Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus Backdoor

Virus Backdoor


Plagegeister aller Art und deren Bekämpfung: Virus Backdoor

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 23.12.2010, 20:55   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor


Starte den PC neu und probier es nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.12.2010, 13:15   #17
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor


Habe jetzt 5 mal versucht combofix zu starten und jedes mal stürtzt mein Computer ab und es kommt der Blaue Bildschirm der hat bestimmt auch ihrgendwas mit dem Virus zutun
__________________
Alt 25.12.2010, 00:48   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
__________________
Alt 25.12.2010, 02:33   #19
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor


GMER SCAN:

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-25 02:32:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD32 rev.01.0
Running: 2i7u4xjx.exe; Driver: C:\Users\hannes\AppData\Local\Temp\ugrcipow.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 874AFF00
INT 0x82 ? 85FE2BF8
INT 0x92 ? 85FE3BF8
INT 0xA2 ? 85FE3BF8
INT 0xB3 ? 874AFF00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spqr.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8B78341B 5 Bytes JMP 874AF4E0
.text abl8ojoj.SYS 90B03000 22 Bytes [82, 03, 62, 82, 6C, 02, 62, ...]
.text abl8ojoj.SYS 90B03017 181 Bytes [00, 32, 87, D9, 82, 3D, 85, ...]
.text abl8ojoj.SYS 90B030CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text abl8ojoj.SYS 90B030DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text abl8ojoj.SYS 90B030E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA2AC7300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA2B0A300, 0x1BEE, 0xE8000020]
pnidata C:\Windows\System32\Drivers\secdrv.SYS unknown last section [0xA4A12F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 776C4D34 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 776C5674 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!KiUserExceptionDispatcher 776C5DC8 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[1124] ole32.dll!CoCreateInstance 76749F3E 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!GetCursorPos 762D0B88 5 Bytes JMP 0095000A
.text C:\Windows\Explorer.EXE[3136] ntdll.dll!NtProtectVirtualMemory 776C4D34 5 Bytes JMP 008A000A
.text C:\Windows\Explorer.EXE[3136] ntdll.dll!NtWriteVirtualMemory 776C5674 5 Bytes JMP 0099000A
.text C:\Windows\Explorer.EXE[3136] ntdll.dll!KiUserExceptionDispatcher 776C5DC8 5 Bytes JMP 0086000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82C8E6D6] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82C8E042] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82C8E800] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82C8E0C0] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82C8E13E] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82C9DE9C] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortUchar] 8390B28F
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F90B260
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7444A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74428395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7447CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7441C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85FE91F8
Device \Driver\sptd \Device\2320267322 spqr.sys
Device \Driver\volmgr \Device\VolMgrControl 85FE51F8
Device \Driver\usbohci \Device\USBPDO-0 87527500
Device \Driver\usbehci \Device\USBPDO-1 87497500
Device \Driver\volmgr \Device\HarddiskVolume1 85FE51F8
Device \Driver\volmgr \Device\HarddiskVolume2 85FE51F8
Device \Driver\cdrom \Device\CdRom0 876201F8
Device \Driver\nvstor32 \Device\00000059 85FE81F8
Device \Driver\USBSTOR \Device\00000065 8876E1F8
Device \Driver\volmgr \Device\HarddiskVolume3 85FE51F8
Device \Driver\cdrom \Device\CdRom1 876201F8
Device \Driver\atapi \Device\Ide\IdePort0 85FE71F8
Device \Driver\atapi \Device\Ide\IdePort1 85FE71F8
Device \Driver\volmgr \Device\HarddiskVolume4 85FE51F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D59A61CF-2D8B-4DE7-B383-8AD9D9114525} 886621F8
Device \Driver\volmgr \Device\HarddiskVolume5 85FE51F8
Device \Driver\USBSTOR \Device\00000068 8876E1F8
Device \Driver\volmgr \Device\HarddiskVolume6 85FE51F8
Device \Driver\USBSTOR \Device\00000069 8876E1F8
Device \Driver\volmgr \Device\HarddiskVolume7 85FE51F8
Device \Driver\netbt \Device\NetBt_Wins_Export 886621F8
Device \Driver\PCI_PNP1316 \Device\0000004b spqr.sys
Device \Driver\Smb \Device\NetbiosSmb 880471F8
Device \Driver\nvstor32 \Device\RaidPort0 85FE81F8
Device \Driver\iScsiPrt \Device\RaidPort1 874B11F8
Device \Driver\USBSTOR \Device\0000006a 8876E1F8
Device \Driver\USBSTOR \Device\0000006b 8876E1F8
Device \Driver\USBSTOR \Device\0000006c 8876E1F8
Device \Driver\usbohci \Device\USBFDO-0 87527500
Device \Driver\USBSTOR \Device\0000006d 8876E1F8
Device \Driver\usbehci \Device\USBFDO-1 87497500
Device \Driver\abl8ojoj \Device\Scsi\abl8ojoj1Port4Path0Target0Lun0 876231F8
Device \Driver\abl8ojoj \Device\Scsi\abl8ojoj1 876231F8
Device \FileSystem\cdfs \Cdfs 88E6F1F8
Device \Device\00000058 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&119ff274&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Alt 25.12.2010, 02:38   #20
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor


Hier Der OSAM Scan :

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 02:37:27 on 25.12.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Internet Security - Systemprüfung ausführen - *****.job" - ? - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe  (File not found)
"DMEPeriodicTask.job" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"abl8ojoj" (abl8ojoj) - "Microsoft Corporation" - C:\Windows\system32\drivers\abl8ojoj.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"bdfsfltr" (bdfsfltr) - "SOFTWIN S.R.L." - C:\Windows\System32\DRIVERS\bdfsfltr.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"hwinterface" (hwinterface) - "Logix4u" - C:\Windows\System32\Drivers\hwinterface.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\1E89.tmp  (File not found)
"NetworkX" (NetworkX) - ? - C:\Windows\system32\ckldrv.sys  (File found, but it contains no detailed information)
"PnkBstrK" (PnkBstrK) - ? - C:\Windows\system32\drivers\PnkBstrK.sys  (File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"Security Driver" (secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\Windows\system32\drivers\secdrv.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugrcipow" (ugrcipow) - ? - C:\Users\*****\AppData\Local\Temp\ugrcipow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "linkscanner" - ? -   (File not found | COM-object registry key not found)
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "{00000000-6E41-4FD3-8538-502F5495E5FC}" - ? -   (File not found | COM-object registry key not found)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_srl.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? -   (File not found | COM-object registry key not found)
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "STOPzilla" - "iS3, Inc" - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
SITEguard "{98828DED-A591-462F-83BA-D2F62A68B8B8}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
"Logitech Desktop Messenger.lnk" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe  (Shortcut exists | File exists)
"Logitech SetPoint.lnk" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( %SystemDrive%\_OTL\MovedFiles\12222010_225623\C_Users\*****\AppData\Local\Windows )-----
"desktop.ini" - ? - C:\_OTL\MovedFiles\12222010_225623\C_Users\*****\AppData\Local\Windows\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"LifeChat" - "Microsoft Corporation" - "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"hpf3l70w.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70w.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira Upgrade Service" (AntiVirUpgradeService) - ? - "C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\avupgsvc.exe" /TEMPSTART:""C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"  (File not found)
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Alt 25.12.2010, 02:41   #21
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor


Und der MBRCHECK:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: IMEDIA X1009
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 157):
0x8264C000 \SystemRoot\system32\ntkrnlpa.exe
0x82619000 \SystemRoot\system32\hal.dll
0x874DC000 \SystemRoot\system32\kdcom.dll
0x80604000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80674000 \SystemRoot\system32\PSHED.dll
0x80685000 \SystemRoot\system32\BOOTVID.dll
0x8068D000 \SystemRoot\system32\CLFS.SYS
0x806CE000 \SystemRoot\system32\CI.dll
0x82C03000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82C7F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82C8C000 \SystemRoot\System32\Drivers\spqr.sys
0x82D8D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82D96000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82DBC000 \SystemRoot\system32\drivers\pci.sys
0x807AE000 \SystemRoot\system32\drivers\acpi.sys
0x82DE3000 \SystemRoot\system32\drivers\msisadrv.sys
0x82DEB000 \SystemRoot\System32\drivers\partmgr.sys
0x82E0D000 \SystemRoot\system32\drivers\volmgr.sys
0x82E1C000 \SystemRoot\System32\drivers\volmgrx.sys
0x82E66000 \SystemRoot\system32\drivers\pciide.sys
0x82E6D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82E7B000 \SystemRoot\System32\drivers\mountmgr.sys
0x82E8B000 \SystemRoot\system32\drivers\atapi.sys
0x82E93000 \SystemRoot\system32\drivers\ataport.SYS
0x82EB1000 \SystemRoot\system32\drivers\nvstor32.sys
0x82ECF000 \SystemRoot\system32\drivers\storport.sys
0x82F10000 \SystemRoot\system32\drivers\fltmgr.sys
0x82F42000 \SystemRoot\system32\drivers\fileinfo.sys
0x82F52000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B403000 \SystemRoot\system32\drivers\ndis.sys
0x8B50E000 \SystemRoot\system32\drivers\msrpc.sys
0x8B539000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B603000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B805000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B915000 \SystemRoot\system32\drivers\volsnap.sys
0x8B94E000 \SystemRoot\System32\Drivers\spldr.sys
0x8B956000 \SystemRoot\System32\Drivers\mup.sys
0x8B965000 \SystemRoot\System32\drivers\ecache.sys
0x8B98C000 \SystemRoot\system32\drivers\disk.sys
0x8B99D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B9BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B708000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B713000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B71C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B72B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B9FC000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x8B73E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B749000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B753000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B791000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FC0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC9C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FCAC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FE04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x907A1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FCBA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x907A3000 \SystemRoot\System32\drivers\watchdog.sys
0x907AF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90A05000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x90B02000 \SystemRoot\System32\Drivers\abl8ojoj.SYS
0x90B3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90B43000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90B72000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90B7D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90B94000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90B9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90BC2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90BD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90BE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x907C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x907D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90BFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FD59000 \SystemRoot\system32\DRIVERS\ks.sys
0x907E2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x907EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FD83000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FDB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91012000 \SystemRoot\system32\drivers\portcls.sys
0x9103F000 \SystemRoot\system32\drivers\drmk.sys
0x91064000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9106D000 \SystemRoot\System32\Drivers\Null.SYS
0x91074000 \SystemRoot\System32\Drivers\Beep.SYS
0x91084000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9108B000 \SystemRoot\System32\drivers\vga.sys
0x91097000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x910B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x910C0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x910C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x910D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x910E1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x910EA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91100000 \SystemRoot\system32\DRIVERS\smb.sys
0x91114000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91146000 \SystemRoot\system32\drivers\afd.sys
0x9118E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x911A4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x911B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x911C5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x911CB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x911ED000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8B7A0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x911F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90E00000 \SystemRoot\system32\ckldrv.sys
0x90E05000 \SystemRoot\System32\Drivers\hwinterface.sys
0x8FDC9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B574000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8FDE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90E06000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FC00000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8B7DC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8B7E6000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x8B59A000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x8B5BF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9107B000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x911FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8B9C7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B9D4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8B9DE000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8FDF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B5D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x907F9000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8B7F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8B5E4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8B5EC000 \SystemRoot\system32\drivers\usbaudio.sys
0x9A280000 \SystemRoot\System32\win32k.sys
0x82FC3000 \SystemRoot\System32\drivers\Dxapi.sys
0x82FCD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A4A0000 \SystemRoot\System32\TSDDD.dll
0x9A4C0000 \SystemRoot\System32\cdd.dll
0x82FDC000 \SystemRoot\system32\drivers\luafv.sys
0x80C07000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x80C1C000 \SystemRoot\system32\drivers\spsys.sys
0x80CCC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80CDC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80CEF000 \SystemRoot\system32\drivers\HTTP.sys
0x80D5C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x80D65000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80D82000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80D9B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x80DB0000 \SystemRoot\system32\drivers\mrxdav.sys
0x80DD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2A39000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2A51000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2A79000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2AC7000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA2B0A000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA2B0F000 \SystemRoot\system32\drivers\peauth.sys
0xA4A0F000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4A37000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4A43000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA4A58000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA4A6A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4A80000 \??\C:\Users\****\AppData\Local\Temp\ugrcipow.sys
0x77660000 \Windows\System32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
496 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
600 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
832 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\nvvsvc.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\audiodg.exe
1324 C:\Windows\System32\SLsvc.exe
1404 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1416 C:\Windows\System32\nvvsvc.exe
1448 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\spoolsv.exe
1900 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1924 C:\Windows\System32\svchost.exe
476 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
684 C:\Program Files\Application Updater\ApplicationUpdater.exe
928 C:\Windows\System32\svchost.exe
1728 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
1864 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1908 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2064 C:\Windows\System32\svchost.exe
2160 C:\Windows\System32\IoctlSvc.exe
2208 C:\Windows\System32\svchost.exe
2260 C:\Windows\System32\PnkBstrA.exe
2284 C:\Windows\System32\PnkBstrB.exe
2296 C:\Windows\System32\svchost.exe
2308 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2352 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2380 C:\Windows\System32\svchost.exe
2428 C:\Windows\System32\svchost.exe
2480 C:\Windows\System32\SearchIndexer.exe
2624 C:\Windows\System32\taskeng.exe
2696 WUDFHost.exe
3072 C:\Windows\System32\dwm.exe
3112 C:\Windows\System32\taskeng.exe
3136 C:\Windows\explorer.exe
3692 C:\Windows\RtHDVCpl.exe
3700 C:\Program Files\Microsoft LifeChat\LifeChat.exe
3716 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
3748 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3792 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3872 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2728 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2756 C:\Program Files\FRITZ!DSL\StCenter.exe
2784 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
2792 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2272 C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
4640 C:\Program Files\Mozilla Firefox\firefox.exe
1504 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
472 C:\Program Files\Mozilla Firefox\plugin-container.exe
4452 C:\Windows\System32\SearchProtocolHost.exe
4808 C:\Windows\System32\SearchFilterHost.exe
604 C:\Windows\explorer.exe
2220 C:\Windows\explorer.exe
5856 C:\Windows\explorer.exe
5028 C:\Windows\explorer.exe
3856 C:\Windows\explorer.exe
4664 C:\Windows\System32\dllhost.exe
4148 dllhost.exe
3596 dllhost.exe
4180 C:\Users\****\Desktop\MBRCheck.exe
5988 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`003ebe00 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Alt 25.12.2010, 17:16   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor


Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 2 1 2

Themen zu Virus Backdoor
antivir, antivir guard, avira, backdoor, bho, desktop, downloader, dsl, enigma, firefox, google, hijack, hijack this, hijackthis, hkus\s-1-5-18, internet, limewire, locker, mozilla, object, plug-in, problem, senden, software, spigot, svchost.exe, system, virus, vista, windows, youtube downloader


« Avira meldet den Trojaner Shutdowner.fft - weitere Schritte ? | Backdoor:Win32/Cycbot.B - Infiziert seit dem 25.12.2010, Meldung durch Windows Defender. »


Ähnliche Themen: Virus Backdoor


  1. Backdoor-Virus?
    Log-Analyse und Auswertung - 20.07.2012 (1)
  2. Mediashifting.com Virus / Backdoor.Agent
    Log-Analyse und Auswertung - 31.12.2011 (1)
  3. Facebook Virus (Backdoor)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (2)
  4. Backdoor Virus
    Log-Analyse und Auswertung - 31.07.2010 (2)
  5. Verdacht auf Backdoor Virus.
    Log-Analyse und Auswertung - 01.08.2009 (8)
  6. MSN Virus (Backdoor.Win32.SdBot.ihf)
    Mülltonne - 22.11.2008 (0)
  7. N>virus (backdoor) killer
    Mülltonne - 10.08.2008 (1)
  8. Backdoor + Virus.Autorun
    Log-Analyse und Auswertung - 02.08.2008 (2)
  9. msn Virus Backdoor.Agent.ZCN
    Plagegeister aller Art und deren Bekämpfung - 10.02.2008 (1)
  10. Abhilfe bei MSN Virus Backdoor hier
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (5)
  11. Backdoor Virus
    Plagegeister aller Art und deren Bekämpfung - 18.09.2006 (8)
  12. Backdoor Virus!
    Plagegeister aller Art und deren Bekämpfung - 17.05.2006 (1)
  13. backdoor darkmoon virus
    Log-Analyse und Auswertung - 08.10.2005 (12)
  14. Backdoor Virus!
    Log-Analyse und Auswertung - 05.08.2005 (6)
  15. Backdoor Virus "BDC/Ruledor.C
    Plagegeister aller Art und deren Bekämpfung - 26.10.2004 (17)
  16. Backdoor.Jeem Virus
    Plagegeister aller Art und deren Bekämpfung - 01.02.2004 (5)
  17. BACKDOOR.SINIT - VIRUS
    Plagegeister aller Art und deren Bekämpfung - 23.10.2003 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus Backdoor - Starte den PC neu und probier es nochmal. - Virus Backdoor...
Archiv
Du betrachtest: Virus Backdoor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131