| |
| |||||||
Log-Analyse und Auswertung: Trojaner muollo lässt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.05.2011, 20:32
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner muollo lässt sich nicht entfernen Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\windows\ShellNew
c:\program files\Vimicro
Filelook::
c:\windows\ZS211Cap.exe
c:\windows\ZSSnp211.exe
c:\windows\system32\ZS211STI.dll
c:\windows\system32\ZS211Prp.Ax
c:\windows\system32\drivers\ZS211.sys
c:\windows\Domino.exe
c:\windows\amcap.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.05.2011, 21:22
| #17 |
 | Trojaner muollo lässt sich nicht entfernen Combofix Logfile:
__________________Code:
ATTFilter ComboFix 11-05-17.03 - The One 18.05.2011 22:10:08.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.2046.1214 [GMT 2:00]
ausgeführt von:: c:\users\The One\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\The One\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\The One\AppData\Roaming\Tesar\zouvr.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-18 bis 2011-05-18 ))))))))))))))))))))))))))))))
.
.
2011-05-18 20:15 . 2011-05-18 20:15 -------- d-----w- c:\users\The One\AppData\Local\temp
2011-05-18 20:15 . 2011-05-18 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-18 14:10 . 2011-05-18 16:49 -------- d-----w- c:\users\The One\AppData\Roaming\Eksyc
2011-05-18 14:09 . 2011-05-18 14:09 -------- d-----w- C:\_OTL
2011-05-18 11:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 11:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 09:54 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50E1AE3E-FC37-4619-A8FA-7346F6049EB6}\mpengine.dll
2011-05-17 20:39 . 2011-05-17 20:39 -------- d-----w- c:\users\The One\AppData\Roaming\Malwarebytes
2011-05-17 20:38 . 2011-05-17 20:38 -------- d-----w- c:\programdata\Malwarebytes
2011-05-17 20:38 . 2011-05-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 11:56 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 16:05 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-09 16:05 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-09 16:05 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-09 16:05 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-09 16:05 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-05-09 16:05 . 2011-05-09 16:05 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-05-09 16:05 . 2011-05-09 16:05 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-05-08 12:56 . 2011-05-08 12:56 -------- d-----w- c:\windows\ShellNew
2011-05-07 22:59 . 2007-04-06 12:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2011-05-07 22:59 . 2007-04-06 09:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2011-05-07 22:59 . 2006-08-09 15:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2011-05-07 22:59 . 2006-07-14 12:36 172115 ----a-w- c:\windows\system32\ZS211Prp.Ax
2011-05-07 22:59 . 2011-05-07 22:59 -------- d-----w- c:\program files\Vimicro
2011-05-07 22:59 . 2007-06-13 07:24 1469312 ----a-w- c:\windows\system32\drivers\ZS211.sys
2011-05-07 22:59 . 2006-08-18 14:58 49152 ----a-w- c:\windows\Domino.exe
2011-05-07 22:59 . 2006-03-14 12:28 172032 ----a-w- c:\windows\amcap.exe
2011-05-06 16:07 . 2011-05-06 16:07 -------- d-----w- c:\program files\Sanny Builder 3
2011-05-06 14:09 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-05-06 14:09 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-05-06 13:48 . 2011-05-06 13:48 -------- d-----w- c:\users\The One\AppData\Roaming\NVIDIA
2011-05-06 13:47 . 2011-05-06 13:48 -------- d-----w- c:\users\The One\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
2011-05-06 13:47 . 2011-05-06 13:48 -------- d-----w- c:\program files\ENBSeries Configurator for GTA San Andreas
2011-05-05 20:54 . 2011-05-18 09:45 -------- d-----w- c:\users\UpdatusUser
2011-05-05 20:49 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-05 20:49 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-05 20:49 . 2011-04-08 05:14 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-05 20:49 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-05 20:49 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-05 20:49 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-05 20:49 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-05 20:49 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-05 20:49 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-05 20:49 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-05 17:14 . 2011-05-05 17:14 -------- d-----w- c:\users\The One\AppData\Local\ApplicationHistory
2011-05-05 12:33 . 2011-05-05 12:33 -------- d-----w- c:\program files\San Andreas Mod Installer
2011-05-05 12:33 . 2011-05-05 12:33 -------- d-----w- c:\windows\San Andreas Mod Installer
2011-05-04 20:49 . 2011-05-04 20:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-03 20:23 . 2011-05-03 20:23 -------- d-----w- c:\programdata\G & G Soft
2011-04-27 12:16 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 12:16 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 12:16 . 2011-05-01 13:14 -------- d-----w- c:\programdata\NFS Underground
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-08 05:14 . 2011-05-05 20:49 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2011-02-09 16:43 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-08 05:14 . 2011-02-09 16:43 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-10 16:12 . 2011-04-14 16:50 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-14 16:50 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00 . 2011-04-14 16:50 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-27 12:16 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 12:16 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 12:16 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-27 12:16 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53 . 2011-04-14 16:50 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-14 16:50 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52 . 2011-04-14 16:50 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52 . 2011-04-14 16:50 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51 . 2011-04-14 16:50 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51 . 2011-04-14 16:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-18 15:48 . 2011-04-14 16:50 833024 ----a-w- c:\windows\system32\wininet.dll
2011-02-18 15:45 . 2011-04-14 16:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 14:09 . 2011-04-14 16:50 389632 ----a-w- c:\windows\system32\html.iec
2011-02-18 13:48 . 2011-04-14 16:50 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 13:31 . 2011-04-14 16:50 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-18 13:31 . 2011-04-14 16:50 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-18 13:31 . 2011-04-14 16:50 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\amcap.exe ---
Company: Microsoft Corporation
File Description: Capture Application (Sample)
File Version: 3, 6, 314, 61
Product Name: DirectX 9.0 Sample
Copyright: Copyright (C) 1992-2002 Microsoft Corporation
Original Filename: Amcap.exe
File size: 172032
Created time: 2011-05-07 22:59
Modified time: 2006-03-14 12:28
MD5: 9A4D7AF2DAB1EED26D1BDC2D8B85C763
SHA1: 9985776C2A49A212CF370F1262CF0AE08AF8AFF6
.
.
--- c:\windows\Domino.exe ---
Company:
File Description:
File Version: 3, 6, 818, 7
Product Name: Domino
Copyright: Copyright (C)
Original Filename:
File size: 49152
Created time: 2011-05-07 22:59
Modified time: 2006-08-18 14:58
MD5: 5603C2C8940F5E43864D4000304AB175
SHA1: F22234ED04AD1220B28CACAABC2AB0361CE6FE11
.
.
--- c:\windows\system32\drivers\ZS211.sys ---
Company: ZSMC.Corporation
File Description: Video and Capture Device Driver
File Version: 211, 0, 0, 0
Product Name:
Copyright: ZSMC. 2007.
Original Filename: ZS211.sys
File size: 1469312
Created time: 2011-05-07 22:59
Modified time: 2007-06-13 07:24
MD5: 9D1F9C88F973B68CA1DB0AE72F00EC8D
SHA1: 390145D4A86FF5D35BD71F7450BDBCAD2960C305
.
.
--- c:\windows\system32\ZS211Prp.Ax ---
Company: ZSMC
File Description: DirectShow Extension Page
File Version: 3, 6, 703, 15
Product Name:
Copyright: Copyright (c) ZSMC.,2006.
Original Filename: ZSMC211Prp.Ax
File size: 172115
Created time: 2011-05-07 22:59
Modified time: 2006-07-14 12:36
MD5: CE0683E5D339BC5D8DE998A782D5B99A
SHA1: 5B8D1D4A357E69D944936C14BF50FE39D55A63BC
.
.
--- c:\windows\system32\ZS211STI.dll ---
Company: zsmc
File Description: Still Image (STI) Driver
File Version: 3, 6, 714, 25
Product Name:
Copyright: zsmc., 2006.
Original Filename: zsmc211STI.dll
File size: 81920
Created time: 2011-05-07 22:59
Modified time: 2006-08-09 15:37
MD5: 88E828123F062258B7576F6C5501D7C7
SHA1: 5001DAE8FC1F4749EB641AAD11B9698AF5ED4061
.
.
--- c:\windows\ZS211Cap.exe ---
Company: ZSMC
File Description: ZSMC30xCap
File Version: 1, 0, 0, 3
Product Name: ZSMC30xCap
Copyright: Copyright (C) 2007
Original Filename: ZSMC30xCap.exe
File size: 77824
Created time: 2011-05-07 22:59
Modified time: 2007-04-06 12:21
MD5: 5E4798C7598776F4F258B478E8BB8F93
SHA1: 21FC7618A0D5CFC2488262CD45A9AAE4751C3EAB
.
.
--- c:\windows\ZSSnp211.exe ---
Company: ZSMCSNAP
File Description: ZSMCSNAP
File Version: 3, 6, 818, 7
Product Name: ZSMCSNAP
Copyright: Copyright (C) 2006 ZSMC Corporation
Original Filename: ZSMCSNAP.exe
File size: 57344
Created time: 2011-05-07 22:59
Modified time: 2007-04-06 09:06
MD5: 0560B36A9A58DCF6698545F9521EABF2
SHA1: D32E735DCA20F47D5716CB593A81933872DE15DF
.
---- Directory of c:\program files\Vimicro ----
.
2011-05-07 22:59 . 2007-06-21 09:31 81920 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\tools\x86\vmdrv.exe
2011-05-07 22:59 . 2007-06-21 09:30 126976 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\tools\x86\vmcoinst.dll
2011-05-07 22:59 . 2007-01-25 01:26 319456 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\tools\x86\DIFxAPI.dll
2011-05-07 22:59 . 2007-06-21 09:40 108544 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\tools\x64\vmdrv.exe
2011-05-07 22:59 . 2007-06-21 09:40 162816 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\tools\x64\vmcoinst.dll
2011-05-07 22:59 . 2006-11-02 05:22 525792 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\tools\x64\DIFxAPI.dll
2011-05-07 22:59 . 2007-04-06 09:06 57344 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZSSnp211.exe
2011-05-07 22:59 . 2007-04-09 17:36 212992 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211TWN.DS
2011-05-07 22:59 . 2007-06-13 07:49 1493120 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211X64.sys
2011-05-07 22:59 . 2007-04-09 17:36 212992 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211TXP.DS
2011-05-07 22:59 . 2006-08-09 15:37 81920 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211sti.dll
2011-05-07 22:59 . 2006-07-14 12:36 172115 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211Prp.Ax
2011-05-07 22:59 . 2007-04-06 12:21 77824 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211Cap.exe
2011-05-07 22:59 . 2007-06-20 14:11 6488 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211.cat
2011-05-07 22:59 . 2007-07-05 08:13 41954 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211.inf
2011-05-07 22:59 . 2007-06-13 07:24 1469312 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\ZS211.sys
2011-05-07 22:59 . 2006-08-09 15:31 57344 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\Sti211.exe
2011-05-07 22:59 . 2006-08-18 14:58 49152 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\Domino.exe
2011-05-07 22:59 . 2006-03-14 12:28 172032 ----a-w- c:\program files\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\amcap.exe
.
---- Directory of c:\windows\ShellNew ----
.
2000-02-06 11:26 . 2000-02-06 11:26 11776 ----a-w- c:\windows\ShellNew\EXCEL9.XLS
1999-03-10 06:41 . 1999-03-10 06:41 11264 ----a-w- c:\windows\ShellNew\PWRPNT10.POT
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"{523FD411-CA09-5E4F-4E33-4C715ED06521}"="c:\users\The One\AppData\Roaming\Tesar\zouvr.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-08 19:17 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-11-08 13:47 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 cpuz129;cpuz129;c:\users\THEONE~1\AppData\Local\Temp\cpuz_x32.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-01 691696]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\The One\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\The One\AppData\Roaming\Mozilla\Firefox\Profiles\j7dg20k2.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-18 22:15
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1598736755-777327258-245303262-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:54,e0,ab,a1,4d,08,0f,43,9a,76,e9,f2,db,d5,ba,ec,5c,90,d6,a0,14,a2,63,
86,23,ba,2a,1a,fc,a9,e1,04,97,c1,50,8b,bb,89,0d,f3,eb,e4,7a,22,a8,44,74,79,\
"??"=hex:90,c2,9c,2a,df,93,29,c1,9f,04,05,e4,4f,e8,c3,ab
.
[HKEY_USERS\S-1-5-21-1598736755-777327258-245303262-1000\Software\SecuROM\License information*]
"datasecu"=hex:d3,cf,b0,1b,eb,4f,43,e6,97,02,de,a5,33,00,c2,6b,aa,a9,50,ee,ac,
78,1c,3b,b7,19,81,c2,72,bb,ab,29,89,a7,24,13,df,fd,22,5d,c5,e9,5d,24,fc,f6,\
"rkeysecu"=hex:8f,77,c5,b8,79,dc,6c,81,23,0c,98,0d,92,c3,a2,9e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-18 22:18:04
ComboFix-quarantined-files.txt 2011-05-18 20:18
ComboFix2.txt 2011-05-18 17:04
.
Vor Suchlauf: 15 Verzeichnis(se), 83.360.546.816 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 83.306.246.144 Bytes frei
.
- - End Of File - - 6516269F1445EA1C672143543E0941C3
Bittesehr |
|
18.05.2011, 21:32
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner muollo lässt sich nicht entfernen Das gleiche Spiel nochmal, Scripten mit CF, nur nimm jetzt diesen Text für CFScript - alles alte aus der CFScript löschen!!
__________________Code:
ATTFilter Folder::
c:\users\The One\AppData\Roaming\Tesar
c:\users\The One\AppData\Roaming\Eksyc
File::
c:\windows\Domino.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{523FD411-CA09-5E4F-4E33-4C715ED06521}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Domino"=-
__________________ |
|
18.05.2011, 21:42
| #19 |
| | Trojaner muollo lässt sich nicht entfernen Runde 2. Bittesehr =) Combofix Logfile: Code:
ATTFilter ComboFix 11-05-17.03 - The One 18.05.2011 22:34:50.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.2046.1178 [GMT 2:00]
ausgeführt von:: c:\users\The One\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\The One\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Domino.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\The One\AppData\Roaming\Eksyc
c:\users\The One\AppData\Roaming\Eksyc\qineq.syk
c:\users\The One\AppData\Roaming\Eksyc\qineq.tmp
c:\windows\Domino.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-18 bis 2011-05-18 ))))))))))))))))))))))))))))))
.
.
2011-05-18 20:39 . 2011-05-18 20:39 -------- d-----w- c:\users\The One\AppData\Local\temp
2011-05-18 20:39 . 2011-05-18 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-18 20:08 . 2011-05-18 20:18 -------- d-----w- C:\cofi.exe
2011-05-18 14:09 . 2011-05-18 14:09 -------- d-----w- C:\_OTL
2011-05-18 11:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 11:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 09:54 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50E1AE3E-FC37-4619-A8FA-7346F6049EB6}\mpengine.dll
2011-05-17 20:39 . 2011-05-17 20:39 -------- d-----w- c:\users\The One\AppData\Roaming\Malwarebytes
2011-05-17 20:38 . 2011-05-17 20:38 -------- d-----w- c:\programdata\Malwarebytes
2011-05-17 20:38 . 2011-05-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 11:56 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 16:05 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-09 16:05 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-09 16:05 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-09 16:05 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-09 16:05 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-05-09 16:05 . 2011-05-09 16:05 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-05-09 16:05 . 2011-05-09 16:05 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-05-08 12:56 . 2011-05-08 12:56 -------- d-----w- c:\windows\ShellNew
2011-05-07 22:59 . 2007-04-06 12:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2011-05-07 22:59 . 2007-04-06 09:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2011-05-07 22:59 . 2006-08-09 15:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2011-05-07 22:59 . 2006-07-14 12:36 172115 ----a-w- c:\windows\system32\ZS211Prp.Ax
2011-05-07 22:59 . 2011-05-07 22:59 -------- d-----w- c:\program files\Vimicro
2011-05-07 22:59 . 2007-06-13 07:24 1469312 ----a-w- c:\windows\system32\drivers\ZS211.sys
2011-05-07 22:59 . 2006-03-14 12:28 172032 ----a-w- c:\windows\amcap.exe
2011-05-06 16:07 . 2011-05-06 16:07 -------- d-----w- c:\program files\Sanny Builder 3
2011-05-06 14:09 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-05-06 14:09 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-05-06 13:48 . 2011-05-06 13:48 -------- d-----w- c:\users\The One\AppData\Roaming\NVIDIA
2011-05-06 13:47 . 2011-05-06 13:48 -------- d-----w- c:\users\The One\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
2011-05-06 13:47 . 2011-05-06 13:48 -------- d-----w- c:\program files\ENBSeries Configurator for GTA San Andreas
2011-05-05 20:54 . 2011-05-18 09:45 -------- d-----w- c:\users\UpdatusUser
2011-05-05 20:49 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-05 20:49 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-05 20:49 . 2011-04-08 05:14 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-05 20:49 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-05 20:49 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-05 20:49 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-05 20:49 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-05 20:49 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-05 20:49 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-05 20:49 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-05 17:14 . 2011-05-05 17:14 -------- d-----w- c:\users\The One\AppData\Local\ApplicationHistory
2011-05-05 12:33 . 2011-05-05 12:33 -------- d-----w- c:\program files\San Andreas Mod Installer
2011-05-05 12:33 . 2011-05-05 12:33 -------- d-----w- c:\windows\San Andreas Mod Installer
2011-05-04 20:49 . 2011-05-04 20:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-03 20:23 . 2011-05-03 20:23 -------- d-----w- c:\programdata\G & G Soft
2011-04-27 12:16 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 12:16 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 12:16 . 2011-05-01 13:14 -------- d-----w- c:\programdata\NFS Underground
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-08 05:14 . 2011-05-05 20:49 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2011-02-09 16:43 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-08 05:14 . 2011-02-09 16:43 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-10 16:12 . 2011-04-14 16:50 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-14 16:50 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00 . 2011-04-14 16:50 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-27 12:16 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 12:16 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 12:16 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-27 12:16 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53 . 2011-04-14 16:50 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-14 16:50 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52 . 2011-04-14 16:50 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52 . 2011-04-14 16:50 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51 . 2011-04-14 16:50 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51 . 2011-04-14 16:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-18 15:48 . 2011-04-14 16:50 833024 ----a-w- c:\windows\system32\wininet.dll
2011-02-18 15:45 . 2011-04-14 16:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 14:09 . 2011-04-14 16:50 389632 ----a-w- c:\windows\system32\html.iec
2011-02-18 13:48 . 2011-04-14 16:50 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 13:31 . 2011-04-14 16:50 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-18 13:31 . 2011-04-14 16:50 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-18 13:31 . 2011-04-14 16:50 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-08 19:17 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-11-08 13:47 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 cpuz129;cpuz129;c:\users\THEONE~1\AppData\Local\Temp\cpuz_x32.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-01 691696]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\The One\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\The One\AppData\Roaming\Mozilla\Firefox\Profiles\j7dg20k2.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-18 22:39
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1598736755-777327258-245303262-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:54,e0,ab,a1,4d,08,0f,43,9a,76,e9,f2,db,d5,ba,ec,5c,90,d6,a0,14,a2,63,
86,23,ba,2a,1a,fc,a9,e1,04,97,c1,50,8b,bb,89,0d,f3,eb,e4,7a,22,a8,44,74,79,\
"??"=hex:90,c2,9c,2a,df,93,29,c1,9f,04,05,e4,4f,e8,c3,ab
.
[HKEY_USERS\S-1-5-21-1598736755-777327258-245303262-1000\Software\SecuROM\License information*]
"datasecu"=hex:d3,cf,b0,1b,eb,4f,43,e6,97,02,de,a5,33,00,c2,6b,aa,a9,50,ee,ac,
78,1c,3b,b7,19,81,c2,72,bb,ab,29,89,a7,24,13,df,fd,22,5d,c5,e9,5d,24,fc,f6,\
"rkeysecu"=hex:8f,77,c5,b8,79,dc,6c,81,23,0c,98,0d,92,c3,a2,9e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-18 22:40:50
ComboFix-quarantined-files.txt 2011-05-18 20:40
ComboFix2.txt 2011-05-18 20:18
ComboFix3.txt 2011-05-18 17:04
.
Vor Suchlauf: 16 Verzeichnis(se), 83.351.203.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 83.298.795.520 Bytes frei
.
- - End Of File - - 289079AC681709FD14E0191BF2CE1A70
|
|
18.05.2011, 21:53
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner muollo lässt sich nicht entfernen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2011, 13:12
| #21 | |
| | Trojaner muollo lässt sich nicht entfernen GMER : GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-18 23:20:38
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAJS-00VTA0 rev.01.01B01
Running: 1hl8nbiw.exe; Driver: C:\Users\THEONE~1\AppData\Local\Temp\awdiipog.sys
---- System - GMER 1.0.15 ----
INT 0x52 ? 85087BF8
INT 0x62 ? 85087BF8
INT 0x82 ? 86B04F00
INT 0x82 ? 86B04F00
INT 0x82 ? 86B04F00
INT 0x82 ? 86B04F00
INT 0x93 ? 86B04F00
INT 0xA3 ? 86B04F00
INT 0xA3 ? 86B04F00
INT 0xA3 ? 86B04F00
INT 0xB3 ? 85087BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spqk.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8F56046F 5 Bytes JMP 86B044E0
.text a9g7n83r.SYS 83B38000 22 Bytes [26, C2, BD, 82, 10, C1, BD, ...]
.text a9g7n83r.SYS 83B38017 145 Bytes [00, 32, 27, 70, 80, 3D, 25, ...]
.text a9g7n83r.SYS 83B380A9 35 Bytes [F0, 86, 82, 60, E7, 86, 82, ...]
.text a9g7n83r.SYS 83B380CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a9g7n83r.SYS 83B380DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\THEONE~1\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806066D6] \SystemRoot\System32\Drivers\spqk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80606042] \SystemRoot\System32\Drivers\spqk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80606800] \SystemRoot\System32\Drivers\spqk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806060C0] \SystemRoot\System32\Drivers\spqk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060613E] \SystemRoot\System32\Drivers\spqk.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80615B90] \SystemRoot\System32\Drivers\spqk.sys
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortWritePortUchar] [8383B5EF] \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F83B5C0
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a9g7n83r.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85A1A1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{9117C18B-AD60-4099-9DE3-C67313F3079E} 87D5B500
Device \Driver\volmgr \Device\VolMgrControl 850891F8
Device \Driver\usbohci \Device\USBPDO-0 86ACA1F8
Device \Driver\usbohci \Device\USBPDO-1 86ACA1F8
Device \Driver\PCI_PNP4294 \Device\00000046 spqk.sys
Device \Driver\usbehci \Device\USBPDO-2 86AEC1F8
Device \Driver\usbohci \Device\USBPDO-3 86ACA1F8
Device \Driver\usbohci \Device\USBPDO-4 86ACA1F8
Device \Driver\sptd \Device\1534914294 spqk.sys
Device \Driver\usbehci \Device\USBPDO-5 86AEC1F8
Device \Driver\usbohci \Device\USBPDO-6 86ACA1F8
Device \Driver\volmgr \Device\HarddiskVolume1 850891F8
Device \Driver\cdrom \Device\CdRom0 86D4D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A191F8
Device \Driver\atapi \Device\Ide\IdePort0 85A191F8
Device \Driver\atapi \Device\Ide\IdePort1 85A191F8
Device \Driver\atapi \Device\Ide\IdePort2 85A191F8
Device \Driver\atapi \Device\Ide\IdePort3 85A191F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 85A191F8
Device \Driver\cdrom \Device\CdRom1 86D4D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87D5B500
Device \Driver\Smb \Device\NetbiosSmb 87D5C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 86DD21F8
Device \Driver\usbohci \Device\USBFDO-0 86ACA1F8
Device \Driver\usbohci \Device\USBFDO-1 86ACA1F8
Device \Driver\usbehci \Device\USBFDO-2 86AEC1F8
Device \Driver\usbohci \Device\USBFDO-3 86ACA1F8
Device \Driver\usbohci \Device\USBFDO-4 86ACA1F8
Device \Driver\usbehci \Device\USBFDO-5 86AEC1F8
Device \Driver\usbohci \Device\USBFDO-6 86ACA1F8
Device \Driver\a9g7n83r \Device\Scsi\a9g7n83r1Port5Path0Target0Lun0 86B051F8
Device \Driver\a9g7n83r \Device\Scsi\a9g7n83r1 86B051F8
Device \FileSystem\cdfs \Cdfs 888C91F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0x38 0xE5 0x0D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x48 0x22 0x59 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0x80 0x24 0x53 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0x38 0x63 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0x38 0xE5 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x48 0x22 0x59 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x66 0x31 0x90 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0x38 0x63 0xD4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0x38 0xE5 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x48 0x22 0x59 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x66 0x31 0x90 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0x38 0x63 0xD4 ...
---- EOF - GMER 1.0.15 ----
Osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 13:22:24 on 19.05.2011 OS: Windows Vista Home Basic Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.17 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "an3h7qx1" (an3h7qx1) - "Microsoft Corporation" - C:\Windows\system32\drivers\an3h7qx1.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ATITool Overclocking Utility" (ATITool) - ? - C:\Windows\System32\DRIVERS\ATITool.sys "catchme" (catchme) - ? - C:\Users\THEONE~1\AppData\Local\Temp\catchme.sys (File not found) "cpuz129" (cpuz129) - ? - C:\Users\THEONE~1\AppData\Local\Temp\cpuz_x32.sys (File not found) "FLASHSYS" (FLASHSYS) - ? - C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys (File found, but it contains no detailed information) "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "GMSIPCI" (GMSIPCI) - ? - D:\INSTALL\GMSIPCI.SYS (File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\Windows\System32\DRIVERS\ewusbdev.sys (File not found) "HUAWEI USB-NDIS miniport" (ewusbnet) - ? - C:\Windows\System32\DRIVERS\ewusbnet.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll {1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll {4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll {846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\The One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor iP2500 series" - "CANON INC." - C:\Windows\system32\CNMLM8N.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE] MBR CHECK Zitat:
|
|
19.05.2011, 14:37
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner muollo lässt sich nicht entfernen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2011, 17:19
| #23 | ||
| | Trojaner muollo lässt sich nicht entfernen MBAM Log Zitat:
Zitat:
|
|
19.05.2011, 19:00
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner muollo lässt sich nicht entfernenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2011, 20:30
| #25 | |
| | Trojaner muollo lässt sich nicht entfernen tut mir leid, das ich erst jetzt zurück schreibe.. konnte nicht früher :/ MBAM LOG Zitat:
|
|
23.05.2011, 20:41
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner muollo lässt sich nicht entfernen Du hast die Funde nicht entfernt!! Bitte nachholen! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2011, 23:10
| #27 | ||
| | Trojaner muollo lässt sich nicht entfernen Eset Log Zitat:
Mbam log + remove Zitat:
|
|
24.05.2011, 11:25
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner muollo lässt sich nicht entfernen Die letzten Überreste wurden jetzt entfernt. Rechner wieder ok oder gibts noch Probleme oder weitere Funde?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2011, 13:01
| #29 |
| | Trojaner muollo lässt sich nicht entfernen Ja jetzt ist alles ok ist wieder mit voller geschwindigkeit unterwegs und fährt auch nicht einfach herunter. Weitere Funde gab es auch nicht. Sag mal, kannst du mir einen guten Virenschutz empfehlen? möglichst kostenlos. Ich möchte das in Zukunft verhindern.Danke für deine Hilfe =) Dank dir musste ich nicht mein System neu aufsetzen |
|
24.05.2011, 13:38
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner muollo lässt sich nicht entfernenZitat:
Halte Dich am besten grob an diese fünf Regeln: 1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!! 2) Halte Windows und alle verwendeten Programme immer aktuell 3) Führe regelmäßig Backups auf externe Medien durch 4) Arbeite mit eingeschränkten Rechten 5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar? Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner muollo lässt sich nicht entfernen |
| anhang, beheben, eingefangen, einigermaßen, ellung, entferne, entfernen, gefangen, gen, immernoch, logfiles, lässt sich nicht entfernen, mbam, muollo, pc läuft, probleme, problemen, spybot, stabil, systemwiederherstellung, systemwiederherstellung gemacht, taucht, troja, trojaner, will nicht, windows, zeitweise |
Linear-Darstellung
