Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Worm.KoobFace --> HJT-Logfile

Worm.KoobFace --> HJT-Logfile


Log-Analyse und Auswertung: Worm.KoobFace --> HJT-Logfile

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.12.2010, 00:34   #13
MoThePo
 
Worm.KoobFace --> HJT-Logfile - Standard

Worm.KoobFace --> HJT-Logfile


So, und nun noch Osam & MBR:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:23:18 on 31.12.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CAMCPL.CPL" - "Logitech Inc." - C:\WINDOWS\system32\CAMCPL.CPL
"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Nero BurnRights" - "Ahead Software AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys
"Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys
"AEGIS Protocol (IEEE 802.1x) v3.1.6.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi.exe\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Programme\Acer\eRecovery\int15.sys  (File found, but it contains no detailed information)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\cofi.exe\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgldapod" (pgldapod) - ? - C:\DOKUME~1\Davide\LOKALE~1\Temp\pgldapod.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - "C:\Programme\WinPcap\rpcapd.exe" -d -f "C:\Programme\WinPcap\rpcapd.ini"  (File not found)
"Sony Digital Imaging Video2" (sonypvs1) - ? - C:\WINDOWS\System32\DRIVERS\sonypvs1.sys  (File not found)
"Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM)" (s116mgmt) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116mgmt.sys
"Sony Ericsson Device 116 driver (WDM)" (s116bus) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116bus.sys
"Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)" (s116nd5) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116nd5.sys
"Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)" (s116unic) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116unic.sys
"Sony Ericsson Device 116 USB WMC Modem Driver" (s116mdm) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116mdm.sys
"Sony Ericsson Device 116 USB WMC Modem Filter" (s116mdfl) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116mdfl.sys
"Sony Ericsson Device 116 USB WMC OBEX Interface" (s116obex) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s116obex.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Steganos Live Encryption Engine 14 [Driver]" (SLEE_14_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\WINDOWS\system32\drivers\Sleen14.sys
"TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0801.sys
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Yahoo! Toolbar" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - "ICQ Ltd." - C:\Programme\ICQLite\ICQLite.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Davide\Startmenü\Programme\Autostart\DESKTOP.INI
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"AzMixerSel" - "Realtek Semiconductor Corp." - C:\Programme\Realtek\InstallShield\AzMixerSel.exe
"EPM-DM" - "Acer Inc" - c:\acer\epm\epm-dm.exe
"ePowerManagement" - "Acer Value Labs, Taiwan" - C:\Acer\ePM\ePM.exe boot
"eRecoveryService" - "acer Inc." - C:\Programme\Acer\eRecovery\Monitor.exe
"LaunchApp" - "Acer Inc." - Alaunch
"LVCOMSX" - "Logitech Inc." - C:\WINDOWS\system32\LVCOMSX.EXE
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"PCMService" - "CyberLink Corp." - "C:\Programme\Acer\Acer Arcade\PCMService.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"EPSON Stylus DX3800 Series 2KMonitor5E" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLMACE.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
"EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - ? - "C:\Programme\Lavasoft\Ad-Aware\AAWService.exe"  (File not found)
"Notebook Manager Service" (anbmService) - "OSA Technologies Inc." - C:\Acer\eManager\anbmServ.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Und MBR Check:

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 138):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xF7A4B000 \WINDOWS\system32\KDCOM.DLL
  0xF795B000 \WINDOWS\system32\BOOTVID.dll
  0xF741B000 ACPI.sys
  0xF7A4D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF740A000 pci.sys
  0xF754B000 isapnp.sys
  0xF795F000 compbatt.sys
  0xF7963000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7B13000 pciide.sys
  0xF77CB000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF73EC000 pcmcia.sys
  0xF755B000 MountMgr.sys
  0xF73CD000 ftdisk.sys
  0xF7967000 ACPIEC.sys
  0xF7B14000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF77D3000 PartMgr.sys
  0xF796B000 UBHelper.sys
  0xF756B000 VolSnap.sys
  0xF73B5000 atapi.sys
  0xF757B000 disk.sys
  0xF758B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7395000 fltmgr.sys
  0xF7383000 sr.sys
  0xF759B000 Lbd.sys
  0xF75AB000 PxHelp20.sys
  0xF735F000 Fastfat.sys
  0xF7348000 KSecDD.sys
  0xF731B000 NDIS.sys
  0xF7301000 Mup.sys
  0xF75CB000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF7182000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
  0xF716E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7146000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF77EB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF7122000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF77F3000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF6E0F000 \SystemRoot\system32\DRIVERS\w29n51.sys
  0xF6DFC000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
  0xF75DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF77FB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF6DCE000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0xF7A53000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7803000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF75EB000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF75FB000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF760B000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF6DAB000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7A55000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0xF761B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF79EB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF7B76000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF767B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF79EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF6D94000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF768B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF769B000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF780B000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF6D83000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF76AB000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7813000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF781B000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF76BB000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7A57000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF6D25000 \SystemRoot\system32\DRIVERS\update.sys
  0xF79F7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF76CB000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xAA355000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xAA331000 \SystemRoot\system32\drivers\portcls.sys
  0xF76FB000 \SystemRoot\system32\drivers\drmk.sys
  0xAA300000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
  0xAA203000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
  0xAA154000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xF7823000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7A1B000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0xF771B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7A2F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF7A5B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7BA4000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7A5D000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7843000 \SystemRoot\System32\drivers\vga.sys
  0xF7A5F000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7A61000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF784B000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7853000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7A33000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xAA0F9000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xAA0A0000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xAA078000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF7A3B000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xAA056000 \SystemRoot\System32\drivers\afd.sys
  0xF772B000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF785B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xAA044000 \??\C:\WINDOWS\system32\drivers\Sleen14.sys
  0xAA019000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xA9FA9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF773B000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA9F83000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF774B000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xA9F35000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF7A65000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF776B000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF72B0000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF777B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF7863000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF72AC000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA9F1D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7A67000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF6D11000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF786B000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7C9F000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF020000 \SystemRoot\System32\ialmdnt5.dll
  0xBF012000 \SystemRoot\System32\ialmrnt5.dll
  0xBF042000 \SystemRoot\System32\ialmdev5.DLL
  0xBF073000 \SystemRoot\System32\ialmdd5.DLL
  0xA9DC8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA9E09000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xA9E05000 \SystemRoot\system32\DRIVERS\s24trans.sys
  0xA9DB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA9AA3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF7BF9000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
  0xA9977000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
  0xA9A8B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xF7A85000 \??\C:\WINDOWS\system32\drivers\osaio.sys
  0xF7BD5000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
  0xA98CF000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA98BA000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA9AD0000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA8E2A000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA8A95000 \??\C:\Programme\Acer\eRecovery\int15.sys
  0xF78EB000 \??\C:\cofi.exe\catchme.sys
  0xF7B09000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xA898A000 \??\C:\DOKUME~1\Davide\LOKALE~1\Temp\pgldapod.sys
  0xA895F000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\System32\ntdll.dll

Processes (total 45):
       0 System Idle Process
       4 System
     576 C:\WINDOWS\System32\SMSS.EXE
     648 CSRSS.EXE
     672 C:\WINDOWS\System32\WINLOGON.EXE
     716 C:\WINDOWS\System32\SERVICES.EXE
     728 C:\WINDOWS\System32\LSASS.EXE
     888 C:\WINDOWS\System32\SVCHOST.EXE
     956 SVCHOST.EXE
     996 C:\WINDOWS\System32\SVCHOST.EXE
    1036 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    1104 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    1248 SVCHOST.EXE
    1316 SVCHOST.EXE
    1496 C:\WINDOWS\System32\SPOOLSV.EXE
    1536 C:\Programme\Avira\AntiVir Desktop\SCHED.EXE
    1580 SVCHOST.EXE
    1636 C:\Acer\eManager\anbmServ.exe
    1664 C:\Programme\Avira\AntiVir Desktop\AVGUARD.EXE
    1692 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    1708 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    1744 C:\Programme\Java\JRE6\BIN\JQS.EXE
    1752 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    1864 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    1900 C:\Programme\Avira\AntiVir Desktop\AVSHADOW.EXE
    1920 C:\Programme\CyberLink\Shared Files\RichVideo.exe
    1996 C:\WINDOWS\System32\SVCHOST.EXE
     536 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
     772 C:\WINDOWS\System32\WBEM\WMIAPSRV.EXE
    1440 ALG.EXE
    2876 C:\WINDOWS\System32\HKCMD.EXE
    3088 C:\WINDOWS\System32\IGFXPERS.EXE
    3424 C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    3448 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    3652 C:\WINDOWS\RTHDCPL.EXE
    3680 C:\Programme\Acer\Acer Arcade\PCMService.exe
    3720 C:\Acer\ePM\epm-dm.exe
    3792 C:\Programme\Acer\eRecovery\Monitor.exe
    3800 C:\WINDOWS\System32\LVCOMSX.EXE
    3840 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    3872 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
    3708 C:\WINDOWS\System32\ctfmon.exe
     236 C:\WINDOWS\EXPLORER.EXE
     172 C:\WINDOWS\System32\WSCNTFY.EXE
    2188 C:\Dokumente und Einstellungen\Davide\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00  (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`f3bec000  (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK1031GAS, Rev: AA204A  

      Size  Device Name          MBR Status
  --------------------------------------------
     93 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 

Themen zu Worm.KoobFace --> HJT-Logfile
ad-aware, adobe, antivir, antivir guard, avira, bho, checkpoint, desktop, einstellungen, excel, explorer, hijack, hijackthis, hkus\s-1-5-18, logfile, löschen, microsoft, notebook, object, pdf, plug-in, programme, realtek, security, shortcut, software, system, windows xp, worm.koobface


« gehackter email- & ebay-account | HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. »


Ähnliche Themen: Worm.KoobFace --> HJT-Logfile


  1. C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista
    Log-Analyse und Auswertung - 16.04.2013 (22)
  2. Worm.Koobface - bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (32)
  3. Mein PC meldet: Infizierung mit C:\windows\system32rasautou.exe, worm.koobFace
    Log-Analyse und Auswertung - 28.07.2010 (2)
  4. WORM/Koobface.csa und TR/Crypt.XPACK.Gen gefunden
    Log-Analyse und Auswertung - 08.12.2009 (3)
  5. WORM/Koobface.cc u.a. gefunden
    Log-Analyse und Auswertung - 06.12.2009 (43)
  6. Worm.KoobFace, Trojan.BHO auf dem System :(
    Plagegeister aller Art und deren Bekämpfung - 05.12.2009 (17)
  7. Worm.KoobFace in C:\Windows
    Log-Analyse und Auswertung - 04.12.2009 (7)
  8. Mit Trojaner (Worm.KoobFace) über Facebook infiziert/Trojaner verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (1)
  9. Worm/Koobface.cif
    Log-Analyse und Auswertung - 28.10.2009 (1)
  10. ld11.exe (Worm.Koobface) bitte um logauswertung
    Log-Analyse und Auswertung - 15.07.2009 (6)
  11. Wurm = Net-Worm.Koobface.ze
    Plagegeister aller Art und deren Bekämpfung - 06.07.2009 (0)
  12. TR/Dldr.AGENT.bhhd.1 und WORM/KOObface.CN geplagt
    Plagegeister aller Art und deren Bekämpfung - 14.02.2009 (3)
  13. worm.win32.netsky logfile
    Log-Analyse und Auswertung - 21.03.2008 (2)
  14. Logfile-Auswertung --> WORM/Rbot.67584.5 Meldung
    Log-Analyse und Auswertung - 31.10.2006 (7)
  15. Email-Worm Win32 Bagle.pac - Logfile
    Mülltonne - 21.11.2005 (1)
  16. Logfile of Hijackthis (Worm/SdBot.44128 und TR/Proxy.Ranky.AX Fund)
    Log-Analyse und Auswertung - 29.12.2004 (1)
  17. Worm francette - Hijackthis-LogFile
    Log-Analyse und Auswertung - 18.11.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Worm.KoobFace --> HJT-Logfile - So, und nun noch Osam & MBR: OSAM Logfile: Code: Alles auswählen Aufklappen ATTFilter Report of OSAM : Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:23:18 on 31.12.2010 OS: Windows XP - Worm.KoobFace --> HJT-Logfile...
Archiv
Du betrachtest: Worm.KoobFace --> HJT-Logfile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19