|
Log-Analyse und Auswertung: Trojaner im System (BKA)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.05.2011, 21:20 | #1 | |
| Trojaner im System (BKA) Ja, also ich war nun auch Opfer des tollen Bundeskriminalamts-Trojaner. Jedenfalls habe ich jetzt wieder Zugriff aufs System und den Trojaner oberflächlich aus dem System gelöscht, aber da er ja recht tief verwurzelt sein soll, brauch ich euren Rat, wie es über mein System bestellt ist. Problem ist, dass aus vielfältigen Gründen eine Neuaufsetzung des Systems nur im äußersten Notfall in Frage kommt. Avira (jaja, ich weiß, ich besorg mir baldigst ein ordentliches Antviren Prog) habe ich eben durchlaufen lassen und dabei wurden noch zwei weitere Trojaner gefunden, die jetzt weg sein müssten ... Malwarebytes Log: Zitat:
OTL Log OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2011 22:52:50 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\xxx\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,97% Memory free 5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,14 Gb Total Space | 96,56 Gb Free Space | 49,48% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 70 85 5F 66 E6 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {e411bb40-b04c-11d8-92e7-00d09e0179f2}:4.0.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.01 13:21:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.01 13:21:27 | 000,000,000 | ---D | M] [2010.11.10 18:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.05.22 22:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dc75recf.default\extensions [2011.02.05 16:39:03 | 000,000,000 | ---D | M] ("iGraal") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dc75recf.default\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2} [2010.11.14 21:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.11.12 15:17:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.11.14 21:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.14 21:28:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.18 20:53:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.18 20:53:51 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.18 20:53:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.18 20:53:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.18 20:53:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.22 20:59:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2011.05.22 20:59:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.22 20:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.22 20:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.22 20:59:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.22 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.05.22 20:55:27 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.05.22 20:55:20 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.05.22 20:55:20 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.05.22 20:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.05.22 20:54:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.05.22 20:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2011.05.22 20:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.05.22 20:52:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.05.22 20:39:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2011.05.22 20:39:03 | 000,000,000 | ---D | C] -- C:\totalcmd [2011.05.22 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\GHISLER [2011.05.22 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2011.05.19 07:39:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.05.14 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\.jordan [2011.05.11 18:22:05 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.11 18:22:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.28 10:55:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ElevatedDiagnostics [2011.04.27 14:08:57 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2011.04.27 14:08:57 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2011.04.27 14:08:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2011.04.27 14:08:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2011.04.27 14:08:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.27 14:08:45 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.22 22:52:16 | 000,048,861 | ---- | M] () -- C:\Users\xxx\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2011.05.22 22:09:12 | 000,105,289 | ---- | M] () -- C:\Users\xxx\Desktop\kqM7r95q.htm.part.htm [2011.05.22 22:06:53 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:06:53 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:03:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.22 22:03:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.22 22:03:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.22 22:03:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.22 21:59:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.22 21:59:21 | 2411,708,416 | -HS- | M] () -- C:\hiberfil.sys [2011.05.22 20:59:46 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 20:55:18 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.22 20:55:18 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.05.22 20:39:06 | 000,000,632 | ---- | M] () -- C:\Users\xxx\Desktop\Total Commander.lnk [2011.05.21 18:01:31 | 001,098,273 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1246.JPG [2011.05.21 17:59:38 | 001,807,615 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1245.JPG [2011.05.21 16:10:59 | 001,356,177 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1243.JPG [2011.05.21 15:09:59 | 002,515,576 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1237.JPG [2011.04.30 10:44:42 | 000,091,254 | ---- | M] () -- C:\Users\xxx\Desktop\DHL-Marke-2-QR3VFP7KPM.pdf [2011.04.30 10:44:27 | 000,088,286 | ---- | M] () -- C:\Users\xxx\Desktop\DHL-Marke-1-GF49UERNL7.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.22 22:52:16 | 000,048,861 | ---- | C] () -- C:\Users\xxx\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2011.05.22 22:09:11 | 000,105,289 | ---- | C] () -- C:\Users\xxx\Desktop\kqM7r95q.htm.part.htm [2011.05.22 20:59:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 20:55:18 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.22 20:55:18 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.05.22 20:55:17 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.05.22 20:39:06 | 000,000,632 | ---- | C] () -- C:\Users\xxx\Desktop\Total Commander.lnk [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011.05.22 20:39:03 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011.05.21 18:04:01 | 001,098,273 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1246.JPG [2011.05.21 18:00:54 | 001,807,615 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1245.JPG [2011.05.21 18:00:54 | 001,356,177 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1243.JPG [2011.05.21 16:12:21 | 002,515,576 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1237.JPG [2011.04.30 10:44:41 | 000,091,254 | ---- | C] () -- C:\Users\xxx\Desktop\DHL-Marke-2-QR3VFP7KPM.pdf [2011.04.30 10:44:26 | 000,088,286 | ---- | C] () -- C:\Users\xxx\Desktop\DHL-Marke-1-GF49UERNL7.pdf [2011.03.13 21:05:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.02 00:12:24 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.11.12 16:50:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.11.10 18:21:33 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.10 18:21:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.10 18:21:33 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.10 18:21:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.03.23 14:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,412,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.12.03 12:51:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon [2011.01.05 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon [2010.11.11 17:09:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2011.05.22 20:39:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER [2011.05.22 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ [2011.05.22 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.02.12 12:39:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:0B7B08D3A7E5B193 < End of report > Ich hoffe ich habe an alles gedacht und ihr könnt mir weiterhelfen. Vielen Dank schonmal im Vorraus. Geändert von puntigamer (22.05.2011 um 21:55 Uhr) |
23.05.2011, 13:37 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA)Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
23.05.2011, 21:24 | #3 | |
| Trojaner im System (BKA) Oh sorry, nicht richtig gelesen
__________________Zitat:
|
24.05.2011, 08:57 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
24.05.2011, 18:55 | #5 | |
| Trojaner im System (BKA)Zitat:
|
24.05.2011, 18:58 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe @Alternate Data Stream - 24 bytes -> C:\Windows:0B7B08D3A7E5B193 :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Trojaner im System (BKA) |
24.05.2011, 19:16 | #7 | |
| Trojaner im System (BKA) OTL Log nach dem Fix: Zitat:
|
24.05.2011, 19:33 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2011, 21:39 | #9 | |
| Trojaner im System (BKA) Hab den suspicious object Fund mal geskipt ... Zitat:
|
25.05.2011, 22:03 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.05.2011, 19:10 | #11 |
| Trojaner im System (BKA) Oh, das war eine schwere Geburt ... Erstmal ging der Download über deinen Link nicht (kam irgendwie NFSIS Fehelr oder so ...). Über ForoSpyware.com gings dann komischerweise. Während combofix lief, kam allerdings eine Fehlermeldung, dass die PEV.exe beendet wird, weil ein Problem festgestellt wurde. Habe aber nichts bestätigt, weil ich die Maus und so nicht bewegen wollte. Keine Ahnung was das war und ob das unter Umständen Probleme geben könnte??? [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-05-23.02 - Christian 26.05.2011 19:49:29.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3067.2157 [GMT 2:00] ausgeführt von:: c:\users\Christian\Desktop\cofi.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2011-04-26 bis 2011-05-26 )))))))))))))))))))))))))))))) . . 2011-05-26 17:54 . 2011-05-26 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-25 20:34 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-24 18:15 . 2011-05-24 18:15 -------- d-----w- C:\_OTL 2011-05-24 13:41 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F1D7EDD-6A6C-437E-8C6E-316484C855A9}\mpengine.dll 2011-05-22 18:59 . 2011-05-22 18:59 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes 2011-05-22 18:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-22 18:59 . 2011-05-22 18:59 -------- d-----w- c:\programdata\Malwarebytes 2011-05-22 18:59 . 2011-05-22 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-22 18:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-22 18:55 . 2011-03-30 17:50 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2011-05-22 18:55 . 2011-03-30 17:45 21312 ----a-w- c:\windows\system32\authuitu.dll 2011-05-22 18:55 . 2011-03-30 17:45 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-05-22 18:54 . 2011-05-22 18:54 -------- d-----w- c:\users\Christian\AppData\Roaming\TuneUp Software 2011-05-22 18:53 . 2011-05-22 18:55 -------- d-----w- c:\program files\TuneUp Utilities 2011 2011-05-22 18:52 . 2011-05-22 18:55 -------- d-----w- c:\programdata\TuneUp Software 2011-05-22 18:52 . 2011-05-22 18:52 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF 2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF 2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF 2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF 2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF 2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF 2011-05-22 18:39 . 2011-05-22 18:39 -------- d-----w- C:\totalcmd 2011-05-22 18:39 . 2011-05-22 18:39 -------- d-----w- c:\users\Christian\AppData\Roaming\GHISLER 2011-05-22 18:39 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF 2011-05-22 18:30 . 2011-05-22 18:30 -------- d-----w- c:\users\Christian\AppData\Roaming\Avira 2011-05-19 05:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-14 18:20 . 2011-05-14 18:20 -------- d-----w- c:\users\Christian\.jordan 2011-05-11 16:22 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-11 16:22 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-28 08:55 . 2011-04-28 08:55 -------- d-----w- c:\users\Christian\AppData\Local\ElevatedDiagnostics . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-17 06:25 . 2010-11-10 16:23 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-11 05:40 . 2011-04-14 19:11 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:40 . 2011-04-14 19:11 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-03-08 05:38 . 2011-04-14 19:11 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-03 05:29 . 2011-04-14 19:12 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:27 . 2011-04-14 19:12 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-03-03 03:31 . 2011-04-14 19:11 2331136 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-19 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-10 691696] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: {5A147DDE-B0AD-44CE-BA81-9A9AD04FDA93} = 193.189.244.225 193.189.244.206 FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dc75recf.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2} . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-05-26 19:56:07 ComboFix-quarantined-files.txt 2011-05-26 17:56 . Vor Suchlauf: 11 Verzeichnis(se), 106.139.078.656 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 106.115.076.096 Bytes frei . - - End Of File - - D8925F9885C2D4EAA4CE6E7EECD5FD05 |
26.05.2011, 20:08 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.05.2011, 20:59 | #13 |
| Trojaner im System (BKA) Danke schon mal vor ab für die Mühe GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net Rootkit scan 2011-05-26 21:54:15 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C Running: irtosqcv.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C7F569 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA4092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spnw.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 91A78CA0 5 Bytes JMP 86A554E0 .text ane5azdx.SYS 822B0000 12 Bytes [44, A8, C0, 82, EE, A6, C0, ...] .text ane5azdx.SYS 822B000D 9 Bytes [87, C0, 82, 48, AB, C0, 82, ...] {XCHG EAX, EAX; OR BYTE [EAX-0x55], -0x40; ADD BYTE [EAX], 0x0} .text ane5azdx.SYS 822B0017 20 Bytes [00, DE, 37, 1A, 8B, E6, 35, ...] .text ane5azdx.SYS 822B002C 20 Bytes [00, 00, 00, 00, A0, A1, C7, ...] .text ane5azdx.SYS 822B0041 128 Bytes [46, CA, 82, 60, 45, CA, 82, ...] .text ... ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B0A7042] \SystemRoot\System32\Drivers\spnw.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B0A76D6] \SystemRoot\System32\Drivers\spnw.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B0A7800] \SystemRoot\System32\Drivers\spnw.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B0A713E] \SystemRoot\System32\Drivers\spnw.sys IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\ane5azdx.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8557D1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{34EB413A-D502-41FE-9CC9-B6E11829CFB0} 867601F8 Device \Driver\volmgr \Device\VolMgrControl 855781F8 Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 86A50500 Device \Driver\usbuhci \Device\USBPDO-1 86A50500 Device \Driver\usbuhci \Device\USBPDO-2 86A50500 Device \Driver\usbehci \Device\USBPDO-3 8676B500 Device \Driver\sptd \Device\542307247 spnw.sys Device \Driver\usbuhci \Device\USBPDO-4 86A50500 Device \Driver\usbuhci \Device\USBPDO-5 86A50500 Device \Driver\usbuhci \Device\USBPDO-6 86A50500 Device \Driver\volmgr \Device\HarddiskVolume1 855781F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 8676B500 Device \Driver\volmgr \Device\HarddiskVolume2 855781F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 866C01F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8557A1F8 Device \Driver\atapi \Device\Ide\IdePort0 8557A1F8 Device \Driver\atapi \Device\Ide\IdePort1 8557A1F8 Device \Driver\atapi \Device\Ide\IdePort2 8557A1F8 Device \Driver\atapi \Device\Ide\IdePort3 8557A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8557A1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 8557B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 8557B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 8557B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 8557B1F8 Device \Driver\cdrom \Device\CdRom1 866C01F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 867601F8 Device \Driver\PCI_PNP3246 \Device\0000005d spnw.sys Device \Driver\usbuhci \Device\USBFDO-0 86A50500 Device \Driver\usbuhci \Device\USBFDO-1 86A50500 Device \Driver\usbuhci \Device\USBFDO-2 86A50500 Device \Driver\usbehci \Device\USBFDO-3 8676B500 Device \Driver\usbuhci \Device\USBFDO-4 86A50500 Device \Driver\usbuhci \Device\USBFDO-5 86A50500 Device \Driver\usbuhci \Device\USBFDO-6 86A50500 Device \Driver\usbehci \Device\USBFDO-7 8676B500 Device \Driver\ane5azdx \Device\Scsi\ane5azdx1Port4Path0Target0Lun0 8676D500 Device \Driver\ane5azdx \Device\Scsi\ane5azdx1 8676D500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xC7 0x8B 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x10 0x6E 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0xB2 0x75 0xAA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xC7 0x8B 0x3F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x10 0x6E 0x63 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0xB2 0x75 0xAA ... ---- EOF - GMER 1.0.15 ---- OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:56:54 on 26.05.2011 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.17 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ane5azdx" (ane5azdx) - "Microsoft Corporation" - C:\Windows\system32\drivers\ane5azdx.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "kglyiuod" (kglyiuod) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys (Hidden registry entry, rootkit activity | File not found) "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe "PokerStars" - ? - C:\Program Files\PokerStars\PokerStarsUpdate.exe (File not found) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CloneCDTray" - "SlySoft, Inc." - "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== MBR Check Log: Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: FUJITSU SIEMENS System Product Name: AMILO Pi 3540 Logical Drives Mask: 0x0000004c Kernel Drivers (total 198): 0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe 0x82C05000 \SystemRoot\system32\halmacpi.dll 0x80BBA000 \SystemRoot\system32\kdcom.dll 0x83225000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8329D000 \SystemRoot\system32\PSHED.dll 0x832AE000 \SystemRoot\system32\BOOTVID.dll 0x832B6000 \SystemRoot\system32\CLFS.SYS 0x832F8000 \SystemRoot\system32\CI.dll 0x8B026000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8B097000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8B0A5000 \SystemRoot\System32\Drivers\spnw.sys 0x8B198000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8B1A1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x833A3000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8B1C7000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8B1CF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8B220000 \SystemRoot\system32\DRIVERS\pci.sys 0x8B24A000 \SystemRoot\System32\drivers\partmgr.sys 0x8B25B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8B263000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8B26E000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8B27E000 \SystemRoot\System32\drivers\volmgrx.sys 0x8B2C9000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B2DF000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8B2E8000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8B30B000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8B315000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8B323000 \SystemRoot\system32\drivers\amdxata.sys 0x8B32C000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B360000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B43D000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B56C000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B597000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B371000 \SystemRoot\System32\Drivers\cng.sys 0x8B5AA000 \SystemRoot\System32\drivers\pcw.sys 0x8B5B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B61E000 \SystemRoot\system32\drivers\ndis.sys 0x8B6D5000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B713000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B81D000 \SystemRoot\System32\drivers\tcpip.sys 0x8B966000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B997000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8B9A0000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B9DF000 \SystemRoot\System32\Drivers\spldr.sys 0x8B738000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B9E7000 \SystemRoot\System32\Drivers\mup.sys 0x8B9F7000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B765000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B797000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B5C1000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8B7E4000 \SystemRoot\System32\Drivers\Null.SYS 0x8B7EB000 \SystemRoot\System32\Drivers\Beep.SYS 0x8B7F2000 \SystemRoot\System32\drivers\vga.sys 0x8B400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8B600000 \SystemRoot\System32\drivers\watchdog.sys 0x8B60D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8B615000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8B421000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8B429000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B5E0000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B3CE000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B5EE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8F815000 \SystemRoot\system32\drivers\afd.sys 0x8F86F000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8F8A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8F8A8000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8F8C7000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F8D5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8F8E8000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8F8F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8F8FE000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F93F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F949000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8F953000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x8F958000 \SystemRoot\System32\drivers\discache.sys 0x8F964000 \SystemRoot\system32\drivers\csc.sys 0x8F9C8000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F9E0000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8B1DA000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8B000000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90A26000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x91344000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x91346000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x91A10000 \SystemRoot\System32\drivers\dxgmms1.sys 0x91A49000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x91A54000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91A9F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x91AAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8224B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x82270000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x82288000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x82295000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x822A2000 \SystemRoot\System32\Drivers\ElbyCDFL.sys 0x822A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x822AF000 \SystemRoot\System32\Drivers\ane5azdx.SYS 0x822E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x822EC000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x822FE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x8230B000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x8232A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8233C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x82354000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8235F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x82381000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x82399000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x823B0000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x823C7000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x823D1000 \SystemRoot\system32\DRIVERS\swenum.sys 0x81E00000 \SystemRoot\system32\DRIVERS\ks.sys 0x823D3000 \SystemRoot\system32\DRIVERS\umbus.sys 0x91ACD000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x823E1000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91B11000 \SystemRoot\system32\drivers\HdAudio.sys 0x91B61000 \SystemRoot\system32\drivers\portcls.sys 0x91B90000 \SystemRoot\system32\drivers\drmk.sys 0x97480000 \SystemRoot\System32\win32k.sys 0x823F2000 \SystemRoot\System32\drivers\Dxapi.sys 0x91BA9000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91BB6000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x91BC1000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x91BCB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x91BDC000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x823FC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x91BF3000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x90A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x91A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90A13000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8F9EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8F800000 \SystemRoot\system32\DRIVERS\monitor.sys 0x976E0000 \SystemRoot\System32\TSDDD.dll 0x8B7BC000 \SystemRoot\system32\drivers\luafv.sys 0x8B3E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8B200000 \SystemRoot\system32\drivers\WudfPf.sys 0x97710000 \SystemRoot\System32\cdd.dll 0x833EB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9A622000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9A668000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9A678000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9A68B000 \SystemRoot\system32\drivers\HTTP.sys 0x9A710000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9A729000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9A73B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9A75E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9A799000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D203000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0x9D293000 \SystemRoot\system32\drivers\peauth.sys 0x9D32A000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9D334000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D355000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9D362000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D63B000 \SystemRoot\System32\DRIVERS\srv.sys 0x9D68D000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 0x9D6F8000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x9D701000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x9D703000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys 0x9D712000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys 0x81E34000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x777A0000 \Windows\System32\ntdll.dll 0x48310000 \Windows\System32\smss.exe 0x779E0000 \Windows\System32\apisetschema.dll 0x00FF0000 \Windows\System32\autochk.exe 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll 0x77900000 \Windows\System32\msctf.dll 0x77700000 \Windows\System32\advapi32.dll 0x778F0000 \Windows\System32\psapi.dll 0x776A0000 \Windows\System32\difxapi.dll 0x77600000 \Windows\System32\usp10.dll 0x775E0000 \Windows\System32\imm32.dll 0x775C0000 \Windows\System32\sechost.dll 0x77590000 \Windows\System32\imagehlp.dll 0x774E0000 \Windows\System32\rpcrt4.dll 0x77430000 \Windows\System32\msvcrt.dll 0x77330000 \Windows\System32\wininet.dll 0x772A0000 \Windows\System32\oleaut32.dll 0x77160000 \Windows\System32\urlmon.dll 0x770D0000 \Windows\System32\clbcatq.dll 0x76FF0000 \Windows\System32\kernel32.dll 0x778E0000 \Windows\System32\lpk.dll 0x76F70000 \Windows\System32\comdlg32.dll 0x76F10000 \Windows\System32\shlwapi.dll 0x76ED0000 \Windows\System32\ws2_32.dll 0x76E00000 \Windows\System32\user32.dll 0x76DF0000 \Windows\System32\nsi.dll 0x76C90000 \Windows\System32\ole32.dll 0x76040000 \Windows\System32\shell32.dll 0x75E40000 \Windows\System32\iertutil.dll 0x75DF0000 \Windows\System32\gdi32.dll 0x75DA0000 \Windows\System32\Wldap32.dll 0x75C00000 \Windows\System32\setupapi.dll 0x75BF0000 \Windows\System32\normaliz.dll 0x75BC0000 \Windows\System32\cfgmgr32.dll 0x75BA0000 \Windows\System32\devobj.dll 0x75B50000 \Windows\System32\KernelBase.dll 0x75AC0000 \Windows\System32\comctl32.dll 0x759A0000 \Windows\System32\crypt32.dll 0x75970000 \Windows\System32\wintrust.dll 0x75960000 \Windows\System32\msasn1.dll Processes (total 52): 0 System Idle Process 4 System 276 C:\Windows\System32\smss.exe 360 csrss.exe 420 C:\Windows\System32\wininit.exe 432 csrss.exe 468 C:\Windows\System32\services.exe 484 C:\Windows\System32\lsass.exe 492 C:\Windows\System32\lsm.exe 580 C:\Windows\System32\svchost.exe 664 C:\Windows\System32\nvvsvc.exe 692 C:\Windows\System32\svchost.exe 744 C:\Windows\System32\svchost.exe 796 C:\Windows\System32\svchost.exe 836 C:\Windows\System32\svchost.exe 976 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\svchost.exe 1192 C:\Windows\System32\svchost.exe 1240 |
26.05.2011, 21:08 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im System (BKA) Log von mbrcheck ist nicht vollständig. Lass es lange genug laufen und führt es per Rechtsklick als Admin aus!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.05.2011, 21:11 | #15 |
| Trojaner im System (BKA) hab wohl beim kopieren etwas vergessen ... Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: FUJITSU SIEMENS System Product Name: AMILO Pi 3540 Logical Drives Mask: 0x0000004c Kernel Drivers (total 198): 0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe 0x82C05000 \SystemRoot\system32\halmacpi.dll 0x80BBA000 \SystemRoot\system32\kdcom.dll 0x83225000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8329D000 \SystemRoot\system32\PSHED.dll 0x832AE000 \SystemRoot\system32\BOOTVID.dll 0x832B6000 \SystemRoot\system32\CLFS.SYS 0x832F8000 \SystemRoot\system32\CI.dll 0x8B026000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8B097000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8B0A5000 \SystemRoot\System32\Drivers\spnw.sys 0x8B198000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8B1A1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x833A3000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8B1C7000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8B1CF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8B220000 \SystemRoot\system32\DRIVERS\pci.sys 0x8B24A000 \SystemRoot\System32\drivers\partmgr.sys 0x8B25B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8B263000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8B26E000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8B27E000 \SystemRoot\System32\drivers\volmgrx.sys 0x8B2C9000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B2DF000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8B2E8000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8B30B000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8B315000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8B323000 \SystemRoot\system32\drivers\amdxata.sys 0x8B32C000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B360000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B43D000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B56C000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B597000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B371000 \SystemRoot\System32\Drivers\cng.sys 0x8B5AA000 \SystemRoot\System32\drivers\pcw.sys 0x8B5B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B61E000 \SystemRoot\system32\drivers\ndis.sys 0x8B6D5000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B713000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B81D000 \SystemRoot\System32\drivers\tcpip.sys 0x8B966000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B997000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8B9A0000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B9DF000 \SystemRoot\System32\Drivers\spldr.sys 0x8B738000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B9E7000 \SystemRoot\System32\Drivers\mup.sys 0x8B9F7000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B765000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B797000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B5C1000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8B7E4000 \SystemRoot\System32\Drivers\Null.SYS 0x8B7EB000 \SystemRoot\System32\Drivers\Beep.SYS 0x8B7F2000 \SystemRoot\System32\drivers\vga.sys 0x8B400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8B600000 \SystemRoot\System32\drivers\watchdog.sys 0x8B60D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8B615000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8B421000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8B429000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B5E0000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B3CE000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B5EE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8F815000 \SystemRoot\system32\drivers\afd.sys 0x8F86F000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8F8A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8F8A8000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8F8C7000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F8D5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8F8E8000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8F8F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8F8FE000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F93F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F949000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8F953000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x8F958000 \SystemRoot\System32\drivers\discache.sys 0x8F964000 \SystemRoot\system32\drivers\csc.sys 0x8F9C8000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F9E0000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8B1DA000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8B000000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90A26000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x91344000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x91346000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x91A10000 \SystemRoot\System32\drivers\dxgmms1.sys 0x91A49000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x91A54000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91A9F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x91AAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8224B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x82270000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x82288000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x82295000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x822A2000 \SystemRoot\System32\Drivers\ElbyCDFL.sys 0x822A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x822AF000 \SystemRoot\System32\Drivers\ane5azdx.SYS 0x822E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x822EC000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x822FE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x8230B000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x8232A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8233C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x82354000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8235F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x82381000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x82399000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x823B0000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x823C7000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x823D1000 \SystemRoot\system32\DRIVERS\swenum.sys 0x81E00000 \SystemRoot\system32\DRIVERS\ks.sys 0x823D3000 \SystemRoot\system32\DRIVERS\umbus.sys 0x91ACD000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x823E1000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91B11000 \SystemRoot\system32\drivers\HdAudio.sys 0x91B61000 \SystemRoot\system32\drivers\portcls.sys 0x91B90000 \SystemRoot\system32\drivers\drmk.sys 0x97480000 \SystemRoot\System32\win32k.sys 0x823F2000 \SystemRoot\System32\drivers\Dxapi.sys 0x91BA9000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91BB6000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x91BC1000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x91BCB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x91BDC000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x823FC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x91BF3000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x90A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x91A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90A13000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8F9EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8F800000 \SystemRoot\system32\DRIVERS\monitor.sys 0x976E0000 \SystemRoot\System32\TSDDD.dll 0x8B7BC000 \SystemRoot\system32\drivers\luafv.sys 0x8B3E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8B200000 \SystemRoot\system32\drivers\WudfPf.sys 0x97710000 \SystemRoot\System32\cdd.dll 0x833EB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9A622000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9A668000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9A678000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9A68B000 \SystemRoot\system32\drivers\HTTP.sys 0x9A710000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9A729000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9A73B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9A75E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9A799000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D203000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0x9D293000 \SystemRoot\system32\drivers\peauth.sys 0x9D32A000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9D334000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D355000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9D362000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D63B000 \SystemRoot\System32\DRIVERS\srv.sys 0x9D68D000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 0x9D6F8000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x9D701000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x9D703000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys 0x9D712000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys 0x81E34000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x777A0000 \Windows\System32\ntdll.dll 0x48310000 \Windows\System32\smss.exe 0x779E0000 \Windows\System32\apisetschema.dll 0x00FF0000 \Windows\System32\autochk.exe 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll 0x77900000 \Windows\System32\msctf.dll 0x77700000 \Windows\System32\advapi32.dll 0x778F0000 \Windows\System32\psapi.dll 0x776A0000 \Windows\System32\difxapi.dll 0x77600000 \Windows\System32\usp10.dll 0x775E0000 \Windows\System32\imm32.dll 0x775C0000 \Windows\System32\sechost.dll 0x77590000 \Windows\System32\imagehlp.dll 0x774E0000 \Windows\System32\rpcrt4.dll 0x77430000 \Windows\System32\msvcrt.dll 0x77330000 \Windows\System32\wininet.dll 0x772A0000 \Windows\System32\oleaut32.dll 0x77160000 \Windows\System32\urlmon.dll 0x770D0000 \Windows\System32\clbcatq.dll 0x76FF0000 \Windows\System32\kernel32.dll 0x778E0000 \Windows\System32\lpk.dll 0x76F70000 \Windows\System32\comdlg32.dll 0x76F10000 \Windows\System32\shlwapi.dll 0x76ED0000 \Windows\System32\ws2_32.dll 0x76E00000 \Windows\System32\user32.dll 0x76DF0000 \Windows\System32\nsi.dll 0x76C90000 \Windows\System32\ole32.dll 0x76040000 \Windows\System32\shell32.dll 0x75E40000 \Windows\System32\iertutil.dll 0x75DF0000 \Windows\System32\gdi32.dll 0x75DA0000 \Windows\System32\Wldap32.dll 0x75C00000 \Windows\System32\setupapi.dll 0x75BF0000 \Windows\System32\normaliz.dll 0x75BC0000 \Windows\System32\cfgmgr32.dll 0x75BA0000 \Windows\System32\devobj.dll 0x75B50000 \Windows\System32\KernelBase.dll 0x75AC0000 \Windows\System32\comctl32.dll 0x759A0000 \Windows\System32\crypt32.dll 0x75970000 \Windows\System32\wintrust.dll 0x75960000 \Windows\System32\msasn1.dll Processes (total 52): 0 System Idle Process 4 System 276 C:\Windows\System32\smss.exe 360 csrss.exe 420 C:\Windows\System32\wininit.exe 432 csrss.exe 468 C:\Windows\System32\services.exe 484 C:\Windows\System32\lsass.exe 492 C:\Windows\System32\lsm.exe 580 C:\Windows\System32\svchost.exe 664 C:\Windows\System32\nvvsvc.exe 692 C:\Windows\System32\svchost.exe 744 C:\Windows\System32\svchost.exe 796 C:\Windows\System32\svchost.exe 836 C:\Windows\System32\svchost.exe 976 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\svchost.exe 1192 C:\Windows\System32\svchost.exe 1240 C:\Windows\System32\winlogon.exe 1368 C:\Windows\System32\spoolsv.exe 1420 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1476 C:\Windows\System32\nvvsvc.exe 1576 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1604 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1640 C:\Program Files\Bonjour\mDNSResponder.exe 1684 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1692 C:\Windows\System32\conhost.exe 1776 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 1820 C:\Windows\System32\taskhost.exe 1868 C:\Windows\System32\dwm.exe 2044 C:\Windows\System32\svchost.exe 348 C:\Windows\System32\svchost.exe 720 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 2092 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe 2228 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2236 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2256 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 2284 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe 2352 C:\Program Files\DAEMON Tools Lite\DTLite.exe 2608 C:\Windows\System32\SearchIndexer.exe 3028 C:\Windows\System32\svchost.exe 3188 C:\Program Files\Windows Media Player\wmpnetwk.exe 3660 C:\Windows\System32\svchost.exe 4088 C:\Windows\System32\wuauclt.exe 3488 C:\Windows\explorer.exe 2432 C:\Windows\System32\audiodg.exe 2400 WmiPrvSE.exe 2904 C:\Program Files\Mozilla Firefox\firefox.exe 948 C:\Program Files\Mozilla Firefox\plugin-container.exe 2148 C:\Users\Christian\Desktop\MBRCheck.exe 2868 C:\Windows\System32\conhost.exe 1012 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000019`bcc00000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40C Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
Themen zu Trojaner im System (BKA) |
.dll, adobe, alternate, canon, desktop, dll, error, excel, explorer, fehler, flash player, format, frage, langs, logfile, malware.packer.genx, mozilla, neuaufsetzung, nvidia, nvlddmkm.sys, oldtimer, plug-in, problem, recycle.bin, registry, rojaner gefunden, rundll, sched.exe, searchplugins, security, software, sptd.sys, start menu, system, taskhost.exe, temp, trojaner, trojaner gefunden, usb, viren, webcheck |