| |
| |||||||
Plagegeister aller Art und deren Bek鋗pfung: Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqdWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerw黱schte Software zu deinstallieren bzw. zu l鰏chen. Bitte schildere dein Problem so genau wie m鰃lich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.03.2011, 22:17
| #1 |
 |  Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Hallo, Der Vorfall liegt schon ein paar Tage zur點k als pl鰐zlich eine Warnmeldung im IE erschien, dass der Rechner infiziert sei und der IE aus Sicherheitsgr黱den geschlossen wird. Auch in der Taskleiste erschien die Meldung dass der Rechner infiziert sei. Der IE wurde automatisch geschlossen und auf dem Desktop wurde eine neue Wallpaper dargestellt mit 鋒nlicher Aussage. Ich habe das Netzwerkkabel gezogen und den Rechner ausgeschaltet. Leider war er auch gerade damit besch鋐tigt ein Windows update zu installieren, was darin resultierte dass Dateien wie system, security, etc. besch鋎igt wurden. Die konnte ich aus einem 鋖teren Image wieder herstellen, musste aber diverses nachinstallieren und reparieren. Viel Arbeit mit Haken und 謘en. Im Lauf dieser Aktion hat Antivir folgendes gefunden: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57\70beba39-60391325 [FUND] Enth鋖t Erkennungsmuster des Java-Virus JAVA/OpenConnect.DD [HINWEIS] Die Datei wurde ins Quarant鋘everzeichnis unter dem Namen '4f68f21a.qua' verschoben! C:\System Volume Information\_restore{E27FF955-C497-40DC-83F6-0506B32C1CC2}\RP37\ C:\System Volume Information\_restore{E27FF955-C497-40DC-83F6-0506B32C1CC2}\RP37\A0051515.exe [FUND] Ist das Trojanische Pferd TR/Kazy.akcqd [HINWEIS] Die Datei wurde ins Quarant鋘everzeichnis unter dem Namen '4f03d097.qua' verschoben! Jetzt l鋟ft der Computer wieder ohne Anzeichen einer Infektion. Andere Tools wie SuperAntispyware, MBAM, Spybot S&D finden nichts. Aber ich kann nicht wirklich nachvollziehen was da genau passiert ist. W黵de da bitte mal jemand dr黚er schauen, ob da wirklich alles in Ordnung ist? Gr黶se, Andi Nachfolgend die Logfiles: (Die Extras.txt wurde nicht erstellt) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6041
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.03.2011 11:13:22
mbam-log-2011-03-13 (11-13-22).txt
Scan type: Quick scan
Objects scanned: 169738
Time elapsed: 4 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:14 on 13/03/2011 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-13 11:21:30
Windows 5.1.2600 Service Pack 3
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT F7AABF0E ZwCreateKey
SSDT F7AABF04 ZwCreateThread
SSDT F7AABF13 ZwDeleteKey
SSDT F7AABF1D ZwDeleteValueKey
SSDT F7AABF3B ZwLoadDriver
SSDT F7AABF22 ZwLoadKey
SSDT F7AABEF0 ZwOpenProcess
SSDT F7AABEF5 ZwOpenThread
SSDT F7AABF2C ZwReplaceKey
SSDT F7AABF27 ZwRestoreKey
SSDT F7AABF40 ZwSetSystemInformation
SSDT F7AABF18 ZwSetValueKey
SSDT F7AABEFF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF66B1360, 0x221CFD, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2136] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2b dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 dvd43llh.sys (dvd43llh.sys/RIF)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 13.03.2011 11:22:08 - Run 7 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Admin\Desktop\MFTools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 633,00 Mb Available Physical Memory | 62,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 226,04 Gb Total Space | 70,20 Gb Free Space | 31,06% Space Free | Partition Type: NTFS Drive D: | 6,83 Gb Total Space | 1,65 Gb Free Space | 24,11% Space Free | Partition Type: FAT32 Drive E: | 232,88 Gb Total Space | 91,05 Gb Free Space | 39,10% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 48,52 Gb Free Space | 5,21% Space Free | Partition Type: NTFS Computer Name: MD8800 | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.13 11:03:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\MFTools\OTL.exe PRC - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2011.03.13 11:03:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\MFTools\OTL.exe MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.08.21 07:22:08 | 000,455,784 | ---- | M] (VMLite, Inc.) [Auto | Stopped] -- C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe -- (VMLiteService) SRV - [2006.02.22 14:07:30 | 000,266,338 | ---- | M] () [Auto | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.02.22 14:07:30 | 000,118,880 | ---- | M] () [Auto | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.02.22 14:06:46 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2006.01.20 10:20:00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.10.06 17:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.08.18 12:28:56 | 000,127,080 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vmliteusbmon.sys -- (VMLiteUSBMon) DRV - [2010.08.18 11:54:16 | 000,127,080 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmlitediskmp.sys -- (vmlitediskmp) DRV - [2010.08.18 11:54:12 | 000,135,272 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMLiteUSB.sys -- (VMLiteUSB) DRV - [2010.08.11 11:05:00 | 000,111,208 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010.08.11 11:05:00 | 000,100,264 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010.08.11 11:04:54 | 000,143,848 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010.06.29 10:20:02 | 000,015,464 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vmlitedrv.sys -- (vmlitedrv) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.30 14:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008.06.01 20:59:46 | 000,223,424 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.04.28 16:34:00 | 000,882,688 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.01.13 18:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005.10.04 18:37:53 | 000,072,320 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR) DRV - [2005.07.14 19:58:38 | 000,241,536 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB) DRV - [2005.06.30 12:15:59 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.05.19 14:52:57 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2003.01.10 22:13:03 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002.11.18 13:34:08 | 000,240,288 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\CAPI20.SYS -- (CAPI20) DRV - [2002.09.16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2001.09.18 16:46:56 | 000,038,480 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\detewecp.sys -- (DETEWECP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.05 15:18:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.05 15:18:55 | 000,000,000 | ---D | M] [2011.03.03 16:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2011.03.05 20:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions [2011.03.05 15:43:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011.03.04 07:28:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.05 15:22:00 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.03.05 15:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.03.05 15:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2011.03.05 15:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.03 16:34:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 12:59:59 | 000,229,900 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 8059 more lines... O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe () O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe () O4 - HKLM..\Run: [dvd43] C:\Programme\dvd43\DVD43_Tray.exe () O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [routcnf] File not found O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\tclock.lnk = C:\Programme\tclocklight-040702-3\tclock.exe (Kazubon) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150982010296 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298218260890 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.148.70 217.237.150.115 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.06.21 05:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.11.02 12:52:16 | 000,000,120 | ---- | M] () - D:\autoexec.bat -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011.03.13 11:03:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\MFTools [2011.03.07 20:55:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Startmen黒Programme\Verwaltung [2011.03.06 19:04:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\HP [2011.03.06 19:02:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP Product Assistant [2011.03.06 19:00:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\HP [2011.03.06 18:17:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\HP [2011.03.06 13:50:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2011.03.06 13:46:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\CCleaner [2011.03.06 13:46:40 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.03.05 16:39:08 | 000,000,000 | ---D | C] -- C:\Programme\MozBackup-1.4.10-DE [2011.03.05 15:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads [2011.03.05 15:18:53 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.03.05 12:25:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\VMLites [2011.03.03 23:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2011.03.03 23:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SUPERAntiSpyware.com [2011.03.03 23:35:12 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.03.03 22:59:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira [2011.03.03 21:41:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Apple [2011.03.03 17:03:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2011.03.03 17:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Foxit Reader [2011.03.03 17:02:40 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2011.03.03 16:49:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Mozilla [2011.03.03 16:49:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla [2011.03.03 16:35:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2011.03.03 13:07:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\IECompatCache [2011.03.03 12:53:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Search [2011.03.03 12:18:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011.03.03 12:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\ERUNT [2011.03.03 12:17:57 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.03 11:51:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Apple Computer [2011.03.03 11:46:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2011.02.24 08:58:52 | 000,127,080 | ---- | C] (VMLite, Inc.) -- C:\WINDOWS\System32\drivers\vmliteusbmon.sys [2011.02.24 08:57:40 | 000,015,464 | ---- | C] (VMLite, Inc.) -- C:\WINDOWS\System32\drivers\vmlitedrv.sys [2011.02.24 08:57:39 | 000,143,848 | ---- | C] (VMLite, Inc.) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys [2011.02.24 08:57:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\VMLite Workstation [2011.02.24 08:57:12 | 000,000,000 | ---D | C] -- C:\Programme\VMLite [2011.02.20 18:56:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.02.17 22:06:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Virusproblem_110216 [2011.02.17 00:10:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2011.02.16 23:49:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2011.02.16 23:47:36 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BitDefender [2011.02.13 13:36:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\TeamViewer 6 [2011.02.13 13:36:02 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\WINDOWS\System32\drivers\teamviewervpn.sys [2011.02.13 13:35:59 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer [2007.11.01 21:25:12 | 000,102,400 | ---- | C] (Installshield Software Corporation ) -- C:\Programme\setup.exe ========== Files - Modified Within 30 Days ========== [2011.03.13 11:04:31 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\g2m3e4r.exe [2011.03.13 11:04:24 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\defogger.exe [2011.03.13 11:01:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.03.13 10:59:23 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.03.13 10:57:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.03.13 10:57:48 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2011.03.12 14:32:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2917A911-98C5-4D1E-B588-BFA81F8AE1B3}.job [2011.03.12 09:47:39 | 000,000,973 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy.lnk [2011.03.11 17:52:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.03.10 05:45:46 | 000,000,659 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\NTREGOPT.lnk [2011.03.10 05:45:46 | 000,000,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ERUNT.lnk [2011.03.09 19:56:49 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.03.06 21:39:58 | 000,001,086 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Solution Center.lnk [2011.03.06 19:03:34 | 000,206,661 | ---- | M] () -- C:\WINDOWS\hpwins14.dat [2011.03.06 19:01:48 | 000,001,856 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\HP Digital Imaging Monitor.lnk [2011.03.06 13:46:42 | 000,000,722 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\CCleaner.lnk [2011.03.05 20:03:56 | 000,121,429 | ---- | M] () -- C:\WINDOWS\hpqins05.dat [2011.03.05 17:32:41 | 000,000,734 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MozBackup.lnk [2011.03.05 15:19:01 | 000,001,634 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.03.03 23:35:15 | 000,001,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.03 21:16:05 | 000,023,316 | ---- | M] () -- C:\WINDOWS\hpqins15.dat [2011.03.03 15:32:08 | 000,000,785 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verkn黳fung mit Software.lnk [2011.03.03 13:02:44 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2011.03.03 12:28:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2011.03.03 11:51:53 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\ [2011.03.03 11:41:02 | 000,472,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Load.exe [2011.02.28 11:20:34 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2011.02.27 16:55:28 | 000,026,448 | ---- | M] () -- C:\WINDOWS\diagwrn.xml [2011.02.27 16:55:28 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml [2011.02.21 09:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job [2011.02.21 00:40:16 | 000,484,034 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.02.21 00:40:16 | 000,465,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.02.21 00:40:16 | 000,093,828 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.02.21 00:40:16 | 000,080,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.02.20 21:51:41 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.02.20 18:58:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011.02.20 18:32:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\spdwnwxp.exe [2011.02.13 13:36:05 | 000,000,855 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 6.lnk ========== Files Created - No Company Name ========== [2011.03.13 11:04:25 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\g2m3e4r.exe [2011.03.13 11:04:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\defogger.exe [2011.03.12 09:47:39 | 000,000,973 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy.lnk [2011.03.10 05:45:46 | 000,000,659 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\NTREGOPT.lnk [2011.03.10 05:45:46 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ERUNT.lnk [2011.03.09 19:56:43 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.03.06 19:02:31 | 000,001,086 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Solution Center.lnk [2011.03.06 19:01:48 | 000,001,856 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\HP Digital Imaging Monitor.lnk [2011.03.06 18:54:51 | 000,206,661 | ---- | C] () -- C:\WINDOWS\hpwins14.dat [2011.03.06 18:54:51 | 000,001,108 | R--- | C] () -- C:\WINDOWS\hpwmdl14.dat [2011.03.06 13:46:42 | 000,000,722 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\CCleaner.lnk [2011.03.05 20:01:15 | 000,121,429 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2011.03.05 17:32:41 | 000,000,734 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MozBackup.lnk [2011.03.05 15:19:01 | 000,001,634 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.03.03 23:35:15 | 000,001,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.03 23:09:14 | 000,002,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Startmen黒Programme\Microsoft Word.lnk [2011.03.03 21:16:03 | 000,023,686 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp [2011.03.03 15:32:08 | 000,000,785 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verkn黳fung mit Software.lnk [2011.03.03 12:28:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2011.03.03 11:51:53 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\ [2011.03.03 11:42:24 | 000,472,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Load.exe [2011.02.27 16:22:04 | 000,026,448 | ---- | C] () -- C:\WINDOWS\diagwrn.xml [2011.02.27 16:22:04 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml [2011.02.20 17:25:21 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin [2011.02.13 13:36:05 | 000,000,855 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 6.lnk [2011.01.23 17:31:19 | 000,023,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.09.08 19:54:07 | 000,023,316 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2009.07.03 15:40:49 | 000,119,460 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2009.07.01 14:16:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.02.06 22:09:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2009.02.06 21:32:26 | 000,206,678 | ---- | C] () -- C:\WINDOWS\hpwins14.dat.temp [2009.02.06 21:32:26 | 000,001,108 | ---- | C] () -- C:\WINDOWS\hpwmdl14.dat.temp [2009.02.06 20:49:24 | 000,013,041 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat [2008.10.23 23:12:30 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2008.09.25 16:55:06 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCREye.exe [2008.08.18 19:44:12 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\$_hpcst$.hpc [2008.07.23 17:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.07.23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008.07.13 20:31:16 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\$_hpcst$.hpc [2008.07.13 20:29:29 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.04.14 03:23:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\spdwnwxp.exe [2007.11.01 21:28:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI [2007.11.01 21:25:12 | 001,759,570 | ---- | C] () -- C:\Programme\Data.Cab [2007.11.01 21:25:12 | 000,492,016 | ---- | C] () -- C:\Programme\Eumex 504PC USB.msi [2007.11.01 21:25:12 | 000,062,693 | ---- | C] () -- C:\Programme\setup.ini [2007.10.07 14:12:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.09.27 10:51:02 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007.09.27 10:48:48 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007.09.27 10:48:28 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007.09.02 22:15:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2007.08.31 11:51:27 | 000,001,140 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.08.11 21:00:14 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2007.06.05 19:33:56 | 000,002,711 | ---- | C] () -- C:\WINDOWS\DevMgr.ini [2007.06.05 17:29:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI [2007.05.30 17:08:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2007.05.24 10:16:21 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.05.23 22:07:57 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.05.16 22:48:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2007.05.16 20:51:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007.05.16 19:59:52 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.22 15:26:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.06.22 13:47:09 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006.06.22 13:34:19 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2006.06.22 13:18:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.06.22 12:20:12 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2006.06.22 11:47:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll [2006.06.22 11:47:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll [2006.06.22 11:47:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe [2006.06.22 11:44:48 | 000,550,912 | ---- | C] () -- C:\WINDOWS\mHotkey.exe [2006.06.22 11:44:48 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2006.06.22 11:44:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll [2006.06.22 11:44:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe [2006.06.22 11:44:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2006.06.22 11:44:48 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll [2006.06.22 11:44:48 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll [2006.06.22 11:44:48 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini [2006.06.22 11:41:59 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe [2006.06.22 11:41:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll [2006.06.22 11:41:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUCRUninstall.exe [2006.06.22 11:41:59 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI [2006.06.22 11:31:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.06.22 11:27:11 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.06.22 11:27:11 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.06.22 11:27:11 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.06.22 11:27:11 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.06.22 11:27:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.06.22 11:27:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.06.22 11:27:10 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.06.22 11:27:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.06.21 14:24:58 | 000,000,872 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.06.21 14:24:54 | 000,484,034 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.06.21 14:24:54 | 000,093,828 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.06.21 14:24:47 | 000,465,570 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.06.21 14:24:47 | 000,080,252 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.06.21 14:24:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.06.21 06:30:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.06.21 06:29:38 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.06.21 05:39:11 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.06.21 05:37:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.06.21 05:34:24 | 000,023,604 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.01.30 12:57:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 01:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2011.03.03 17:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2010.11.03 08:45:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search [2011.03.03 12:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Search [2009.12.05 14:54:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2011.02.17 22:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2009.01.31 15:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3Find [2008.08.19 08:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Team MediaPortal [2009.02.18 07:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings [2010.12.22 21:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.03.12 14:32:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2917A911-98C5-4D1E-B588-BFA81F8AE1B3}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.11 14:57:17 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2011.02.19 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.08.18 20:08:36 | 000,000,000 | ---D | M] -- C:\dvbfix [2011.03.06 13:46:40 | 000,000,000 | R--D | M] -- C:\Programme [2010.12.28 11:20:08 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.01.14 17:43:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.02.06 22:08:41 | 000,000,000 | ---D | M] -- C:\temp [2011.02.26 11:30:08 | 000,000,000 | ---D | M] -- C:\UBCD4Winsmall [2011.03.10 10:42:35 | 000,000,000 | ---D | M] -- C:\WINDOWS [2011.02.24 00:09:41 | 000,000,000 | -H-D | M] -- C:\{2426F42A-20BE-4F19-A8A5-640920671123} < %PROGRAMFILES%\*.exe > [2000.11.06 10:16:44 | 000,102,400 | ---- | M] (Installshield Software Corporation ) -- C:\Programme\setup.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\UBCD4Winsmall\BartPE\I386\EXPLORER.EXE [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\UBCD4Winsmall\BartPE_110226\I386\EXPLORER.EXE [2006.02.28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\explorer.exe < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\UBCD4Winsmall\BartPE\I386\SYSTEM32\USERINIT.EXE [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\UBCD4Winsmall\BartPE_110226\I386\SYSTEM32\USERINIT.EXE < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\UBCD4Winsmall\BartPE\I386\SYSTEM32\WINLOGON.EXE [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\UBCD4Winsmall\BartPE_110226\I386\SYSTEM32\WINLOGON.EXE [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-09 19:04:55 < End of report > |
|
14.03.2011, 11:06
| #2 | |
| /// Winkelfunktion /// TB-S點h-Tiger™   | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqdZitat:
 Bitte routinem溥ig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus 鋖teren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
14.03.2011, 15:15
| #3 |
| | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Hallo,
__________________Nachfolgend der MBAM Full scan Logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6048
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14.03.2011 14:50:54
mbam-log-2011-03-14 (14-50-44).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 601491
Time elapsed: 2 hour(s), 58 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\vmlite workstation\VM2 XP\cpp\keyfinder-changer v1.41.exe (RiskWare.Tool.CK) -> No action taken.
Andi |
|
14.03.2011, 16:18
| #4 | |
| /// Winkelfunktion /// TB-S點h-Tiger™ | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqdZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.03.2011, 17:21
| #5 |
| | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Ja, eine 鋖tere Version von "magicaljellybean". Mir war/ist nicht ganz deutlich welcher Key bei der Original Installation von XP von Medion genommen wurde. Gr黶se, Andi |
|
14.03.2011, 18:41
| #6 |
| /// Winkelfunktion /// TB-S點h-Tiger™ | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.21 05:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 12:52:16 | 000,000,120 | ---- | M] () - D:\autoexec.bat -- [ FAT32 ]
O4 - HKLM..\Run: [routcnf] File not found
O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe ()
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile m黶ste ge鰂fnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd |
|
14.03.2011, 20:30
| #7 |
| | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Hier der Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\autoexec.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\routcnf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Showwnd deleted successfully.
C:\WINDOWS\ShowWnd.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 294166 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: ***
->Temp folder emptied: 788368 bytes
->Temporary Internet Files folder emptied: 481930 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92506194 bytes
->Flash cache emptied: 738 bytes
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 338463 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 90,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03142011_191051
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Andi |
|
14.03.2011, 20:40
| #8 |
| /// Winkelfunktion /// TB-S點h-Tiger™ | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Dann bitte jetzt CF ausf黨ren: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschlie遧ich ausgef黨rt werden, wenn ein Kompetenzler dies ausdr點klich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2011, 21:28
| #9 |
| | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Hallo, Nachfolgend der Combofix Logfile: Code:
ATTFilter ComboFix 11-03-13.02 - Admin 14.03.2011 21:02:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.541 [GMT 1:00]
ausgef黨rt von:: c:\dokumente und einstellungen\Admin\Desktop\CoFi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere L鰏chungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\Setup.exe
c:\windows\system32\spdwnwxp.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-14 bis 2011-03-14 ))))))))))))))))))))))))))))))
.
.
2011-03-14 18:10 . 2011-03-14 18:10 -------- d-----w- C:\_OTL
2011-03-06 18:04 . 2011-03-06 18:04 -------- d-----w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\HP
2011-03-06 18:02 . 2011-03-06 18:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Product Assistant
2011-03-06 17:59 . 2007-11-07 02:10 271704 ----a-r- c:\windows\system32\hpzids01.dll
2011-03-06 17:58 . 2007-10-31 12:19 729088 ----a-r- c:\windows\system32\hpwwiax3.dll
2011-03-06 17:58 . 2007-10-31 12:19 970752 ----a-r- c:\windows\system32\hpwtiop3.dll
2011-03-06 17:58 . 2007-01-17 16:37 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2011-03-06 17:58 . 2007-01-17 16:37 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-03-06 17:58 . 2007-01-17 16:31 294912 ----a-r- c:\windows\system32\hpovst11.dll
2011-03-06 17:17 . 2011-03-06 17:17 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\HP
2011-03-06 12:46 . 2011-03-06 12:46 -------- d-----w- c:\programme\CCleaner
2011-03-05 15:39 . 2011-03-05 16:32 -------- d-----w- c:\programme\MozBackup-1.4.10-DE
2011-03-05 11:25 . 2011-03-05 11:25 -------- d-----w- c:\dokumente und einstellungen\Admin\VMLites
2011-03-03 22:35 . 2011-03-03 22:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-03 22:35 . 2011-03-03 22:35 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-03 22:35 . 2011-03-03 22:35 -------- d-----w- c:\programme\SUPERAntiSpyware
2011-03-03 21:59 . 2011-03-03 21:59 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Avira
2011-03-03 20:41 . 2011-03-03 20:41 -------- d-----w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Apple
2011-03-03 16:03 . 2011-03-03 16:03 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Foxit Software
2011-03-03 16:02 . 2011-03-03 16:02 -------- d-----w- c:\programme\Foxit Software
2011-03-03 15:49 . 2011-03-03 15:49 -------- d-----w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Mozilla
2011-03-03 15:34 . 2011-03-03 15:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-03 12:07 . 2011-03-03 12:07 -------- d-sh--w- c:\dokumente und einstellungen\Admin\IECompatCache
2011-03-03 11:53 . 2011-03-03 11:53 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Windows Search
2011-03-03 11:17 . 2011-03-10 04:45 -------- d-----w- c:\programme\ERUNT
2011-03-03 10:51 . 2011-03-03 20:41 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Apple Computer
2011-03-03 10:46 . 2011-03-03 10:46 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2011-02-24 08:04 . 2011-03-08 23:31 -------- d-----w- c:\dokumente und einstellungen\***\VMLites
2011-02-24 07:58 . 2010-08-18 11:28 127080 ----a-w- c:\windows\system32\drivers\vmliteusbmon.sys
2011-02-24 07:57 . 2010-06-29 09:20 15464 ----a-w- c:\windows\system32\drivers\vmlitedrv.sys
2011-02-24 07:57 . 2010-08-11 10:04 143848 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-02-24 07:57 . 2011-02-24 07:57 -------- d-----w- c:\programme\VMLite
2011-02-21 20:21 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-20 16:25 . 2011-02-28 10:20 81984 ----a-w- c:\windows\system32\bdod.bin
2011-02-16 22:49 . 2011-02-17 21:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\BitDefender
2011-02-16 22:47 . 2011-02-28 10:21 -------- d-----w- c:\programme\Gemeinsame Dateien\BitDefender
2011-02-13 12:36 . 2011-01-12 09:42 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2011-02-13 12:35 . 2011-02-13 12:35 -------- d-----w- c:\programme\TeamViewer
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:34 . 2008-10-05 21:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-17 19:49 . 2008-08-09 17:17 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2006-06-21 04:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-06-21 04:33 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2004-08-04 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 20:32 . 2010-12-22 20:32 1409 ----a-w- c:\windows\QTFont.for
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-04 12:00 737792 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-12-29 15:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-29 15:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2004-04-28 10:57 . 2007-11-01 20:25 492016 ----a-w- c:\programme\Eumex 504PC USB.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr鋑e & legitime Standardeintr鋑e werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2005-11-10 5585408]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2006-01-27 176128]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2006-02-22 143360]
"dvd43"="c:\programme\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\dokumente und einstellungen\All Users\Startmen乗Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
tclock.lnk - c:\programme\tclocklight-040702-3\tclock.exe [2008-8-31 44544]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\SuperSync\\SuperSync.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
R1 VBoxDrv;VBoxDrv;c:\windows\system32\drivers\VBoxDrv.sys [24.02.2011 08:57 143848]
R1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [24.02.2011 08:57 15464]
R1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [24.02.2011 08:58 127080]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [05.09.2009 20:26 135336]
R2 CAPI20;Eumex 504PC USB;c:\windows\system32\drivers\Capi20.sys [02.11.2007 15:33 240288]
R2 DETEWECP;Telekom ISDN Port;c:\windows\system32\drivers\detewecp.sys [02.11.2007 15:33 38480]
R2 VMLiteService;VMLiteService;c:\programme\VMLite\VMLite Workstation\VMLiteService.exe [21.08.2010 07:22 455784]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30.01.2006 12:57 882688]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [22.06.2006 11:41 72320]
R3 VBoxNetAdp;VMLite Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [11.08.2010 11:05 100264]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [11.08.2010 11:05 111208]
R3 vmlitediskmp;vmlitediskmp;c:\windows\system32\drivers\vmlitediskmp.sys [18.08.2010 11:54 127080]
S0 rseb;rseb; [x]
S3 dtwmnic5;Telekom Eumex 504PC SE;c:\windows\system32\DRIVERS\dtwmnic5.sys --> c:\windows\system32\DRIVERS\dtwmnic5.sys [?]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys --> c:\windows\system32\Drivers\ulisa.sys [?]
S3 VMLiteUSB;VMLite USB;c:\windows\system32\drivers\VMLiteUSB.sys [18.08.2010 11:54 135272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{2917A911-98C5-4D1E-B588-BFA81F8AE1B3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Zus鋞zlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
- - - - Entfernte verwaiste Registrierungseintr鋑e - - - -
.
AddRemove-navigating.de POI-Warner GoPal Edition - c:\windows\suinsta4001.exe
AddRemove-navigating.de POI-Warner POI-Daten - c:\windows\suinsta4001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-14 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteintr鋑e...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JD-00HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2b
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1272)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
Zeit der Fertigstellung: 2011-03-14 21:11:44
ComboFix-quarantined-files.txt 2011-03-14 20:11
.
Vor Suchlauf: 8 Verzeichnis(se), 75.182.227.456 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 75.178.467.328 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DAE07B462A2E8A2C7C6188B54315B677
Gr黶se, Andi |
|
15.03.2011, 10:57
| #10 |
| /// Winkelfunktion /// TB-S點h-Tiger™ | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Bitte nun dieses Tool von Kaspersky ausf黨ren und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2011, 12:18
| #11 |
| | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Sieht aus als ob nichts gefunden wurde: Code:
ATTFilter 2011/03/15 12:08:05.0859 1672 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/15 12:08:06.0250 1672 ================================================================================
2011/03/15 12:08:06.0250 1672 SystemInfo:
2011/03/15 12:08:06.0250 1672
2011/03/15 12:08:06.0250 1672 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/15 12:08:06.0250 1672 Product type: Workstation
2011/03/15 12:08:06.0250 1672 ComputerName: MD8800
2011/03/15 12:08:06.0250 1672 UserName: Admin
2011/03/15 12:08:06.0250 1672 Windows directory: C:\WINDOWS
2011/03/15 12:08:06.0250 1672 System windows directory: C:\WINDOWS
2011/03/15 12:08:06.0250 1672 Processor architecture: Intel x86
2011/03/15 12:08:06.0250 1672 Number of processors: 2
2011/03/15 12:08:06.0250 1672 Page size: 0x1000
2011/03/15 12:08:06.0250 1672 Boot type: Normal boot
2011/03/15 12:08:06.0250 1672 ================================================================================
2011/03/15 12:08:06.0437 1672 Initialize success
2011/03/15 12:08:09.0828 2772 ================================================================================
2011/03/15 12:08:09.0828 2772 Scan started
2011/03/15 12:08:09.0828 2772 Mode: Manual;
2011/03/15 12:08:09.0828 2772 ================================================================================
2011/03/15 12:08:10.0828 2772 3xHybrid (4393b673d29a0d118e9730b67ab7d959) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
2011/03/15 12:08:10.0937 2772 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/15 12:08:10.0968 2772 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/15 12:08:11.0031 2772 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/15 12:08:11.0093 2772 AegisP (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/15 12:08:11.0140 2772 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/15 12:08:11.0218 2772 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/15 12:08:11.0406 2772 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/15 12:08:11.0500 2772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/15 12:08:11.0531 2772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/15 12:08:11.0578 2772 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/15 12:08:11.0625 2772 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/15 12:08:11.0718 2772 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/03/15 12:08:11.0765 2772 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/15 12:08:11.0812 2772 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/15 12:08:11.0875 2772 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/15 12:08:11.0953 2772 CAPI20 (2b6cc617c56580b126108d1902e024bb) C:\WINDOWS\System32\Drivers\CAPI20.SYS
2011/03/15 12:08:12.0093 2772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/15 12:08:12.0140 2772 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/15 12:08:12.0218 2772 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/15 12:08:12.0234 2772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/15 12:08:12.0265 2772 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/15 12:08:12.0375 2772 CMISTOR (bbdd16b65f669f8d62d12fbc47289897) C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
2011/03/15 12:08:13.0031 2772 DETEWECP (d24bab151777f35f24651ae40005510b) C:\WINDOWS\System32\drivers\detewecp.sys
2011/03/15 12:08:13.0078 2772 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/15 12:08:13.0140 2772 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/15 12:08:13.0218 2772 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/15 12:08:13.0250 2772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/15 12:08:13.0296 2772 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/15 12:08:13.0343 2772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/15 12:08:13.0406 2772 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/03/15 12:08:13.0437 2772 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/15 12:08:13.0468 2772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/15 12:08:13.0500 2772 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/15 12:08:13.0515 2772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/15 12:08:13.0562 2772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/15 12:08:13.0609 2772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/15 12:08:13.0640 2772 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/15 12:08:13.0671 2772 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/15 12:08:13.0703 2772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/15 12:08:13.0750 2772 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/15 12:08:13.0781 2772 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/15 12:08:13.0906 2772 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/15 12:08:13.0953 2772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/15 12:08:14.0015 2772 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/15 12:08:14.0062 2772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/15 12:08:14.0296 2772 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/15 12:08:14.0421 2772 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/15 12:08:14.0453 2772 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/15 12:08:14.0484 2772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/15 12:08:14.0515 2772 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/15 12:08:14.0531 2772 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/15 12:08:14.0562 2772 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/15 12:08:14.0593 2772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/15 12:08:14.0625 2772 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/15 12:08:14.0656 2772 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/15 12:08:14.0671 2772 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/15 12:08:14.0703 2772 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/15 12:08:14.0734 2772 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/15 12:08:14.0812 2772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/15 12:08:14.0859 2772 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/15 12:08:14.0875 2772 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/15 12:08:14.0937 2772 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/15 12:08:14.0953 2772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/15 12:08:15.0000 2772 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/03/15 12:08:15.0031 2772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/15 12:08:15.0093 2772 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/15 12:08:15.0125 2772 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/15 12:08:15.0171 2772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/15 12:08:15.0203 2772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/15 12:08:15.0234 2772 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/15 12:08:15.0296 2772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/15 12:08:15.0328 2772 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/15 12:08:15.0375 2772 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/15 12:08:15.0406 2772 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/15 12:08:15.0468 2772 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/15 12:08:15.0484 2772 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/15 12:08:15.0531 2772 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/15 12:08:15.0578 2772 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/15 12:08:15.0937 2772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/15 12:08:16.0250 2772 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/15 12:08:16.0375 2772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/15 12:08:16.0390 2772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/15 12:08:16.0453 2772 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/15 12:08:16.0468 2772 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/15 12:08:16.0515 2772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/15 12:08:16.0609 2772 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/15 12:08:16.0781 2772 nv (dc0b33c6c7321714be4e6c1a005a75d9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/15 12:08:16.0843 2772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/15 12:08:16.0875 2772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/15 12:08:16.0906 2772 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/15 12:08:16.0937 2772 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/15 12:08:16.0953 2772 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/15 12:08:17.0000 2772 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/15 12:08:17.0015 2772 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/15 12:08:17.0078 2772 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/15 12:08:17.0109 2772 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/15 12:08:17.0281 2772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/15 12:08:17.0343 2772 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/03/15 12:08:17.0359 2772 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/15 12:08:17.0406 2772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/15 12:08:17.0437 2772 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/15 12:08:17.0562 2772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/15 12:08:17.0578 2772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/15 12:08:17.0625 2772 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/15 12:08:17.0640 2772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/15 12:08:17.0671 2772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/15 12:08:17.0687 2772 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/15 12:08:17.0734 2772 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/15 12:08:17.0765 2772 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/15 12:08:17.0828 2772 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/15 12:08:17.0906 2772 RT2500USB (b2a5e9d580a61b57ad91fa64a4789aba) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2011/03/15 12:08:17.0953 2772 RTL8023xp (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/03/15 12:08:18.0078 2772 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/15 12:08:18.0093 2772 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/15 12:08:18.0156 2772 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/15 12:08:18.0171 2772 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/15 12:08:18.0218 2772 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/15 12:08:18.0265 2772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/15 12:08:18.0312 2772 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/15 12:08:18.0375 2772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/15 12:08:18.0406 2772 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/15 12:08:18.0468 2772 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/15 12:08:18.0546 2772 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/15 12:08:18.0593 2772 StillCam (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/15 12:08:18.0656 2772 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/15 12:08:18.0687 2772 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/15 12:08:18.0703 2772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/15 12:08:18.0812 2772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/15 12:08:18.0875 2772 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/15 12:08:18.0937 2772 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/15 12:08:18.0953 2772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/15 12:08:19.0000 2772 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/15 12:08:19.0109 2772 truecrypt (1592a0c126cf28b6d22d16ffe15a8a0d) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/03/15 12:08:19.0140 2772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/15 12:08:19.0234 2772 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/15 12:08:19.0281 2772 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/15 12:08:19.0328 2772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/15 12:08:19.0390 2772 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/15 12:08:19.0437 2772 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/15 12:08:19.0468 2772 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/15 12:08:19.0500 2772 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/15 12:08:19.0531 2772 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/15 12:08:19.0578 2772 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/03/15 12:08:19.0625 2772 VBoxDrv (78e34aaa6939fb0ece3afa5fd356f540) C:\WINDOWS\system32\drivers\VBoxDrv.sys
2011/03/15 12:08:19.0687 2772 VBoxNetAdp (b39fecb3b506660c4942c906e5362a58) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/03/15 12:08:19.0703 2772 VBoxNetFlt (0d26330db08bce43deace125bbf3bb01) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/03/15 12:08:19.0734 2772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/15 12:08:19.0796 2772 vmlitediskmp (639b911889969fe2dc729bbad8caa2b1) C:\WINDOWS\system32\DRIVERS\vmlitediskmp.sys
2011/03/15 12:08:19.0828 2772 vmlitedrv (50af24ed984db1f285972d1fca592c74) C:\WINDOWS\system32\drivers\vmlitedrv.sys
2011/03/15 12:08:19.0875 2772 VMLiteUSB (d30f168f2a0511e1ecd7155ee9b918e5) C:\WINDOWS\system32\Drivers\VMLiteUSB.sys
2011/03/15 12:08:19.0921 2772 VMLiteUSBMon (60916b5da67ccb81b20bf135fac026a8) C:\WINDOWS\system32\drivers\vmliteusbmon.sys
2011/03/15 12:08:19.0968 2772 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/15 12:08:19.0984 2772 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/15 12:08:20.0046 2772 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/15 12:08:20.0078 2772 wceusbsh (b2e899062723723b3f150023b5a123ad) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/03/15 12:08:20.0140 2772 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/15 12:08:20.0250 2772 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/15 12:08:20.0296 2772 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/15 12:08:20.0343 2772 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/15 12:08:20.0359 2772 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/15 12:08:20.0421 2772 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2011/03/15 12:08:20.0656 2772 ================================================================================
2011/03/15 12:08:20.0656 2772 Scan finished
2011/03/15 12:08:20.0656 2772 ================================================================================
|
|
15.03.2011, 15:43
| #12 |
| /// Winkelfunktion /// TB-S點h-Tiger™ | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER st黵zt h鋟figer ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und f黨r nur OSAM aus - die Online-Abfrage durch OSAM bitte 黚erspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2011, 20:46
| #13 |
| | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Hier die 3 files: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-15 20:22:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18 WDC_WD2500JD-00HBB0 rev.08.02D08
Running: mgc04zxd.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT F7B7CCEE ZwCreateKey
SSDT F7B7CCE4 ZwCreateThread
SSDT F7B7CCF3 ZwDeleteKey
SSDT F7B7CCFD ZwDeleteValueKey
SSDT F7B7CD1B ZwLoadDriver
SSDT F7B7CD02 ZwLoadKey
SSDT F7B7CCD0 ZwOpenProcess
SSDT F7B7CCD5 ZwOpenThread
SSDT F7B7CD0C ZwReplaceKey
SSDT F7B7CD07 ZwRestoreKey
SSDT F7B7CD20 ZwSetSystemInformation
SSDT F7B7CCF8 ZwSetValueKey
SSDT F7B7CCDF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6834360, 0x221CFD, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:27:04 on 15.03.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.4.0.1" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "dvd43llh" (dvd43llh) - "RIF" - C:\WINDOWS\System32\DRIVERS\dvd43llh.sys "Eumex 504PC USB" (CAPI20) - "DeTeWe Berlin" - C:\WINDOWS\System32\Drivers\CAPI20.SYS "fxtdypoc" (fxtdypoc) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypoc.sys (Hidden registry entry, rootkit activity | File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "IEEE-1284.4 Driver HPZid412" (HPZid412) - ? - C:\WINDOWS\System32\DRIVERS\HPZid412.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "NT-Treiber f黵 Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter" (rtl8139) - ? - C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "Print Class Driver for IEEE-1284.4 HPZipr12" (HPZipr12) - ? - C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "rseb" (rseb) - ? - C:\WINDOWS\system32\drivers\rseb.sys (File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Telekom Eumex 504PC SE" (dtwmnic5) - ? - C:\WINDOWS\System32\DRIVERS\dtwmnic5.sys (File not found) "Telekom ISDN Port" (DETEWECP) - "DeTeWe Berlin" - C:\WINDOWS\System32\drivers\detewecp.sys "Telekom ISDN-Adapter (USB)" (ulisa) - ? - C:\WINDOWS\System32\Drivers\ulisa.sys (File not found) "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys "VBoxDrv" (VBoxDrv) - "VMLite, Inc." - C:\WINDOWS\System32\drivers\VBoxDrv.sys "VBoxNetFlt Service" (VBoxNetFlt) - "VMLite, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys "VMLite Host-Only Ethernet Adapter" (VBoxNetAdp) - "VMLite, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys "VMLite USB" (VMLiteUSB) - "VMLite, Inc." - C:\WINDOWS\System32\Drivers\VMLiteUSB.sys "vmlitediskmp" (vmlitediskmp) - "VMLite, Inc." - C:\WINDOWS\System32\DRIVERS\vmlitediskmp.sys "vmlitedrv" (vmlitedrv) - "VMLite, Inc." - C:\WINDOWS\System32\drivers\vmlitedrv.sys "VMLiteUSBMon" (VMLiteUSBMon) - "VMLite, Inc." - C:\WINDOWS\System32\drivers\vmliteusbmon.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung f黵 Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - "FaJo" - C:\Programme\FaJo\XP File Security Extension\FJXPFileSecExt.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmen f黵 die Verschl黶selung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Ger鋞" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Wcesview.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen f黵 die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Programme\UltraISO\isoshell.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu (Add) Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll {8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAceDrag-Drop Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAceProperty Sheet Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab {49232000-16E4-426C-A231-62846947304B} "SysData Class" - "Hewlett-Packard" - C:\WINDOWS\DOWNLO~1\SysInfo.dll / https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %AllUsersProfile%\Startmen黒Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) "tclock.lnk" - "Kazubon" - C:\Programme\tclocklight-040702-3\tclock.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CHotkey" - ? - mHotkey.exe "dvd43" - ? - C:\Programme\dvd43\dvd43_tray.exe "HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "ledpointer" - "Chicony" - CNYHKey.exe "MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe" "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\Cyberlink\Shared files\RichVideo.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "VMLiteService" (VMLiteService) - "VMLite, Inc." - C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x01c001fc
Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF79D0000 \WINDOWS\system32\KDCOM.DLL
0xF78E0000 \WINDOWS\system32\BOOTVID.dll
0xF73A0000 ACPI.sys
0xF79D2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF738F000 pci.sys
0xF74D0000 isapnp.sys
0xF74E0000 ohci1394.sys
0xF74F0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A98000 pciide.sys
0xF7750000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7500000 MountMgr.sys
0xF7370000 ftdisk.sys
0xF7758000 PartMgr.sys
0xF7510000 VolSnap.sys
0xF7358000 atapi.sys
0xF7520000 disk.sys
0xF7530000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7338000 fltmgr.sys
0xF7326000 sr.sys
0xF7540000 PxHelp20.sys
0xF730F000 KSecDD.sys
0xF7282000 Ntfs.sys
0xF7255000 NDIS.sys
0xF723B000 Mup.sys
0xF7630000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6834000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6820000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF67F8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7850000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF67D4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7858000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF66FC000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xF66D9000 \SystemRoot\system32\DRIVERS\ks.sys
0xF71F7000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xF66BC000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF65B0000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7860000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7868000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7640000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7964000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF659C000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7650000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7870000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF7660000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7670000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7878000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7B70000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7680000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7970000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF655D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7690000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7880000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF654C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7888000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7890000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6535000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7898000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6514000 \SystemRoot\system32\DRIVERS\vmlitediskmp.sys
0xF64FC000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF64E2000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0xF7A22000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6484000 \SystemRoot\system32\DRIVERS\update.sys
0xF7984000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3B8A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3B66000 \SystemRoot\system32\drivers\portcls.sys
0xF76E0000 \SystemRoot\system32\drivers\drmk.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A34000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A3A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B68000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A3C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7768000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7790000 \SystemRoot\System32\drivers\vga.sys
0xF7A3E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A40000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7798000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6470000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3AE3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3A8A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3A62000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3A3C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6464000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF3A1A000 \SystemRoot\System32\drivers\afd.sys
0xF7720000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF39FA000 \SystemRoot\system32\drivers\vmliteusbmon.sys
0xF7730000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77A8000 \SystemRoot\system32\drivers\vmlitedrv.sys
0xF39D8000 \SystemRoot\system32\drivers\VBoxDrv.sys
0xF39A3000 \SystemRoot\System32\drivers\truecrypt.sys
0xF3981000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
0xF77B0000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xF3956000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7B72000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xF38E6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7740000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF38D4000 \SystemRoot\system32\DRIVERS\cmiucr.SYS
0xF38AE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A48000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6C33000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF388A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF384F000 \SystemRoot\system32\DRIVERS\rt2500usb.sys
0xF77C8000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xF3B46000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3B42000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF380F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A82000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF658C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3E0000 \SystemRoot\System32\ATMFD.DLL
0xBA573000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF7810000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9A4E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9199000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6C13000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9ACB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9A9B000 \SystemRoot\System32\drivers\detewecp.sys
0xB807E000 \SystemRoot\System32\Drivers\CAPI20.SYS
0xB7F36000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7445000 \SystemRoot\System32\Drivers\HTTP.sys
0xADAA2000 \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypoc.sys
0xB38A3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 53):
0 System Idle Process
4 System
896 C:\WINDOWS\system32\smss.exe
1276 csrss.exe
1300 C:\WINDOWS\system32\winlogon.exe
1344 C:\WINDOWS\system32\services.exe
1356 C:\WINDOWS\system32\lsass.exe
1552 C:\WINDOWS\system32\svchost.exe
1600 svchost.exe
1900 C:\WINDOWS\system32\svchost.exe
248 svchost.exe
468 svchost.exe
948 C:\WINDOWS\system32\spoolsv.exe
1032 C:\Programme\Avira\AntiVir Desktop\sched.exe
1064 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1208 svchost.exe
1692 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
656 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1648 C:\Programme\Bonjour\mDNSResponder.exe
1772 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
1016 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
1280 C:\WINDOWS\system32\svchost.exe
1156 C:\Programme\Java\jre6\bin\jqs.exe
1984 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
2496 C:\WINDOWS\system32\nvsvc32.exe
2540 C:\Programme\Cyberlink\Shared files\RichVideo.exe
2764 C:\WINDOWS\system32\svchost.exe
2832 C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe
3052 C:\WINDOWS\system32\searchindexer.exe
3132 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
3192 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
2600 C:\Programme\iPod\bin\iPodService.exe
2720 C:\WINDOWS\system32\wbem\wmiapsrv.exe
560 alg.exe
816 C:\WINDOWS\system32\svchost.exe
3004 C:\WINDOWS\system32\svchost.exe
2108 C:\WINDOWS\system32\svchost.exe
2144 C:\WINDOWS\explorer.exe
3560 C:\WINDOWS\mHotkey.exe
4092 C:\WINDOWS\CNYHKey.exe
3880 C:\Programme\Medion Info Display\MdionLCM.exe
2820 C:\Programme\Home Cinema\PowerCinema\PCMService.exe
3320 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
420 C:\Programme\iTunes\iTunesHelper.exe
448 C:\WINDOWS\RTHDCPL.EXE
568 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
3352 C:\Programme\HP\HP Software Update\hpwuSchd2.exe
3412 C:\Programme\tclocklight-040702-3\tclock.exe
3840 C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
540 C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
312 C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe
2784 C:\WINDOWS\system32\wscntfy.exe
392 C:\Dokumente und Einstellungen\Admin\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500JD-00HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD2500JD-00HBB0, Rev: 08.02D08
PhysicalDrive2 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
931 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Andi |
|
15.03.2011, 21:25
| #14 |
| /// Winkelfunktion /// TB-S點h-Tiger™ | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 14:24
| #15 |
| | Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd Hier die beiden Logs: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6067
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
16.03.2011 07:26:49
mbam-log-2011-03-16 (07-26-40).txt
Art des Suchlaufs: Vollst鋘diger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 602199
Laufzeit: 3 Stunde(n), 0 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl黶sel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine b鰏artigen Objekte gefunden)
Infizierte Speichermodule:
(Keine b鰏artigen Objekte gefunden)
Infizierte Registrierungsschl黶sel:
(Keine b鰏artigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine b鰏artigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine b鰏artigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine b鰏artigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\vmlite workstation\VM2 XP\cpp\keyfinder-changer v1.41.exe (RiskWare.Tool.CK) -> No action taken.
Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 03/16/2011 bei 02:00 PM
Version der Applikation : 4.49.1000
Version der Kern-Datenbank : 6605
Version der Spur-Datenbank : 4417
Scan Art : kompletter Scann
Totale Scann-Zeit : 06:29:05
Gescannte Speicherelemente : 647
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 7961
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 461531
Erfasste Datei-Elemente : 0
Andi |
|
| Themen zu Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd |
| .dll, 0x00000001, adobe, antivir, aus sicherheitsgr黱den, avg, avgntflt.sys, avira, bartpe, bho, bonjour, computer, desktop, einstellungen, explorer, extras.txt, firefox, home, install.exe, java/openconnect.dd, location, mozilla, nvidia, oldtimer, plug-in, realtek, searchplugins, security, sicherheitsgr黱de, sicherheitsgr黱den, software, superantispyware, system, taskleiste, temp, wieder herstellen, windows, winlogon.exe |
Linear-Darstellung
