| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Packed.Win32.TDSS.y Trojaner Win32/Alureon.BFWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.10.2009, 21:17
| #1 |
| |  Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF nach vielen jahren unfallfreiem verkehr auf der datenautobahn hat es mich auch erwischt  kaspersky 2010 : Gefunden trojanisches Programm Packed.Win32.TDSS.y C:\WINDOWS\system32\UACnusklplnaq.dll Gefunden trojanisches Programm Packed.Win32.TDSS.y C:\WINDOWS\system32\UACopntdqudac.dll Microsoft Security Essentials: Kategorie: Trojaner Win32/Alureon.BF Empfehlung: Entfernen Sie diese Software unverzüglich. Von Microsoft Security Essentials wurden Programme erkannt, die Ihre Privatsphäre verletzen oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Zum Zugreifen auf diese Dateien wählen Sie die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den lokalen Administrator um Unterstützung. Elemente: file:globalroot\systemroot\system32\UACopntdqudac.dll process  id:880 Kaspersky Rescue Disk : Scan: completed 10/8/09 9:24 PM (events: 6, objects: 73273, time: 00:51:05) 10/8/09 8:33 PM Task started 10/8/09 9:10 PM Detected: Packed.Win32.TDSS.y /discs/C:/WINDOWS/system32/UACopntdqudac.dll 10/8/09 9:10 PM Detected: Packed.Win32.TDSS.y /discs/C:/WINDOWS/system32/UACnusklplnaq.dll 10/8/09 9:13 PM Deleted: Packed.Win32.TDSS.y /discs/C:/WINDOWS/system32/UACopntdqudac.dll 10/8/09 9:13 PM Deleted: Packed.Win32.TDSS.y /discs/C:/WINDOWS/system32/UACnusklplnaq.dll 10/8/09 9:24 PM Task completed alle tools konnten angeblich das problem beheben, nach dem windowsneustart kommen aber die gleichen fehlermeldungen wieder cclener habe ich durchgeführt mbam habe ich installiert ( musste die setup datei dazu aber umbenennen ) das programm lässt sich aber nicht starten rsit habe ich ausgeführt, die beiden log dateien poste ich extra ach ja: es startet automatisch ein browserfenster xxx.xxx.xx.xx/ads/?aff=6&subaff=221-clean wäre schön, wenn jemand helfen kann, danke  |
|
08.10.2009, 21:26
| #2 |
| | Packed.Win32.TDSS.y Trojaner Win32/Alureon.BFCode:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-10-08 21:55:17
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Programme\AC3Filter\uninstall.exe
Acronis*True*Image-->MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auto Gordian Knot 2.27-->C:\Programme\AutoGK\uninst.exe
AviSynth 2.5-->"C:\Programme\AviSynth 2.5\Uninstall.exe"
AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon i865-->C:\WINDOWS\System32\CNMCP5m.exe "-PRINTERNAMECanon i865" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmi0407.dll"
CCE SP Trial Version Version 2.62.01.01-->C:\PROGRA~1\CINEMA~2\uinst.exe
CCleaner (remove only)-->"D:\Programme\CCleaner\uninst.exe"
cdrLabel 7.1-->MsiExec.exe /I{279FC9F9-1872-4927-AB0E-A93154F7D339}
cFosSpeed v4.20-->C:\Programme\cFosSpeed\setup.exe -uninstall
Cinema Craft Encoder SP Version 2.50-->C:\PROGRA~1\CINEMA~1\cctsp.exe -uninstall
Citrix Presentation Server Client - Nur Web-->MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
CloneCD-->"C:\Programme\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programme\SlySoft\CloneCD"
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 3.1.2.34-->"C:\Programme\VSO\ConvertX\3\unins000.exe"
coverXP (remove only)-->"C:\Programme\coverXP\cxp-uninst.exe"
devolo dLAN-Konfigurationsassistent-->C:\Programme\devolo\setup.exe /remove:dlanconf
devolo Informer-->C:\Programme\devolo\setup.exe /remove:dslmon
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\System32\OggDSuninst.exe"
DiscWizard 2003-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DVD Audio Extractor 4.5.1-->"D:\Programme\DVD Audio Extractor\unins000.exe"
DVD Decrypter (Remove Only)-->"C:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVD2DVD-R Professional RC6-->C:\Programme\DVD2DVDR_Professional\unins000.exe
DVD2one V2.0.4-->C:\Programme\DVD2one V2\uninst.exe
DVDFab Decrypter 3.0.5.0-->"C:\Programme\DVDFab Decrypter 3\unins000.exe"
DVDFab HD Decrypter 3.1.0.8-->"C:\Programme\DVDFab HD Decrypter 3\unins000.exe"
eMule-->"C:\Programme\eMule047c\Uninstall.exe"
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Exact Audio Copy 0.99pb4-->C:\Programme\Exact Audio Copy\uninst.exe
ffdshow (remove only)-->"C:\Programme\ffdshow\uninstall.exe"
FLAC 1.2.1b (remove only)-->C:\Programme\FLAC\uninstall.exe
GMX SMS-Manager-->C:\Programme\GMX\GMX SMS-Manager\Uninstall.exe
GSpot Codec Information Appliance-->C:\Programme\GSpot\Uninstall.exe
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
ImgBurn (Remove Only)-->"C:\Programme\ImgBurn\uninstall.exe"
InstallRTC-->MsiExec.exe /X{200F584F-848D-4B6B-B1A1-C74D735F18A4}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Programme\xxx\unins000.exe"
MediaMonkey 3.0-->"C:\Programme\MediaMonkey\unins000.exe"
Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}
Microsoft .NET Framework (German) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1031)
Microsoft .NET Framework (German)-->MsiExec.exe /X{20F1FFAF-1BFF-450C-A8C7-03D1BE24B950}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671031\M9283671031Uninstall.msp"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft XML Parser und SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (3.5.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MP3Test 1.5.1.153-->"C:\Programme\MAF-Soft\MP3Test\Uninstall_MP3Test.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML3-->MsiExec.exe /I{2927EB7A-9FCC-472E-B5D0-FE568EF95F4B}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTREGOPT 1.1j-->"C:\Programme\NT Registry Optimizer\unins000.exe"
O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
Polar WebLink 2.4.0-->MsiExec.exe /X{8AA872A2-3034-4DD1-8117-B8C56CA7026E}
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly
RTLSetup-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Seagate Manager Installer-->"C:\Programme\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0407 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Space Invaders OpenGL-->"C:\Programme\Space Invaders OpenGL\uninstall.exe"
SpeedFan (remove only)-->"C:\Programme\SpeedFan\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SqueezeCenter 7.2.1-->"D:\Programme\SqueezeCenter\unins000.exe"
Synchredible v1.5-->D:\Programme\Synchredible\unins000.exe
Turbo Lister 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VirtualCloneDrive-->"C:\Programme\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Programme\Elaborate Bytes\VirtualCloneDrive"
VobSub v2.23 (Remove Only)-->"C:\Programme\Gabest\VobSub\uninstall.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR-->C:\Programme\WinRAR\uninstall.exe
xp-AntiSpy 3.96-2-->D:\Programme\xp-AntiSpy\Uninstall.exe
XPC Tools-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Shuttle\XPC Tools\Uninst.isu"
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\System32\xvid-uninstall.exe"
XviD MPEG-4 Video Codec-->C:\Programme\XviD\unins000.exe
======Security center information======
AV: Kaspersky Anti-Virus (disabled)
======System event log======
Computer Name: SHUTTLE
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.
Record Number: 26213
Source Name: Disk
Time Written: 20090713230905.000000+120
Event Type: Warnung
User:
Computer Name: SHUTTLE
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.
Record Number: 26212
Source Name: Disk
Time Written: 20090713230905.000000+120
Event Type: Warnung
User:
Computer Name: SHUTTLE
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.
Record Number: 26211
Source Name: Disk
Time Written: 20090713230905.000000+120
Event Type: Warnung
User:
Computer Name: SHUTTLE
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.
Record Number: 26210
Source Name: Disk
Time Written: 20090713230905.000000+120
Event Type: Warnung
User:
Computer Name: SHUTTLE
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.
Record Number: 26209
Source Name: Disk
Time Written: 20090713230905.000000+120
Event Type: Warnung
User:
=====Application event log=====
Computer Name: SHUTTLE
Event Code: 101
Message: wuauclt (1364) Das Datenbankmodul wurde beendet.
Record Number: 685
Source Name: ESENT
Time Written: 20050219225013.000000+060
Event Type: Informationen
User:
Computer Name: SHUTTLE
Event Code: 103
Message: wuaueng.dll (1364) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 684
Source Name: ESENT
Time Written: 20050219225013.000000+060
Event Type: Informationen
User:
Computer Name: SHUTTLE
Event Code: 102
Message: wuaueng.dll (1364) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).
Record Number: 683
Source Name: ESENT
Time Written: 20050219223718.000000+060
Event Type: Informationen
User:
Computer Name: SHUTTLE
Event Code: 100
Message: wuauclt (1364) Das Datenbankmodul 5.01.2600.0000 ist gestartet.
Record Number: 682
Source Name: ESENT
Time Written: 20050219223718.000000+060
Event Type: Informationen
User:
Computer Name: SHUTTLE
Event Code: 4096
Message:
Record Number: 681
Source Name: H+BEDV AntiVir
Time Written: 20050219223638.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=C:\TEMP
"TMP"=C:\TEMP
"windir"=%SystemRoot%
-----------------EOF-----------------
|
|
08.10.2009, 21:32
| #3 |
| | Packed.Win32.TDSS.y Trojaner Win32/Alureon.BFCode:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by xxx at 2009-10-08 21:55:11 Microsoft Windows XP Professional Service Pack 3 System drive C: has 183 MB (3%) free of 7 GB Total RAM: 2039 MB (81% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:55:15, on 08.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\cFosSpeed\spd.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\WINDOWS\System32\oodag.exe C:\WINDOWS\System32\igfxtray.exe D:\PROGRA~1\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe C:\WINDOWS\System32\hkcmd.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\cFosSpeed\cFosSpeed.exe C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\msiexec.exe C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe C:\Programme\trend micro\xxx.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1;<local>;*.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: SqueezeCenter-Taskleisten-Tool.lnk = D:\Programme\SqueezeCenter\SqueezeTray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233009132078 O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programme\cFosSpeed\spd.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: SqueezeMySQL - Unknown owner - D:\PROGRA~1\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- End of file - 6135 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-05-25 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-25 264720] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-04-06 155648] "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-06 114688] "type32"=C:\Programme\Microsoft IntelliType Pro\type32.exe [2003-05-16 114688] "IntelliPoint"=C:\Programme\Microsoft IntelliPoint\point32.exe [2003-05-16 163840] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "cFosSpeed"=C:\Programme\cFosSpeed\cFosSpeed.exe [2008-02-12 863448] "AVP"=C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376] "MaxMenuMgr"=C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544] "Adobe Reader Speed Launcher"=D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "iTunesHelper"=D:\Programme\iTunes\iTunesHelper.exe [2009-09-08 305440] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe [2005-12-16 3340288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Programme\MessengerPlus! 3\MsgPlus.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programme\MSN Messenger\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe [2005-11-16 1009806] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2005-04-12 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] D:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk] C:\PROGRA~2\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start [] C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart SqueezeCenter-Taskleisten-Tool.lnk - D:\Programme\SqueezeCenter\SqueezeTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-05-25 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\Programme\devolo\informer\devinf.exe"="C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "D:\Programme\iTunes\iTunes.exe"="D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4484aa0-22ce-11de-9c53-00301bb02eee}] shell\AutoRun\command - G:\Toshiba\more4you.exe ======List of files/folders created in the last 1 months====== 2009-10-08 21:55:11 ----D---- C:\rsit 2009-10-08 21:55:11 ----D---- C:\Programme\trend micro 2009-10-08 21:53:40 ----D---- C:\Programme\xxx 2009-10-08 21:52:47 ----SHD---- C:\Config.Msi 2009-10-08 21:47:38 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-10-08 21:47:38 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes 2009-10-08 01:43:29 ----D---- C:\WINDOWS\system32\KB905474 2009-10-08 01:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-10-08 01:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ 2009-10-08 01:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-10-08 01:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-10-08 01:40:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-10-08 01:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-10-08 01:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-10-08 01:39:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-10-08 01:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-10-08 01:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-10-08 01:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-10-08 01:39:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-10-08 01:39:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2009-10-08 01:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-10-08 01:06:37 ----N---- C:\WINDOWS\system32\MpSigStub.exe 2009-10-08 01:05:21 ----A---- C:\WINDOWS\system32\muweb.dll 2009-10-08 01:05:21 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-10-08 01:05:21 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-09-29 22:41:08 ----A---- C:\WINDOWS\system32\cl-test.txt 2009-09-16 23:22:35 ----D---- C:\Dokumente und Einstellungen\Jochen.BERLIN\Anwendungsdaten\Apple Computer 2009-09-16 23:22:16 ----A---- C:\WINDOWS\system32\GEARAspi.dll 2009-09-16 23:21:49 ----D---- C:\Programme\iPod 2009-09-16 23:21:44 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-16 23:15:15 ----D---- C:\Programme\Bonjour 2009-09-16 23:14:08 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple Computer 2009-09-16 23:13:31 ----D---- C:\Programme\Apple Software Update 2009-09-16 23:13:19 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2009-09-16 23:13:04 ----D---- C:\Programme\Gemeinsame Dateien\Apple 2009-09-16 23:13:03 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple ======List of files/folders modified in the last 1 months====== 2009-10-08 21:55:11 ----D---- C:\Programme 2009-10-08 21:54:23 ----D---- C:\Programme\cFosSpeed 2009-10-08 21:53:49 ----D---- C:\TEMP 2009-10-08 21:53:41 ----D---- C:\WINDOWS\system32\drivers 2009-10-08 21:53:14 ----SHD---- C:\WINDOWS\Installer 2009-10-08 21:53:09 ----SD---- C:\WINDOWS\Tasks 2009-10-08 21:47:48 ----D---- C:\WINDOWS\system32\CatRoot2 2009-10-08 21:45:11 ----D---- C:\WINDOWS 2009-10-08 21:45:11 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab 2009-10-08 21:43:55 ----AD---- C:\WINDOWS\system32 2009-10-08 21:32:48 ----HD---- C:\WINDOWS\inf 2009-10-08 21:31:32 ----D---- C:\WINDOWS\Debug 2009-10-08 01:41:29 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-08 01:41:05 ----D---- C:\WINDOWS\system32\CatRoot 2009-10-08 01:40:13 ----HD---- C:\WINDOWS\$hf_mig$ 2009-10-08 01:40:10 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-08 01:39:39 ----D---- C:\Programme\Outlook Express 2009-10-08 01:39:34 ----D---- C:\Programme\Windows Media Player 2009-10-08 01:39:29 ----D---- C:\WINDOWS\Temp 2009-10-08 01:39:20 ----D---- C:\WINDOWS\WinSxS 2009-10-08 01:24:49 ----D---- C:\Programme\Mozilla Firefox 2009-10-08 01:05:11 ----SD---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft 2009-10-06 21:54:26 ----AC---- C:\WINDOWS\NeroDigital.ini 2009-10-06 20:44:29 ----D---- C:\Programme\eMule047c 2009-10-06 19:03:30 ----D---- C:\Dokumente und Einstellungen\Jochen.BERLIN\Anwendungsdaten\Canon 2009-10-01 23:12:43 ----D---- C:\Programme\Gemeinsame Dateien 2009-09-25 00:04:48 ----D---- C:\WINDOWS\system32\LogFiles 2009-09-21 20:24:54 ----D---- C:\WINDOWS\Downloaded Installations 2009-09-16 23:22:16 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-10 18:00:55 ----HD---- C:\Programme\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 klif;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-16 296976] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2001-12-11 15360] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-08-16 278728] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-08-16 25416] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2008-05-13 35840] R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [2006-07-11 30688] R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504] R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 cFosSpeed;cFosSpeed Miniport; C:\WINDOWS\system32\DRIVERS\cfosspeed.sys [2008-02-12 717016] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-07-24 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-07-15 9856] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2003-05-16 19072] R3 rtl8139;Realtek RTL8139/810X Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-04-01 45312] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 bbzyjwlo;bbzyjwlo; \??\C:\WINDOWS\system32\drivers\bbzyjwlo.sys [] S1 ggcpcjhn;ggcpcjhn; \??\C:\WINDOWS\system32\drivers\ggcpcjhn.sys [] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2006-12-28 4352] S3 Bridge;MAC-Brücke; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552] S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552] S3 Cap7134;Cinergy 400 TV Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 265088] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\System32\DRIVERS\LVCM.sys [] S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-01-23 37664] S3 TTTvTune;Cinergy 400 TV Tuner; C:\WINDOWS\System32\DRIVERS\PhTvTune.sys [2003-08-08 24704] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2005-06-14 104576] S3 WINFLASH;WINFLASH; \??\D:\winflash\WinFlash.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] |
|
08.10.2009, 21:34
| #4 |
| | Packed.Win32.TDSS.y Trojaner Win32/Alureon.BFCode:
ATTFilter ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 cFosSpeedS;cFosSpeed System Service; C:\Programme\cFosSpeed\spd.exe [2008-02-12 314584] R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] R2 FreeAgentGoNext Service;Seagate Service; C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968] R2 IGDCTRL;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2006-06-02 339456] R2 SqueezeMySQL;SqueezeMySQL; D:\PROGRA~1\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe [2008-10-21 4149248] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 AVP;Kaspersky Anti-Virus; C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376] S3 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2005-11-16 172032] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-08 545568] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
| Themen zu Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF |
| administrator, automatisch, computer, dateien, entfernen, erkannt, erwischt, essentials, fehlermeldungen, jahre, kaspersky, kaspersky rescue, kaspersky rescue disk, klicke, log, microsoft, microsoft security, microsoft security essentials, problem, programm, programme, rescue disk, security, security essentials, setup, software, startet, startet automatisch, system, system32, tools, trojaner, windows |
Linear-Darstellung
