| |
| |||||||
Log-Analyse und Auswertung: Trojaerfund und zwei HijackereinträgeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.01.2011, 14:16
| #9 |
 |  Trojaerfund und zwei Hijackereinträge OK, GMER läuft auch hier nicht. OSAM-LOg: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:11:29 on 10.01.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Spybot - Search & Destroy - Scheduled Task.job" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "Spybot - Search & Destroy Updater - Scheduled Task.job" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "802.11g USB2.0 WLAN Dongle" (RTLWUSB) - "Realtek Semiconductor Corporation " - C:\Windows\System32\DRIVERS\RTL8187.sys "apeju9d0" (apeju9d0) - "Microsoft Corporation" - C:\Windows\system32\drivers\apeju9d0.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\Papi\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ntcdrdrv" (ntcdrdrv) - ? - C:\Windows\System32\DRIVERS\ntcdrdrv.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {A8065B9E-193F-4797-B62D-8F6321E7FCCB} "Blueberry FlashBack Client" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "CShellStitcher Object" - "Microsoft Corporation" - C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? - (File not found | COM-object registry key not found) {34F4B935-17DC-4885-8BC9-CCD1ADF42F93} "Record ISO Image to CD" - ? - (File not found | COM-object registry key not found) {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "PalTalk" - "AVM Software Inc." - C:\Program Files\Paltalk Messenger\Paltalk.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} "MediaBar" - ? - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} "MediaBar" - ? - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} "PDF-XChange Viewer IE-Plugin" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "PalTalk.lnk" - "AVM Software Inc." - C:\Program Files\Paltalk Messenger\paltalk.exe (Shortcut exists | File exists) "Philips GoGear Spark Gere-Manager.lnk" - "KeenHigh Tech." - C:\Program Files\Philips\GoGear Spark Device Manager\main.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "IJNetworkScanUtility" - "CANON INC." - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c986e543ae0809)" (gupdate1c986e543ae0809) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBR-Log: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Foxconn BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: OEM System Product Name: OEM Logical Drives Mask: 0x000001fc Kernel Drivers (total 154): 0x83038000 \SystemRoot\system32\ntkrnlpa.exe 0x83005000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80481000 \SystemRoot\system32\PSHED.dll 0x80492000 \SystemRoot\system32\BOOTVID.dll 0x8049A000 \SystemRoot\system32\CLFS.SYS 0x804DB000 \SystemRoot\system32\CI.dll 0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8067F000 \SystemRoot\System32\Drivers\sprx.sys 0x80772000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8077B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x807A1000 \SystemRoot\system32\drivers\acpi.sys 0x807E7000 \SystemRoot\system32\drivers\msisadrv.sys 0x805BB000 \SystemRoot\system32\drivers\pci.sys 0x807EF000 \SystemRoot\System32\drivers\partmgr.sys 0x805E2000 \SystemRoot\system32\drivers\volmgr.sys 0x8360F000 \SystemRoot\System32\drivers\volmgrx.sys 0x83659000 \SystemRoot\system32\drivers\intelide.sys 0x83660000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8366E000 \SystemRoot\System32\drivers\mountmgr.sys 0x8367E000 \SystemRoot\system32\drivers\atapi.sys 0x83686000 \SystemRoot\system32\drivers\ataport.SYS 0x836A4000 \SystemRoot\system32\drivers\fltmgr.sys 0x836D6000 \SystemRoot\system32\drivers\fileinfo.sys 0x836E6000 \SystemRoot\System32\Drivers\ksecdd.sys 0x88C02000 \SystemRoot\system32\drivers\ndis.sys 0x88D0D000 \SystemRoot\system32\drivers\msrpc.sys 0x88D38000 \SystemRoot\system32\drivers\NETIO.SYS 0x88E05000 \SystemRoot\System32\drivers\tcpip.sys 0x88EEF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8900C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8911C000 \SystemRoot\system32\drivers\volsnap.sys 0x89155000 \SystemRoot\System32\Drivers\spldr.sys 0x8915D000 \SystemRoot\System32\Drivers\mup.sys 0x8916C000 \SystemRoot\System32\drivers\ecache.sys 0x89193000 \SystemRoot\system32\drivers\disk.sys 0x891A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x891C5000 \SystemRoot\system32\drivers\crcdisk.sys 0x891EE000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x88F0A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8CA0A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8D0C5000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D166000 \SystemRoot\System32\drivers\watchdog.sys 0x8D172000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x89000000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x88F19000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x88F57000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8D20E000 \SystemRoot\system32\DRIVERS\Ph3xIB32.sys 0x8D323000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D34D000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x8D350000 \SystemRoot\system32\DRIVERS\fdc.sys 0x8D35B000 \SystemRoot\system32\DRIVERS\serial.sys 0x8D375000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8D37F000 \SystemRoot\system32\DRIVERS\irsir.sys 0x8D38A000 \SystemRoot\system32\drivers\irenum.sys 0x8D393000 \SystemRoot\system32\DRIVERS\parport.sys 0x8D3AB000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8D3C3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x88F66000 \SystemRoot\System32\Drivers\apeju9d0.SYS 0x8D3C9000 \SystemRoot\system32\DRIVERS\serscan.sys 0x8D3D1000 \SystemRoot\system32\DRIVERS\bbcap.sys 0x8D3D7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0x88F9F000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x88D73000 \SystemRoot\system32\DRIVERS\storport.sys 0x8D200000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x88FCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x88FE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x88DB4000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x88FF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x88DD7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x88DEB000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x83757000 \SystemRoot\system32\DRIVERS\termdd.sys 0x83767000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x83772000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D20B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8377D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8378A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x837BF000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8DA04000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x837D0000 \SystemRoot\system32\drivers\portcls.sys 0x8DC0E000 \SystemRoot\system32\drivers\drmk.sys 0x8DC33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8DC3C000 \SystemRoot\System32\Drivers\Null.SYS 0x8DC43000 \SystemRoot\System32\Drivers\Beep.SYS 0x8DC53000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8DC5A000 \SystemRoot\System32\drivers\vga.sys 0x8DC66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8DC6E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8DC76000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8DC81000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8DC8F000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8DC98000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8DCAE000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x8DCB8000 \SystemRoot\system32\DRIVERS\smb.sys 0x8DCCC000 \SystemRoot\system32\drivers\afd.sys 0x8DD14000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x8DD19000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8DD4B000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8DD54000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8DD6A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8DD78000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DD8B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8DDC7000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8DDD1000 \SystemRoot\System32\Drivers\dfsc.sys 0x8DE05000 \SystemRoot\System32\Drivers\aswSP.SYS 0x8DE2C000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8DE39000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8DE44000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8DE4C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x8DE61000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x968A0000 \SystemRoot\System32\win32k.sys 0x8DE63000 \SystemRoot\System32\drivers\Dxapi.sys 0x8DE6D000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8DE84000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8DE8D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8DE9D000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8DEA6000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8DEAE000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96AC0000 \SystemRoot\System32\TSDDD.dll 0x96AE0000 \SystemRoot\System32\cdd.dll 0x8DEBD000 \SystemRoot\system32\drivers\luafv.sys 0x8DED8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x8DF0F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x8DF12000 \SystemRoot\system32\drivers\WudfPf.sys 0x8DF2C000 \SystemRoot\system32\drivers\spsys.sys 0x8DFDC000 \SystemRoot\system32\DRIVERS\irda.sys 0x8DDE8000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8120B000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x81235000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8123F000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x81252000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x8125B000 \SystemRoot\system32\drivers\HTTP.sys 0x812C8000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x812E5000 \SystemRoot\system32\DRIVERS\bowser.sys 0x812FE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x81313000 \SystemRoot\system32\drivers\mrxdav.sys 0x81334000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x81353000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x8138C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x813A4000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAA602000 \SystemRoot\System32\DRIVERS\srv.sys 0xAA650000 \SystemRoot\system32\DRIVERS\parvdm.sys 0xAA657000 \SystemRoot\system32\drivers\peauth.sys 0xAA735000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAA73F000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAA74B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xAA76C000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAA782000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0xAA791000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x774C0000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll Processes (total 66): 0 System Idle Process 4 System 504 C:\Windows\System32\smss.exe 572 csrss.exe 616 C:\Windows\System32\wininit.exe 628 csrss.exe 660 C:\Windows\System32\services.exe 676 C:\Windows\System32\lsass.exe 684 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\winlogon.exe 864 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 1076 C:\Windows\System32\svchost.exe 1108 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1236 C:\Windows\System32\audiodg.exe 1260 C:\Windows\System32\svchost.exe 1284 C:\Windows\System32\SLsvc.exe 1308 C:\Windows\System32\svchost.exe 1528 C:\Windows\System32\svchost.exe 1656 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1888 C:\Windows\System32\spoolsv.exe 1896 C:\Windows\System32\taskeng.exe 1932 C:\Windows\System32\svchost.exe 544 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 552 C:\Program Files\Bonjour\mDNSResponder.exe 780 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1536 C:\Windows\System32\IoctlSvc.exe 1680 C:\Windows\System32\svchost.exe 1476 C:\Windows\System32\svchost.exe 768 C:\Windows\System32\svchost.exe 928 C:\Windows\System32\SearchIndexer.exe 2188 WUDFHost.exe 2268 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3276 C:\Windows\System32\taskeng.exe 3308 C:\Windows\System32\dwm.exe 3360 C:\Windows\explorer.exe 3480 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe 3720 C:\Windows\RtHDVCpl.exe 3772 C:\Windows\System32\igfxtray.exe 3780 C:\Windows\System32\hkcmd.exe 3796 C:\Windows\System32\igfxpers.exe 3848 C:\Windows\System32\wpcumi.exe 3868 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 3876 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE 3948 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 3976 C:\Program Files\iTunes\iTunesHelper.exe 4004 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4016 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 4044 C:\Windows\ehome\ehtray.exe 4052 C:\Program Files\DAEMON Tools Lite\DTLite.exe 4060 C:\Program Files\Windows Media Player\wmpnscfg.exe 4068 C:\Program Files\Paltalk Messenger\paltalk.exe 4076 C:\Windows\System32\wbem\unsecapp.exe 1036 WmiPrvSE.exe 2676 C:\Program Files\Mozilla Firefox\firefox.exe 2160 C:\Windows\System32\igfxsrvc.exe 2384 C:\Windows\ehome\ehmsas.exe 3184 C:\Program Files\Mozilla Firefox\plugin-container.exe 1028 C:\Program Files\Windows Media Player\wmpnetwk.exe 156 C:\Program Files\iPod\bin\iPodService.exe 4228 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 4380 C:\Windows\System32\SearchProtocolHost.exe 4472 C:\Windows\System32\SearchFilterHost.exe 4728 C:\Users\Papi\Desktop\MBRCheck.exe 2928 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAD Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
| Themen zu Trojaerfund und zwei Hijackereinträge |
| .dll, adobe, alternate, antivirus, askbar, avast, avast!, bho, bonjour, canon, corp./icp, defender, desktop, error, explorer, firefox, firefox.exe, format, google, hijacker.application, home, home premium, hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?ext=%s, location, malware, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, realtek, registry, safer networking, scan, searchplugins, software, sptd.sys, spyware, tracker, trojaner, vista, wlan |
Baum-Darstellung