| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bitte um Fileauswertung McAfee Rootkite DetectiveWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2011, 23:29
| #16 |
 |  Bitte um Fileauswertung McAfee Rootkite Detective Hi, bitte: 2011/03/19 23:26:42.0140 3332 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/19 23:26:43.0562 3332 ================================================================================ 2011/03/19 23:26:43.0562 3332 SystemInfo: 2011/03/19 23:26:43.0562 3332 2011/03/19 23:26:43.0562 3332 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/19 23:26:43.0562 3332 Product type: Workstation 2011/03/19 23:26:43.0562 3332 ComputerName: DAMPFMASCHINE 2011/03/19 23:26:43.0562 3332 UserName: ME 2011/03/19 23:26:43.0562 3332 Windows directory: C:\WINDOWS 2011/03/19 23:26:43.0562 3332 System windows directory: C:\WINDOWS 2011/03/19 23:26:43.0562 3332 Processor architecture: Intel x86 2011/03/19 23:26:43.0562 3332 Number of processors: 1 2011/03/19 23:26:43.0562 3332 Page size: 0x1000 2011/03/19 23:26:43.0562 3332 Boot type: Normal boot 2011/03/19 23:26:43.0562 3332 ================================================================================ 2011/03/19 23:26:44.0390 3332 Initialize success 2011/03/19 23:26:48.0328 3292 ================================================================================ 2011/03/19 23:26:48.0328 3292 Scan started 2011/03/19 23:26:48.0328 3292 Mode: Manual; 2011/03/19 23:26:48.0328 3292 ================================================================================ 2011/03/19 23:26:48.0875 3292 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/19 23:26:48.0906 3292 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/03/19 23:26:49.0000 3292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/19 23:26:49.0062 3292 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/19 23:26:49.0312 3292 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys 2011/03/19 23:26:49.0421 3292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/19 23:26:49.0468 3292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 2011/03/19 23:26:49.0515 3292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/19 23:26:49.0578 3292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/19 23:26:49.0703 3292 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 2011/03/19 23:26:49.0734 3292 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/03/19 23:26:49.0796 3292 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/03/19 23:26:49.0875 3292 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/03/19 23:26:49.0906 3292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/19 23:26:50.0046 3292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/19 23:26:50.0078 3292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/19 23:26:50.0125 3292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/19 23:26:50.0187 3292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/19 23:26:50.0250 3292 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/03/19 23:26:50.0281 3292 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/03/19 23:26:50.0406 3292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/19 23:26:50.0468 3292 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/19 23:26:50.0562 3292 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/19 23:26:50.0609 3292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/19 23:26:50.0671 3292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/19 23:26:50.0734 3292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/19 23:26:50.0781 3292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/19 23:26:50.0843 3292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/03/19 23:26:50.0921 3292 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/19 23:26:50.0968 3292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/03/19 23:26:51.0015 3292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/19 23:26:51.0046 3292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/19 23:26:51.0078 3292 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/19 23:26:51.0125 3292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/19 23:26:51.0156 3292 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/03/19 23:26:51.0187 3292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/19 23:26:51.0265 3292 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/19 23:26:51.0312 3292 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/19 23:26:51.0515 3292 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/03/19 23:26:51.0718 3292 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/03/19 23:26:51.0750 3292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/19 23:26:51.0937 3292 IntcAzAudAddService (74b482f8b2a9ebe8473381a7a58f801d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/03/19 23:26:52.0046 3292 IntcHdmiAddService (331244286fa249f2456e6d78fda4a93e) C:\WINDOWS\system32\drivers\IntcHdmi.sys 2011/03/19 23:26:52.0109 3292 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/19 23:26:52.0156 3292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/19 23:26:52.0203 3292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/19 23:26:52.0250 3292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/19 23:26:52.0281 3292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/19 23:26:52.0312 3292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/19 23:26:52.0359 3292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/19 23:26:52.0390 3292 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/19 23:26:52.0437 3292 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/19 23:26:52.0484 3292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/19 23:26:52.0531 3292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/19 23:26:52.0609 3292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/19 23:26:52.0671 3292 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/19 23:26:52.0703 3292 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/19 23:26:52.0765 3292 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/19 23:26:52.0812 3292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/19 23:26:52.0859 3292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/19 23:26:52.0921 3292 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/19 23:26:52.0968 3292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/19 23:26:53.0015 3292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/19 23:26:53.0046 3292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/19 23:26:53.0078 3292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/19 23:26:53.0125 3292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/19 23:26:53.0171 3292 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/19 23:26:53.0250 3292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/19 23:26:53.0296 3292 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/19 23:26:53.0328 3292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/19 23:26:53.0359 3292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/19 23:26:53.0375 3292 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/19 23:26:53.0421 3292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/19 23:26:53.0453 3292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/19 23:26:53.0515 3292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/19 23:26:53.0562 3292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/19 23:26:53.0640 3292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/19 23:26:53.0687 3292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/19 23:26:53.0703 3292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/19 23:26:53.0765 3292 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys 2011/03/19 23:26:53.0796 3292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/19 23:26:53.0828 3292 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/19 23:26:53.0843 3292 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/19 23:26:53.0906 3292 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/03/19 23:26:53.0937 3292 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 2011/03/19 23:26:54.0078 3292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/19 23:26:54.0109 3292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/19 23:26:54.0140 3292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/19 23:26:54.0234 3292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/19 23:26:54.0265 3292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/19 23:26:54.0281 3292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/19 23:26:54.0312 3292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/19 23:26:54.0343 3292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/19 23:26:54.0390 3292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/19 23:26:54.0437 3292 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/19 23:26:54.0500 3292 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/19 23:26:54.0562 3292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/19 23:26:54.0609 3292 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys 2011/03/19 23:26:54.0656 3292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/19 23:26:54.0734 3292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/19 23:26:54.0796 3292 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/03/19 23:26:54.0796 3292 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/03/19 23:26:54.0796 3292 sptd - detected Locked file (1) 2011/03/19 23:26:54.0812 3292 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/19 23:26:54.0859 3292 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/19 23:26:54.0937 3292 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/03/19 23:26:54.0984 3292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/19 23:26:55.0031 3292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/19 23:26:55.0156 3292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/19 23:26:55.0203 3292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/19 23:26:55.0250 3292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/19 23:26:55.0281 3292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/19 23:26:55.0328 3292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/19 23:26:55.0406 3292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/19 23:26:55.0453 3292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/19 23:26:55.0531 3292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/19 23:26:55.0578 3292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/19 23:26:55.0609 3292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/19 23:26:55.0640 3292 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/19 23:26:55.0703 3292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/19 23:26:55.0750 3292 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/19 23:26:55.0781 3292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/19 23:26:55.0812 3292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/19 23:26:55.0843 3292 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/19 23:26:55.0890 3292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/19 23:26:55.0968 3292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/19 23:26:56.0015 3292 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/03/19 23:26:56.0078 3292 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/03/19 23:26:56.0140 3292 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/03/19 23:26:56.0187 3292 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/19 23:26:56.0218 3292 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/19 23:26:56.0453 3292 ================================================================================ 2011/03/19 23:26:56.0453 3292 Scan finished 2011/03/19 23:26:56.0453 3292 ================================================================================ 2011/03/19 23:26:56.0453 3852 Detected object count: 1 2011/03/19 23:27:13.0156 3852 Locked file(sptd) - User select action: Skip |
|
20.03.2011, 12:42
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bitte um Fileauswertung McAfee Rootkite Detective Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
21.03.2011, 19:18
| #18 |
| | Bitte um Fileauswertung McAfee Rootkite Detective Hi,
__________________hier GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15565 - hxxp://www.gmer.net
Rootkit scan 2011-03-21 19:14:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: heeelikb.exe; Driver: C:\DOKUME~1\ME\LOKALE~1\Temp\pgryrkob.sys
---- System - GMER 1.0.15 ----
SSDT A29F0286 ZwCreateKey
SSDT A29F027C ZwCreateThread
SSDT A29F028B ZwDeleteKey
SSDT A29F0295 ZwDeleteValueKey
SSDT spnm.sys ZwEnumerateKey [0xF72CBDA4]
SSDT spnm.sys ZwEnumerateValueKey [0xF72CC132]
SSDT A29F029A ZwLoadKey
SSDT spnm.sys ZwOpenKey [0xF72B30C0]
SSDT A29F0268 ZwOpenProcess
SSDT A29F026D ZwOpenThread
SSDT spnm.sys ZwQueryKey [0xF72CC20A]
SSDT spnm.sys ZwQueryValueKey [0xF72CC08A]
SSDT A29F02A4 ZwReplaceKey
SSDT A29F029F ZwRestoreKey
SSDT A29F0290 ZwSetValueKey
INT 0x73 ? 84C46BF8
INT 0x84 ? 84C46BF8
INT 0x94 ? 84C46BF8
INT 0xA4 ? 84C46BF8
INT 0xA4 ? 84C46BF8
INT 0xA4 ? 84C46BF8
INT 0xA4 ? 84C46BF8
INT 0xA4 ? 84C46BF8
INT 0xB4 ? 8576DBF8
---- Kernel code sections - GMER 1.0.15 ----
? spnm.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F55818AC 5 Bytes JMP 84C461D8
.text amuifdna.SYS F40F2386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text amuifdna.SYS F40F23AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text amuifdna.SYS F40F23C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text amuifdna.SYS F40F23C9 1 Byte [2E]
.text amuifdna.SYS F40F23C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCloseKey 77DA6C27 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 5F2B0F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 5F190F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegSetValueExW 77DAD767 6 Bytes JMP 5F130F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 6 Bytes JMP 5F250F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegSetValueExA 77DAEAE7 6 Bytes JMP 5F100F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 6 Bytes JMP 5F160F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyW 77DCBA55 6 Bytes JMP 5F280F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 6 Bytes JMP 5F220F5A
.text C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe[380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01280001
.text C:\WINDOWS\system32\csrss.exe[520] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01710001
.text C:\WINDOWS\system32\winlogon.exe[544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01330001
.text C:\WINDOWS\system32\igfxsrvc.exe[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01470001
.text C:\Programme\FRITZ!DSL\FwebProt.exe[608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01250001
.text ...
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 5F220F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCloseKey 77DA6C27 6 Bytes JMP 5F310F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegSetValueExW 77DAD767 6 Bytes JMP 5F160F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 6 Bytes JMP 5F280F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegSetValueExA 77DAEAE7 6 Bytes JMP 5F130F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 6 Bytes JMP 5F190F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyW 77DCBA55 6 Bytes JMP 5F2B0F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 6 Bytes JMP 5F250F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] WS2_32.dll!WSCInstallProvider 71A21665 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] WS2_32.dll!WSCInstallProvider + 4 71A21669 2 Bytes [11, 5F]
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[1744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 026D0001
.text C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01300001
.text C:\Programme\Java\jre6\bin\jqs.exe[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01090001
.text C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe[1876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001
.text C:\WINDOWS\RTHDCPL.EXE[1936] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 021B0001
.text ...
.text C:\WINDOWS\System32\svchost.exe[2400] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\DOKUME~1\ME\LOKALE~1\Temp\RtkBtMnt.exe[2480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\DOKUME~1\ME\LOKALE~1\Temp\RtkBtMnt.exe[2480] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00920001
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wscntfy.exe[2924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Dokumente und Einstellungen\ME\Desktop\Scan\GMER\heeelikb.exe[3828] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72C3B90] spnm.sys
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\amuifdna.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8576C1F8
Device \Driver\usbuhci \Device\USBPDO-0 84B451F8
Device \Driver\usbuhci \Device\USBPDO-1 84B451F8
Device \Driver\usbehci \Device\USBPDO-2 84C371F8
Device \Driver\usbuhci \Device\USBPDO-3 84B451F8
Device \Driver\PCI_PNP8692 \Device\00000047 spnm.sys
Device \Driver\usbuhci \Device\USBPDO-4 84B451F8
Device \Driver\usbehci \Device\USBPDO-5 84C371F8
Device \Driver\usbuhci \Device\USBPDO-6 84B451F8
Device \Driver\sptd \Device\1610794942 spnm.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 857DA1F8
Device \Driver\usbuhci \Device\USBPDO-7 84B451F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 857DA1F8
Device \Driver\Cdrom \Device\CdRom0 84A483F8
Device \Driver\iaStor \Device\Ide\iaStor0 [F71945A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F71945A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [F71945A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 84A483F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84AAD2C8
Device \Driver\NetBT \Device\NetbiosSmb 84AAD2C8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2CD74D68-50CC-4322-B7A0-6E732CB5032C} 84AAD2C8
Device \Driver\usbuhci \Device\USBFDO-0 84B451F8
Device \Driver\usbuhci \Device\USBFDO-1 84B451F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84BB61F8
Device \Driver\usbuhci \Device\USBFDO-2 84B451F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84BB61F8
Device \Driver\usbehci \Device\USBFDO-3 84C371F8
Device \Driver\usbuhci \Device\USBFDO-4 84B451F8
Device \Driver\Ftdisk \Device\FtControl 857DA1F8
Device \Driver\usbuhci \Device\USBFDO-5 84B451F8
Device \Driver\usbuhci \Device\USBFDO-6 84B451F8
Device \Driver\usbehci \Device\USBFDO-7 84C371F8
Device \Driver\amuifdna \Device\Scsi\amuifdna1 84A431F8
Device \Driver\amuifdna \Device\Scsi\amuifdna1Port1Path0Target0Lun0 84A431F8
Device \FileSystem\Cdfs \Cdfs 84A09500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC2 0xAA 0xFE 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA6 0xD4 0x75 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x69 0x57 0x15 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC2 0xAA 0xFE 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA6 0xD4 0x75 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x69 0x57 0x15 0x7D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
VG |
|
21.03.2011, 19:28
| #19 |
| | Bitte um Fileauswertung McAfee Rootkite Detective OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:26:35 on 21.03.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.15 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Epson Printer Software Downloader.job" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPAPDL\E_SAPDL2.EXE "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "02615" (02615) - ? - C:\WINDOWS\System32\drivers\02615.SYS (File not found) "4c416" (4c416) - ? - C:\WINDOWS\system32\drivers\4c416.SYS (File not found) "afe17" (afe17) - ? - C:\WINDOWS\system32\drivers\afe17.SYS (File not found) "amuifdna" (amuifdna) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\amuifdna.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\ME \LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "d99A" (d99A) - ? - C:\WINDOWS\system32\d99A.sys (File not found) "DarkSpy" (DarkSpy) - ? - C:\WINDOWS\system32\DarkSpyKernel.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pgryrkob" (pgryrkob) - ? - C:\DOKUME~1\ME\LOKALE~1\Temp\pgryrkob.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {86B567D0-313C-11D2-8985-0080ADA96E9B} "G Data Shredder" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\desktop.ini "FRITZ!DSL Protect.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\FwebProt.exe (Shortcut exists | File exists) "FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\StCenter.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "'Ashampoo AntiSpyWare 2 Guard'" - "Ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe "IAAnotif" - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Ashampoo AntiSpyWare 2 Service" (AASW2_Service) - ? - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe (File found, but it contains no detailed information) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe "AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "Sarah NSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "SARAH LSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
21.03.2011, 19:31
| #20 |
| | Bitte um Fileauswertung McAfee Rootkite Detective MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000005c Kernel Drivers (total 121): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D1000 \WINDOWS\system32\hal.dll 0xF79A6000 \WINDOWS\system32\KDCOM.DLL 0xF78B6000 \WINDOWS\system32\BOOTVID.dll 0xF72B2000 spnm.sys 0xF79A8000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF729A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF726B000 ACPI.sys 0xF725A000 pci.sys 0xF74A6000 isapnp.sys 0xF78BA000 compbatt.sys 0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF723C000 pcmcia.sys 0xF74B6000 MountMgr.sys 0xF721D000 ftdisk.sys 0xF7726000 PartMgr.sys 0xF78C2000 ACPIEC.sys 0xF7A6E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF74C6000 VolSnap.sys 0xF714D000 iaStor.sys 0xF74D6000 disk.sys 0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF712D000 fltmgr.sys 0xF711B000 sr.sys 0xF7104000 KSecDD.sys 0xF70F1000 WudfPf.sys 0xF7064000 Ntfs.sys 0xF7037000 NDIS.sys 0xF701D000 Mup.sys 0xF55A1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xF558D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF78AE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF5569000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF772E000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF5541000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF414C000 \SystemRoot\system32\DRIVERS\b57xp32.sys 0xF6F9C000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF5BA0000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF777E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7786000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF5B90000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF5B80000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF5B70000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF4129000 \SystemRoot\system32\DRIVERS\ks.sys 0xF40F2000 \SystemRoot\System32\Drivers\amuifdna.SYS 0xF685A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF5B60000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7A86000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7516000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF6856000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF40DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7526000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7536000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7806000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF40CA000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7546000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xEF332000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xEDBB2000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF6EEC000 \SystemRoot\System32\Drivers\pcouffin.sys 0xF6EDC000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A3E000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB818D000 \SystemRoot\system32\DRIVERS\update.sys 0xF38C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF6E95000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF6E85000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A40000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xA7259000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xA7235000 \SystemRoot\system32\drivers\portcls.sys 0xF6E75000 \SystemRoot\system32\drivers\drmk.sys 0xA7215000 \SystemRoot\system32\drivers\IntcHdmi.sys 0xF7A36000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xA2A89000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A38000 \SystemRoot\System32\Drivers\Beep.SYS 0xA2742000 \SystemRoot\System32\drivers\vga.sys 0xF7A3A000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A3C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xA273A000 \SystemRoot\System32\Drivers\Msfs.SYS 0xA2732000 \SystemRoot\System32\Drivers\Npfs.SYS 0xA2D1D000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA19D2000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA1979000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA1951000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA2D19000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xA192F000 \SystemRoot\System32\drivers\afd.sys 0xA2E2C000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA272A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xA1904000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA1894000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA2E1C000 \SystemRoot\System32\Drivers\Fips.SYS 0xA186E000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA1848000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xA49BD000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xA2DEC000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA233B000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xA2DDC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xA2199000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xA2337000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xA1778000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA209D000 \SystemRoot\System32\drivers\Dxapi.sys 0xA2191000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7AFC000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04F000 \SystemRoot\System32\igxpdv32.DLL 0xBF25B000 \SystemRoot\System32\igxpdx32.DLL 0xF5BF0000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA1763000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA2091000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA166E000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA14F7000 \SystemRoot\system32\DRIVERS\srv.sys 0xA14E2000 \SystemRoot\system32\drivers\wdmaud.sys 0xF39DD000 \SystemRoot\system32\drivers\sysaudio.sys 0xA28A4000 \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys 0xA0D49000 \SystemRoot\System32\Drivers\HTTP.sys 0xA08FC000 \??\C:\DOKUME~1\ME\LOKALE~1\Temp\pgryrkob.sys 0xA08D1000 \SystemRoot\system32\drivers\kmixer.sys 0xA0750000 \SystemRoot\system32\DRIVERS\athw.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Programme\Alcohol Soft\Alcohol 120\Alcoholx.dll Processes (total 46): 0 System Idle Process 4 System 464 C:\WINDOWS\system32\smss.exe 520 C:\WINDOWS\system32\csrss.exe 544 C:\WINDOWS\system32\winlogon.exe 756 C:\WINDOWS\system32\services.exe 768 C:\WINDOWS\system32\lsass.exe 924 C:\WINDOWS\system32\svchost.exe 1004 C:\WINDOWS\system32\svchost.exe 1044 C:\WINDOWS\system32\svchost.exe 1092 C:\WINDOWS\system32\svchost.exe 1296 C:\WINDOWS\system32\svchost.exe 1336 C:\WINDOWS\system32\svchost.exe 1408 C:\WINDOWS\explorer.exe 1480 C:\WINDOWS\system32\spoolsv.exe 1560 C:\Programme\Avira\AntiVir Desktop\sched.exe 1600 C:\WINDOWS\system32\svchost.exe 1664 C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe 1716 C:\Programme\Avira\AntiVir Desktop\avguard.exe 1744 C:\Programme\FRITZ!DSL\IGDCTRL.EXE 1796 C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe 1812 C:\Programme\Java\jre6\bin\jqs.exe 1876 C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe 1936 C:\WINDOWS\RTHDCPL.EXE 1988 C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 1996 C:\WINDOWS\system32\igfxtray.exe 2004 C:\WINDOWS\system32\hkcmd.exe 2012 C:\WINDOWS\system32\igfxpers.exe 164 C:\WINDOWS\system32\svchost.exe 192 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe 272 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 300 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 380 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe 572 C:\WINDOWS\system32\igfxsrvc.exe 608 C:\Programme\FRITZ!DSL\FwebProt.exe 672 C:\Programme\FRITZ!DSL\StCenter.exe 944 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe 2480 C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\temp\RtkBtMnt.exe 2916 C:\WINDOWS\system32\alg.exe 2924 C:\WINDOWS\system32\wscntfy.exe 3096 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2400 C:\WINDOWS\system32\svchost.exe 3776 C:\WINDOWS\system32\ctfmon.exe 3968 C:\Programme\Mozilla Firefox\firefox.exe 2108 C:\WINDOWS\system32\notepad.exe 3204 C:\Dokumente und Einstellungen\ME\Desktop\Scan\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS) PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
|
21.03.2011, 19:37
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitte um Fileauswertung McAfee Rootkite DetectiveZitat:
__________________ --> Bitte um Fileauswertung McAfee Rootkite Detective |
|
22.03.2011, 19:57
| #22 |
| | Bitte um Fileauswertung McAfee Rootkite Detective Hi, Bericht zur Löschung habe ich Ochse net gesaved  . Habe die Einträge aber ne zweites Mal gelöscht. Danach auch gescant. Hier der Bericht:OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 19:52:18 on 22.03.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.15 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Epson Printer Software Downloader.job" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPAPDL\E_SAPDL2.EXE "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "at7b24t6" (at7b24t6) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\at7b24t6.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\ME\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DarkSpy" (DarkSpy) - ? - C:\WINDOWS\system32\DarkSpyKernel.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {86B567D0-313C-11D2-8985-0080ADA96E9B} "G Data Shredder" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\desktop.ini "FRITZ!DSL Protect.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\FwebProt.exe (Shortcut exists | File exists) "FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\StCenter.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "'Ashampoo AntiSpyWare 2 Guard'" - "Ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe "IAAnotif" - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Ashampoo AntiSpyWare 2 Service" (AASW2_Service) - ? - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe (File found, but it contains no detailed information) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe "AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "Sarah NSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "SARAH LSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
22.03.2011, 20:21
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitte um Fileauswertung McAfee Rootkite Detective Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2011, 19:57
| #24 |
| | Bitte um Fileauswertung McAfee Rootkite Detective Servus, Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6158 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 24.03.2011 19:44:08 mbam-log-2011-03-24 (19-44-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 172764 Laufzeit: 21 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
24.03.2011, 20:48
| #25 |
| | Bitte um Fileauswertung McAfee Rootkite Detective Hier der SuperAntiScan: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/24/2011 at 08:40 PM Application Version : 4.50.1002 Core Rules Database Version : 6669 Trace Rules Database Version: 4481 Scan type : Complete Scan Total Scan Time : 00:24:47 Memory items scanned : 556 Memory threats detected : 0 Registry items scanned : 5975 Registry threats detected : 0 File items scanned : 37712 File threats detected : 1 Adware.Tracking Cookie counter.cam-content.com [ C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\P8ZL6CH2 ] |
|
24.03.2011, 20:57
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitte um Fileauswertung McAfee Rootkite Detective Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2011, 13:37
| #27 |
| | Bitte um Fileauswertung McAfee Rootkite Detective hi, avira zeigt nix an. ansonsten auch alles i.O.. was genau war den jetzt alles aufm rechner? vg |
|
27.03.2011, 21:02
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitte um Fileauswertung McAfee Rootkite Detective Einiges an Müll haben wir entfernt. Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2011, 19:54
| #29 |
| | Bitte um Fileauswertung McAfee Rootkite Detective hi, alles getan, jedoche bei adobe geblieben. habe noch zwei scans gemacht. poste die noch mal: maleware: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6218 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.03.2011 20:01:46 mbam-log-2011-03-30 (20-01-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 178601 Laufzeit: 17 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und superanti : SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 03/30/2011 at 08:33 PM Application Version : 4.50.1002 Core Rules Database Version : 6711 Trace Rules Database Version: 4523 Scan type : Complete Scan Total Scan Time : 00:28:34 Memory items scanned : 508 Memory threats detected : 0 Registry items scanned : 5747 Registry threats detected : 0 File items scanned : 42932 File threats detected : 2 Adware.Tracking Cookie counter.cam-content.com [ C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\P8ZL6CH2 ] s0.2mdn.net [ C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\P8ZL6CH2 ] wäre nett, wenn de nochmals checken könntest. danke !!! |
|
30.03.2011, 20:06
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitte um Fileauswertung McAfee Rootkite Detective Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bitte um Fileauswertung McAfee Rootkite Detective |
| .dll, antispyware, antivir, avg, avira, bericht, c:\windows, dateien, desktop, dsl, einstellungen, hilfe!, hilfe!!, java, lib, mcafee, messenger, microsoft, mozilla, programme, services, software, system, system32, temp |
Linear-Darstellung
