|
Exploit.PDF-JS.Gen,Trojan.Win32.GenericBT&Win32.BackdoorPoison entdeckt und entfernt - Logfile Die oben genannten Viren mit AdAware gefunden und entfernt, nun scanne ich meinen PC mit allen möglichen Virenprogs und wäre sehr dankbar wenn ihr mir sagen könntet ob die Hijack Log in Ordnung ist. HiJackthis Logfile: Code: Logfile of Trend Micro HijackThis v2.0.4 |
Zitat:
Poste alle Details, v.a. die genauen Fundorte (Ordner-/Dateinamen)! |
Zitat:
Hier die Log: Logfile created: 18.09.2010 00:29:29 Ad-Aware version: 8.3.3 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Stan *********************** Definitions database information *********************** Lavasoft definition file: 150.91 Genotype definition file version: 2010/09/17 12:57:39 Extended engine definition file: 6889.0 ******************************** Scan results: ********************************* Scan profile name: Vollständiger Scan (ID: full) Objects scanned: 155075 Objects detected: 12 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 11 Folders.........: 0 LSPs............: 0 Cookies.........: 1 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 Quarantined items: Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055934.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a1e8edec7a5a53417e11e90427b2fee2 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055935.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2f8b95d4d8d0bd722f122704ffdc3213 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055936.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 9594ed68335e2472785f6afcb4c9a4e6 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055937.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 759d94e657dfcdb68b6848989c396439 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055938.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e7b0e0c146b3e2116afdf51efa2b9050 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055939.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c65035c74f78a24ede26a12ddbb4b961 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055940.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: da74d75607ba5d276b9d460f28c38e00 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055941.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 4cf61d89f4e476fdcd1e8897ba9b64fa Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055942.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 340a85720b3eb8a0bdfbc20648cf2e27 Description: d:\system volume information\_restore{862bfd35-5ea0-47f6-b5b1-d342d0d7075a}\rp257\a0055943.exe Family Name: Win32.Backdoor.Poison Engine: 1 Clean status: Success Item ID: 0 Family ID: 1566 MD5: f9ef5c36a0842b53de150c8b7f50bca0 Description: g:\installationsdateien\installationsdateien\winrar340d.exe Family Name: Trojan.7 Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: b8c8eb355c7ae3fae2c159232aec71c9 Scan and cleaning complete: Finished correctly after 7466 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Vollständiger Scan ID: folderstoscan, enabled:1, value: C:\,D:\,E:\,F:\,G:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Wed Sep 15 18:49:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Wed Sep 15 00:49:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Wed Sep 15 06:49:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Wed Sep 15 12:49:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Wed Sep 15 18:49:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: true ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: false ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: STANE Processor name: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz Processor identifier: x86 Family 6 Model 15 Stepping 6 Processor speed: ~2133MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 926347264 bytes Physical memory total: 2146938880 bytes Virtual memory available: 1769267200 bytes Virtual memory total: 2147352576 bytes Memory load: 56% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 616 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 680 name: \??\D:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 708 name: \??\D:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 752 name: D:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 764 name: D:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 932 name: D:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1000 name: D:\WINDOWS\system32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1096 name: D:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1128 name: D:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1208 name: D:\WINDOWS\system32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1300 name: D:\WINDOWS\system32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 1436 name: D:\Programme\AVG\AVG9\avgchsvx.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1444 name: D:\Programme\AVG\AVG9\avgrsx.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1552 name: D:\Programme\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1884 name: D:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1904 name: D:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1900 name: D:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 328 name: D:\WINDOWS\Explorer.EXE owner: Stan domain: STANE PID: 464 name: D:\WINDOWS\system32\rundll32.exe owner: Stan domain: STANE PID: 480 name: D:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE owner: Stan domain: STANE PID: 488 name: D:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe owner: Stan domain: STANE PID: 496 name: D:\Programme\Creative\Shared Files\Module Loader\DLLML.exe owner: Stan domain: STANE PID: 504 name: D:\WINDOWS\CTHELPER.EXE owner: Stan domain: STANE PID: 532 name: D:\Programme\iTunes\iTunesHelper.exe owner: Stan domain: STANE PID: 544 name: D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe owner: Stan domain: STANE PID: 560 name: D:\PROGRA~1\AVG\AVG9\avgtray.exe owner: Stan domain: STANE PID: 604 name: D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe owner: Stan domain: STANE PID: 668 name: D:\Programme\HP\HP Software Update\HPWuSchd2.exe owner: Stan domain: STANE PID: 684 name: D:\Programme\Messenger\msmsgs.exe owner: Stan domain: STANE PID: 828 name: D:\Programme\RocketDock\RocketDock.exe owner: Stan domain: STANE PID: 1232 name: D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe owner: Stan domain: STANE PID: 1252 name: D:\Programme\Logitech\SetPoint\SetPoint.exe owner: Stan domain: STANE PID: 1856 name: D:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE owner: Stan domain: STANE PID: 2408 name: D:\WINDOWS\system32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 2444 name: D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2456 name: D:\Programme\AVG\AVG9\avgwdsvc.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2492 name: D:\Programme\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2536 name: D:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2656 name: D:\Programme\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2812 name: D:\WINDOWS\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 2832 name: D:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2900 name: D:\WINDOWS\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 3192 name: D:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe owner: postgres domain: STANE PID: 3268 name: D:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3296 name: D:\Programme\AVG\AVG9\avgnsx.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3304 name: D:\Programme\AVG\AVG9\avgemc.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3380 name: D:\Programme\PostgreSQL\8.4\bin\postgres.exe owner: postgres domain: STANE PID: 3604 name: D:\Programme\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3752 name: D:\Programme\PostgreSQL\8.4\bin\postgres.exe owner: postgres domain: STANE PID: 3960 name: D:\Programme\PostgreSQL\8.4\bin\postgres.exe owner: postgres domain: STANE PID: 3968 name: D:\Programme\PostgreSQL\8.4\bin\postgres.exe owner: postgres domain: STANE PID: 3976 name: D:\Programme\PostgreSQL\8.4\bin\postgres.exe owner: postgres domain: STANE PID: 3984 name: D:\Programme\PostgreSQL\8.4\bin\postgres.exe owner: postgres domain: STANE PID: 1336 name: D:\Programme\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3440 name: D:\WINDOWS\system32\wbem\wmiapsrv.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3876 name: D:\WINDOWS\System32\alg.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 3816 name: D:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe owner: Stan domain: STANE PID: 4080 name: D:\Programme\HP\Digital Imaging\bin\hpqbam08.exe owner: Stan domain: STANE PID: 4360 name: D:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe owner: Stan domain: STANE PID: 6076 name: D:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe owner: Stan domain: STANE PID: 5632 name: D:\Programme\Mozilla Firefox\firefox.exe owner: Stan domain: STANE PID: 4736 name: D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe owner: Stan domain: STANE PID: 5004 name: D:\Programme\Mozilla Firefox\plugin-container.exe owner: Stan domain: STANE PID: 736 name: D:\Programme\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 5756 name: D:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Stan domain: STANE PID: 5168 name: D:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1036 name: D:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2044 name: D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe owner: Stan domain: STANE Startup items: Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: Logitech Hardware Abstraction Layer imagepath: KHALMNPR.EXE Name: NvCplDaemon imagepath: RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup Name: nwiz imagepath: nwiz.exe /install Name: NvMediaCenter imagepath: RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Name: GBB36X Configure imagepath: D:\WINDOWS\system32\JMRaidTool.exe boot Name: CTDVDDET imagepath: D:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE Name: CTSysVol imagepath: D:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r Name: CTFMON.EXE imagepath: D:\WINDOWS\system32\CTFMON.EXE Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Name: location: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk imagepath: D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe Name: location: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk imagepath: D:\Programme\Logitech\SetPoint\SetPoint.exe Name: imagepath: D:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ALG displayname: Gatewaydienst auf Anwendungsebene Name: Apple Mobile Device displayname: Apple Mobile Device Name: AudioSrv displayname: Windows Audio Name: avg9emc displayname: AVG Free E-mail Scanner Name: avg9wd displayname: AVG Free WatchDog Name: BITS displayname: Intelligenter Hintergrundübertragungsdienst Name: Bonjour Service displayname: Bonjour-Dienst Name: Brother XP spl Service displayname: BrSplService Name: CryptSvc displayname: Kryptografiedienste Name: DcomLaunch displayname: DCOM-Server-Prozessstart Name: Dhcp displayname: DHCP-Client Name: Dnscache displayname: DNS-Client Name: ERSvc displayname: Fehlerberichterstattungsdienst Name: Eventlog displayname: Ereignisprotokoll Name: EventSystem displayname: COM+-Ereignissystem Name: FastUserSwitchingCompatibility displayname: Kompatibilität für schnelle Benutzerumschaltung Name: helpsvc displayname: Hilfe und Support Name: HidServ displayname: HID Input Service Name: hpqcxs08 displayname: hpqcxs08 Name: hpqddsvc displayname: HP CUE DeviceDiscovery Service Name: iPod Service displayname: iPod-Dienst Name: JavaQuickStarterService displayname: Java Quick Starter Name: LanmanServer displayname: Server Name: lanmanworkstation displayname: Arbeitsstationsdienst Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP-NetBIOS-Hilfsprogramm Name: Net Driver HPZ12 displayname: Net Driver HPZ12 Name: Netman displayname: Netzwerkverbindungen Name: Nla displayname: NLA (Network Location Awareness) Name: NVSvc displayname: NVIDIA Display Driver Service Name: PlugPlay displayname: Plug & Play Name: Pml Driver HPZ12 displayname: Pml Driver HPZ12 Name: PolicyAgent displayname: IPSEC-Dienste Name: postgresql-8.4 displayname: PostgreSQL Server 8.4 Name: ProtectedStorage displayname: Geschützter Speicher Name: RasMan displayname: RAS-Verbindungsverwaltung Name: RpcSs displayname: Remoteprozeduraufruf (RPC) Name: SamSs displayname: Sicherheitskontenverwaltung Name: Schedule displayname: Taskplaner Name: seclogon displayname: Sekundäre Anmeldung Name: SENS displayname: Systemereignisbenachrichtigung Name: SharedAccess displayname: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung Name: ShellHWDetection displayname: Shellhardwareerkennung Name: Spooler displayname: Druckwarteschlange Name: srservice displayname: Systemwiederherstellungsdienst Name: SSDPSRV displayname: SSDP-Suchdienst Name: stisvc displayname: Windows-Bilderfassung (WIA) Name: TapiSrv displayname: Telefonie Name: TermService displayname: Terminaldienste Name: Themes displayname: Designs Name: TrkWks displayname: Überwachung verteilter Verknüpfungen (Client) Name: W32Time displayname: Windows-Zeitgeber Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows-Verwaltungsinstrumentation Name: WmiApSrv displayname: WMI-Leistungsadapter Name: wscsvc displayname: Sicherheitscenter Name: wuauserv displayname: Automatische Updates Name: WudfSvc displayname: Windows Driver Foundation - User-mode Driver Framework Name: WZCSVC displayname: Konfigurationsfreie drahtlose Verbindung |
Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde. Bitte anschließend routinemäßig einen Vollscan mit malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
|
Vielen Dank schonmal für eure Hilfe!! Hier die Log von Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4645 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19.09.2010 02:06:17 log malwarebytes.txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 261891 Laufzeit: 42 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: D:\Poker\Poker at bet365\_SetupPoker_68e0.exe (Adware.Casino) -> No action taken. D:\Poker\Titan Poker\_SetupPoker_ba83c9.exe (Adware.Casino) -> No action taken. Und hier die OTL Logs:OTL Logfile: Code: OTL logfile created on: 19.09.2010 02:13:14 - Run 1OTL Logfile: Code: OTL Extras logfile created on: 19.09.2010 02:13:14 - Run 1 |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
Combofix Logfile: Code: ComboFix 10-09-17.04 - Stan 19.09.2010 20:41:57.1.2 - x86 |
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt. |
Gmer klappt nicht, hier die OSam (hoffe ich habs richtig gemacht): Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 19:34:30 on 20.09.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Boot Execute HKLM\SYSTEM\CurrentControlSet\Control\Session Manager |||||| "BootExecute" D:\WINDOWS\system32\lsdelete.exe File found, but it contains no detailed information Common %SystemRoot%\Tasks "Ad-Aware Update (Weekly).job" "Lavasoft " D:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "infocardcpl.cpl" "Microsoft Corporation" D:\WINDOWS\system32\infocardcpl.cpl File exists |||||| "javacpl.cpl" "Sun Microsystems, Inc." D:\WINDOWS\system32\javacpl.cpl File exists |||||| "nvtuicpl.cpl" "NVIDIA Corporation" D:\WINDOWS\system32\nvtuicpl.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "AVG Free AVI Loader Driver x86" (AvgLdx86) "AVG Technologies CZ, s.r.o." D:\WINDOWS\System32\Drivers\avgldx86.sys File exists |||||| "AVG Free Network Redirector" (AvgTdiX) "AVG Technologies CZ, s.r.o." D:\WINDOWS\System32\Drivers\avgtdix.sys File exists |||||| "AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) "AVG Technologies CZ, s.r.o." D:\WINDOWS\System32\Drivers\avgmfx86.sys File exists |||||| "Brother USB Still Image driver" (BrScnUsb) "Brother Industries Ltd." D:\WINDOWS\System32\Drivers\BrScnUsb.sys File exists "catchme" (catchme) D:\DOKUME~1\Stan\LOKALE~1\Temp\catchme.sys File not found "Changer" (Changer) D:\WINDOWS\system32\drivers\Changer.sys File not found |||||| "gdrv" (gdrv) "Windows (R) 2000 DDK provider" D:\WINDOWS\gdrv.sys File exists |||||| "GVCplDrv" (GVCplDrv) D:\WINDOWS\system32\drivers\GVCplDrv.sys File found, but it contains no detailed information "i2omgmt" (i2omgmt) D:\WINDOWS\system32\drivers\i2omgmt.sys File not found |||||| "JMicron Hot-Plug Driver" (JGOGO) "JMicron " D:\WINDOWS\System32\DRIVERS\JGOGO.sys File exists |||||| "JRAID" (JRAID) "JMicron Technology Corp." D:\WINDOWS\System32\DRIVERS\jraid.sys File exists |||||| "Lbd" (Lbd) "Lavasoft AB" D:\WINDOWS\System32\DRIVERS\Lbd.sys File exists "lbrtfdc" (lbrtfdc) D:\WINDOWS\system32\drivers\lbrtfdc.sys File not found |||||| "Logitech SetPoint HID Mouse Filter Driver" (LHidKe) "Logitech, Inc." D:\WINDOWS\System32\DRIVERS\LHidKE.Sys File exists |||||| "Logitech SetPoint Mouse Filter Driver" (LMouKE) "Logitech, Inc." D:\WINDOWS\System32\DRIVERS\LMouKE.Sys File exists |||||| "Logitech SetPoint USB Keyboard Filter" (LUsbKbd) "Logitech, Inc." D:\WINDOWS\System32\Drivers\LUsbKbd.Sys File exists |||||| "Logitech SetPoint USB Receiver Device Driver" (LHidUsbK) "Logitech, Inc." D:\WINDOWS\System32\Drivers\LHidUsbK.Sys File exists |||||| "pavboot" (pavboot) "Panda Security, S.L." D:\WINDOWS\System32\drivers\pavboot.sys File exists "PCIDump" (PCIDump) D:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) D:\WINDOWS\system32\drivers\PDCOMP.sys File not found "PDFRAME" (PDFRAME) D:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) D:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) D:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "PxHelp20" (PxHelp20) "Sonic Solutions" D:\WINDOWS\System32\Drivers\PxHelp20.sys File exists |||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File exists |||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SASKUTIL.SYS File exists "WDICA" (WDICA) D:\WINDOWS\system32\drivers\WDICA.sys File not found Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" D:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" D:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" D:\WINDOWS\system32\mscoree.dll File exists |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler || {F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL File exists |||||| {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgpp.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |||||| {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" "SuperAdBlocker.com" D:\Programme\SUPERAntiSpyware\SASSEH.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved |||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" D:\Programme\7-Zip\7-zip.dll File exists {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" File not found | COM-object registry key not found |||||| {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgse.dll File exists {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found |||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" D:\WINDOWS\system32\nvshell.dll File exists |||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" D:\WINDOWS\system32\nvshell.dll File exists {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found |||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." D:\Programme\iTunes\iTunesMiniPlayer.dll File exists |||||| {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" "Logitech, Inc." D:\Programme\Logitech\SetPoint\kbcplext.dll File exists {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found |||||| {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" "Logitech, Inc." D:\Programme\Logitech\SetPoint\mcplext.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" D:\Programme\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" D:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" D:\WINDOWS\system32\nvshell.dll File exists |||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" D:\WINDOWS\system32\dfshim.dll File exists {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found |||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" D:\WINDOWS\system32\dfshim.dll File exists |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" D:\Programme\WinRAR\rarext.dll File exists Internet Explorer HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars |||| {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll File exists HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found "ITBarLayout" File not found | COM-object registry key not found HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks || {A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists {855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\npjpi160_20.dll File exists |||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\npjpi160_20.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\npjpi160_20.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File exists |||| {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists |||| "ICQ6" "ICQ, LLC." D:\Programme\ICQ6.5\ICQ.exe File exists || "PartyPoker.com" D:\Programme\PartyGaming\PartyPoker\RunApp.exe File exists || "PokerStars" "PokerStars" D:\Programme\PokerStars\PokerStarsUpdate.exe File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar || {CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||||| {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgssie.dll File exists || {A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists |||| {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File exists |||| {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\jp2ssv.dll File exists |||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists Logon %AllUsersProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists |||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists |||| "Logitech SetPoint.lnk" "Logitech, Inc." D:\Programme\Logitech\SetPoint\SetPoint.exe Shortcut exists | File exists %UserProfile%\Startmenü\Programme\Autostart |||| "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" "Microsoft Corporation" D:\Programme\Microsoft Office\Office12\ONENOTEM.EXE Shortcut exists | File exists |||||| "desktop.ini" D:\Dokumente und Einstellungen\Stan\Startmenü\Programme\Autostart\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "ICQ" "ICQ, LLC." "D:\Programme\ICQ6.5\ICQ.exe" silent File exists |||||| "RocketDock" "D:\Programme\RocketDock\RocketDock.exe" File found, but it contains no detailed information |||| "Skype" "Skype Technologies S.A." "D:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized File exists "SUPERAntiSpyware" "SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||| "AudioDrvEmulator" "Creative Technology Ltd." "D:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" File exists |||||| "AVG9_TRAY" "AVG Technologies CZ, s.r.o." D:\PROGRA~1\AVG\AVG9\avgtray.exe File exists |||| "CTDVDDET" "Creative Technology Ltd" D:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE File exists |||| "CTHelper" "Creative Technology Ltd" CTHELPER.EXE File exists |||| "CTSysVol" "Creative Technology Ltd" D:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r File exists |||||| "GBB36X Configure" "Gigabyte Technology Corp." D:\WINDOWS\system32\JMRaidTool.exe boot File exists |||| "HP Software Update" "Hewlett-Packard" D:\Programme\HP\HP Software Update\HPWuSchd2.exe File exists |||| "iTunesHelper" "Apple Inc." "D:\Programme\iTunes\iTunesHelper.exe" File exists |||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File exists |||| "UpdReg" "Creative Technology Ltd." D:\WINDOWS\UpdReg.EXE File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" D:\WINDOWS\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists "Anwendungsverwaltung" (AppMgmt) D:\WINDOWS\System32\appmgmts.dll File not found |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists |||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists "Automatische Updates" (wuauserv) C:\WINDOWS\system32\wuauserv.dll File not found |||||| "AVG Free E-mail Scanner" (avg9emc) "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgemc.exe File exists |||||| "AVG Free WatchDog" (avg9wd) "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgwdsvc.exe File exists || "AVG Security Toolbar Service" (AVG Security Toolbar Service) D:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe File exists |||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." D:\Programme\Bonjour\mDNSResponder.exe File exists |||||| "BrSplService" (Brother XP spl Service) "brother Industries Ltd" D:\WINDOWS\system32\brsvc01a.exe File exists "HID Input Service" (HidServ) D:\WINDOWS\System32\hidserv.dll File not found |||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll File exists |||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." D:\Programme\iPod\bin\iPodService.exe File exists |||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\jqs.exe File exists "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "Lavasoft" D:\Programme\Lavasoft\Ad-Aware\AAWService.exe File exists |||||| "Logitech Bluetooth Service" (LBTServ) "Logitech, Inc." D:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" D:\WINDOWS\system32\HPZinw12.dll File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" D:\WINDOWS\system32\HPZipm12.dll File exists |||||| "PostgreSQL Server 8.4" (postgresql-8.4) "PostgreSQL Global Development Group" D:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe File exists |||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists |||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists Winlogon HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |||||| "!SASWinLogon" "SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SASWINLO.DLL File exists |||||| "avgrsstarter" "AVG Technologies CZ, s.r.o." D:\WINDOWS\system32\avgrsstx.dll File exists |||||| "LBTWlgn" "Logitech, Inc." d:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." D:\Programme\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit Online Solutions :: Index Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) System volume is \\.\D: \\.\D: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive1 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; Press any key to quit... |
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
|
MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x00000ffd Kernel Drivers (total 139): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80700000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 isapnp.sys 0xF7607000 ohci1394.sys 0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7627000 MountMgr.sys 0xF74D7000 ftdisk.sys 0xF770F000 PartMgr.sys 0xF7717000 pavboot.sys 0xF7637000 VolSnap.sys 0xF74BF000 atapi.sys 0xF7647000 jraid.sys 0xF74A7000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF7657000 disk.sys 0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7877000 fltMgr.sys 0xF7865000 sr.sys 0xF7677000 Lbd.sys 0xF7687000 PxHelp20.sys 0xF784E000 KSecDD.sys 0xF783B000 WudfPf.sys 0xF7B52000 Ntfs.sys 0xF795A000 NDIS.sys 0xF7A35000 Mup.sys 0xF798B000 JGOGO.sys 0xF7566000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB9071000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB905D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF77D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9039000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF77DF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB8FFD000 \SystemRoot\system32\DRIVERS\yk51x86.sys 0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF77E7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xB8F91000 \SystemRoot\system32\drivers\ctaud2k.sys 0xB8F6D000 \SystemRoot\system32\drivers\portcls.sys 0xF7546000 \SystemRoot\system32\drivers\drmk.sys 0xB8F4A000 \SystemRoot\system32\drivers\ks.sys 0xB8F18000 \SystemRoot\system32\drivers\ctoss2k.sys 0xF77EF000 \SystemRoot\system32\drivers\ctprxy2k.sys 0xF7536000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF77F7000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF7526000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA7BC000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB8F04000 \SystemRoot\system32\DRIVERS\parport.sys 0xB97A6000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7516000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA7B8000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB8EED000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7506000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF74F6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF77FF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB8EDC000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7497000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7487000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7817000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF79B7000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB8E2E000 \SystemRoot\system32\DRIVERS\update.sys 0xF791F000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7467000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7457000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79BB000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xB6A48000 \SystemRoot\system32\drivers\hap17v2k.sys 0xB6948000 \SystemRoot\system32\drivers\ha10kx2k.sys 0xB691B000 \SystemRoot\system32\drivers\emupia2k.sys 0xB68F4000 \SystemRoot\system32\drivers\ctsfm2k.sys 0xB6858000 \SystemRoot\system32\drivers\ctac32k.sys 0xF7757000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF79BD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB6A9D000 \SystemRoot\System32\Drivers\Null.SYS 0xF79BF000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7767000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF776F000 \SystemRoot\System32\drivers\vga.sys 0xF79C1000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79C3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF777F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF793B000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB67FD000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB67A4000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB676A000 \SystemRoot\System32\Drivers\avgtdix.sys 0xB6744000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF7437000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF7787000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF7427000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF778F000 \SystemRoot\System32\Drivers\LUsbFilt.Sys 0xF7417000 \SystemRoot\System32\Drivers\WDFLDR.SYS 0xB65D9000 \SystemRoot\system32\DRIVERS\Wdf01000.sys 0xBA7F0000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF7407000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7797000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xB65B1000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB658F000 \SystemRoot\System32\drivers\afd.sys 0xBA192000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB656D000 \??\D:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 0xF779F000 \??\D:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 0xB6542000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB64D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA162000 \SystemRoot\System32\Drivers\Fips.SYS 0xF77A7000 \SystemRoot\System32\Drivers\avgmfx86.sys 0xB649E000 \SystemRoot\System32\Drivers\avgldx86.sys 0xBA7D8000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF77BF000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xF77C7000 \SystemRoot\system32\DRIVERS\HPZius12.sys 0xF77CF000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0xBA7D4000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB8ED4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0xBA132000 \SystemRoot\system32\DRIVERS\HPZid412.sys 0xB6D00000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xB6CF0000 \SystemRoot\system32\DRIVERS\HPZipr12.sys 0xF76C7000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB645E000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79FF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7933000 \SystemRoot\System32\drivers\Dxapi.sys 0xB8EBC000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xB6A8A000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xAE8B5000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAE4BC000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF79DD000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xAE285000 \SystemRoot\system32\DRIVERS\srv.sys 0xAE199000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xADF2C000 \SystemRoot\system32\drivers\wdmaud.sys 0xAE0A1000 \SystemRoot\system32\drivers\sysaudio.sys 0xAD5DD000 \SystemRoot\System32\Drivers\HTTP.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 69): 0 System Idle Process 4 System 616 D:\WINDOWS\system32\smss.exe 680 csrss.exe 708 D:\WINDOWS\system32\winlogon.exe 752 D:\WINDOWS\system32\services.exe 764 D:\WINDOWS\system32\lsass.exe 928 D:\WINDOWS\system32\svchost.exe 996 svchost.exe 1036 D:\WINDOWS\system32\svchost.exe 1076 D:\WINDOWS\system32\svchost.exe 1140 svchost.exe 1236 D:\Programme\AVG\AVG9\avgchsvx.exe 1244 D:\Programme\AVG\AVG9\avgrsx.exe 1324 svchost.exe 1380 D:\Programme\AVG\AVG9\avgcsrvx.exe 1408 D:\Programme\Lavasoft\Ad-Aware\AAWService.exe 1628 D:\WINDOWS\system32\brsvc01a.exe 1652 D:\WINDOWS\system32\brss01a.exe 1648 D:\WINDOWS\system32\spoolsv.exe 1732 svchost.exe 1764 D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1776 D:\Programme\AVG\AVG9\avgwdsvc.exe 1796 D:\Programme\Bonjour\mDNSResponder.exe 1980 D:\WINDOWS\system32\svchost.exe 132 D:\Programme\Java\jre6\bin\jqs.exe 328 D:\WINDOWS\system32\svchost.exe 396 D:\WINDOWS\system32\nvsvc32.exe 444 D:\WINDOWS\system32\svchost.exe 896 pg_ctl.exe 1692 D:\Programme\AVG\AVG9\avgnsx.exe 456 D:\WINDOWS\system32\svchost.exe 380 D:\Programme\AVG\AVG9\avgemc.exe 908 postgres.exe 2184 D:\WINDOWS\explorer.exe 2296 D:\Programme\AVG\AVG9\avgcsrvx.exe 2308 postgres.exe 2428 D:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe 2448 D:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe 2472 D:\Programme\Creative\Shared Files\Module Loader\DLLML.exe 2480 D:\WINDOWS\system32\rundll32.exe 2512 D:\WINDOWS\CTHELPER.EXE 2544 D:\Programme\iTunes\iTunesHelper.exe 2560 D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 2576 D:\PROGRA~1\AVG\AVG9\avgtray.exe 2684 D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe 2752 postgres.exe 2760 postgres.exe 2768 postgres.exe 2776 postgres.exe 2784 D:\Programme\HP\HP Software Update\hpwuSchd2.exe 2856 D:\Programme\RocketDock\RocketDock.exe 2996 D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe 3016 D:\Programme\Logitech\SetPoint\SetPoint.exe 3072 D:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe 3660 unsecapp.exe 3708 D:\Programme\iPod\bin\iPodService.exe 3936 wmiprvse.exe 644 D:\WINDOWS\system32\wbem\wmiapsrv.exe 1848 alg.exe 2540 D:\Programme\HP\Digital Imaging\bin\hpqste08.exe 2408 D:\Programme\HP\Digital Imaging\bin\hpqbam08.exe 2148 D:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe 2604 D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe 2172 D:\Programme\Mozilla Firefox\firefox.exe 2888 D:\Programme\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe 3080 D:\Programme\Mozilla Firefox\plugin-container.exe 852 D:\Dokumente und Einstellungen\Stan\Desktop\MBRCheck.exe 3352 <unknown> \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x0000000c`34f34a00 (NTFS) \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000024`9ed8e200 (NTFS) PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-41 PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-41 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 232 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
Zitat:
Denk dran beide Tools zu updaten vor dem Scan!! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:53 Uhr. |
Copyright ©2000-2025, Trojaner-Board