Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Kazy/WTR /CCC /verschwundene Dateien

TR/Kazy/WTR /CCC /verschwundene Dateien


Log-Analyse und Auswertung: TR/Kazy/WTR /CCC /verschwundene Dateien

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.05.2011, 06:14   #16
sch8mid
 
TR/Kazy/WTR /CCC /verschwundene Dateien - Standard

TR/Kazy/WTR /CCC /verschwundene Dateien


Gmer :

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-07 07:10:09
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\iaStor0 WDC_WD10 rev.80.0
Running: ifnu46ur.exe; Driver: C:\Users\ARMINS~1\AppData\Local\Temp\agtdypod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                            82C7A339 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82CB3D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           sptd.sys                                                                                                 8C6BA001 31 Bytes  [87, C0, 82, 34, 22, C1, 82, ...]
.text           sptd.sys                                                                                                 8C6BA024 104 Bytes  [77, 87, CD, 82, 05, D0, D5, ...]
.text           sptd.sys                                                                                                 8C6BA08D 91 Bytes  [85, C7, 82, 1A, 35, C7, 82, ...]
.text           sptd.sys                                                                                                 8C6BA0E9 163 Bytes  [5B, C7, 82, 17, E5, CD, 82, ...]
.text           sptd.sys                                                                                                 8C6BA18D 63 Bytes  [68, CC, 82, C7, CD, CE, 82, ...]
.text           ...                                                                                                      
.sptd2          C:\Windows\System32\Drivers\sptd.sys                                                                     entry point in ".sptd2" section [0x8C7649E3]
?               C:\Windows\System32\Drivers\sptd.sys                                                                     Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                 section is writeable [0x93632000, 0x2F786C, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                    93F68CA0 5 Bytes  JMP 887121C8 
.text           D:\Video_HD\PowerDVD_10\PowerDVD10\NavFilter\000.fcl                                                     section is writeable [0x9B794000, 0x2892, 0xE8000020]
.vmp2           D:\Video_HD\PowerDVD_10\PowerDVD10\NavFilter\000.fcl                                                     entry point in ".vmp2" section [0x9B7B7050]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                      9FF50000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                      9FF50123 629 Bytes  [B5, F4, 9F, FE, 05, 34, B5, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                      9FF50399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                      9FF503FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                      9FF504AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                      

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                 [8C6BB70C] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                [8C6BBEEE] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                [8C6BC20E] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                         [8C6BC0CC] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                          [8C6BB8F0] \SystemRoot\System32\Drivers\sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\System32\rundll32.exe[3000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7565FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7565FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7565FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7565FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                   85AF61E8
Device                                                                                                                   MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device                                                                                                                   Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
Device                                                                                                                   8A11A1E8
Device                                                                                                                   fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-0                                                                         887131E8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                         887131E8
Device          \Driver\ACPI_HAL \Device\00000053                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-2                                                                         887131E8
Device          \Driver\usbehci \Device\USBPDO-3                                                                         886E6430
Device          \Driver\usbuhci \Device\USBPDO-4                                                                         887131E8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                         887131E8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                         887131E8
Device          \Driver\usbehci \Device\USBPDO-7                                                                         886E6430

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                             885BA1E8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                       [8CA9F420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                            [8CA9F420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                            [8CA9F420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-2                                                            [8CA9F420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                  8869A1E8
Device          \Driver\partmgr \Device\PartmgrControl                                                                   MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
Device          \FileSystem\Mup \Device\Mup                                                                              MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \Driver\MDPMGRNT \Device\MacDrivePartitionDriver                                                         85AF51E8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                         887131E8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{B22F6FF1-24AB-4E66-93F7-703A1030E4F2}                                 8869A1E8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                         887131E8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                         887131E8
Device          \Driver\usbehci \Device\USBFDO-3                                                                         886E6430
Device          \Driver\usbuhci \Device\USBFDO-4                                                                         887131E8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                         887131E8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                         887131E8
Device          \Driver\usbehci \Device\USBFDO-7                                                                         886E6430

AttachedDevice                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer                                                           MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                       MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                            MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                        MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                         MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                        MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                       771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                       285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                       1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                      0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                      0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                   0xE7 0x63 0x13 0x97 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                          0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                          0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                       0xE7 0x63 0x13 0x97 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk1\DR1                                                                                    MBR read error
Disk            \Device\Harddisk1\DR1                                                                                    MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----
--- --- ---




Osam:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 07:13:02 on 07.05.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"agtdypod" (agtdypod) - ? - C:\Users\ARMINS~1\AppData\Local\Temp\agtdypod.sys  (Hidden registry entry, rootkit activity | File not found)
"ALSysIO" (ALSysIO) - ? - C:\Users\ARMINS~1\AppData\Local\Temp\ALSysIO.sys  (File not found)
"ATI Function Driver for HD Audio Service" (AtiHDAudioService) - "Advanced Micro Devices" - C:\Windows\System32\drivers\AtihdW73.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVZ Kernel Driver" (ute1nte4) - ? - C:\Windows\system32\Drivers\ute1nte4.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\ARMINS~1\AppData\Local\Temp\catchme.sys  (File not found)
"CBDisk" (CBDisk) - "EldoS Corporation" - C:\Windows\system32\drivers\CBDisk.sys
"cpuz130" (cpuz130) - ? - C:\Users\ARMINS~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys  (File not found)
"MacDrive file system driver" (MDFSYSNT) - "Mediafour Corporation" - C:\Windows\system32\drivers\MDFSYSNT.sys
"MacDrive partition driver" (MDPMGRNT) - "Mediafour Corporation" - C:\Windows\system32\drivers\MDPMGRNT.sys
"MpKsl1db77c7b" (MpKsl1db77c7b) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFA813D4-59DC-4936-A235-D8F3E0BB999C}\MpKsl1db77c7b.sys  (File not found)
"MpKsl4f13dc28" (MpKsl4f13dc28) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D7EB594-C3D3-41E9-831F-2BAEC59C9391}\MpKsl4f13dc28.sys  (File not found)
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - D:\Dienstprogramme\Malware\AntiSpy\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - D:\Dienstprogramme\Malware\AntiSpy\SASKUTIL.SYS
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TechnoTrend BDA/DVB (BDA)" (ttBudget2) - "TechnoTrend GmbH" - C:\Windows\System32\drivers\ttBudget2.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} "Mediafour Mac file columns" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Video_HD\iTunes\iTunesMiniPlayer.dll
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} "Mediafour Mac file columns" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0} "Mediafour Mac file properties" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10p.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\armin schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"YAAC" - "Wirth New Media" - C:\Program Files\Tools&More\YAAC\YAAC.exe /AUTOSTART
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"MacDrive 8 application" - "Mediafour Corporation" - "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AMD Reservation Manager" (AMD Reservation Manager) - ? - "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe"  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\sched.exe
"B9841371" (B9841371) - ? - C:\Windows\system32\B9841371.exe  (File not found)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MacDrive 8 service" (MacDrive8Service) - "Mediafour Corporation" - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - D:\Dienstprogramme\Malware\PSISOFTWAREANALYSE\PSI\PSIA.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

 

Themen zu TR/Kazy/WTR /CCC /verschwundene Dateien
adobe, antivir, avg, avira, dateien, defender, firefox, fontcache, frage, home, ics, malware protection, mcafee, microsoft, microsoft security, microsoft security essentials, mozilla, neu, programme, realtek, security, security scan, seite, service.exe, software, sptd.sys, start menu, svchost, system32, tr/kazy, updates, usb, usb 3.0, windows, windows 7 home, windows 7 home premium


« datamngr.dll ein virus? | fakeAlert-REP tojan found UND Programm(de)installationen gehen auch nicht (mehr) »


Ähnliche Themen: TR/Kazy/WTR /CCC /verschwundene Dateien


  1. Verschwundene Dateien und kein Sünder zu finden. Ratlos.
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (10)
  2. Windows Vista: Kazy.mekml.1 , Festplattenschaden, Dateien weg
    Log-Analyse und Auswertung - 01.12.2013 (25)
  3. Schwarzer Desktop, verschwundene Dateien & Programme
    Log-Analyse und Auswertung - 09.02.2012 (8)
  4. TR/Kazy.mekml.1 Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Log-Analyse und Auswertung - 12.05.2011 (13)
  5. TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
    Log-Analyse und Auswertung - 02.05.2011 (18)
  6. TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt
    Log-Analyse und Auswertung - 02.05.2011 (27)
  7. TR/Kazy.mekml.1, Festplatte beschädigt, Dateien nicht sichtbar
    Log-Analyse und Auswertung - 29.04.2011 (7)
  8. TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(
    Log-Analyse und Auswertung - 29.04.2011 (6)
  9. TR/Kazy.mekml.1 - Dateien verschwunden,
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  10. TR/Kazy.mekml.1 , Eigene Dateien weg, Desktop futsch,....
    Log-Analyse und Auswertung - 28.04.2011 (1)
  11. TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (1)
  12. tr/kazy.mekml.1' desktop dateien weg
    Log-Analyse und Auswertung - 25.04.2011 (1)
  13. tr kazy.mekml.1 - dateien wieder sichtbar machen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  14. TR/Kazy.mekml.1 Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (12)
  15. TR/kazy.mekml, Festplatte beschädigt, Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  16. Plötzlich verschwundene Dateien und Ordner
    Antiviren-, Firewall- und andere Schutzprogramme - 17.06.2009 (0)
  17. Verschwundene Einträge
    Alles rund um Windows - 10.08.2003 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy/WTR /CCC /verschwundene Dateien - Gmer : GMER Logfile: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net Rootkit scan 2011-05-07 07:10:09 Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\iaStor0 WDC_WD10 rev.80.0 Running: ifnu46ur.exe; Driver: - TR/Kazy/WTR /CCC /verschwundene Dateien...
Archiv
Du betrachtest: TR/Kazy/WTR /CCC /verschwundene Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19