ADVAPI32.dll: RegEnumKeyExA, RegQueryInfoKeyA, RegDeleteValueA, RegDeleteKeyA, GetSecurityInfo, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityInfo, RegCreateKeyExA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCloseKey ole32.dll: CoTaskMemRealloc, CoTaskMemFree, CoCreateInstance, StringFromGUID2, CoTaskMemAlloc OLEAUT32.dll: -, -, -, -, -, -, -, -, -, - [[ 5 export(s) ]] DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, WinlogonUnlockEvent __________________________________________ Lade die Datei gleich noch hoch, den Rest poste ich gleich morgen Vielen Dank für die tolle Hilfe !!! |
|
18.09.2010, 21:13
| #6 |
| | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Anbei noch der Log von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 10-09-17.04 - André Döring 18.09.2010 22:03:29.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.2008.1110 [GMT 2:00]
ausgeführt von:: c:\users\André Döring\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\André Döring\AppData\Roaming\4rokv6786RO.exe
c:\users\André Döring\AppData\Roaming\4uifb7893UI.exe
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
c:\windows\system32\muzapp.exe
c:\windows\tmp.log
c:\windows\tmpp.log
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-18 bis 2010-09-18 ))))))))))))))))))))))))))))))
.
2010-09-18 20:07 . 2010-09-18 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 19:40 . 2010-09-18 19:40 -------- d-----w- C:\_OTL
2010-09-16 15:36 . 2010-09-16 15:36 -------- d-----w- c:\programdata\Malwarebytes
2010-09-15 06:32 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:32 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:32 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:32 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-09 15:43 . 2008-06-24 11:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-09-03 08:51 . 2010-09-03 08:51 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-03 08:30 . 2010-09-03 08:32 -------- d-----w- c:\program files\OpenVPN
2010-09-03 07:27 . 2010-09-03 07:28 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-20 15:00 . 2010-08-20 15:00 -------- d-----w- c:\program files\IrfanView
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:04 . 2008-11-25 06:26 632242 ----a-w- c:\windows\system32\perfh007.dat
2010-09-18 20:04 . 2008-11-25 06:26 127472 ----a-w- c:\windows\system32\perfc007.dat
2010-09-18 19:57 . 2008-11-25 23:43 4268 ----a-w- c:\windows\bthservsdp.dat
2010-09-16 06:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-09 15:44 . 2010-08-14 16:08 -------- d-----w- c:\programdata\Nero
2010-09-09 15:44 . 2010-08-14 16:08 -------- d-----w- c:\program files\Common Files\Nero
2010-09-09 15:41 . 2008-11-25 06:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-09 15:41 . 2008-11-25 07:16 -------- d-----w- c:\program files\CyberLink
2010-09-09 15:39 . 2010-05-02 16:12 -------- d-----w- c:\program files\ElsterFormular
2010-08-14 17:40 . 2010-08-14 17:40 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-08-14 15:16 . 2010-08-14 14:23 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-14 14:54 . 2010-08-14 14:54 -------- d-----w- c:\program files\Alcohol Soft
2010-06-26 06:05 . 2010-08-14 14:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-14 14:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-14 14:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-14 14:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-14 14:25 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 03:26 . 2010-07-09 08:13 96488 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2010-06-21 03:26 . 2010-07-09 08:13 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-06-21 03:26 . 2010-07-09 08:13 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2010-06-21 03:26 . 2010-07-09 08:13 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2010-06-21 03:26 . 2010-07-09 08:13 121576 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2010-06-21 03:26 . 2010-07-09 08:13 10344 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2010-06-21 03:26 . 2010-07-09 08:13 10344 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2010-06-21 03:26 . 2010-07-09 08:13 10216 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2010-06-21 03:26 . 2010-07-09 08:13 10216 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2010-06-21 03:26 . 2010-07-09 08:13 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-06-30 3365176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-19 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2152173359-2455070513-4135363287-1003]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 30312]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-05-03 9040]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 121576]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-14 697328]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-25 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-01-16 31248]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-25 18136]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-04-15 224384]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-28 36608]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-03-28 1363088]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - BMLoad
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Als HTML speichern - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
LSP: bmnet.dll
FF - ProfilePath - c:\users\André Döring\AppData\Roaming\Mozilla\Firefox\Profiles\221mjg2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-WinDefend
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-18 22:07
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\bmnet.dll
.
Zeit der Fertigstellung: 2010-09-18 22:10:18
ComboFix-quarantined-files.txt 2010-09-18 20:10
Vor Suchlauf: 10 Verzeichnis(se), 74.025.308.160 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 73.724.022.784 Bytes frei
- - End Of File - - 542F157A88FCE604D6D191812F9226AB
Und sogar noch die des Rootkit Detector: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-18 22:35:51
Windows 6.0.6002 Service Pack 2
Running: yf5u5doi.exe; Driver: C:\Users\ANDRDR~1\AppData\Local\Temp\kxldqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\Users\ANDRDR~1\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\ANDRDR~1\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1508] USER32.dll!TrackPopupMenu 766314F3 5 Bytes JMP 672B05FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3468] ntdll.dll!LdrLoadDll 77B89390 5 Bytes JMP 001313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\drivers\dxgkrnl.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\HDAudBus.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\sdbus.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\CmBatt.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\serial.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\serenum.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\mouclass.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndistapi.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\rdpdr.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\termdd.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\swenum.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ks.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\mssmbios.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\usbhub.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\drivers\portcls.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Fs_Rec.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Null.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Msfs.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Npfs.SYS[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\rasacd.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\drivers\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\tdx.sys[ntoskrnl.exe!IoCreateDevice] [889CA63E] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject] [889CAFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject] [889CAFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [889CAFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[2752] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [67CEF3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
Device \Driver\BTHUSB \Device\00000078 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000078 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f9d324
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f9da6a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265eac7e91
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265eac7e91@00168d0120c7 0x7B 0x0A 0x47 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265eac7e91@00214f4edbfa 0x39 0x33 0x02 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265eac7e91@5492bec5c3fa 0xFF 0xBC 0x18 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265eac7e91@0021ba8a32b6 0x17 0x63 0x14 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xD1 0xC4 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0xB2 0xCA 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f9d324 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f9da6a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00265eac7e91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00265eac7e91@00168d0120c7 0x7B 0x0A 0x47 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00265eac7e91@00214f4edbfa 0x39 0x33 0x02 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00265eac7e91@5492bec5c3fa 0xFF 0xBC 0x18 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00265eac7e91@0021ba8a32b6 0x17 0x63 0x14 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xD1 0xC4 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0xB2 0xCA 0x6C ...
---- EOF - GMER 1.0.15 ----
Viele Grüße Geändert von Ashton (18.09.2010 um 21:35 Uhr) |
|
18.09.2010, 21:58
| #7 |
| | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Hi, Danke für die Files, bin mal drübergeflogen, da wird an verschiedene Adressen was versendet... Habs mal zu den Virenlabors weitergeleitet... Hast Du alle Passwörter von einem sauberen Rechner aus geändert? Von den nachfolgenden zu prüfenden Files nur dann das Ergebniss posten, wenn was gefunden wurde (sie sollten eigentlich sauber sein);O) Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter c:\windows\system32\bmnet.dll
C:\Windows\system32\Drivers\PROCEXP113.SYS
c:\windows\system32\spoolsv.exe
c:\windows\system32\MP4SDECD.DLL
c:\windows\system32\inetcomm.dll
c:\windows\system32\wininet.dll
Danach noch Cureit: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris Shit, ich bin das .bat file noch mal durchgegangen, prüfe umgehend Deine DNS-Einstellungen! Das Teil setzt Dir da was statisches aus der USA rein...
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (18.09.2010 um 22:45 Uhr) |
|
19.09.2010, 10:44
| #8 |
| | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Servus, wie prüfe ich meine DNS-Einstellungen? Die Dateien ergaben bei der Online-Prüfung keine Bedrohung, allerdings kann er die Datei: C:\Windows\system32\Drivers\PROCEXP113.SYS nicht finden! DrWeb - CureIt kommt gleich nach ... |
|
19.09.2010, 13:11
| #9 |
| | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Also DrWeb - CureIt hat nichts gefunden, keine Infizierungen. Ist mein System jetzt trotzdem noch verseucht? |
|
20.09.2010, 07:39
| #10 |
| | Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen Hi, DNS-Einstellung: Ändern der TCP/IP-Einstellungen PROCEXP113.SYS Hattest Du mal SW (den Process Explorer) von Sysinternals auf dem Rechner? Soweit sieht es eigentlich gut aus, was macht der Rechner? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Zwei Warnmeldungen Autorun!inf / Rowmuny.A lassen sich nicht beseitigen |
| adobe, agere systems, autorun, bho, defender, error, excel, explorer, fehlermeldung, firefox, hijack, hijackthis, internet, internet explorer, microsoft essentials, microsoft security, microsoft security essentials, mozilla, nicht gefunden, ordner, pdf, plug-in, registry, rundll, security, software, start von windows, system, taskleiste, vista, vodafone, warnmeldungen, windows |
Linear-Darstellung
