Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Browser- und Virenprogramme werden geblockt (https://www.trojaner-board.de/158778-browser-virenprogramme-geblockt.html)

Wddy 16.09.2014 12:41
Browser- und Virenprogramme werden geblockt
 
Wäre nett, wenn jemand mit wieterhelfen könnte!
Virenprogramme starten nicht.
Browserprogramme wie Opera u. Firefox funktionieren nicht.


Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-15 15:45:06
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB
Running: rg2virf3.exe; Driver: D:\DOKUME~1\Roman\LOKALE~1\Temp\awtdqpoc.sys


---- System - GMER 2.1 ----

SSDT \??\D:\Programme\PlayE4\bin\Intrchs.sys ZwAllocateVirtualMemory [0x9E637FC0]
SSDT B64BE294 ZwClose
SSDT B64BE24E ZwCreateKey
SSDT B64BE29E ZwCreateSection
SSDT B64BE244 ZwCreateThread
SSDT B64BE253 ZwDeleteKey
SSDT B64BE25D ZwDeleteValueKey
SSDT B64BE28F ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xB9F0AFFE]
SSDT sptd.sys ZwEnumerateValueKey [0xB9F0B38C]
SSDT B64BE262 ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xB9ED6DA0]
SSDT B64BE230 ZwOpenProcess
SSDT B64BE235 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xB9F0B464]
SSDT B64BE2B7 ZwQueryValueKey
SSDT \??\D:\Programme\PlayE4\bin\Intrchs.sys ZwReadVirtualMemory [0x9E638290]
SSDT B64BE26C ZwReplaceKey
SSDT B64BE2A8 ZwRequestWaitReplyPort
SSDT B64BE267 ZwRestoreKey
SSDT B64BE2A3 ZwSetContextThread
SSDT B64BE2AD ZwSetSecurityObject
SSDT B64BE258 ZwSetValueKey
SSDT B64BE2B2 ZwSystemDebugControl
SSDT B64BE23F ZwTerminateProcess
SSDT \??\D:\Programme\PlayE4\bin\Intrchs.sys ZwWriteVirtualMemory [0x9E6384F0]

INT 0x63 ? 89DDECC8
INT 0x63 ? 89DDECC8
INT 0x63 ? 8974FCC8
INT 0x63 ? 89DDECC8
INT 0x73 ? 8974FCC8
INT 0xA4 ? 8974FCC8
INT 0xB4 ? 8974FCC8

---- Kernel code sections - GMER 2.1 ----

.text sptd.sys B9E9C000 4 Bytes [A6, DB, 6E, 80] {CMPSB ; FLD TBYTE [ESI-0x80]}
.text sptd.sys B9E9C005 27 Bytes [89, 6E, 80, 30, 88, 6E, 80, ...]
.text sptd.sys B9E9C024 4 Bytes [74, EF, E8, B9]
.text sptd.sys B9E9C02C 20 Bytes [0C, 1C, 5E, 80, 46, 8F, 5E, ...]
.text sptd.sys B9E9C041 99 Bytes [F2, 4E, 80, 90, F2, 4E, 80, ...]
.text ...
.sptd2 D:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F775B5]
? D:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? D:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 8979E430
Device \FileSystem\Fastfat \FatCdrom 89DDD1F8
Device \Driver\ACPI \Device\00000051 ntkrnlpa.exe
Device \Driver\usbuhci \Device\USBPDO-0 8974E1F8
Device \Driver\ACPI \Device\00000052 ntkrnlpa.exe
Device \Driver\usbuhci \Device\USBPDO-1 8974E1F8
Device \Driver\ACPI \Device\00000053 ntkrnlpa.exe
Device \Driver\usbuhci \Device\USBPDO-2 8974E1F8
Device \Driver\ACPI \Device\00000054 ntkrnlpa.exe
Device \Driver\ACPI \Device\00000060 ntkrnlpa.exe
Device \Driver\usbuhci \Device\USBPDO-3 8974E1F8
Device \Driver\ACPI \Device\00000048 ntkrnlpa.exe
Device \Driver\ACPI \Device\00000055 ntkrnlpa.exe
Device \Driver\ACPI \Device\00000061 ntkrnlpa.exe
Device \Driver\usbehci \Device\USBPDO-4 8971D1F8
Device \Driver\ACPI \Device\00000049 ntkrnlpa.exe
Device \Driver\ACPI \Device\00000062 ntkrnlpa.exe
Device \Driver\ACPI \Device\00000070 ntkrnlpa.exe
Device \Driver\ACPI \Device\00000058 ntkrnlpa.exe
Device \Driver\Cdrom \Device\CdRom0 894361F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DEFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DEFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DEFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DEFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 [B9DEFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ACPI \Device\00000068 ntkrnlpa.exe
Device \Driver\NetBT \Device\NetBt_Wins_Export 88B861F8
Device \Driver\NetBT \Device\NetbiosSmb 88B861F8
Device \Driver\ACPI \Device\0000004e ntkrnlpa.exe
Device \Driver\ACPI \Device\0000005d ntkrnlpa.exe
Device \Driver\ACPI \Device\0000006a ntkrnlpa.exe
Device \Driver\ACPI \Device\0000006b ntkrnlpa.exe
Device \Driver\ACPI \Device\0000006c ntkrnlpa.exe
Device \Driver\usbuhci \Device\USBFDO-0 8974E1F8
Device \Driver\ACPI \Device\0000006d ntkrnlpa.exe
Device \Driver\usbuhci \Device\USBFDO-1 8974E1F8
Device \Driver\usbuhci \Device\USBFDO-2 8974E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894D2430
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894D2430
Device \Driver\NetBT \Device\NetBT_Tcpip_{1143137A-BD34-44ED-900E-878934624621} 88B861F8
Device \Driver\usbuhci \Device\USBFDO-3 8974E1F8
Device \Driver\usbehci \Device\USBFDO-4 8971D1F8
Device \Driver\VClone \Device\Scsi\VClone1 894B6430
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 894B6430
Device \FileSystem\Fastfat \Fat 89DDD1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

Device \FileSystem\Cdfs \Cdfs 8952A430

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{3849A479-FE12-9666-D0D8-5B69C1D563E4}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{3849A479-FE12-9666-D0D8-5B69C1D563E4}\InProcServer32@jakcjcefmpjbmjfillbg 0x69 0x61 0x6C 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3849A479-FE12-9666-D0D8-5B69C1D563E4}\InProcServer32@iakcpagcihnhoopekg 0x69 0x61 0x6C 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3849A479-FE12-9666-D0D8-5B69C1D563E4}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3849A479-FE12-9666-D0D8-5B69C1D563E4}@iaecempdofddgffaaa 0x69 0x61 0x6C 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3849A479-FE12-9666-D0D8-5B69C1D563E4}@hagbgkckpchajago 0x69 0x61 0x6C 0x70 ...

---- EOF - GMER 2.1 ----
Zitat:
Results of screen317's Security Check version 0.99.87
x86
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Sophos Anti-Rootkit 1.5.0
Java(TM) 6 Update 20
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.7.700.202 Flash Player out of Date!
Mozilla Firefox (32.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive D::
````````````````````End of Log``````````````````````
Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:24:05, on 15.09.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Java\jre6\bin\jqs.exe
D:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
D:\Programme\PDF Architect\HelperService.exe
D:\Programme\PDF Architect\ConversionService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
D:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\ClocX\ClocX.exe
D:\WINDOWS\system32\DeltaIITray.exe
D:\Programme\PDF24\pdf24.exe
D:\WINDOWS\FixCamera.exe
D:\WINDOWS\vsnpstd3.exe
D:\WINDOWS\tsnpstd3.exe
D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
D:\Programme\Spybot - Search & Destroy 2\SDTray.exe
D:\Dokumente und Einstellungen\Roman\Anwendungsdaten\uTorrent\uTorrent.exe
D:\Programme\Skype\Phone\Skype.exe
D:\WINDOWS\system32\mshta.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Internet Explorer\iexplore.exe
D:\Dokumente und Einstellungen\Roman\Desktop\avenger.exe
D:\Dokumente und Einstellungen\Roman\Desktop\HiJackThis204.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4721;https=127.0.0.1:4721
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Programme\PDF Architect\PDFIEHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [rkfree] D:\Programme\RKFree\rkfree.exe /b
O4 - HKLM\..\Run: [ClocX] D:\Programme\ClocX\ClocX.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [PDFPrint] D:\Programme\PDF24\pdf24.exe
O4 - HKLM\..\Run: [FixCamera] D:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SDTray] "D:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Dokumente und Einstellungen\Roman\Anwendungsdaten\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-57989841-484763869-725345543-1008\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - D:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Dokumente und Einstellungen\Roman\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Dokumente und Einstellungen\Roman\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - D:\Dokumente und Einstellungen\Roman\Desktop\WPT Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - D:\Dokumente und Einstellungen\Roman\Desktop\WPT Poker.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Programme\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra button: UBNet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - D:\Dokumente und Einstellungen\Roman\Startmenü\Programme\UBNet\UBNet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UBNet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - D:\Dokumente und Einstellungen\Roman\Startmenü\Programme\UBNet\UBNet.lnk (HKCU)
O9 - Extra button: Ladbrokes Poker - {3D1A403B-A6AA-4115-A491-8073309E9D25} - D:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (HKCU)
O9 - Extra button: Black Chip Poker - {a6090802-f053-454f-85af-43d606dbe92a} - D:\Dokumente und Einstellungen\Roman\Startmenü\Programme\Black Chip Poker\Black Chip Poker.lnk (HKCU)
O9 - Extra button: PokerTime - {C6728D9B-FC76-4169-9B10-C979886248FE} - D:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - D:\Dokumente und Einstellungen\Roman\Startmenü\Programme\PokerNordica\PokerNordica.lnk (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - D:\Dokumente und Einstellungen\Roman\Startmenü\Programme\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284504388234
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - D:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - D:\Programme\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - D:\Programme\PDF Architect\ConversionService.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - D:/Programme/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - D:\Programme\WinPcap\rpcapd.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - D:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - D:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - D:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Programme\Skype\Updater\Updater.exe

--
End of file - 10419 bytes
Zitat:
Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "taorrxc" found!
ImagePath: system32\drivers\kojf.sys
Start Type: 0 (Boot)

Rootkit scan completed.


Warning: Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!


Completed script processing.

*******************

Finished! Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
Zitat:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dx^jupeh

*******************

Script file located at: \??\D:\WINDOWS\system32\ghjsihxq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\xpdx not found!
Unload of driver xpdx failed!

Could not process line:
xpdx
Status: 0xc0000034

Program D:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

schrauber 16.09.2014 12:53
ein Thema reicht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131