| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ATRAPS.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2011, 14:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner TR/ATRAPS.Gen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.02.2011, 14:43
| #17 |
 | Trojaner TR/ATRAPS.Gen Combofix Logfile:
__________________Code:
ATTFilter ComboFix 11-01-31.02 - Administrator 01.02.2011 14:26:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.697 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\inst.exe
c:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-01 bis 2011-02-01 ))))))))))))))))))))))))))))))
.
2011-02-01 12:44 . 2011-02-01 12:44 -------- d-----w- C:\_OTL
2011-01-31 18:20 . 2011-01-31 18:20 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-01-31 18:20 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 18:20 . 2011-01-31 18:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-01-31 18:20 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 17:13 . 2011-01-31 17:13 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Avira
2011-01-30 18:37 . 2011-01-30 18:37 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2011-01-23 21:26 . 2011-01-23 21:26 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
2011-01-07 09:38 . 2011-01-07 09:39 -------- d-----w- c:\windows\system32\NtmsData
2011-01-07 09:04 . 2011-01-07 09:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 07:39 . 2009-05-18 14:04 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-13 07:39 . 2009-05-18 14:04 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="d:\programme\CursorXP\CursorXP.exe" [2005-01-19 128000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-08-05 1495040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2004-07-12 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"razertra"="d:\programme\Razer\razertra.exe" [2004-10-10 208896]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-11-11 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\Azureus\\Azureus.exe"=
"d:\\Programme\\ICQLite\\ICQLite.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"d:\\Program Files\\Ubi Soft\\Racing Simulation 3\\RS3.exe"=
"d:\\Programme\\SopCast\\SopCast.exe"=
"d:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.07.2007 12:52 721904]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [18.05.2009 15:04 135336]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [12.01.2008 14:06 33792]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [08.07.2007 12:53 223128]
S0 NeroCdNt;NeroCdNt; [x]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [20.06.2010 20:28 136176]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [31.07.2010 17:10 36608]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys --> c:\windows\system32\Drivers\L6UX2.sys [?]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [09.07.2007 11:53 636502]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [14.07.2007 22:48 18432]
.
Inhalt des "geplante Tasks" Ordners
2011-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 19:38]
2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6c33e1cd5b6.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-20 19:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - Help and Support
Trusted Zone: line6.net
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\
FF - prefs.js: browser.startup.homepage - GMX - E-Mail, FreeMail, De-Mail, Themen- & Shopping-Portal - kostenlos
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-01 14:29
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\sfc_os.dll
.
Zeit der Fertigstellung: 2011-02-01 14:32:12
ComboFix-quarantined-files.txt 2011-02-01 13:31
Vor Suchlauf: 8.357.158.912 Bytes frei
Nach Suchlauf: 8.315.932.672 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=2,3,4,5,6
- - End Of File - - 2A75A68D2D62086BC8A10F6E94034EDA
|
|
01.02.2011, 18:46
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
01.02.2011, 20:24
| #19 | |
| | Trojaner TR/ATRAPS.Gen Hier die Logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-01 20:17:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ExcelStor_Technology_J8080 rev.P21OA85A
Running: zf9l02d6.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys
---- System - GMER 1.0.15 ----
SSDT F7CD3C1E ZwCreateKey
SSDT F7CD3C14 ZwCreateThread
SSDT F7CD3C23 ZwDeleteKey
SSDT F7CD3C2D ZwDeleteValueKey
SSDT spoj.sys ZwEnumerateKey [0xF74ACCA4]
SSDT spoj.sys ZwEnumerateValueKey [0xF74AD032]
SSDT F7CD3C32 ZwLoadKey
SSDT spoj.sys ZwOpenKey [0xF748E0C0]
SSDT F7CD3C00 ZwOpenProcess
SSDT F7CD3C05 ZwOpenThread
SSDT spoj.sys ZwQueryKey [0xF74AD10A]
SSDT spoj.sys ZwQueryValueKey [0xF74ACF8A]
SSDT F7CD3C3C ZwReplaceKey
SSDT F7CD3C37 ZwRestoreKey
SSDT F7CD3C28 ZwSetValueKey
INT 0x62 ? 86F6EBF8
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x82 ? 86F6EBF8
Code \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? spoj.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F6EEC62C 5 Bytes JMP 86E904E0
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F6E8B4D0 48 Bytes [3A, C2, 71, BE, 3C, 40, AC, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 01701080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 01701030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 01701120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\explorer.exe[1296] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\explorer.exe[1296] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\explorer.exe[1296] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 016F1080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 016F1030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Mixer.exe[3524] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 016F1120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FDC2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74BFC4C] spoj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74BFCA0] spoj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F748F042] spoj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F748F13E] spoj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F748F0C0] spoj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F748F800] spoj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F748F6D6] spoj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E905E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F749EE9C] spoj.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F6D1F8
Device \FileSystem\Fastfat \FatCdrom 86D61500
Device \Driver\usbuhci \Device\USBPDO-0 86F13500
Device \Driver\PCI_PNP5504 \Device\00000044 spoj.sys
Device \Driver\usbuhci \Device\USBPDO-1 86F13500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FDA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FDA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FDA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FDA1F8
Device \Driver\usbuhci \Device\USBPDO-2 86F13500
Device \Driver\usbehci \Device\USBPDO-3 86F0B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6F1F8
Device \Driver\Cdrom \Device\CdRom0 86E641F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 86F6E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F6E1F8
Device \Driver\atapi \Device\Ide\IdePort0 86F6E1F8
Device \Driver\atapi \Device\Ide\IdePort1 86F6E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 86F6E1F8
Device \Driver\Cdrom \Device\CdRom1 86E641F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86CB21F8
Device \Driver\NetBT \Device\NetbiosSmb 86CB21F8
Device \Driver\usbuhci \Device\USBFDO-0 86F13500
Device \Driver\usbuhci \Device\USBFDO-1 86F13500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CB7500
Device \Driver\usbuhci \Device\USBFDO-2 86F13500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CB7500
Device \Driver\usbehci \Device\USBFDO-3 86F0B1F8
Device \Driver\Ftdisk \Device\FtControl 86F6F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{740DC537-F77C-4AE3-A34A-94075CBA8284} 86CB21F8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 86E5D1F8
Device \FileSystem\Fastfat \Fat 86D61500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86CFC1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB2 0x40 0xD9 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB2 0x40 0xD9 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB2 0x40 0xD9 0x1A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1958251951
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 361294002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4E 0xBF 0x66 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x3D 0x75 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0xB9 0x6C 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD8 0xFB 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xD5 0x4B 0x0F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4E 0xBF 0x66 0x8C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x3D 0x75 0x6C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0xB9 0x6C 0x51 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD8 0xFB 0x52 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xD5 0x4B 0x0F ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 20:22:50 on 01.02.2011 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cb6c33e1cd5b6.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "plugincpl131_03.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131_03.cpl "razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl "Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "ContentDirectory" - "Microsoft Corporation" - c:\programme\windows media connect\mswmccpl.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "fglyqpog" (fglyqpog) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys (Hidden registry entry, rootkit activity | File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MSI US54EX Wireless Adapter" (RT73) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt73.sys "NeroCdNt" (NeroCdNt) - ? - C:\WINDOWS\system32\drivers\NeroCdNt.sys (File not found) "Nsynas32" (Nsynas32) - ? - C:\WINDOWS\system32\drivers\Nsynas32.sys (File not found) "nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys "PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - ? - C:\WINDOWS\System32\Drivers\PxHelp20.sys (File not found) "Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File found, but it contains no detailed information) "Service - Line 6 UX2" (L6UX2) - ? - C:\WINDOWS\System32\Drivers\L6UX2.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\WINDOWS\System32\drivers\SynasUSB.sys "Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\WINDOWS\System32\DRIVERS\cledx.sys "vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys (File is exclusively opened, access blocked) "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll {2AA59FC0-31E8-42DA-9D3C-E9A52953853B} "CopyToCD shell extension" - "VSO Software" - D:\Programme\vso\copytodvd\CtcdShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - D:\Programme\ICQLite\ICQLiteShell.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx (File not found) / file://C:\Programme\Monopoly\Images\armhelper.ocx {20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {B8BE5E93-A60C-4D26-A2DC-220313175592} "MSN Games - Installer" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\ZIntro.ocx / hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\WINDOWS\DOWNLO~1\stg_drm.ocx / file://C:\Programme\Monopoly\Images\stg_drm.ocx {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} "{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe "Knowledge Base Suche" - ? - Help and Support (HTTP value) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - ? - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "CursorXP" - " " - D:\Programme\CursorXP\CursorXP.exe -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe -trayboot -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "razertra" - "Razer Inc." - d:\Programme\Razer\razertra.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor iP4300" - "CANON INC." - C:\WINDOWS\system32\CNMLM86.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe "Windows Media Connect (WMC)" (WmcCds) - "Microsoft Corporation" - c:\programme\windows media connect\mswmccds.exe "Windows Media Connect-Hilfsprogramm" (WmcCdsLs) - "Microsoft Corporation" - C:\Programme\Windows Media Connect\mswmcls.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE] Zitat:
|
|
01.02.2011, 20:24
| #20 | |
| | Trojaner TR/ATRAPS.Gen Hier die Logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-01 20:17:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ExcelStor_Technology_J8080 rev.P21OA85A
Running: zf9l02d6.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys
---- System - GMER 1.0.15 ----
SSDT F7CD3C1E ZwCreateKey
SSDT F7CD3C14 ZwCreateThread
SSDT F7CD3C23 ZwDeleteKey
SSDT F7CD3C2D ZwDeleteValueKey
SSDT spoj.sys ZwEnumerateKey [0xF74ACCA4]
SSDT spoj.sys ZwEnumerateValueKey [0xF74AD032]
SSDT F7CD3C32 ZwLoadKey
SSDT spoj.sys ZwOpenKey [0xF748E0C0]
SSDT F7CD3C00 ZwOpenProcess
SSDT F7CD3C05 ZwOpenThread
SSDT spoj.sys ZwQueryKey [0xF74AD10A]
SSDT spoj.sys ZwQueryValueKey [0xF74ACF8A]
SSDT F7CD3C3C ZwReplaceKey
SSDT F7CD3C37 ZwRestoreKey
SSDT F7CD3C28 ZwSetValueKey
INT 0x62 ? 86F6EBF8
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x63 ? 86E90F00
INT 0x82 ? 86F6EBF8
Code \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? spoj.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F6EEC62C 5 Bytes JMP 86E904E0
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F6E8B4D0 48 Bytes [3A, C2, 71, BE, 3C, 40, AC, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 01701080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 01701030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 01701120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\explorer.exe[1296] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\explorer.exe[1296] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\explorer.exe[1296] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetCursor 77D1CECD 5 Bytes JMP 016F1080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetIconInfo 77D1E9A1 5 Bytes JMP 016F1030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Mixer.exe[3524] USER32.dll!DrawIconEx 77D1F38A 5 Bytes JMP 016F1120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FDC2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74BFC4C] spoj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74BFCA0] spoj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F748F042] spoj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F748F13E] spoj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F748F0C0] spoj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F748F800] spoj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F748F6D6] spoj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E905E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F749EE9C] spoj.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F6D1F8
Device \FileSystem\Fastfat \FatCdrom 86D61500
Device \Driver\usbuhci \Device\USBPDO-0 86F13500
Device \Driver\PCI_PNP5504 \Device\00000044 spoj.sys
Device \Driver\usbuhci \Device\USBPDO-1 86F13500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FDA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FDA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FDA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FDA1F8
Device \Driver\usbuhci \Device\USBPDO-2 86F13500
Device \Driver\usbehci \Device\USBPDO-3 86F0B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6F1F8
Device \Driver\Cdrom \Device\CdRom0 86E641F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 86F6E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F6E1F8
Device \Driver\atapi \Device\Ide\IdePort0 86F6E1F8
Device \Driver\atapi \Device\Ide\IdePort1 86F6E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 86F6E1F8
Device \Driver\Cdrom \Device\CdRom1 86E641F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86CB21F8
Device \Driver\NetBT \Device\NetbiosSmb 86CB21F8
Device \Driver\usbuhci \Device\USBFDO-0 86F13500
Device \Driver\usbuhci \Device\USBFDO-1 86F13500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CB7500
Device \Driver\usbuhci \Device\USBFDO-2 86F13500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CB7500
Device \Driver\usbehci \Device\USBFDO-3 86F0B1F8
Device \Driver\Ftdisk \Device\FtControl 86F6F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{740DC537-F77C-4AE3-A34A-94075CBA8284} 86CB21F8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 86E5D1F8
Device \FileSystem\Fastfat \Fat 86D61500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86CFC1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB2 0x40 0xD9 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB2 0x40 0xD9 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB2 0x40 0xD9 0x1A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1958251951
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 361294002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4E 0xBF 0x66 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x3D 0x75 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0xB9 0x6C 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD8 0xFB 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xD5 0x4B 0x0F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4E 0xBF 0x66 0x8C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x14 0xCF 0x82 0x0D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD9 0x31 0xBA 0xA3 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x3D 0x75 0x6C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0xB9 0x6C 0x51 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD8 0xFB 0x52 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xD5 0x4B 0x0F ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 20:22:50 on 01.02.2011 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cb6c33e1cd5b6.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "plugincpl131_03.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131_03.cpl "razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl "Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "ContentDirectory" - "Microsoft Corporation" - c:\programme\windows media connect\mswmccpl.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "fglyqpog" (fglyqpog) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys (Hidden registry entry, rootkit activity | File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MSI US54EX Wireless Adapter" (RT73) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt73.sys "NeroCdNt" (NeroCdNt) - ? - C:\WINDOWS\system32\drivers\NeroCdNt.sys (File not found) "Nsynas32" (Nsynas32) - ? - C:\WINDOWS\system32\drivers\Nsynas32.sys (File not found) "nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys "PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - ? - C:\WINDOWS\System32\Drivers\PxHelp20.sys (File not found) "Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File found, but it contains no detailed information) "Service - Line 6 UX2" (L6UX2) - ? - C:\WINDOWS\System32\Drivers\L6UX2.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\WINDOWS\System32\drivers\SynasUSB.sys "Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\WINDOWS\System32\DRIVERS\cledx.sys "vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys (File is exclusively opened, access blocked) "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll {2AA59FC0-31E8-42DA-9D3C-E9A52953853B} "CopyToCD shell extension" - "VSO Software" - D:\Programme\vso\copytodvd\CtcdShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - D:\Programme\ICQLite\ICQLiteShell.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx (File not found) / file://C:\Programme\Monopoly\Images\armhelper.ocx {20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {B8BE5E93-A60C-4D26-A2DC-220313175592} "MSN Games - Installer" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\ZIntro.ocx / hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\WINDOWS\DOWNLO~1\stg_drm.ocx / file://C:\Programme\Monopoly\Images\stg_drm.ocx {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} "{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe "Knowledge Base Suche" - ? - Help and Support (HTTP value) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - ? - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "CursorXP" - " " - D:\Programme\CursorXP\CursorXP.exe -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe -trayboot -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "razertra" - "Razer Inc." - d:\Programme\Razer\razertra.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor iP4300" - "CANON INC." - C:\WINDOWS\system32\CNMLM86.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe "Windows Media Connect (WMC)" (WmcCds) - "Microsoft Corporation" - c:\programme\windows media connect\mswmccds.exe "Windows Media Connect-Hilfsprogramm" (WmcCdsLs) - "Microsoft Corporation" - C:\Programme\Windows Media Connect\mswmcls.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE] Zitat:
|
|
01.02.2011, 20:29
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> Trojaner TR/ATRAPS.Gen |
|
01.02.2011, 22:11
| #22 | |
| | Trojaner TR/ATRAPS.Gen Hier schon mal der erste Log, der andere folgt Morgen: Zitat:
|
|
02.02.2011, 11:49
| #23 | |
| | Trojaner TR/ATRAPS.Gen Und hier der andere Log: Zitat:
Irgendwie kommt mir mein Rechner jetzt aber langsamer als vorher vor, kann das sein? |
|
02.02.2011, 19:38
| #24 | |
| | Trojaner TR/ATRAPS.GenZitat:
Ist denn jetzt wieder alles i.O. ? |
|
02.02.2011, 21:22
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2011, 21:23
| #26 | |
| | Trojaner TR/ATRAPS.GenZitat:
Vielen Vielen Dank!  |
|
02.02.2011, 21:25
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2011, 21:30
| #28 |
| | Trojaner TR/ATRAPS.Gen Die Windows Updates werde ich wohl lieber sein lassen, da ich keine originale XP Version habe.  |
|
02.02.2011, 21:45
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.GenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2011, 21:55
| #30 |
| | Trojaner TR/ATRAPS.Gen Gibt es denn XP überhaupt noch zu kaufen und wenn ja, wie viel müsste ich investieren? |
|
| Themen zu Trojaner TR/ATRAPS.Gen |
| antivir, aufrufe, inter, interne, internetseite, neue, neue seite, schnelle, schnelle hilfe, seite, tr/atraps.gen, troja, trojaner, trojaner tr/atraps.gen |
Linear-Darstellung
