| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.05.2011, 09:51
| #12 |
 |  Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-26 09:55:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: 7twej4gl.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys
---- System - GMER 1.0.15 ----
SSDT 88F27DEB ZwLoadDriver
SSDT 88F27DF0 ZwSetSystemInformation
SSDT 88F27DAF ZwTerminateProcess
SSDT 88F27DAA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 37D 826F1B00 4 Bytes [EB, 7D, F2, 88]
.text ntkrnlpa.exe!KeSetEvent + 5DD 826F1D60 4 Bytes [F0, 7D, F2, 88]
.text ntkrnlpa.exe!KeSetEvent + 621 826F1DA4 4 Bytes [AF, 7D, F2, 88]
.text ntkrnlpa.exe!KeSetEvent + 681 826F1E04 4 Bytes [AA, 7D, F2, 88]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C800340, 0x3481E7, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7429F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7429E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7429FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7429FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7432CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7429D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74296853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7429687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 10:26:13 on 26.05.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\xxx\AppData\Local\Temp\catchme.sys (File not found) "Coach Digital Camera on USB" (CoachUsb) - "FotoNation Ltd." - C:\Windows\System32\DRIVERS\CoachUsb.sys "Coach Video Capture" (CoachVc) - "Accapella Ltd." - C:\Windows\System32\DRIVERS\CoachVc.sys "DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys "fwtiipog" (fwtiipog) - ? - C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys (Hidden registry entry, rootkit activity | File not found) "Generic Virtual HID Driver" (vhidmini) - ? - C:\Windows\System32\DRIVERS\walvhid.sys (File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Splitcam, WDM Camera Stream Splitter" (SPLITCAM) - "LoteSoft Co." - C:\Windows\System32\DRIVERS\splitcam.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys "Tablet Mouse Filter Driver" (moufiltr) - ? - C:\Windows\System32\DRIVERS\moufiltr.sys (File not found) "Telekom Netzmanager Packet Filter Driver" (TelekomNM3) - ? - C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe "HP Health Check Scheduler" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP LaserJet Professional CM1410 Series Fax" - "Hewlett-Packard Company" - C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "HPUsageTracking" - " " - C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ToolboxFX" - "Hewlett-Packard Company" - "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on "WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "HP LaserJet Service" (HP LaserJet Service) - "HP" - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "Symantec RemoteAssist" (Symantec RemoteAssist) - "Symantec, Inc." - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe "Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\SVEN00~1.SCR (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 160):
0x82645000 \SystemRoot\system32\ntkrnlpa.exe
0x82612000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\PSHED.dll
0x8041A000 \SystemRoot\system32\BOOTVID.dll
0x80422000 \SystemRoot\system32\CLFS.SYS
0x80463000 \SystemRoot\system32\CI.dll
0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80606000 \SystemRoot\system32\drivers\acpi.sys
0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065D000 \SystemRoot\system32\drivers\pci.sys
0x80684000 \SystemRoot\System32\drivers\partmgr.sys
0x80693000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80696000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A0000 \SystemRoot\system32\drivers\volmgr.sys
0x806AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F9000 \SystemRoot\system32\drivers\pciide.sys
0x80700000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071E000 \SystemRoot\system32\drivers\atapi.sys
0x80726000 \SystemRoot\system32\drivers\ataport.SYS
0x80744000 \SystemRoot\system32\drivers\fltmgr.sys
0x80776000 \SystemRoot\system32\drivers\fileinfo.sys
0x80786000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8078F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88003000 \SystemRoot\system32\drivers\ndis.sys
0x8810E000 \SystemRoot\system32\drivers\msrpc.sys
0x88139000 \SystemRoot\system32\drivers\NETIO.SYS
0x88209000 \SystemRoot\System32\drivers\tcpip.sys
0x882F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8840D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8851D000 \SystemRoot\system32\drivers\wd.sys
0x88525000 \SystemRoot\system32\drivers\volsnap.sys
0x8855E000 \SystemRoot\System32\Drivers\spldr.sys
0x88566000 \SystemRoot\System32\Drivers\mup.sys
0x88575000 \SystemRoot\System32\drivers\ecache.sys
0x8859C000 \SystemRoot\system32\drivers\disk.sys
0x885AD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885CE000 \SystemRoot\system32\drivers\crcdisk.sys
0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8830E000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8831E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88322000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88325000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88335000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8833C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88345000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88348000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88352000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88390000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C409000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C50A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C597000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C5A7000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C5B5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C5CF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C5DE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8839F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x88174000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C60F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CED0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CF70000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF7C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CF8F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CF9A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CFC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CFC7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CFD2000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8C695000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C6C4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CFDA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CFE5000 \SystemRoot\system32\DRIVERS\splitcam.sys
0x8CFEE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8C705000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C72F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C746000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C751000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C774000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C783000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C797000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C7AC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CFFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C7BC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C7C6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C7D3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8818C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C7DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x881C1000 \SystemRoot\system32\drivers\CHDART.sys
0x805CC000 \SystemRoot\system32\drivers\portcls.sys
0x8D602000 \SystemRoot\system32\drivers\drmk.sys
0x8D627000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D664000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D807000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D8BB000 \SystemRoot\system32\drivers\modem.sys
0x8D8C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D8DF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D900000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D909000 \SystemRoot\System32\Drivers\Null.SYS
0x8D910000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D917000 \SystemRoot\System32\drivers\vga.sys
0x8D923000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D944000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D94C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D954000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D95F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D96D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D976000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D98C000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D9A0000 \SystemRoot\system32\drivers\afd.sys
0x8D767000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D9E8000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D799000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D9F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D800000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8D7AF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D7C2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8DA0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DA47000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DA51000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DA68000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8DA8E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DA9B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DAA6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96650000 \SystemRoot\System32\win32k.sys
0x8DAAE000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DAB8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96870000 \SystemRoot\System32\TSDDD.dll
0x96890000 \SystemRoot\System32\cdd.dll
0x968A0000 \SystemRoot\System32\ATMFD.DLL
0x8DAC7000 \SystemRoot\system32\drivers\luafv.sys
0x8DAEA000 \SystemRoot\system32\drivers\spsys.sys
0x8DB9A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8DBAA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DBD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8DBDE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9DE00000 \SystemRoot\system32\drivers\HTTP.sys
0x9DE6D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9DE8A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9DEA3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9DEB8000 \SystemRoot\system32\drivers\mrxdav.sys
0x9DED9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DEF8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DF31000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DF49000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9DF71000 \SystemRoot\System32\DRIVERS\srv.sys
0x9DFD8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9DFC0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9DFEE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA180D000 \SystemRoot\system32\drivers\peauth.sys
0xA18EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA18F5000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0xA18FC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1908000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA1910000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1938000 \??\C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys
0x77590000 \Windows\System32\ntdll.dll
Processes (total 82):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
560 csrss.exe
612 C:\Windows\System32\wininit.exe
624 csrss.exe
656 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\winlogon.exe
848 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1700 C:\Windows\System32\spoolsv.exe
1728 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1740 C:\Windows\System32\svchost.exe
2036 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
276 C:\Windows\System32\svchost.exe
316 HP1006MC.EXE
336 C:\Windows\System32\CISVC.EXE
368 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
972 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1996 C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
2064 C:\Windows\System32\svchost.exe
2080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2108 C:\Windows\System32\svchost.exe
2124 C:\Windows\System32\svchost.exe
2152 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
2200 C:\Windows\System32\svchost.exe
2220 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\TCPSVCS.EXE
2264 C:\Windows\System32\svchost.exe
2308 C:\Windows\System32\svchost.exe
2344 C:\Windows\System32\svchost.exe
2380 C:\Windows\System32\SearchIndexer.exe
2572 C:\Windows\System32\drivers\XAudio.exe
2708 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3104 C:\Windows\System32\dwm.exe
3152 C:\Windows\System32\taskeng.exe
3160 C:\Windows\explorer.exe
3204 C:\Windows\System32\taskeng.exe
3596 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
3628 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
1352 C:\Windows\System32\alg.exe
3432 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2056 C:\Program Files\HP\QuickPlay\QPService.exe
2316 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1256 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1248 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
1180 C:\Program Files\FreePDF_XP\fpassist.exe
2256 C:\Program Files\HP\HP UT\bin\hppusg.exe
2964 C:\Windows\System32\rundll32.exe
1296 C:\Windows\WindowsMobile\wmdSync.exe
3392 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2824 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2508 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1300 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
2196 C:\Windows\ehome\ehtray.exe
2368 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1304 C:\Windows\System32\rundll32.exe
3660 WmiPrvSE.exe
1976 C:\Windows\System32\svchost.exe
3836 C:\Windows\System32\wbem\unsecapp.exe
3936 C:\Program Files\Windows Media Player\wmpnscfg.exe
880 C:\Windows\ehome\ehmsas.exe
4196 C:\Program Files\Windows Media Player\wmpnetwk.exe
4464 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
6024 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
4960 C:\Windows\System32\conime.exe
4028 C:\Windows\System32\svchost.exe
4868 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
476 C:\Windows\System32\SearchProtocolHost.exe
3968 C:\Windows\System32\SearchFilterHost.exe
3084 C:\Windows\System32\SearchProtocolHost.exe
5236 C:\Users\xxx\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`561f5200 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
|
| Themen zu Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A |
| 32 bit, administrator, alt+f4, alternate, appdata, arbeits-pc, avira, datei, dateien, deutsch, ebanking, entfernen, exp/cve-2010-4452.a, exploits exp/cve-2010-4452, forum, frage, google, google earth, hotspot, install.exe, ip-adresse, java, launch, malware, namen, nvlddmkm.sys, oldtimer, panik, passwort, plug-in, problem, probleme, programme, recovery, recycle.bin, schließen, schreibfehler, searchplugins, shell32.dll, sierra, spyeyes, start menu, starten, studio, versteckte, viren, viren usw., vista, was soll ich machen, ändern |
Baum-Darstellung