Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ControlSet002 ?

ControlSet002 ?


Plagegeister aller Art und deren Bekämpfung: ControlSet002 ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 4 1 2 34
Alt 22.11.2010, 13:43   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ControlSet002 ? - Standard

ControlSet002 ?


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2010, 14:27   #17
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-22 14:21:50
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01
Running: l4jis364.exe; Driver: C:\Users\***\AppData\Local\Temp\kfldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                    8307A599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             8309EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                             section is writeable [0x8EBB5300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                             section is writeable [0x8EBF8300, 0x1BEE, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [748D2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]               [748B5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [748B56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                     [748D250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]           [748C8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]             [748C4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [748C50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]           [748C51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [748C66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [748C82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]       [748C8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]     [748C907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]           [748CE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]               [748C4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000050                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	TOSHIBA
BIOS Manufacturer:		INSYDE
System Manufacturer:		TOSHIBA
System Product Name:		Satellite L300
Logical Drives Mask:		0x0001001c

Kernel Drivers (total 195):
  0x83037000 \SystemRoot\system32\ntkrnlpa.exe
  0x83000000 \SystemRoot\system32\halmacpi.dll
  0x80BC8000 \SystemRoot\system32\kdcom.dll
  0x8360A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x83682000 \SystemRoot\system32\PSHED.dll
  0x83693000 \SystemRoot\system32\BOOTVID.dll
  0x8369B000 \SystemRoot\system32\CLFS.SYS
  0x836DD000 \SystemRoot\system32\CI.dll
  0x83788000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8AE19000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AE27000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AE6F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AE78000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AE80000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AEAA000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AEB5000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AEC6000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AED6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AF21000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AF29000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AF34000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8B028000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8B0F6000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8B0FF000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B133000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B224000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B353000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B37E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B391000 \SystemRoot\System32\Drivers\cng.sys
  0x8B3EE000 \SystemRoot\System32\drivers\pcw.sys
  0x8B200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B144000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF4A000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B000000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B427000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B570000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B5A1000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B5E0000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x8B5E5000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AF88000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B5ED000 \SystemRoot\System32\Drivers\mup.sys
  0x8B400000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8AFB5000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B408000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8B60A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8B71B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8B73A000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B741000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B748000 \SystemRoot\System32\drivers\vga.sys
  0x8B754000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8B775000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B782000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8B78A000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B792000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8B79A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8B7A5000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B7B3000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8B7CA000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90C2C000 \SystemRoot\system32\drivers\afd.sys
  0x90C86000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90CB8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x90CBF000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90CDE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x90CF4000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90D02000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90D15000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90D25000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x90D2B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90D6C000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90D76000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90D80000 \SystemRoot\System32\drivers\discache.sys
  0x90D8C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x90DA4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x90DB2000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90DD5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x90DD7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x90DF8000 \SystemRoot\system32\DRIVERS\FwLnk.sys
  0x90C00000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x90C12000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x92426000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x92D43000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9340E000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x93447000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x93452000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x9349D000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x934AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x934CB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
  0x94227000 \SystemRoot\system32\DRIVERS\athr.sys
  0x94354000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9435E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x94376000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x94383000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x943B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x943B5000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x943C2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x943C8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x943D5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x943E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x94200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x93510000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x9420B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x93532000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x93549000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x94223000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x93560000 \SystemRoot\system32\DRIVERS\ks.sys
  0x93594000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x935A2000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x935E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x96601000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x97220000 \SystemRoot\system32\drivers\portcls.sys
  0x9724F000 \SystemRoot\system32\drivers\drmk.sys
  0x97268000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x9736E000 \SystemRoot\system32\drivers\modem.sys
  0x9737B000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x99440000 \SystemRoot\System32\win32k.sys
  0x97391000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9739B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8B62F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x973A8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x973B9000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x996A0000 \SystemRoot\System32\TSDDD.dll
  0x996D0000 \SystemRoot\System32\cdd.dll
  0x973C4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x973DB000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
  0x92400000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x973E3000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x97200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x97213000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x973EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8B6FD000 \SystemRoot\system32\drivers\luafv.sys
  0x90C16000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x973F9000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys
  0x8B7D5000 \SystemRoot\system32\drivers\WudfPf.sys
  0x8B7EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8EA02000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8EA48000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8EA58000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8EA6B000 \SystemRoot\system32\drivers\HTTP.sys
  0x8EAF9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x8EB12000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8EB24000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8EB47000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8EB82000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8EBB5000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x8EBF8000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xB3231000 \SystemRoot\system32\drivers\peauth.sys
  0xB32C8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xB32D2000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys
  0xB335D000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys
  0xB3392000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xB33B3000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xB502A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xB5079000 \SystemRoot\System32\DRIVERS\srv.sys
  0xB50CA000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
  0xB513D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xB5146000 \??\C:\Users\***\AppData\Local\Temp\kfldypow.sys
  0x77BE0000 \Windows\System32\ntdll.dll
  0x47B10000 \Windows\System32\smss.exe
  0x77E20000 \Windows\System32\apisetschema.dll
  0x00EE0000 \Windows\System32\autochk.exe
  0x77DB0000 \Windows\System32\difxapi.dll
  0x77DA0000 \Windows\System32\lpk.dll
  0x77B10000 \Windows\System32\user32.dll
  0x77910000 \Windows\System32\iertutil.dll
  0x77870000 \Windows\System32\usp10.dll
  0x777E0000 \Windows\System32\clbcatq.dll
  0x77D50000 \Windows\System32\Wldap32.dll
  0x77D30000 \Windows\System32\sechost.dll
  0x77730000 \Windows\System32\msvcrt.dll
  0x77650000 \Windows\System32\kernel32.dll
  0x775D0000 \Windows\System32\comdlg32.dll
  0x774D0000 \Windows\System32\wininet.dll
  0x77D20000 \Windows\System32\psapi.dll
  0x77430000 \Windows\System32\advapi32.dll
  0x77290000 \Windows\System32\setupapi.dll
  0x77150000 \Windows\System32\urlmon.dll
  0x77100000 \Windows\System32\gdi32.dll
  0x770C0000 \Windows\System32\ws2_32.dll
  0x770A0000 \Windows\System32\imm32.dll
  0x76450000 \Windows\System32\shell32.dll
  0x76380000 \Windows\System32\msctf.dll
  0x762D0000 \Windows\System32\rpcrt4.dll
  0x76240000 \Windows\System32\oleaut32.dll
  0x760E0000 \Windows\System32\ole32.dll
  0x760D0000 \Windows\System32\nsi.dll
  0x760C0000 \Windows\System32\normaliz.dll
  0x76060000 \Windows\System32\shlwapi.dll
  0x76030000 \Windows\System32\imagehlp.dll
  0x76000000 \Windows\System32\cfgmgr32.dll
  0x75FD0000 \Windows\System32\wintrust.dll
  0x75F80000 \Windows\System32\KernelBase.dll
  0x75F60000 \Windows\System32\devobj.dll
  0x75E40000 \Windows\System32\crypt32.dll
  0x75DB0000 \Windows\System32\comctl32.dll
  0x75DA0000 \Windows\System32\msasn1.dll

Processes (total 72):
       0 System Idle Process
       4 System
     300 C:\Windows\System32\smss.exe
     436 csrss.exe
     488 C:\Windows\System32\wininit.exe
     500 csrss.exe
     544 C:\Windows\System32\services.exe
     568 C:\Windows\System32\lsass.exe
     576 C:\Windows\System32\lsm.exe
     684 C:\Windows\System32\svchost.exe
     708 C:\Windows\System32\winlogon.exe
     828 C:\Windows\System32\svchost.exe
     892 C:\Windows\System32\svchost.exe
     956 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1296 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\spoolsv.exe
    1484 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1504 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1532 C:\Windows\System32\svchost.exe
    1640 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1648 C:\Windows\System32\conhost.exe
    1724 C:\Windows\System32\taskhost.exe
    1796 C:\Windows\System32\dwm.exe
    1876 C:\Windows\explorer.exe
    2044 C:\Windows\System32\taskeng.exe
     564 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
     356 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
     572 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1048 C:\Windows\System32\hkcmd.exe
    1188 C:\Windows\System32\igfxpers.exe
    1984 C:\Windows\RtHDVCpl.exe
    1680 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     624 C:\Program Files\iTunes\iTunesHelper.exe
    2052 C:\Program Files\Windows Sidebar\sidebar.exe
    2116 C:\Program Files\Bonjour\mDNSResponder.exe
    2200 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2228 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    2336 C:\Windows\System32\svchost.exe
    2360 C:\Windows\System32\svchost.exe
    2428 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    2516 C:\Windows\System32\svchost.exe
    2548 C:\Windows\System32\svchost.exe
    2768 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    2848 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2876 C:\Windows\System32\svchost.exe
    3016 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3084 C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    3436 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    3496 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    3972 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    4000 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    4068 C:\Windows\System32\svchost.exe
    1992 C:\Windows\System32\SearchIndexer.exe
    2248 C:\Program Files\iPod\bin\iPodService.exe
    1896 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
     352 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4516 C:\Windows\System32\svchost.exe
    5996 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    6052 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    6112 C:\Windows\System32\svchost.exe
    3384 C:\Windows\System32\svchost.exe
    6124 C:\Windows\System32\audiodg.exe
    4052 C:\Program Files\Mozilla Firefox\firefox.exe
    1492 C:\Windows\System32\SearchProtocolHost.exe
    5916 C:\Windows\System32\SearchFilterHost.exe
    3872 C:\Windows\explorer.exe
    5064 dllhost.exe
    4264 dllhost.exe
    4364 C:\Users\***\Desktop\MBRCheck.exe
    3928 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002e`e7700000  (NTFS)
\\.\Q: -->  error 5

PhysicalDrive0 Model Number: TOSHIBAMK4055GSX, Rev: FG011M  

      Size  Device Name          MBR Status
  --------------------------------------------
    372 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Hmm.. komisch : Wenn ich jetzt unter C: gehe, dann werden Ordner wie $INPLACE.~TR eingeblendet (auch wenn ich versteckte Ordner ausblenden lasse), obwohl diese eigentlich versteckt sein sollten.
__________________

Geändert von oraculum (22.11.2010 um 14:59 Uhr)

Alt 22.11.2010, 17:40   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ControlSet002 ? - Standard

ControlSet002 ?


Zitat:
Hmm.. komisch : Wenn ich jetzt unter C: gehe, dann werden Ordner wie $INPLACE.~TR eingeblendet (auch wenn ich versteckte Ordner ausblenden lasse), obwohl diese eigentlich versteckt sein sollten.
Es gibt das Attibut versteckt und eins für geschützte Systemdateien. In den Ordneroptionen lassen sich auch letztere anzeigen oder ausblenden. Aber das ist jetzt ein Nebenkreigsschauplatz. Ich brauch das Log vom mbrcheck.
__________________
__________________
Alt 22.11.2010, 17:50   #19
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Das ist das zweite

Alt 22.11.2010, 17:54   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ControlSet002 ? - Standard

ControlSet002 ?


Oh, meinte natürlich das von OSAM

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2010, 17:58   #21
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Aber dafür habe ich doch GMER

Alt 22.11.2010, 18:01   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ControlSet002 ? - Standard

ControlSet002 ?


Dann hast du meinen Text nicht ganz verstanden. Ich will Logs von GMER und OSAM sehen.
Wenn GMER nicht will, lässt du das halt weg und postest nur das Log von OSAM.
Wenn GMER funktionierte trotzdem OSAM ausführen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2010, 18:03   #23
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Oh achso

Alt 23.11.2010, 18:34   #24
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Ääähm.. wie soll ich die entpacken? Da wir nur so eine Datei mit einem weißen Symbol runtergeladen.

Alt 23.11.2010, 19:08   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ControlSet002 ? - Standard

ControlSet002 ?


Nimm 7-ZIP oder WinRAR...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2010, 19:31   #26
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:28:29 on 23.11.2010

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"XDva289" (XDva289) - ? - C:\Windows\system32\XDva289.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Desktop\SAchn\Startup )-----
"desktop.ini" - ? - C:\Users\***\Desktop\SAchn\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"4StoryPrePatch" - ? - C:\Program Files\Gameforge4D\4Story\PrePatch.exe
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Program Files\Jumpstart\jswpsapi.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Hofe ich hab das richtig gemacht

Alt 23.11.2010, 20:58   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ControlSet002 ? - Standard

ControlSet002 ?


Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2010, 21:29   #28
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Ist SUPERAntiSpyware kostenlos? Weil das steht sowas mit 19,99€
Geändert von oraculum (23.11.2010 um 22:00 Uhr)

Alt 24.11.2010, 08:45   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ControlSet002 ? - Standard

ControlSet002 ?


Es gibt eine Free und eine Pro-Version. Halte dich einfach an unseren Anleitungen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.11.2010, 14:19   #30
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/25/2010 at 02:04 PM

Application Version : 4.46.1000

Core Rules Database Version : 5916
Trace Rules Database Version: 3728

Scan type       : Complete Scan
Total Scan Time : 01:34:11

Memory items scanned      : 762
Memory threats detected   : 0
Registry items scanned    : 9614
Registry threats detected : 0
File items scanned        : 143785
File threats detected     : 1

Trojan.Agent/Gen-Cryptor[Virut]
	C:\TOSHIBA\WEBSHOPS\ADDEBAYTOOLBARBUTTON.EXE

Antwort
Seite 2 von 4 1 2 34

Themen zu ControlSet002 ?
.dll, 4d36e972-e325-11ce-bfc1-08002be10318, administratorrechte, antivir, avg, avgntflt.sys, avira, conhost.exe, controlset002, csrss.exe, desktop, dwm.exe, explorer.exe, firefox.exe, forum, home premium, iastor.sys, install.exe, jusched.exe, log, lsass.exe, microsoft, modul, msiexec.exe, notepad.exe, nt.dll, programdata, programm, prozesse, registry, services.exe, skype.exe, software, start menu, starten, studio, svchost.exe, taskhost.exe, trojaner, usb 2.0, versteckte objekte, verweise, video converter, virus gefunden, vista, visual studio, windows, windows 7 home, windows 7 home premium, winlogon.exe, wmp, wscript.exe


« Trojan.Banker - 100 tan Trojaner Commerzbank | Dropper DR/Dldr.CodecPack.sjt.15 (C:\...\Temp\Em3.exe) und daraus Resultierendes »


Zum Thema ControlSet002 ? - Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ - ControlSet002 ?...
Archiv
Du betrachtest: ControlSet002 ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131