| |
| |||||||
Log-Analyse und Auswertung: Trojaner im System (BKA)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.05.2011, 21:20
| #1 | |
 |  Trojaner im System (BKA) Ja, also ich war nun auch Opfer des tollen Bundeskriminalamts-Trojaner. Jedenfalls habe ich jetzt wieder Zugriff aufs System und den Trojaner oberflächlich aus dem System gelöscht, aber da er ja recht tief verwurzelt sein soll, brauch ich euren Rat, wie es über mein System bestellt ist. Problem ist, dass aus vielfältigen Gründen eine Neuaufsetzung des Systems nur im äußersten Notfall in Frage kommt. Avira (jaja, ich weiß, ich besorg mir baldigst ein ordentliches Antviren Prog) habe ich eben durchlaufen lassen und dabei wurden noch zwei weitere Trojaner gefunden, die jetzt weg sein müssten ... Malwarebytes Log: Zitat:
OTL Log OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2011 22:52:50 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\xxx\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,97% Memory free 5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,14 Gb Total Space | 96,56 Gb Free Space | 49,48% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 70 85 5F 66 E6 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {e411bb40-b04c-11d8-92e7-00d09e0179f2}:4.0.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.01 13:21:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.01 13:21:27 | 000,000,000 | ---D | M] [2010.11.10 18:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.05.22 22:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dc75recf.default\extensions [2011.02.05 16:39:03 | 000,000,000 | ---D | M] ("iGraal") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dc75recf.default\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2} [2010.11.14 21:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.11.12 15:17:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.11.14 21:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.14 21:28:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.18 20:53:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.18 20:53:51 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.18 20:53:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.18 20:53:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.18 20:53:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.22 20:59:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2011.05.22 20:59:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.22 20:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.22 20:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.22 20:59:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.22 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.05.22 20:55:27 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.05.22 20:55:20 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.05.22 20:55:20 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.05.22 20:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.05.22 20:54:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.05.22 20:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2011.05.22 20:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.05.22 20:52:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.05.22 20:39:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2011.05.22 20:39:03 | 000,000,000 | ---D | C] -- C:\totalcmd [2011.05.22 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\GHISLER [2011.05.22 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2011.05.19 07:39:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.05.14 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\.jordan [2011.05.11 18:22:05 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.11 18:22:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.28 10:55:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ElevatedDiagnostics [2011.04.27 14:08:57 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2011.04.27 14:08:57 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2011.04.27 14:08:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2011.04.27 14:08:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2011.04.27 14:08:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.27 14:08:45 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.22 22:52:16 | 000,048,861 | ---- | M] () -- C:\Users\xxx\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2011.05.22 22:09:12 | 000,105,289 | ---- | M] () -- C:\Users\xxx\Desktop\kqM7r95q.htm.part.htm [2011.05.22 22:06:53 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:06:53 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:03:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.22 22:03:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.22 22:03:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.22 22:03:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.22 21:59:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.22 21:59:21 | 2411,708,416 | -HS- | M] () -- C:\hiberfil.sys [2011.05.22 20:59:46 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 20:55:18 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.22 20:55:18 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.05.22 20:39:06 | 000,000,632 | ---- | M] () -- C:\Users\xxx\Desktop\Total Commander.lnk [2011.05.21 18:01:31 | 001,098,273 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1246.JPG [2011.05.21 17:59:38 | 001,807,615 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1245.JPG [2011.05.21 16:10:59 | 001,356,177 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1243.JPG [2011.05.21 15:09:59 | 002,515,576 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1237.JPG [2011.04.30 10:44:42 | 000,091,254 | ---- | M] () -- C:\Users\xxx\Desktop\DHL-Marke-2-QR3VFP7KPM.pdf [2011.04.30 10:44:27 | 000,088,286 | ---- | M] () -- C:\Users\xxx\Desktop\DHL-Marke-1-GF49UERNL7.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.22 22:52:16 | 000,048,861 | ---- | C] () -- C:\Users\xxx\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2011.05.22 22:09:11 | 000,105,289 | ---- | C] () -- C:\Users\xxx\Desktop\kqM7r95q.htm.part.htm [2011.05.22 20:59:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 20:55:18 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.22 20:55:18 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.05.22 20:55:17 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.05.22 20:39:06 | 000,000,632 | ---- | C] () -- C:\Users\xxx\Desktop\Total Commander.lnk [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011.05.22 20:39:03 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011.05.21 18:04:01 | 001,098,273 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1246.JPG [2011.05.21 18:00:54 | 001,807,615 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1245.JPG [2011.05.21 18:00:54 | 001,356,177 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1243.JPG [2011.05.21 16:12:21 | 002,515,576 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1237.JPG [2011.04.30 10:44:41 | 000,091,254 | ---- | C] () -- C:\Users\xxx\Desktop\DHL-Marke-2-QR3VFP7KPM.pdf [2011.04.30 10:44:26 | 000,088,286 | ---- | C] () -- C:\Users\xxx\Desktop\DHL-Marke-1-GF49UERNL7.pdf [2011.03.13 21:05:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.02 00:12:24 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.11.12 16:50:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.11.10 18:21:33 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.10 18:21:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.10 18:21:33 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.10 18:21:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.03.23 14:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,412,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.12.03 12:51:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon [2011.01.05 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon [2010.11.11 17:09:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2011.05.22 20:39:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER [2011.05.22 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ [2011.05.22 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.02.12 12:39:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:0B7B08D3A7E5B193 < End of report > Ich hoffe ich habe an alles gedacht und ihr könnt mir weiterhelfen. Vielen Dank schonmal im Vorraus. Geändert von puntigamer (22.05.2011 um 21:55 Uhr) |
|
23.05.2011, 13:37
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner im System (BKA)Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
23.05.2011, 21:24
| #3 | |
| | Trojaner im System (BKA) Oh sorry, nicht richtig gelesen
__________________ Zitat:
|
|
24.05.2011, 08:57
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2011, 18:55
| #5 | |
| | Trojaner im System (BKA) Zitat:
|
|
24.05.2011, 18:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun
O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun
O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe
@Alternate Data Stream - 24 bytes -> C:\Windows:0B7B08D3A7E5B193
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Trojaner im System (BKA) |
|
24.05.2011, 19:16
| #7 | |
| | Trojaner im System (BKA) OTL Log nach dem Fix: Zitat:
|
|
24.05.2011, 19:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2011, 21:39
| #9 | |
| | Trojaner im System (BKA) Hab den suspicious object Fund mal geskipt ... Zitat:
|
|
25.05.2011, 22:03
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 19:10
| #11 |
| | Trojaner im System (BKA) Oh, das war eine schwere Geburt ... Erstmal ging der Download über deinen Link nicht (kam irgendwie NFSIS Fehelr oder so ...). Über ForoSpyware.com gings dann komischerweise.  Während combofix lief, kam allerdings eine Fehlermeldung, dass die PEV.exe beendet wird, weil ein Problem festgestellt wurde. Habe aber nichts bestätigt, weil ich die Maus und so nicht bewegen wollte. Keine Ahnung was das war und ob das unter Umständen Probleme geben könnte???  [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-05-23.02 - Christian 26.05.2011 19:49:29.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3067.2157 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-26 bis 2011-05-26 ))))))))))))))))))))))))))))))
.
.
2011-05-26 17:54 . 2011-05-26 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-25 20:34 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 18:15 . 2011-05-24 18:15 -------- d-----w- C:\_OTL
2011-05-24 13:41 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F1D7EDD-6A6C-437E-8C6E-316484C855A9}\mpengine.dll
2011-05-22 18:59 . 2011-05-22 18:59 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2011-05-22 18:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 18:59 . 2011-05-22 18:59 -------- d-----w- c:\programdata\Malwarebytes
2011-05-22 18:59 . 2011-05-22 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 18:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 18:55 . 2011-03-30 17:50 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-22 18:55 . 2011-03-30 17:45 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-05-22 18:55 . 2011-03-30 17:45 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-22 18:54 . 2011-05-22 18:54 -------- d-----w- c:\users\Christian\AppData\Roaming\TuneUp Software
2011-05-22 18:53 . 2011-05-22 18:55 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-05-22 18:52 . 2011-05-22 18:55 -------- d-----w- c:\programdata\TuneUp Software
2011-05-22 18:52 . 2011-05-22 18:52 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-05-22 18:39 . 2011-05-22 18:39 -------- d-----w- C:\totalcmd
2011-05-22 18:39 . 2011-05-22 18:39 -------- d-----w- c:\users\Christian\AppData\Roaming\GHISLER
2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-05-22 18:30 . 2011-05-22 18:30 -------- d-----w- c:\users\Christian\AppData\Roaming\Avira
2011-05-19 05:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-14 18:20 . 2011-05-14 18:20 -------- d-----w- c:\users\Christian\.jordan
2011-05-11 16:22 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 16:22 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-28 08:55 . 2011-04-28 08:55 -------- d-----w- c:\users\Christian\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 06:25 . 2010-11-10 16:23 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-11 05:40 . 2011-04-14 19:11 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 19:11 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-14 19:11 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-14 19:12 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-14 19:12 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-14 19:11 2331136 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-19 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-10 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {5A147DDE-B0AD-44CE-BA81-9A9AD04FDA93} = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dc75recf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-26 19:56:07
ComboFix-quarantined-files.txt 2011-05-26 17:56
.
Vor Suchlauf: 11 Verzeichnis(se), 106.139.078.656 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 106.115.076.096 Bytes frei
.
- - End Of File - - D8925F9885C2D4EAA4CE6E7EECD5FD05
|
|
26.05.2011, 20:08
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 20:59
| #13 |
| | Trojaner im System (BKA) Danke schon mal vor ab für die Mühe  GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-26 21:54:15
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C
Running: irtosqcv.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C7F569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA4092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spnw.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91A78CA0 5 Bytes JMP 86A554E0
.text ane5azdx.SYS 822B0000 12 Bytes [44, A8, C0, 82, EE, A6, C0, ...]
.text ane5azdx.SYS 822B000D 9 Bytes [87, C0, 82, 48, AB, C0, 82, ...] {XCHG EAX, EAX; OR BYTE [EAX-0x55], -0x40; ADD BYTE [EAX], 0x0}
.text ane5azdx.SYS 822B0017 20 Bytes [00, DE, 37, 1A, 8B, E6, 35, ...]
.text ane5azdx.SYS 822B002C 20 Bytes [00, 00, 00, 00, A0, A1, C7, ...]
.text ane5azdx.SYS 822B0041 128 Bytes [46, CA, 82, 60, 45, CA, 82, ...]
.text ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B0A7042] \SystemRoot\System32\Drivers\spnw.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B0A76D6] \SystemRoot\System32\Drivers\spnw.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B0A7800] \SystemRoot\System32\Drivers\spnw.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B0A713E] \SystemRoot\System32\Drivers\spnw.sys
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8557D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{34EB413A-D502-41FE-9CC9-B6E11829CFB0} 867601F8
Device \Driver\volmgr \Device\VolMgrControl 855781F8
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 86A50500
Device \Driver\usbuhci \Device\USBPDO-1 86A50500
Device \Driver\usbuhci \Device\USBPDO-2 86A50500
Device \Driver\usbehci \Device\USBPDO-3 8676B500
Device \Driver\sptd \Device\542307247 spnw.sys
Device \Driver\usbuhci \Device\USBPDO-4 86A50500
Device \Driver\usbuhci \Device\USBPDO-5 86A50500
Device \Driver\usbuhci \Device\USBPDO-6 86A50500
Device \Driver\volmgr \Device\HarddiskVolume1 855781F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 8676B500
Device \Driver\volmgr \Device\HarddiskVolume2 855781F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 866C01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8557A1F8
Device \Driver\atapi \Device\Ide\IdePort0 8557A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8557A1F8
Device \Driver\atapi \Device\Ide\IdePort2 8557A1F8
Device \Driver\atapi \Device\Ide\IdePort3 8557A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8557A1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8557B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8557B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8557B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8557B1F8
Device \Driver\cdrom \Device\CdRom1 866C01F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 867601F8
Device \Driver\PCI_PNP3246 \Device\0000005d spnw.sys
Device \Driver\usbuhci \Device\USBFDO-0 86A50500
Device \Driver\usbuhci \Device\USBFDO-1 86A50500
Device \Driver\usbuhci \Device\USBFDO-2 86A50500
Device \Driver\usbehci \Device\USBFDO-3 8676B500
Device \Driver\usbuhci \Device\USBFDO-4 86A50500
Device \Driver\usbuhci \Device\USBFDO-5 86A50500
Device \Driver\usbuhci \Device\USBFDO-6 86A50500
Device \Driver\usbehci \Device\USBFDO-7 8676B500
Device \Driver\ane5azdx \Device\Scsi\ane5azdx1Port4Path0Target0Lun0 8676D500
Device \Driver\ane5azdx \Device\Scsi\ane5azdx1 8676D500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xC7 0x8B 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x10 0x6E 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0xB2 0x75 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xC7 0x8B 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x10 0x6E 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0xB2 0x75 0xAA ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:56:54 on 26.05.2011 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.17 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ane5azdx" (ane5azdx) - "Microsoft Corporation" - C:\Windows\system32\drivers\ane5azdx.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "kglyiuod" (kglyiuod) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys (Hidden registry entry, rootkit activity | File not found) "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe "PokerStars" - ? - C:\Program Files\PokerStars\PokerStarsUpdate.exe (File not found) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CloneCDTray" - "SlySoft, Inc." - "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== MBR Check Log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Pi 3540
Logical Drives Mask: 0x0000004c
Kernel Drivers (total 198):
0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BBA000 \SystemRoot\system32\kdcom.dll
0x83225000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8329D000 \SystemRoot\system32\PSHED.dll
0x832AE000 \SystemRoot\system32\BOOTVID.dll
0x832B6000 \SystemRoot\system32\CLFS.SYS
0x832F8000 \SystemRoot\system32\CI.dll
0x8B026000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B097000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B0A5000 \SystemRoot\System32\Drivers\spnw.sys
0x8B198000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8B1A1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x833A3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B1C7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B1CF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B220000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B24A000 \SystemRoot\System32\drivers\partmgr.sys
0x8B25B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B263000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B26E000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B27E000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B2C9000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B2DF000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B2E8000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B30B000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8B315000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B323000 \SystemRoot\system32\drivers\amdxata.sys
0x8B32C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B360000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B43D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B56C000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B597000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B371000 \SystemRoot\System32\Drivers\cng.sys
0x8B5AA000 \SystemRoot\System32\drivers\pcw.sys
0x8B5B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B61E000 \SystemRoot\system32\drivers\ndis.sys
0x8B6D5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B713000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B81D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B966000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B997000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B9A0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B9DF000 \SystemRoot\System32\Drivers\spldr.sys
0x8B738000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B9E7000 \SystemRoot\System32\Drivers\mup.sys
0x8B9F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B765000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B797000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B5C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B7E4000 \SystemRoot\System32\Drivers\Null.SYS
0x8B7EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B7F2000 \SystemRoot\System32\drivers\vga.sys
0x8B400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B600000 \SystemRoot\System32\drivers\watchdog.sys
0x8B60D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B615000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B421000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B429000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B5E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B3CE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B5EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F815000 \SystemRoot\system32\drivers\afd.sys
0x8F86F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F8A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F8A8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F8C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8D5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F8F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F8FE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F93F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F949000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F953000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8F958000 \SystemRoot\System32\drivers\discache.sys
0x8F964000 \SystemRoot\system32\drivers\csc.sys
0x8F9C8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F9E0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8B1DA000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8B000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90A26000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91344000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91346000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91A10000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91A49000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91A54000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91A9F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91AAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8224B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x82270000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x82288000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x82295000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x822A2000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x822A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x822AF000 \SystemRoot\System32\Drivers\ane5azdx.SYS
0x822E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x822EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x822FE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8230B000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8232A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8233C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82354000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8235F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82381000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82399000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x823B0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x823C7000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x823D1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x81E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x823D3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91ACD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91B11000 \SystemRoot\system32\drivers\HdAudio.sys
0x91B61000 \SystemRoot\system32\drivers\portcls.sys
0x91B90000 \SystemRoot\system32\drivers\drmk.sys
0x97480000 \SystemRoot\System32\win32k.sys
0x823F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x91BA9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91BB6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91BC1000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x91BCB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x91BDC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x823FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91BF3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90A13000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F9EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F800000 \SystemRoot\system32\DRIVERS\monitor.sys
0x976E0000 \SystemRoot\System32\TSDDD.dll
0x8B7BC000 \SystemRoot\system32\drivers\luafv.sys
0x8B3E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8B200000 \SystemRoot\system32\drivers\WudfPf.sys
0x97710000 \SystemRoot\System32\cdd.dll
0x833EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A622000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A668000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A678000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A68B000 \SystemRoot\system32\drivers\HTTP.sys
0x9A710000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A729000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A73B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A75E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A799000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D203000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x9D293000 \SystemRoot\system32\drivers\peauth.sys
0x9D32A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D334000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D355000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D362000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D63B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D68D000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0x9D6F8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9D701000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x9D703000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys
0x9D712000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys
0x81E34000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x777A0000 \Windows\System32\ntdll.dll
0x48310000 \Windows\System32\smss.exe
0x779E0000 \Windows\System32\apisetschema.dll
0x00FF0000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77900000 \Windows\System32\msctf.dll
0x77700000 \Windows\System32\advapi32.dll
0x778F0000 \Windows\System32\psapi.dll
0x776A0000 \Windows\System32\difxapi.dll
0x77600000 \Windows\System32\usp10.dll
0x775E0000 \Windows\System32\imm32.dll
0x775C0000 \Windows\System32\sechost.dll
0x77590000 \Windows\System32\imagehlp.dll
0x774E0000 \Windows\System32\rpcrt4.dll
0x77430000 \Windows\System32\msvcrt.dll
0x77330000 \Windows\System32\wininet.dll
0x772A0000 \Windows\System32\oleaut32.dll
0x77160000 \Windows\System32\urlmon.dll
0x770D0000 \Windows\System32\clbcatq.dll
0x76FF0000 \Windows\System32\kernel32.dll
0x778E0000 \Windows\System32\lpk.dll
0x76F70000 \Windows\System32\comdlg32.dll
0x76F10000 \Windows\System32\shlwapi.dll
0x76ED0000 \Windows\System32\ws2_32.dll
0x76E00000 \Windows\System32\user32.dll
0x76DF0000 \Windows\System32\nsi.dll
0x76C90000 \Windows\System32\ole32.dll
0x76040000 \Windows\System32\shell32.dll
0x75E40000 \Windows\System32\iertutil.dll
0x75DF0000 \Windows\System32\gdi32.dll
0x75DA0000 \Windows\System32\Wldap32.dll
0x75C00000 \Windows\System32\setupapi.dll
0x75BF0000 \Windows\System32\normaliz.dll
0x75BC0000 \Windows\System32\cfgmgr32.dll
0x75BA0000 \Windows\System32\devobj.dll
0x75B50000 \Windows\System32\KernelBase.dll
0x75AC0000 \Windows\System32\comctl32.dll
0x759A0000 \Windows\System32\crypt32.dll
0x75970000 \Windows\System32\wintrust.dll
0x75960000 \Windows\System32\msasn1.dll
Processes (total 52):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
360 csrss.exe
420 C:\Windows\System32\wininit.exe
432 csrss.exe
468 C:\Windows\System32\services.exe
484 C:\Windows\System32\lsass.exe
492 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\svchost.exe
664 C:\Windows\System32\nvvsvc.exe
692 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1240
|
|
26.05.2011, 21:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Log von mbrcheck ist nicht vollständig. Lass es lange genug laufen und führt es per Rechtsklick als Admin aus!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 21:11
| #15 |
| | Trojaner im System (BKA) hab wohl beim kopieren etwas vergessen ...  Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Pi 3540
Logical Drives Mask: 0x0000004c
Kernel Drivers (total 198):
0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BBA000 \SystemRoot\system32\kdcom.dll
0x83225000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8329D000 \SystemRoot\system32\PSHED.dll
0x832AE000 \SystemRoot\system32\BOOTVID.dll
0x832B6000 \SystemRoot\system32\CLFS.SYS
0x832F8000 \SystemRoot\system32\CI.dll
0x8B026000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B097000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B0A5000 \SystemRoot\System32\Drivers\spnw.sys
0x8B198000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8B1A1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x833A3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B1C7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B1CF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B220000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B24A000 \SystemRoot\System32\drivers\partmgr.sys
0x8B25B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B263000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B26E000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B27E000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B2C9000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B2DF000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B2E8000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B30B000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8B315000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B323000 \SystemRoot\system32\drivers\amdxata.sys
0x8B32C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B360000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B43D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B56C000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B597000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B371000 \SystemRoot\System32\Drivers\cng.sys
0x8B5AA000 \SystemRoot\System32\drivers\pcw.sys
0x8B5B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B61E000 \SystemRoot\system32\drivers\ndis.sys
0x8B6D5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B713000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B81D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B966000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B997000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B9A0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B9DF000 \SystemRoot\System32\Drivers\spldr.sys
0x8B738000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B9E7000 \SystemRoot\System32\Drivers\mup.sys
0x8B9F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B765000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B797000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B5C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B7E4000 \SystemRoot\System32\Drivers\Null.SYS
0x8B7EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B7F2000 \SystemRoot\System32\drivers\vga.sys
0x8B400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B600000 \SystemRoot\System32\drivers\watchdog.sys
0x8B60D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B615000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B421000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B429000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B5E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B3CE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B5EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F815000 \SystemRoot\system32\drivers\afd.sys
0x8F86F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F8A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F8A8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F8C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8D5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F8F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F8FE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F93F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F949000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F953000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8F958000 \SystemRoot\System32\drivers\discache.sys
0x8F964000 \SystemRoot\system32\drivers\csc.sys
0x8F9C8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F9E0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8B1DA000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8B000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90A26000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91344000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91346000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91A10000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91A49000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91A54000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91A9F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91AAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8224B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x82270000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x82288000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x82295000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x822A2000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x822A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x822AF000 \SystemRoot\System32\Drivers\ane5azdx.SYS
0x822E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x822EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x822FE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8230B000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8232A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8233C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82354000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8235F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82381000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82399000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x823B0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x823C7000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x823D1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x81E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x823D3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91ACD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91B11000 \SystemRoot\system32\drivers\HdAudio.sys
0x91B61000 \SystemRoot\system32\drivers\portcls.sys
0x91B90000 \SystemRoot\system32\drivers\drmk.sys
0x97480000 \SystemRoot\System32\win32k.sys
0x823F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x91BA9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91BB6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91BC1000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x91BCB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x91BDC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x823FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91BF3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90A13000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F9EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F800000 \SystemRoot\system32\DRIVERS\monitor.sys
0x976E0000 \SystemRoot\System32\TSDDD.dll
0x8B7BC000 \SystemRoot\system32\drivers\luafv.sys
0x8B3E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8B200000 \SystemRoot\system32\drivers\WudfPf.sys
0x97710000 \SystemRoot\System32\cdd.dll
0x833EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A622000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A668000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A678000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A68B000 \SystemRoot\system32\drivers\HTTP.sys
0x9A710000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A729000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A73B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A75E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A799000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D203000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x9D293000 \SystemRoot\system32\drivers\peauth.sys
0x9D32A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D334000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D355000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D362000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D63B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D68D000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0x9D6F8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9D701000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x9D703000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys
0x9D712000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys
0x81E34000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x777A0000 \Windows\System32\ntdll.dll
0x48310000 \Windows\System32\smss.exe
0x779E0000 \Windows\System32\apisetschema.dll
0x00FF0000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77900000 \Windows\System32\msctf.dll
0x77700000 \Windows\System32\advapi32.dll
0x778F0000 \Windows\System32\psapi.dll
0x776A0000 \Windows\System32\difxapi.dll
0x77600000 \Windows\System32\usp10.dll
0x775E0000 \Windows\System32\imm32.dll
0x775C0000 \Windows\System32\sechost.dll
0x77590000 \Windows\System32\imagehlp.dll
0x774E0000 \Windows\System32\rpcrt4.dll
0x77430000 \Windows\System32\msvcrt.dll
0x77330000 \Windows\System32\wininet.dll
0x772A0000 \Windows\System32\oleaut32.dll
0x77160000 \Windows\System32\urlmon.dll
0x770D0000 \Windows\System32\clbcatq.dll
0x76FF0000 \Windows\System32\kernel32.dll
0x778E0000 \Windows\System32\lpk.dll
0x76F70000 \Windows\System32\comdlg32.dll
0x76F10000 \Windows\System32\shlwapi.dll
0x76ED0000 \Windows\System32\ws2_32.dll
0x76E00000 \Windows\System32\user32.dll
0x76DF0000 \Windows\System32\nsi.dll
0x76C90000 \Windows\System32\ole32.dll
0x76040000 \Windows\System32\shell32.dll
0x75E40000 \Windows\System32\iertutil.dll
0x75DF0000 \Windows\System32\gdi32.dll
0x75DA0000 \Windows\System32\Wldap32.dll
0x75C00000 \Windows\System32\setupapi.dll
0x75BF0000 \Windows\System32\normaliz.dll
0x75BC0000 \Windows\System32\cfgmgr32.dll
0x75BA0000 \Windows\System32\devobj.dll
0x75B50000 \Windows\System32\KernelBase.dll
0x75AC0000 \Windows\System32\comctl32.dll
0x759A0000 \Windows\System32\crypt32.dll
0x75970000 \Windows\System32\wintrust.dll
0x75960000 \Windows\System32\msasn1.dll
Processes (total 52):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
360 csrss.exe
420 C:\Windows\System32\wininit.exe
432 csrss.exe
468 C:\Windows\System32\services.exe
484 C:\Windows\System32\lsass.exe
492 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\svchost.exe
664 C:\Windows\System32\nvvsvc.exe
692 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\winlogon.exe
1368 C:\Windows\System32\spoolsv.exe
1420 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1476 C:\Windows\System32\nvvsvc.exe
1576 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1604 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1640 C:\Program Files\Bonjour\mDNSResponder.exe
1684 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1692 C:\Windows\System32\conhost.exe
1776 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1820 C:\Windows\System32\taskhost.exe
1868 C:\Windows\System32\dwm.exe
2044 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\svchost.exe
720 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
2092 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
2228 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2236 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2256 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2284 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
2352 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2608 C:\Windows\System32\SearchIndexer.exe
3028 C:\Windows\System32\svchost.exe
3188 C:\Program Files\Windows Media Player\wmpnetwk.exe
3660 C:\Windows\System32\svchost.exe
4088 C:\Windows\System32\wuauclt.exe
3488 C:\Windows\explorer.exe
2432 C:\Windows\System32\audiodg.exe
2400 WmiPrvSE.exe
2904 C:\Program Files\Mozilla Firefox\firefox.exe
948 C:\Program Files\Mozilla Firefox\plugin-container.exe
2148 C:\Users\Christian\Desktop\MBRCheck.exe
2868 C:\Windows\System32\conhost.exe
1012 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000019`bcc00000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40C
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
| Themen zu Trojaner im System (BKA) |
| .dll, adobe, alternate, canon, desktop, dll, error, excel, explorer, fehler, flash player, format, frage, langs, logfile, malware.packer.genx, mozilla, neuaufsetzung, nvidia, nvlddmkm.sys, oldtimer, plug-in, problem, recycle.bin, registry, rundll, sched.exe, searchplugins, security, software, sptd.sys, start menu, system, taskhost.exe, temp, trojaner, trojaner gefunden, usb, viren, webcheck |
Linear-Darstellung
